the endpoint is the supplicant of the switchport.

CAT-Pri-003#sh run int gi 1/0/22

Building configuration...

Current configuration : 178 bytes

!

interface GigabitEthernet1/0/22

description connect to sword gi 0/2/0

switchport access vlan 100

switchport mode access

dot1x pae supplicant

dot1x credentials radius

end

Unfortunately, the live session also got the same error.

Actually, I could send the CoA before on the endpoit. Then after power outage during the weekend, when I restarted the ISE, the error appeared. I don't know what the system is checking for opteration not supported scenarios ?

hi Jason,

     It's not commercial usage. Just internal query.

Hi Team,

          Could you share some of the detailed reason that mentioned which kinds of endpoint not supported ?

The endpoint shows up there as a Cisco Device, but what is that Cisco device connected to? What is the Cisco device? Is it using MAB to authenticate? The piece that needs to support CoA is the network device the “Cisco Device” is connected to. Consider your laptop being authenticated to a switchport, the switch and switchport need to support CoA, your laptop just responds to what the switch does (port reset, dot1x reauth…). Hope that helps.

George

Per earlier reply... "The NAD specified may not support CoA, or specific CoA operation selected."

Make sure NAD Profile for selected NAD indicates support for the CoA operation being attempted.

you mean the device profile support for CoA(administration - - - network resources - - - network device profiles) ?  Yes, I am using default network profile "cisco" and it's with full CoA support.

it's just a simulator client on a switch port .  The topology like   3750 port ( supplicant) - - -port1  isr4k port2 - -raius - - ise   .

It's using dot1x for authenticate. I am trying to setup an ip phone to see if it's working or not. Thanks!