Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3209
Views
1
Helpful
1
Replies

CoA port bounce vs CoA Session termination with Port Bounce

A.Manoj
Level 1
Level 1

‎03-11-2020 08:05 AM

Hello All - I would like to understand the functionality of each CoA type available for a live session. The ISE live logs as wells as the tcpdump has specific CiscoAVpair messages associated to each type. Here are my findings,

 

CoA Session Reauthcommand=reauthenticate
CoA Session termination with Port Shutdown

command=disable-host-port

 

 

I would like to understand the functional difference between the CoA port bounce and CoA Session termination with Port Bounce as it has same CiscoAVPair attribute 'command=bounce-host-port'. When I attempt to do both CoA, it creates a new session for the endpoint.

 

Also it would be helpful if anyone explains the usage of CoA SAnet Session Query. Thank you!

Preview file
13 KB
0 Helpful
1 Reply 1

Cristian Matei
VIP Alumni
VIP Alumni

‎03-11-2020 12:33 PM

Hi,

 

   This document should be self explanatory; note that some commands don't work in all environments, although not documented, but it's common sense. Like for example, bounce port will not work for a WiFi device, as there is no dedicate port to bounce.

 

https://www.cisco.com/en/US/docs/ios-xml/ios/san/configuration/15-e/san-coa-supp.html


Regards,

Cristian Matei.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents