cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6365
Views
5
Helpful
20
Replies

CoA Terminate in Hotspot portal is not initiating DHCP refresh

umahar
Cisco Employee
Cisco Employee

Hi,

I have configured my hotspot portal to send CoA terminate so that I could push guest on Wired to different VLAN but I dont see a session terminated of wired endpoint and the endpoint do not refresh their IPs in the new VLAN.

Is CoA Terminate same as CoA PortBounce ?

It does not look like from the packet capture as it does not have port-bounce cisco AVP attribute.

When I issue a CoA Port Bounce from ISE the endpoints come in the correct IP range.

I know that in the past Jason has mentioned that Vlan change is not recommended in guest portals due to inconsistency but I thought CoA Terminate should still be able to bounce the port.

20 Replies 20

hslai
Cisco Employee
Cisco Employee

In case you are asking about the AVP, that would be in the NAD profile as Craig responded on .

For the CoA option in ISE hotspot portals, you would need ISE 2.1 Patch 1 or above. Below shows a screenshot from ISE 2.2. CoA Terminate is the disconnect option.

Screen Shot 2017-10-23 at 12.48.25 PM.png

umahar
Cisco Employee
Cisco Employee

Change of vlan is not generally recommended because port is not bounced and no new dhcp is issued.

We are using macros to achieve port bounce instead of CoA

Thanks,

Utkarsh

Jason Kunst
Cisco Employee
Cisco Employee

The key use case was wireless hotspot issues present before ISE 2.1 patch 1. The problem was that we would send a terminate after accepting an AUP.  This caused the device to go through and scan SSID list and DHCP over and took upwards of 30 seconds. If there was a more preferred network higher in the scan list then it would try to connect to that instead. We added the ability in hotspot portal to send a re-auth which alleviated this problem.


Jason I am testing this in wired and hence I do not see any difference in the behaviour between CoA Reauth and CoA Terminate. Even the packet captures of CoA Disconnect seem similar.

How are you telling the WLC to behave differently between these two options ?

I am not telling the WLC to behave differently, its up to the hotspot portal to send a re-auth or disconnect, sorry it doesn’t work the same for wired side. It would be a nice enhancement to set this per portal. I know craig has some enhancement ideas around that

Hi Jason,

 

Could you please provide some reference about wired guest external captive portal redirection using ISE?

I am looking for some docs about it but no luck

 

Kind Regards,

 

Juan