cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3813
Views
16
Helpful
4
Replies

CoA Type

Greetings,

 

'Port Bounce' or 'Reauth' is available in Administration > System > Settings > Profiling. I have it set as 'Reauth'

 

How do I actually make ISE to send a  'Port Bounce' to place a device in a separate VLAN.

 

Please help me understand that.

 

Edouard.

1 Accepted Solution

Accepted Solutions

hi,

in the authorization policy you can change the coa 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html

CoA Request Commands Supported on the Device

Command

Cisco VSA

Bounce host port

Cisco:Avpair=“subscriber:command=bounce-host-port”

Disable host port

Cisco:Avpair=“subscriber:command=disable-host-port”

Reauthenticate host

Cisco:Avpair=“subscriber:command=reauthenticate”

Terminate session

This is a standard disconnect request that does not require a VSA

View solution in original post

4 Replies 4

Change the global CoA type to port bounce.  You can also specify a specific CoA result for a particular policy.

Hello Aholli, where in a policy can the CoA be specified.

 

Thanks,

hi,

in the authorization policy you can change the coa 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html

CoA Request Commands Supported on the Device

Command

Cisco VSA

Bounce host port

Cisco:Avpair=“subscriber:command=bounce-host-port”

Disable host port

Cisco:Avpair=“subscriber:command=disable-host-port”

Reauthenticate host

Cisco:Avpair=“subscriber:command=reauthenticate”

Terminate session

This is a standard disconnect request that does not require a VSA

Greg Gibbs
Cisco Employee
Cisco Employee

Keep in mind that bouncing the port will likely not solve the issue of an endpoint requesting a new IP address after a dynamic VLAN assignment if that is your goal. Bouncing the port will clear the RADIUS session, so the entire process starts over. You'll likely see the exact same issue after the port bounce due to the race condition between the time the endpoint requests an IP address and the dynamic VLAN assignment happens again. More than likely, you'll just end up in a loop of port bouncing.

If your endpoint is connected behind a phone, the port bounce will also reboot the phone as the POE power also bounces.

If your goal is to mitigate DHCP issues with dynamic VLAN assignment, see the post below for suggestions.

802.1x New IP address after CoA 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: