Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5427
Views
16
Helpful
4
Replies

CoA Type

Go to solution
EdouardZorrilla0939
Level 1
Level 1

‎07-23-2021 08:37 AM

Greetings,

 

'Port Bounce' or 'Reauth' is available in Administration > System > Settings > Profiling. I have it set as 'Reauth'

 

How do I actually make ISE to send a  'Port Bounce' to place a device in a separate VLAN.

 

Please help me understand that.

 

Edouard.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
saxenanitesh8522
Level 4
Level 4
In response to EdouardZorrilla0939

‎07-24-2021 10:17 AM

hi,

in the authorization policy you can change the coa 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html

CoA Request Commands Supported on the Device

Command

Cisco VSA

Bounce host port

Cisco:Avpair=“subscriber:command=bounce-host-port”

Disable host port

Cisco:Avpair=“subscriber:command=disable-host-port”

Reauthenticate host

Cisco:Avpair=“subscriber:command=reauthenticate”

Terminate session

This is a standard disconnect request that does not require a VSA

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ahollifield
VIP
VIP

‎07-23-2021 09:09 AM

Change the global CoA type to port bounce.  You can also specify a specific CoA result for a particular policy.

Go to solution
EdouardZorrilla0939
Level 1
Level 1
In response to ahollifield

‎07-23-2021 01:11 PM

Hello Aholli, where in a policy can the CoA be specified.

 

Thanks,

Go to solution
saxenanitesh8522
Level 4
Level 4
In response to EdouardZorrilla0939

‎07-24-2021 10:17 AM

hi,

in the authorization policy you can change the coa 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html

CoA Request Commands Supported on the Device

Command

Cisco VSA

Bounce host port

Cisco:Avpair=“subscriber:command=bounce-host-port”

Disable host port

Cisco:Avpair=“subscriber:command=disable-host-port”

Reauthenticate host

Cisco:Avpair=“subscriber:command=reauthenticate”

Terminate session

This is a standard disconnect request that does not require a VSA

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎07-25-2021 05:04 PM - edited ‎07-25-2021 05:05 PM

Keep in mind that bouncing the port will likely not solve the issue of an endpoint requesting a new IP address after a dynamic VLAN assignment if that is your goal. Bouncing the port will clear the RADIUS session, so the entire process starts over. You'll likely see the exact same issue after the port bounce due to the race condition between the time the endpoint requests an IP address and the dynamic VLAN assignment happens again. More than likely, you'll just end up in a loop of port bouncing.

If your endpoint is connected behind a phone, the port bounce will also reboot the phone as the POE power also bounces.

If your goal is to mitigate DHCP issues with dynamic VLAN assignment, see the post below for suggestions.

802.1x New IP address after CoA 

Customers Also Viewed These Support Documents