Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
734
Views
0
Helpful
3
Replies

Ensure DACL update is pulled down by specific devices

paynewj
Level 1
Level 1

‎09-07-2023 02:02 PM

I noticed that a change I made to a DACL about 2 weeks prior had not been applied to the port that a printer was connected to. I had to manually clear the auth session before the change was applied to the port. This DACL change will need to be applied to all the printers in our environment before we can move forward with a separate change.

Is there a way to force all devices that match a certain authorization profile to reauthenticate? Or is there some other way to ensure that all the necessary devices have pulled down the updated DACL? 

0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎09-07-2023 02:06 PM - edited ‎09-10-2023 11:10 AM

@paynewj apply a reauthentication timer via ISE to each session, once the timer expires the session will be reauthorised and any updates applied.

0 Helpful

paynewj
Level 1
Level 1
In response to Rob Ingram

‎10-11-2023 01:38 PM

Thanks for the response @Rob Ingram. I set a reauth timer on the authorization profile that's used for printers in our environment, but that did not work. Several printers that I checked only show the old dACL. The only way that I've been able to get them to reauth is to bounce the port. 

0 Helpful

Rob Ingram
VIP
VIP
In response to paynewj

‎10-11-2023 01:45 PM

@paynewj

The switch interface must be configured with "authentication timer reauthenticate server" command in order to download the timer from ISE. Do you have that configured aswell?

You can determine it's working using "show authentication session interface gi1/0/1 details"

0 Helpful
Customers Also Viewed These Support Documents