Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1429
Views
10
Helpful
3
Replies

force clients to use new ISE DACL

Go to solution
tachyon05
Level 1
Level 1

‎10-24-2022 08:34 AM

After changing ISE DACL in the ISE GUI, end user devices don't seem to get the updated DACL until I initiate a port bounce.  That requires either a COA in ISE or SHUT/NO SHUT the port on an access switch, but this works for one end user device at a time.  

Is there a way to force a COA on all ports with an active session that is subject to this DACL, both on demand and on a schedule?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ahollifield
VIP
VIP

‎10-24-2022 10:39 AM

Maybe through the API?  Otherwise yes pushing a new dACL requires a new authentication request.  You can trigger that by manually sending a CoA re-auth to the NAD or by manually bouncing the port.

View solution in original post

Go to solution
ahollifield
VIP
VIP
In response to tachyon05

‎10-24-2022 10:52 AM

This is a manual process from Context Visibility.

View solution in original post

3 Replies 3

Go to solution
ahollifield
VIP
VIP

‎10-24-2022 10:39 AM

Maybe through the API?  Otherwise yes pushing a new dACL requires a new authentication request.  You can trigger that by manually sending a CoA re-auth to the NAD or by manually bouncing the port.

Go to solution
tachyon05
Level 1
Level 1
In response to ahollifield

‎10-24-2022 10:49 AM

Thanks.  Would you please share how to "sending a CoA re-auth to the NAD?

Is there way to force CoA for only devices in 1 MAB group and not any other MAB or any 802.1x clients?

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to tachyon05

‎10-24-2022 10:52 AM

This is a manual process from Context Visibility.

Customers Also Viewed These Support Documents