Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
0
Helpful
10
Replies

How ISE Bunce or reauthenticate a port

Go to solution
Hevin27
Level 1
Level 1

‎07-25-2024 01:02 AM

Hi all,

Does anyone know how to set up the authorization profile to bounce ports or re-authenticate sessions? I see that ISE has this feature in Live Session, but I want to use this feature in the authorization policy.

Hevin27_1-1721894107059.png

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Hevin27
Level 1
Level 1

‎08-16-2024 01:01 AM

i found the root case. i need to change this.

Hevin27_1-1723795223171.png

 

View solution in original post

0 Helpful
10 Replies 10

Go to solution
MHM Cisco World
VIP
VIP

‎07-25-2024 04:28 AM

the ISE send CoA to NAD and NAD re-auth or bounce port 
this use only for Guest Client 

MHM

0 Helpful

Go to solution
Hevin27
Level 1
Level 1
In response to MHM Cisco World

‎07-25-2024 06:44 PM

Hi MHM,

Yes, I would like to use this feature for the Guest client. When the guest completes self-registration, the guest's device is automatically registered to the identity group, ISE will send a CoA to the NAD to bounce the port, and ISE will assign a new VLAN on this group. I set Cisco:Avpair="subscriber:command=bounce-host-port" as per some documentation, but it doesn't work.

Hevin27_1-1721958149716.png

I also tried macros but it didn't work either.

Hevin27_2-1721958259670.pngHevin27_3-1721958282948.png

 

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Hevin27

‎07-25-2024 06:51 PM

NAD is SW or WLC?

MHM

0 Helpful

Go to solution
Hevin27
Level 1
Level 1
In response to MHM Cisco World

‎07-25-2024 09:11 PM

hi MHM,

it is sw, catalyst 9300

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Hevin27

‎07-26-2024 07:20 AM

https://bst.cisco.com/quickview/bug/CSCvq94660

It bug check cisco for solution.

MHM

0 Helpful

Go to solution
ccieexpert
Spotlight
Spotlight

‎07-25-2024 09:57 AM

it can be done, please read this and caveats:

https://community.cisco.com/t5/network-access-control/coa-type/td-p/4437873

What is your exact use case ?

 

** please rate as helpful if this is useful**

0 Helpful

Go to solution
Hevin27
Level 1
Level 1
In response to ccieexpert

‎07-25-2024 06:46 PM

hi expert,

Thanks for the reply, I also saw this page, unfortunately, it doesn't work.

0 Helpful

Go to solution
PradeepSingh
Level 1
Level 1

‎07-26-2024 01:25 AM

Hi @Hevin27 , Did you check Radius live logs if COA event is happening in logs ? If yes have you configured dynamic author in NAD (Switch) ? Also make sure UDP 1700 is allowed between ISE and switch. 

0 Helpful

Go to solution
Hevin27
Level 1
Level 1
In response to PradeepSingh

‎07-26-2024 08:16 AM

hi @PradeepSingh, Yes, we checked all of them. in the radius live logs, we can see the Cisco:AV-Pair is successfully applied,  and other attributes such as changing the VLAN or granting the DACL can be successfully executed in the same authorization profile, only this av-pair not run.

0 Helpful

Go to solution
Hevin27
Level 1
Level 1

‎08-16-2024 01:01 AM

i found the root case. i need to change this.

Hevin27_1-1723795223171.png

 

0 Helpful
Customers Also Viewed These Support Documents