Hello,
We have installed Cisco ISE 2.2 as our NAC system.
After Posturing the ISE send a COA packet to the 2960-X switch.
But we see COA failed with the following result:
Result
| RadiusPacketType |
CoANAK |
| Reply-Message |
No valid Session |
| Error-Cause |
Session Context Not Found |
Our Switch configuration:
aaa new-model
aaa group server radius radius_ISE-PSN
server name ISE-PSN-01
server name ISE-PSN-02
aaa authentication dot1x default group radius_ISE-PSN
aaa authorization network default group radius_ISE-PSN
aaa accounting delay-start all
aaa accounting update periodic 120
aaa accounting auth-proxy default start-stop group radius_ISE-PSN
aaa accounting dot1x default start-stop group radius_ISE-PSN
aaa server radius dynamic-author
client 1.1.1.1
client 1.1.1.2
server-key <KEY>
auth-type all
aaa session-id common
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server attribute 31 mac format ietf upper-case
radius-server attribute 31 send nas-port-detail mac-only
radius-server dead-criteria time 5 tries 3
radius-server retransmit 5
radius-server deadtime 10
radius-server accounting system host-config
radius server ISE-PSN-01
address ipv4 1.1.1.1 auth-port 1645 acct-port 1646
key <KEY>
radius server ISE-PSN-02
address ipv4 11.1.1.2 auth-port 1645 acct-port 1646
key <KEY>
interface GigabitEthernet1/0/21
switchport access vlan 1
switchport mode access
authentication host-mode multi-host
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
show version
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2)EX4
Any ideas why the COA fails?
Thanks!
