Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1208
Views
5
Helpful
6
Replies

ISE 2.4 Wired 4500 switch COA not working after compliant status.

Go to solution
joeharb
Level 5
Level 5

‎11-09-2018 09:31 AM

We are testing Posturing wired workstations, but the COA is not working...

 

I see the switch receive the COA:

 

Nov 9 17:21:16.119: RADIUS: Received from id 1646/42 10.4.37.151:1813, Accounting-response, len 20
Nov 9 17:21:36.436: RADIUS: COA received from id 15 10.4.37.151:50666, CoA Request, len 180
Nov 9 17:21:36.436: RADIUS: Unable to find client with addr 10.4.37.151, tableid 2
Nov 9 17:21:41.439: RADIUS: COA received from id 15 10.4.37.151:50666, CoA Request, len 180
Nov 9 17:21:41.439: RADIUS: Unable to find client with addr 10.4.37.151, tableid 2

 

Not sure why the client's addr is seen as 10.4.37.151, that is the ISE server.

 

Any Suggestions?

 

Joe

 

Preview file
63 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Surendra
Cisco Employee
Cisco Employee
In response to joeharb

‎11-09-2018 11:14 AM

Do you have vrf configured for RADIUS requests by any chance? A running configuration for at least the radius servers configuration would help. I would also suggest to remove and add the dynamic-author config again and see if it helps.

View solution in original post

Go to solution
gbekmezi-DD
Level 5
Level 5
In response to joeharb

‎11-09-2018 01:38 PM

Hey Joe, good question. I suggests marking this one as solved and opening a new thread to help future searches.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
joeharb
Level 5
Level 5
In response to gbekmezi-DD

‎11-09-2018 09:48 AM

Yes...

aaa server radius dynamic-author
client 10.4.37.151 server-key 7 XXXXXXXXX

 

I also see this when debugging aaa coa

 

 

: COA: 10.4.37.151 client not configured. Dropping COA packet

0 Helpful

Go to solution
Surendra
Cisco Employee
Cisco Employee
In response to joeharb

‎11-09-2018 11:14 AM

Do you have vrf configured for RADIUS requests by any chance? A running configuration for at least the radius servers configuration would help. I would also suggest to remove and add the dynamic-author config again and see if it helps.

Go to solution
joeharb
Level 5
Level 5
In response to Surendra

‎11-09-2018 11:27 AM

That was it...

I have removed it before and added it...but this time I did a question mark and able to specify the VRF.

 

Thanks so much...

 

Joe

0 Helpful

Go to solution
joeharb
Level 5
Level 5
In response to joeharb

‎11-09-2018 01:36 PM

Everything is working as expected...I have added to more Posture Policy Requirements to the existing policy, but the client is not updating it's checks, it still only see's the original 2 required.  Is there a mechanism to force the client to update the posture policy?

 

Thanks,

 

Joe

0 Helpful

Go to solution
gbekmezi-DD
Level 5
Level 5
In response to joeharb

‎11-09-2018 01:38 PM

Hey Joe, good question. I suggests marking this one as solved and opening a new thread to help future searches.
0 Helpful
Customers Also Viewed These Support Documents