I have a deployment design that I'm trying to get working related to ISE deploying interface templates in authorization profiles.  The intent behind this is to configure all access ports for the most common usage scenario (e.g. end-users, phones) and then dynamically change the switchports based on the niche cases (e.g. security devices, access points).

I am able to get this working for the most part, but the only way I can get WAP's to dynamically update the interface template is by using the 'access-session interface-template sticky' command.  This command causes the last dynamic interface template to remain associated with the interface, even after the device has been removed, which is not preferred.  The better option would be to use 'access-session interface-template sticky timer XX', which would unbind the dynamic template when the timer expires, after the device has been disassociated/removed from the interface.  However, in my lab scenarios it seems that the 'timer' variant of the command is not retaining the dynamic interface template through the association process and removes the dynamic template after the timer expires (which the timer starts upon endpoint association).  Example:  WAP connects and authorizes with the standard interface template, the dynamic interface template is applied via the authorization policy and then without any interfaces changes, the dynamic interface will be removed from the port after XX seconds (i.e. the WAP maintains a persistent connection with the interface, but the dynamic template is still removed).

I trying to understand if this is a bug or if there is some other configuration element that needs to be added, that I'm missing.  I have a case that has been open, on the timer question, for five months with no progress.

Any assistance would be appreciated.