Solved: ISE trigger auto CoA

ivan.yeung · ‎11-23-2020

Dear Sir,

im testing CoA of ISE.

if a policy is changed after user is authenticated, how can ISE trigger auto CoA to re-authenticate or port bounce? so the user get re-authenticate immediately instead of i need to press "session re-authenticate" every time in live session?

Regards,

Ivan

Greg Gibbs · ‎11-23-2020

In short, there needs to be a significant enough change in the endpoint profile as well as an Authorization Policy that matches the end state profile for the CoA to automatically effect the session authorization state.

See the ISE Profiling Design Guide for much more detail and examples.

View solution in original post

Mohammed al Baqari · ‎11-23-2020

Hi,

After the initial authentication, ISE starts profiling the machine.
Depending on the matching profiling policy, ISE will trigger CoA to re
authenticate in order to apply any authorization policy matching the new
profile.

The action of CoA to bounce port is configurable on ISE from Administration
> Settings > Profiling > CoA Action

***** please remember to rate useful posts

ivan.yeung · ‎11-23-2020

Hi Mohammed,

i have configured

Administration> Settings > Profiling > CoA Action > Port Bounce. however nothing have happened.

is there anything i can config with profiling policy to trigger CoA immediately?

Regards,

Ivan

Greg Gibbs · ‎11-23-2020

In short, there needs to be a significant enough change in the endpoint profile as well as an Authorization Policy that matches the end state profile for the CoA to automatically effect the session authorization state.

See the ISE Profiling Design Guide for much more detail and examples.