Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1242
Views
5
Helpful
2
Replies

MAB + dyn VLAN + Port Bounce

Go to solution
fabian.kaltenschnee
Level 1
Level 1

‎10-10-2019 02:51 AM - edited ‎10-10-2019 04:32 AM

Hola ISE Community,

 

im facing the the following problem. I need a Port Bounce on some Clients after registering with MAB.

 

I can do that easily with options in "Live Sessions"

 

image.png

Everything works fine.

But now i need this to work automatically. So i tried it with the results like this:

image.png

Output Switch:

image.png

So i get the vlan 66 but no port bounce happens.... (ignore "IPv4 Address: Unknown".. there is no DHCP Server in this VLAN, just for testing)

 

Now you. Why does the portbounce not work?

Is something wrong with this command?

image.png

 

Thank you some much for your help.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Mike.Cifelli

‎10-25-2019 03:09 AM

@Mike.Cifelli wrote:
You av-pair looks correct to me. Have you attempted to run debug aaa coa on your NAD? I assume you have properly configured dynamic-author since it works when you trigger it manually. What are you attempting to accomplish with the desired port bounce? Are you unable to potentially profile the devices you wish to have a port bounce, auto register the mac, and setup the profile coa to do a port bounce?

https://cs.co/ise-guides

i recommend checking out the prescriptive wired guides and profiler guides

 

I don't think its going to work with port bounce, what do you expect the flow to do? If you bounce the port you come back again and get into a loop? You need to put the endpoints into a group with vlan assigned to that group

 

if device unknown, profile, assign to profile endpoint group, this will cause a port bounce

if now known endpoint group then assign authz profile with vlan

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎10-10-2019 05:35 AM

You av-pair looks correct to me. Have you attempted to run debug aaa coa on your NAD? I assume you have properly configured dynamic-author since it works when you trigger it manually. What are you attempting to accomplish with the desired port bounce? Are you unable to potentially profile the devices you wish to have a port bounce, auto register the mac, and setup the profile coa to do a port bounce?

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Mike.Cifelli

‎10-25-2019 03:09 AM

@Mike.Cifelli wrote:
You av-pair looks correct to me. Have you attempted to run debug aaa coa on your NAD? I assume you have properly configured dynamic-author since it works when you trigger it manually. What are you attempting to accomplish with the desired port bounce? Are you unable to potentially profile the devices you wish to have a port bounce, auto register the mac, and setup the profile coa to do a port bounce?

https://cs.co/ise-guides

i recommend checking out the prescriptive wired guides and profiler guides

 

I don't think its going to work with port bounce, what do you expect the flow to do? If you bounce the port you come back again and get into a loop? You need to put the endpoints into a group with vlan assigned to that group

 

if device unknown, profile, assign to profile endpoint group, this will cause a port bounce

if now known endpoint group then assign authz profile with vlan

 

0 Helpful
Top