Meraki Support for ANC

paul · ‎04-05-2019

I was doing some ANC policies at a customer yesterday and noticed that Meraki doesn't seem to support any of the CoA types used by the ANC policies (terminate, disconnect- port bounce, disconnect- shutdown). So when I am doing ANC policy assignment with Meraki I have to assign the policy, wait for the RADIUS error then do a manual CoA Reauth from either the context visibility screen or live sessions.

Is this a known issue with Meraki? Is there a way to code a custom ANC action that does a CoA Reauth? I couldn't find one.

Timothy Abbott · ‎04-05-2019

Paul,

This is something that Meraki will have to implement on their end.

Regards,
-Tim

paul · ‎04-05-2019

Meraki has support for CoA Reauth. We should have the option to setup an ANC action that does a CoA Reauth. The only options we have in ISE currently are:

Quarantine- CoA Terminate
Port Bounce- CoA Disconnect- Port Bounce
Shutdown- CoA Disconnect- Shutdown

It is a similar problem I think we used to have with the Hotspot portal. For the longest time it was CoA Terminate, we complained about how disruptive that was to clients and now we can set Hotspot portal to do CoA Reauth instead which is the right setup.

Doing a CoA Terminate when the Quarantine action is the same concept. There is no reason to issue a terminate. All we want is the device to reauthenticate so we can enact our ANC policy based rules.

I know Meraki should support more CoA types, but we should have a CoA reauth option or the Quarantine action should just be changed to Reauth. There is never a reason to terminate there.