Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
0
Helpful
1
Replies

PassiveID and CoA

vfranjic
Cisco Employee
Cisco Employee

‎05-24-2019 07:37 AM

Dear all,

 

we have customer with ISE 2.4 Patch 7. They are using:

 

1. 802.1x with Machine Certs

2. PassiveID

 

Session table in ISE displays UserName as AD username (got that from PassiveID). Problem is when we try to implement CoA switch doesn' react to CoA request from ISE (no valid session found on switch). 

When we turn off PassiveID, CoA starts to work properly and Switch reacts to CoA request. Problem is that UserName now is FQDN (got that from 802.1x Machine Cert).

 

Why is CoA not working with PassiveID and is there any possiblity to make them work together?

 

Regards,

Vedran Franjic.

0 Helpful
1 Reply 1

Jason Kunst
Cisco Employee
Cisco Employee

‎05-24-2019 07:57 AM

I would recommend looking at the following guide
https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

Make sure you have a valid MAB session on the switch.
Look at the guide for easy connect
https://www.google.com/search?q=easy%20connect%20ise%20wired

If still issues work through tac to see what is going on
0 Helpful
Customers Also Viewed These Support Documents