07-10-2017 01:43 AM
Hi,
According to our famous Cisco Identity Services Engine Network Component Compatibility, Release 2.2 - Cisco we do require Radius CoA for many functions:
Whouldn't it be more accurate to say that we require CoA instead of Radius CoA? We now have SNMP CoA.
Regards
Roman
Solved! Go to Solution.
07-10-2017 03:33 AM
In general, that is correct, but not all flows and use cases that entail CoA have been validated using SNMP such as MDM, TrustSec, and ANC operations. Also, due to the fact that SNMP CoA does not allow for a "soft" reauth or push, the client connection is typically disruptive (port shut/no shut) and relies on what I termed "session stitching" to bind the pre- and post-CoA sessions. This logic is linked to specific flows.
Similarly, URL Redirection with walled garden approach was not validated for all redirect flows (more specifically MDM) but that is more of a test exercise since the basic principles should apply to any session that requires redirection.
/Craig
07-10-2017 01:46 AM
BTW, the same applies to URL Redirect with the Walled Garden approach...
07-10-2017 03:33 AM
In general, that is correct, but not all flows and use cases that entail CoA have been validated using SNMP such as MDM, TrustSec, and ANC operations. Also, due to the fact that SNMP CoA does not allow for a "soft" reauth or push, the client connection is typically disruptive (port shut/no shut) and relies on what I termed "session stitching" to bind the pre- and post-CoA sessions. This logic is linked to specific flows.
Similarly, URL Redirection with walled garden approach was not validated for all redirect flows (more specifically MDM) but that is more of a test exercise since the basic principles should apply to any session that requires redirection.
/Craig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide