Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
1
Replies

Specify a Network device profile on ANC change via COA?

vivarock12
Level 1
Level 1

‎06-26-2023 01:47 PM

i have the following configuration

  • network device profile:

vivarock12_0-1687811569645.png

vivarock12_1-1687811589915.png

vivarock12_2-1687811618151.png

vivarock12_3-1687811632184.png

vivarock12_4-1687811667840.png

  • this is the authorization profile being use by the ANC policy sent from de Stealtwatch to the ISE

vivarock12_5-1687811732280.png

this are the global policy Exceptions on the Policy sets for this Result profiles:

vivarock12_6-1687811812990.png

 

Is there any way to make the requests that come from Stealtwatch to the ISE (after they are integrated) that is redirected to the the aruba switch to use the DEVIE PROFILE specify before and not the CISCO-AVPAIR parameter that aruba dont understand?

vivarock12_7-1687812002345.png

vivarock12_8-1687812015719.png

vivarock12_9-1687812020814.png

vivarock12_10-1687812030522.png

this is the operations live logs

vivarock12_11-1687812276103.png

 

any idea or is just not posiible?

0 Helpful
1 Reply 1

Aref Alsouqi
VIP
VIP

‎07-01-2023 12:36 AM - edited ‎07-01-2023 12:38 AM

I think you would need to add the calling station ID and the NAS IP address attributes to the RFC5176 section in the CoA section, otherwise can't see how this would work without them.

0 Helpful
Customers Also Viewed These Support Documents