I've been able to assign a VLAN/DACL from ISE to a 3750X but have lost the ability recently. Trial and error but I'm not sure what I'm missing. Can initiate reauthentication from ISE and watch the client connect again but CoA not assigning the VLAN/DACL in the Authorization profile it's getting. Running 3.2p4. Any suggestions would be appreciated. Thank you
Result
| User-Name | LAB |
| Class | CACS:AC1001010000003D08BE84D7:ise3/501715659/73 |
| Tunnel-Type | (tag=1) VLAN |
| Tunnel-Medium-Type | (tag=1) 802 |
| Tunnel-Private-Group-ID | (tag=1) 100 |
| EAP-Key-Name | 0d:66:10:7f:5e:77:57:8c:6f:ef:db:c2:cf:57:38:74:46:44:10:eb:2f:3c:18:f8:5b:d6:90:d2:a2:2c:18:69:f8:fb:51:4f:13:2e:3a:4c:6a:d9:77:85:ed:09:25:7d:11:62:cd:f7:81:5d:2f:be:a8:26:a1:f7:d1:d9:cf:2e:ce |
| cisco-av-pair | ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-PERMIT_ALL_IPV4_TRAFFIC-57f6b0d3 |
| MS-MPPE-Send-Key | **** |
| MS-MPPE-Recv-Key | **** |
| LicenseTypes | Essential license consumed. |
3750X#show access-session int gi 1/0/20 de
Interface: GigabitEthernet1/0/20
MAC Address: 0050.569c.0c42
IPv6 Address: Unknown
IPv4 Address: 172.16.50.8
User-Name: LAB
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Restart timeout: N/A
Periodic Acct timeout: 172800s (local), Remaining: 157395s
Common Session ID: AC1001010000003D08BE84D7
Acct Session ID: 0x000001FA
Handle: 0x3000002C
Current Policy: ISE-POLICY
Server Policies:
Security Policy: None
Security Status: Link Unsecure
Method status list:
Method State
dot1x Authc Success
mab Stopped
CoA is configured on switch. NAD in ISE is using the same radius key on port 1700.
aaa server radius dynamic-author
client 172.16.1.11 server-key RADIUS
