I have ISE implemented for Wired 802.1x user/computer auth and fail through to sponsored guest portal. After successful login to the guest portal the vlan on the port changes from 902 to 500 which is a L2 connection to the internet. The problem is that the VLAN changes when the new policy applies to the switchport but the client keeps the old IP on 902 but policy changed the port to 500. I have the global CoA setting set to "port bounce" but I never see the port bounce. Does anyone have this working properly?
If I use my MacBook as a guest, perform the authentication, unplug the network cable and plug back in I get on the correct VLAN 500. Tried the same on a windows machine and it did not work.
If you use 'debug aaa coa' on the switch, or look at dynamic authorization event type logs in ISE, do you see the port bounce action being sent, or is it reauthenticate action?
The Global CoA option you are referencing (Administration > System > Settings > Profiling) is the global default for for Profiling Policies. If your device is already profiled, you will not see a port bounce.
You may need to enable the VLAN DHCP Release on the portal page.