cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1296
Views
0
Helpful
4
Replies
Enthusiast

ISE CoA VLAN Change

I have ISE implemented for Wired 802.1x user/computer auth and fail through to sponsored guest portal.  After successful login to the guest portal the vlan on the port changes from 902 to 500 which is a L2 connection to the internet.  The problem is that the VLAN changes when the new policy applies to the switchport but the client keeps the old IP on 902 but policy changed the port to 500.  I have the global CoA setting set to "port bounce" but I never see the port bounce.  Does anyone have this working properly?

 If I use my MacBook as a guest, perform the authentication, unplug the network cable and plug back in I get on the correct VLAN 500.  Tried the same on a windows machine and it did not work.  

4 REPLIES 4
Not applicable

If you use 'debug aaa coa' on

If you use 'debug aaa coa' on the switch, or look at dynamic authorization event type logs in ISE, do you see the port bounce action being sent, or is it reauthenticate action?

Enthusiast

Cisco stated that a port

Cisco stated that a port bounce does not get sent when using the portal.  I will check this out as well.  Thank you for the reply!  

Cisco Employee

The Global CoA option you are

The Global CoA option you are referencing (Administration > System > Settings > Profiling) is the global default for for Profiling Policies.  If your device is already profiled, you will not see a port bounce.

You may need to enable the VLAN DHCP Release on the portal page.

Highlighted
Enthusiast

 Thank you for the response!

 Thank you for the response!  I will give this a try.