Cisco stated that a port

MRCobb · ‎07-25-2017

I have ISE implemented for Wired 802.1x user/computer auth and fail through to sponsored guest portal. After successful login to the guest portal the vlan on the port changes from 902 to 500 which is a L2 connection to the internet. The problem is that the VLAN changes when the new policy applies to the switchport but the client keeps the old IP on 902 but policy changed the port to 500. I have the global CoA setting set to "port bounce" but I never see the port bounce. Does anyone have this working properly?

If I use my MacBook as a guest, perform the authentication, unplug the network cable and plug back in I get on the correct VLAN 500. Tried the same on a windows machine and it did not work.

Report Inappropriate Content · ‎07-25-2017

If you use 'debug aaa coa' on the switch, or look at dynamic authorization event type logs in ISE, do you see the port bounce action being sent, or is it reauthenticate action?

MRCobb · ‎07-27-2017

Cisco stated that a port bounce does not get sent when using the portal. I will check this out as well. Thank you for the reply!

Charlie Moreton · ‎07-26-2017

The Global CoA option you are referencing (Administration > System > Settings > Profiling) is the global default for for Profiling Policies. If your device is already profiled, you will not see a port bounce.

You may need to enable the VLAN DHCP Release on the portal page.

MRCobb · ‎07-27-2017

Thank you for the response! I will give this a try.

ISE CoA VLAN Change