07-25-2017 07:53 PM - edited 03-11-2019 12:53 AM
I have ISE implemented for Wired 802.1x user/computer auth and fail through to sponsored guest portal. After successful login to the guest portal the vlan on the port changes from 902 to 500 which is a L2 connection to the internet. The problem is that the VLAN changes when the new policy applies to the switchport but the client keeps the old IP on 902 but policy changed the port to 500. I have the global CoA setting set to "port bounce" but I never see the port bounce. Does anyone have this working properly?
If I use my MacBook as a guest, perform the authentication, unplug the network cable and plug back in I get on the correct VLAN 500. Tried the same on a windows machine and it did not work.
07-25-2017 08:53 PM
If you use 'debug aaa coa' on the switch, or look at dynamic authorization event type logs in ISE, do you see the port bounce action being sent, or is it reauthenticate action?
07-27-2017 07:30 AM
Cisco stated that a port bounce does not get sent when using the portal. I will check this out as well. Thank you for the reply!
07-26-2017 04:57 AM
07-27-2017 07:29 AM
Thank you for the response! I will give this a try.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide