Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
0
Helpful
3
Replies

C1300 and ISE Change of Authorization

JonatanSitter
Level 1
Level 1

‎03-24-2025 09:02 AM

Hi community,

we are having troubles with C1300 and Change of Authorization through Cisco ISE.
The behaviour is as follows:
When an endpoint gets profiled and gets a new identity group, ISE automatically sends out a CoA with port bounce.
This gets rejected by the C1300 because of "%RADIUS-I-CoAREJECT: CoA Request from 192.168.9.219 rejected. Reason: Unsupported Attribute".

When the CoA is triggered manually from Context Visibility - Endpoints - Change Authorization - CoA Port Bounce, the port is bounced without issueds.

What we are seeing in the packed capture is that the attribute "Calling-Station-ID" is written with ":" delimiter when the CoA is sent automatically and with "-" delimiter when it's sent manually.

AVP: t=Calling-Station-Id(31) l=19 val=00:xx:xx:xx:xx:xx -> gets rejected.

AVP: t=Calling-Station-Id(31) l=19 val=00-xx-xx-xx-xx-xx -> is successful.

When testing the same with a Catalyst 9300L, both CoA are successful even though the delimiter is also different.

Seems like the C1300 can't handle the CoA packet when the calling station ID has ":" as a delimiter.

Should this be raised to TAC?

Thanks in advance.

BR

Jonatan

 

Labels:
0 Helpful
3 Replies 3

marce1000
Hall of Fame
Hall of Fame

‎03-24-2025 09:45 AM

 

@JonatanSitter                    Should this be raised to TAC?
                              Probably but also look at the current firmware being used and compare the issue
                              against the latest available (if not yet done)

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

JonatanSitter
Level 1
Level 1

‎03-25-2025 01:10 AM

@marce1000 unfortunately we are already on the newest firmware Release 4.1.6.54 and seeing the issues there.

I'll open a TAC case.

0 Helpful

marce1000
Hall of Fame
Hall of Fame
In response to JonatanSitter

‎03-25-2025 03:39 AM

 

@JonatanSitter       Ok , keep us posted on developments ,

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card