Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Also, should keep in mind any VLAN change to force client to renew IP can be only accomplished in blocking mode or pre-auth ACL blocking DHCP response from server and a macro/EEM to remove it after authorization. It also introduces delay and some use...
I agree, I would skip low impact mode if vlan enforcement is needed, it make little sense anyway. Closed mode moves between vlans and dhcp renew does work without issues.
Which portion of the config from ISE are you interested in?Switchside is pretty standard closed mode. We cannot have VLAN move and DHCP Guest in Low Impact mode for it introduces catch 22 logic problem: client needs an IP to get to captive portal and...
What version of IOS and on which platfrom? If the switches support device sensor, you should remove any ip forwarders, SNMP and let IOS encapsulate all profiling data in radius packets:
Device Sensor ISE Profiling
Also, if memory serves me correc...
Matteo,You would have to change CoA response to be port-bounce which will force the client to re-ip in the guest vlan. It is fully sported feature and has been working fine in my labs. If you need more support, please do reach to your account team, t...
