Hi, I am trying to clear up a VLAN change/IP addressing conflict and have configured the profile's associated CoA type to 'port bounce'. I also created an exception action to force CoA with an associate rule in the policy.
I can see the device hit the correct profile upon MAB, and the correct VLAN is applied to the port. However, I never see the port bounce occuring, so the deviec does not know to release/renew it's IP address.
Is there something I'm missing to get the CoA port bounce to happen? Here is my switchport config...
switchport access vlan 32
switchport mode access
switchport voice vlan 64
ip access-group ACL-ALLOW in
logging event link-status
authentication event fail action next-method
authentication event server dead action authorize vlan 2700
authentication event server alive action reinitialize
I did, but my issue was not related to the port bounce itself. It was because arp inspection was identifying the arp based off the ports initial VLAN. Once ISE changed the VLAN, ip arp was denying the port because the address had changed. I disabled arp inspection and it cleared up the issue.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...