Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cannot get CoA switch to bounce port

Hi, I am trying to clear up a VLAN change/IP addressing conflict and have configured the profile's associated CoA type to 'port bounce'. I also created an exception action to force CoA with an associate rule in the policy.

I can see the device hit the correct profile upon MAB, and the correct VLAN is applied to the port. However, I never see the port bounce occuring, so the deviec does not know to release/renew it's IP address.

Is there something I'm missing to get the CoA port bounce to happen? Here is my switchport config...

interface GigabitEthernet1/5

description ISE_TEST

switchport access vlan 32

switchport mode access

switchport voice vlan 64

ip access-group ACL-ALLOW in

logging event link-status

authentication event fail action next-method

authentication event server dead action authorize vlan 2700

authentication event server alive action reinitialize

authentication host-mode multi-auth

authentication open

authentication order dot1x mab

authentication priority dot1x mab

authentication port-control auto

authentication periodic

authentication timer restart 600

authentication timer reauthenticate server

authentication violation restrict

mab

dot1x pae authenticator

dot1x timeout tx-period 5

service-policy input QoS-Input-Policy

service-policy output QoS-Host-Port-Output-Policy

end

3 REPLIES

please see the Port Bounce

please see the Port Bounce Configuration guide:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html#wp2021892

Community Member

Did you fix this?

Did you fix this?
Community Member

I did, but my issue was not

I did, but my issue was not related to the port bounce itself. It was because arp inspection was identifying the arp based off the ports initial VLAN. Once ISE changed the VLAN, ip arp was denying the port because the address had changed. I disabled arp inspection and it cleared up the issue.

954
Views
0
Helpful
3
Replies
CreatePlease to create content