https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-forescout-coa-reauth-to-voss-9-2-5320-switch/m-p/120216#M3055 <P># EAP CONFIGURATION<BR />#</P><P>eapol auto-isid-offset 9900000<BR />eapol auto-isid-offset enable<BR />eapol enable</P><P>&nbsp;</P><P>interface GigabitEthernet 1/3<BR />default-vlan-id 32<BR />name "dot1x"<BR />no shutdown<BR />slpp-guard enable<BR />spanning-tree bpduguard enable</P><P>spanning-tree mstp edge-port true<BR />no spanning-tree mstp force-port-state enable<BR />eapol guest-vlan 32<BR />eapol fail-open-vlan 32<BR />eapol guest-isid 1000032<BR />eapol fail-open-isid 1000032<BR />eapol radius-dynamic-server enable<BR />eapol status auto<BR />eapol multihost radius-non-eap-enable<BR />eapol re-authentication-period 28800<BR />eapol re-authentication enable<BR />eapol traffic-control in</P><P># RADIUS CONFIGURATION<BR />#</P><P>radius server host 192.168.22.21 key ****** priority 1 retry 2 timeout 3<BR />no radius server host 192.168.22.21 used-by cli acct-enable<BR />radius server host 192.168.24.21 key ****** priority 2 retry 2 timeout 3<BR />no radius server host 192.168.24.21 used-by cli acct-enable<BR />radius server host 192.168.22.20 key ****** used-by eapol priority 1 retry 2 timeout 3<BR />radius server host 192.168.24.20 key ****** used-by eapol priority 2 retry 2 timeout 3<BR />radius server host 192.168.22.21 key ****** used-by web priority 1 retry 2 timeout 3<BR />no radius server host 192.168.22.21 used-by web acct-enable<BR />radius server host 192.168.24.21 key ****** used-by web priority 2 retry 2 timeout 3<BR />no radius server host 192.168.24.21 used-by web acct-enable</P><P>radius enable<BR />radius accounting enable<BR />radius maxserver 6<BR />radius reachability keep-alive-timer 30 unreachable-timer 30<BR />radius reachability mode status-server<BR />radius dynamic-server client 192.168.22.20 secret ****** enable<BR />radius dynamic-server client 192.168.24.20 secret ****** enable</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 05 Sep 2025 12:08:03 GMT NikAll 2025-09-05T12:08:03Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-forescout-coa-reauth-to-voss-9-2-5320-switch/m-p/120194#M3049 <P>Hey team<BR /><BR /></P><P>I am running Forescout as a NAC and when a client via Dot1x gets access to the network and Forescoute sends a CoA message i se the switch accept it but its no kicking out the client until i remove the cable and put it back in.&nbsp;<BR /><BR />Sometimes mulitble times until it enters the correct Client VLAN.&nbsp;</P><P>i am Useing freeradius.internal</P><P>attribute "Send-CoA-Type"&nbsp;<BR /><BR />Session-Reauthenticate<BR />and also tested Reauthenticate.</P><P>&nbsp;</P><P>Anyone manage to solve this?&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 02 Sep 2025 14:21:07 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-forescout-coa-reauth-to-voss-9-2-5320-switch/m-p/120194#M3049 NikAll 2025-09-02T14:21:07Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-forescout-coa-reauth-to-voss-9-2-5320-switch/m-p/120206#M3051 <P>What does your configuration on the switch look like?<BR /><BR />Looking at my own NAC config it's using the standard COA delimited radius responses so I don't see much of an issue there, it should be comparable to what you are sending.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Brent_Addis_0-1756940023754.png" style="width: 400px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/9175iF5FE6DE87913BFC5/image-size/medium?v=v2&amp;px=400" role="button" title="Brent_Addis_0-1756940023754.png" alt="Brent_Addis_0-1756940023754.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 03 Sep 2025 22:59:35 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-forescout-coa-reauth-to-voss-9-2-5320-switch/m-p/120206#M3051 Brent_Addis 2025-09-03T22:59:35Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-forescout-coa-reauth-to-voss-9-2-5320-switch/m-p/120216#M3055 <P># EAP CONFIGURATION<BR />#</P><P>eapol auto-isid-offset 9900000<BR />eapol auto-isid-offset enable<BR />eapol enable</P><P>&nbsp;</P><P>interface GigabitEthernet 1/3<BR />default-vlan-id 32<BR />name "dot1x"<BR />no shutdown<BR />slpp-guard enable<BR />spanning-tree bpduguard enable</P><P>spanning-tree mstp edge-port true<BR />no spanning-tree mstp force-port-state enable<BR />eapol guest-vlan 32<BR />eapol fail-open-vlan 32<BR />eapol guest-isid 1000032<BR />eapol fail-open-isid 1000032<BR />eapol radius-dynamic-server enable<BR />eapol status auto<BR />eapol multihost radius-non-eap-enable<BR />eapol re-authentication-period 28800<BR />eapol re-authentication enable<BR />eapol traffic-control in</P><P># RADIUS CONFIGURATION<BR />#</P><P>radius server host 192.168.22.21 key ****** priority 1 retry 2 timeout 3<BR />no radius server host 192.168.22.21 used-by cli acct-enable<BR />radius server host 192.168.24.21 key ****** priority 2 retry 2 timeout 3<BR />no radius server host 192.168.24.21 used-by cli acct-enable<BR />radius server host 192.168.22.20 key ****** used-by eapol priority 1 retry 2 timeout 3<BR />radius server host 192.168.24.20 key ****** used-by eapol priority 2 retry 2 timeout 3<BR />radius server host 192.168.22.21 key ****** used-by web priority 1 retry 2 timeout 3<BR />no radius server host 192.168.22.21 used-by web acct-enable<BR />radius server host 192.168.24.21 key ****** used-by web priority 2 retry 2 timeout 3<BR />no radius server host 192.168.24.21 used-by web acct-enable</P><P>radius enable<BR />radius accounting enable<BR />radius maxserver 6<BR />radius reachability keep-alive-timer 30 unreachable-timer 30<BR />radius reachability mode status-server<BR />radius dynamic-server client 192.168.22.20 secret ****** enable<BR />radius dynamic-server client 192.168.24.20 secret ****** enable</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 05 Sep 2025 12:08:03 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/nac-forescout-coa-reauth-to-voss-9-2-5320-switch/m-p/120216#M3055 NikAll 2025-09-05T12:08:03Z