This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

expected Radius Attributes for CoA Reauth (Cisco ISE and X440-G2)

expected Radius Attributes for CoA Reauth (Cisco ISE and X440-G2)

StefanS
New Contributor

‎06-05-2022 05:11 AM

Hi Communtiy,
since 22.1 the CoA feature are supported in the Summit software. 
At the moment we are facing the challenge of bringing several X440-G2 switches into the ISE NAC environment.
The network device profile for Extreme works so far but CoA shows a very unreliable behavior as only a CoA disconnect according to RFC5176 works.
Does the Summit series in version 31.5 also support Reauth?
Radius attributes for Disconnect and Reauth can be configured in the Network Device Profile of the ISE.
Since disconnect works I assume that the radius configuration on the switch is basically correct.
Unfortunately I can't find any documentation for Exos which attributes are expected from the switch? Does the CoA Reauth Request need to include other AVPs besides Calling-Station-ID, NAS-IP-Address and Timestamp?
Thanks a lot for your help,
Stefan



0 Kudos
2 REPLIES 2

StefanS
New Contributor

‎06-06-2022 06:17 AM

Hi Community,
supplementary to my question the info that the timestamp was already added as AVP and the time is also identical on ISE and Switch.
The switch sends back a CoA-NaK with the note missing-attributes.
Stefan
0 Kudos

Miguel-Angel_RO
Valued Contributor II
In response to StefanS

‎06-07-2022 01:00 AM

Here what XMC is sending:
e53d23ebaae342539cc329e0321b5d1a.pngMig
0 Kudos
GTM-P2G8KFN