Switching and Routing
1827473 Members
1609 Online
109965 Solutions
New Discussion

CoA not working

 
Dinesh4
Occasional Advisor

CoA not working

Hi All,

 

Configuring the MAB for IP phone was successful and I can get the IP phones to a right voice VLAN using the authz profile.

 

Now what happens is that, when I connect a computer behind the IP phone,

Authentication is successful

Goes for compliance check

Comes out of compliant

 

But,when I check ISE live logs, it still shows :

ConfigVersionId

7199

Device CoA type

RFC 5176

Device CoA port

3799

NetworkDeviceProfileId

26b0501b-9e48-48c7-b8c4-99a0e791bcca

IsThirdPartyDeviceFlow

true

HP-Port-Bounce-Host

12

AcsSessionID

58d8f8f8-04f7-451b-bc21-3d36b63adfe2

CoASourceComponent

Posture

CoAReason

posture status changed

CoAType

Reauthentication

Network Device Profile

HPWired_CoA_Bounce_H3C

Software Version

Unknown

Location

Location#All Locations

Device Type

Device Type#All Device Types

Device IP Address

10.226.232.23

 

But the computer shows that its limited connectivity.

 

If I connect the computer directly to the switch port, computer goes to compliant state and access is granted as per the policy.

 

I am using the following:

 

Cisco Identity Service ver 2.3.0.298 patch 3

Switch Hp H3C Comware 7

 

Port config:

interface GigabitEthernet1/0/5

port link-type hybrid

undo port hybrid vlan 1

port hybrid vlan 230 untagged

port hybrid pvid vlan 230

voice-vlan 260 enable

mac-vlan enable

undo stp enable

stp edged-port

undo lldp enable

port bridge enable

poe enable

undo dot1x handshake

dot1x handshake reply enable

undo dot1x multicast-trigger

dot1x unicast-trigger

dot1x re-authenticate server-unreachable keep-online

mac-authentication re-authenticate server-unreachable keep-online

mac-authentication host-mode multi-vlan

mac-authentication parallel-with-dot1x

port-security port-mode userlogin-secure-or-mac-ext

 

Is there something that I am missing here?

Any ideas?