Switching and Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

CoA not working

 
Dinesh4
Occasional Advisor

CoA not working

Hi All,

 

Configuring the MAB for IP phone was successful and I can get the IP phones to a right voice VLAN using the authz profile.

 

Now what happens is that, when I connect a computer behind the IP phone,

Authentication is successful

Goes for compliance check

Comes out of compliant

 

But,when I check ISE live logs, it still shows :

ConfigVersionId

7199

Device CoA type

RFC 5176

Device CoA port

3799

NetworkDeviceProfileId

26b0501b-9e48-48c7-b8c4-99a0e791bcca

IsThirdPartyDeviceFlow

true

HP-Port-Bounce-Host

12

AcsSessionID

58d8f8f8-04f7-451b-bc21-3d36b63adfe2

CoASourceComponent

Posture

CoAReason

posture status changed

CoAType

Reauthentication

Network Device Profile

HPWired_CoA_Bounce_H3C

Software Version

Unknown

Location

Location#All Locations

Device Type

Device Type#All Device Types

Device IP Address

10.226.232.23

 

But the computer shows that its limited connectivity.

 

If I connect the computer directly to the switch port, computer goes to compliant state and access is granted as per the policy.

 

I am using the following:

 

Cisco Identity Service ver 2.3.0.298 patch 3

Switch Hp H3C Comware 7

 

Port config:

interface GigabitEthernet1/0/5

port link-type hybrid

undo port hybrid vlan 1

port hybrid vlan 230 untagged

port hybrid pvid vlan 230

voice-vlan 260 enable

mac-vlan enable

undo stp enable

stp edged-port

undo lldp enable

port bridge enable

poe enable

undo dot1x handshake

dot1x handshake reply enable

undo dot1x multicast-trigger

dot1x unicast-trigger

dot1x re-authenticate server-unreachable keep-online

mac-authentication re-authenticate server-unreachable keep-online

mac-authentication host-mode multi-vlan

mac-authentication parallel-with-dot1x

port-security port-mode userlogin-secure-or-mac-ext

 

Is there something that I am missing here?

Any ideas?