Bouncing switch port after 802.1x COA VLAN change

SOLVED
TedS
Conversationalist

Bouncing switch port after 802.1x COA VLAN change

Team,

 

I am issue COA messages to an MS-220 switch to change the VLAN.  The VLAN is changing fine which is great.  However, the port needs to bounce to trigger a DHCP renew.  I can't seem to find anything on how to do that. 

 

I am following these two articles:

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Dynamic_VLAN_assignment_via_802.1X_(...

 

 

https://documentation.meraki.com/MS/Access_Control/Change_of_Authorization_with_RADIUS_(CoA)_on_MS_S...

Change of Authorization is used to change client authorizations in the following use cases:

  • Reauthenticate RADIUS Clients
    Changing the VLAN for an existing client session when authentication via Wired 802.1x or MAC Authentication Bypass (MAB) is possible using CoA.  A port bounce will force the client to re-authenticate and assign the new VLAN.  

 

Any Suggestions?

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal

I tested this today using the Microsoft NPS server and having it return a new VLAN did indeed cause the port to bounce and the client got a DHCP from the new VLAN.

 

I tested this using firmware MS 10.18.

View solution in original post

3 REPLIES 3
PhilipDAth
Kind of a big deal

Perhaps try 10.19.  I have not tested that specific feature, but everything else is working good for me in that code release.

PhilipDAth
Kind of a big deal

I thought about this further.

 

Do you actually need to change the VLAN, or could you simply push a different group policy to use, and thus change the users access?

PhilipDAth
Kind of a big deal

I tested this today using the Microsoft NPS server and having it return a new VLAN did indeed cause the port to bounce and the client got a DHCP from the new VLAN.

 

I tested this using firmware MS 10.18.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels