A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their workstation from the corporate network.
Which CoA configuration meets this requirement?
A. Reauth
B. Disconnect
C. No CoA
D. Port Bounce
Correct Answer: A
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010101.html
Choose one of the following settings to configure the CoA type:
– No CoA (default) — You can use this option to disable the global configuration of CoA. This setting overrides any configured CoA per endpoint profiling policy. If the goal is only visibilibility, retain the default value as No CoA.
– Port Bounce — You can use this option, if the switch port exists with only one session. If the port exists with multiple sessions, then use the Reauth option. If the goal is to immediately update the access policy based on profile changes, select the Port Bounce option, this will ensure that any clientless endpoints is reauthorized, and IP address is refreshed, if required.
– Reauth — You can use this option to enforce reauthentication of an already authenticated endpoint when it is profiled. Select the Reauth option, if no VLAN or address change is expected following the reauthorization of the current session.
Note
If you have multiple active sessions on a single port, the profiling service issues a CoA with the Reauth option even though you have configured CoA with the Port Bounce option. This function avoids disconnecting other sessions, a situation that might occur with the Port Bounce option.