cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14677
Views
0
Helpful
2
Replies

pxgrid session not updated towards subscriber with CoA Reauth

jan.nielsen
Level 7
Level 7

Hi Everyone,

I am having some issues with a new solution i am trying to get working. In this specific case i need an FMC  to do pxgrid integration with ISE, to get SGT information for my access policy rules. The thing is a expected pxgrid to inform the FMC about changes to a session, such as if a session is re-authenticated and gets a new SGT, FMC should be updated, this does not seem to happen, only when i issue a CoA Disconnect or just disconnect the device and wait for the session to timeout then reconnect does this happen, this unfortunetale is not an option in this scenario.

I am wondering if this is an ISE bug, or maybe some kind of corner case? Seems odd that pxgrid wouldnt update the session subscribers, when a session is given a different authorizatiopn profile after re-authentication.

adi debugging on the FMC, also only shows anything happening when i Coa Disconnect, and not with CoA Reuathentication, i also have connected a pxgrid script based on the pxgrid Java SDK to the ISE, and it also doesn't receive any update for the session unless a CoA Disconnect is issued.

ISE : 2.3 Patch2 (also tested with 2.1 patch2)

FMC/FTD : 6.2.2.1

Regards,

Jan

1 Accepted Solution

Accepted Solutions

jeppich
Cisco Employee
Cisco Employee

Hey Jan,

True will setup a webex, so we can discuss.

Thanks,

John

jeppich@cisco.com

View solution in original post

2 Replies 2

jeppich
Cisco Employee
Cisco Employee

Hey Jan,

True will setup a webex, so we can discuss.

Thanks,

John

jeppich@cisco.com

Sounds good, looking forward to it.

Jan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: