300-715 Question #327: Real Exam Question with Answer & Explanation

The correct answer is D: reauth. When a switch port exhibits multiple sessions, the RADIUS Change of Authorization (CoA) 'reauth' command should be used. This forces devices on the port to re-authenticate with Cisco ISE, allowing for updated policy enforcement.

Policy Enforcement

Question

A network engineer received alerts from the monitoring platform that a switch port exists with multiple sessions. RADIUS CoA using Cisco ISE must be used to address the issue. Which RADIUS CoA configuration must be used?

Options

Aport bounce
Bno CoA
Cexception
Dreauth

Explanation

When a switch port exhibits multiple sessions, the RADIUS Change of Authorization (CoA) 'reauth' command should be used. This forces devices on the port to re-authenticate with Cisco ISE, allowing for updated policy enforcement.

Common mistakes.

A. Port bounce would physically reset the port, causing unnecessary disruption to all connected devices, which is more aggressive than typically needed for policy violations.
B. No CoA would mean no action is taken, which fails to address the identified issue of multiple sessions on the port.
C. Exception is not a standard RADIUS CoA action type; it refers to a policy state, not a specific CoA command to resolve multiple sessions.

Concept tested. RADIUS Change of Authorization (CoA) actions

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ISE_admin_3_1/b_ISE_admin_3_1_chapter_0101.html#Cisco_Reference.dita_313e61c7-c598-482d-bf41-3a216f2c3d9a

Topics

#RADIUS CoA#Cisco ISE#Policy Enforcement#Network Access Control

Community Discussion

No community discussion yet for this question.

Full 300-715 Practice Browse All 300-715 Questions