aaa new-model
aaa authentication dot1x default group coa-ise
aaa authorization network default group coa-ise
dot1x system-auth-control
aaa group server radius coa-ise
server name coa
radius server coa
address ipv4 10.10.1.10 auth-port 1812 acct-port 1813
key cisco123
policy-map type control subscriber simple_coa
event session-started match-all
10 class always do-until-failure
10 authenticate using dot1x
interface gigabitethernet0/0/1\
switchport access vlan 22
switchport mode access
access-session closed
access-session port-control auto
dot1x pae authenticator
service-policy type control subscriber simple_coa

aaa server radius dynamic-author
client 
server-key ******
auth-type any
ignore server-key
ip access-list extended redirect_acl
20 deny udp any eq bootps any
25 deny udp any eq domain any
30 deny udp any any eq bootpc
40 deny udp any eq bootpc any
50 deny ip any host %{ise.ip}
60 permit tcp any any eq www
70 permit tcp any any eq 443
device-tracking tracking
device-tracking policy tracking_test
security-level glean
no protocol ndp
no protocol dhcp6
tracking enable
interface 0/0/1
device-tracking attach-policy tracking_test

Device# show aaa servers
RADIUS: id 1, priority 1, host 10.75.28.231, auth-port 1812, acct-port 1813, hostname host
State: current UP
duration 188755s, previous duration 0s
Dead: total time 0s, count 0
Platform State from SMD: current UP, duration 188755s, previous duration 0s
 

Device# show aaa group radius coa3 **** port 1813 new-code
User successfully authenticated
USER ATTRIBUTES
username             0   "coa3"

Check enabled device tracking policy parameters

Device# show device-tracking policies
Target               Type  Policy               Feature        Target range
Gi0/1/1              PORT  tracking_test        Device-tracking vlan all
Gi0/1/2              PORT  tracking_test        Device-tracking vlan all
Gi0/1/3              PORT  tracking_test        Device-tracking vlan all
Gi0/1/4              PORT  tracking_test        Device-tracking vlan all

Review SISF table entries

Device# show device-tracking database
Binding Table has 1 entries, 1 dynamic (limit 100000)
0001:MAC and LLA match     0002:Orig trunk            0004:Orig access           
0008:Orig trusted trunk    0010:Orig trusted access   0020:DHCP assigned         
0040:Cga authenticated     0080:Cert authenticated    0100:Statically assigned   
Network Address        Link Address       Interface  vlan  prlvl    age    state     Time left 
ARP 10.11.22.20       0050.5683.3f97      Gi0/1/4     22    0005    11s   REACHABLE      295 s   

Verify access-session authentication and authorization

Device# show access-session interface gigabitEthernet 0/1/7 detail
Interface:  GigabitEthernet0/1/7
IIF-ID:  0x0DB9315A
MAC Address:  b496.913d.4f9b
IPv6 Address:  Unknown
IPv4 Address:  10.10.22.27
User-Name:  coa2
Status: Authorized
Domain:  DATA
Oper host mode:  multi-auth
Oper control dir:  both
Session timeout:  N/A
Common Session ID:  611C4B0A00000053F483D7B0
Acct Session ID:  Unknown
Handle:  0x21000049urrent Policy:  POLICY_COA  
Server Policies: Filter-ID: Filter_ID_COA2
Method status list:  Method      State
dot1x         Authc Success