O'Reilly logo
  • Josue Rojas Villalobos thinks this is interesting:

7. The change in posture compliance of the session triggers the CoA-Push. Unlike a CoA-ReAuth, where the authentication occurs again, running through the entire policy set, a CoA-Push sends down the new authorization (new dACL, no URL redirection) as part of the CoA itself, not a RADIUS Access-Accept.

From

Cover of Cisco ISE for BYOD and Secure Unified Access, 2nd Edition

Note

QUESTION 7 Which model does Cisco support in a RADIUS change of authorization implementation?

A. push
B. pull
C. policy
D. security

Answer: A