https://community.cisco.com/t5/network-access-control/matching-authz-rule-before-nmap-scan/m-p/3897995#M471051 <P>Please ensure the ISE deployment has the latest patch, profiling CoA enabled on ISE (see <A href="https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456#toc-hId-994197860" target="_self">ISE Global Profiling Settings</A>), CoA enabled on the network devices, and, of course, authorization configured for the change.</P> Fri, 26 Jul 2019 03:06:06 GMT hslai 2019-07-26T03:06:06Z https://community.cisco.com/t5/network-access-control/matching-authz-rule-before-nmap-scan/m-p/3897875#M471043 <P>I have some devices that are hitting my default (open) rule that I want to hit an earlier rule. The problem is that I am not getting enough attributes from them until I have the profile perform an NMAP scan. But the device has already performed auth at this point. Once it finishes the NMAP scan, there may be enough information to put it in the right Authorization rule. How do I force reauth after NMAP has completed?</P> Thu, 25 Jul 2019 20:23:34 GMT https://community.cisco.com/t5/network-access-control/matching-authz-rule-before-nmap-scan/m-p/3897875#M471043 Josh Morris 2019-07-25T20:23:34Z https://community.cisco.com/t5/network-access-control/matching-authz-rule-before-nmap-scan/m-p/3897995#M471051 <P>Please ensure the ISE deployment has the latest patch, profiling CoA enabled on ISE (see <A href="https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456#toc-hId-994197860" target="_self">ISE Global Profiling Settings</A>), CoA enabled on the network devices, and, of course, authorization configured for the change.</P> Fri, 26 Jul 2019 03:06:06 GMT https://community.cisco.com/t5/network-access-control/matching-authz-rule-before-nmap-scan/m-p/3897995#M471051 hslai 2019-07-26T03:06:06Z