https://community.cisco.com/t5/network-access-control/802-1x-with-windows-10-ise-anyconnect-4-9-stuck-on-acquiring-ip/m-p/4129214#M562055 <P>Hi Guys,<BR /><BR />I have been labbing some 802.1x up, I am using ISE for my Auth policies. The basic Windows 10 supplicant works fine, so I thought I would go to the 'next level' and break out some AnyConnect. If I try and establish a new connection with AnyConnect, I can see the Authentication and Authorization requests pass and succeed in ISE, but the client is stuck on Acquiring IP Address, and eventually times out. I have tried this on two ISE installs I have, the only thing that's the same is that the clients are both virtual. ISE version is 2.6, AnyConnect 4.9.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2020-08-02 at 15.03.56.png" style="width: 556px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/80655iE36BA98D1828234C/image-dimensions/556x25?v=v2" width="556" height="25" role="button" title="Screenshot 2020-08-02 at 15.03.56.png" alt="Screenshot 2020-08-02 at 15.03.56.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2020-08-02 at 15.04.06.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/80656iC5ABE733BA526CBB/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot 2020-08-02 at 15.04.06.png" alt="Screenshot 2020-08-02 at 15.04.06.png" /></span></P><P>&nbsp;</P><P>Thanks <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Sun, 02 Aug 2020 14:06:27 GMT Xividar 2020-08-02T14:06:27Z https://community.cisco.com/t5/network-access-control/802-1x-with-windows-10-ise-anyconnect-4-9-stuck-on-acquiring-ip/m-p/4129214#M562055 <P>Hi Guys,<BR /><BR />I have been labbing some 802.1x up, I am using ISE for my Auth policies. The basic Windows 10 supplicant works fine, so I thought I would go to the 'next level' and break out some AnyConnect. If I try and establish a new connection with AnyConnect, I can see the Authentication and Authorization requests pass and succeed in ISE, but the client is stuck on Acquiring IP Address, and eventually times out. I have tried this on two ISE installs I have, the only thing that's the same is that the clients are both virtual. ISE version is 2.6, AnyConnect 4.9.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2020-08-02 at 15.03.56.png" style="width: 556px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/80655iE36BA98D1828234C/image-dimensions/556x25?v=v2" width="556" height="25" role="button" title="Screenshot 2020-08-02 at 15.03.56.png" alt="Screenshot 2020-08-02 at 15.03.56.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2020-08-02 at 15.04.06.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/80656iC5ABE733BA526CBB/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot 2020-08-02 at 15.04.06.png" alt="Screenshot 2020-08-02 at 15.04.06.png" /></span></P><P>&nbsp;</P><P>Thanks <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Sun, 02 Aug 2020 14:06:27 GMT https://community.cisco.com/t5/network-access-control/802-1x-with-windows-10-ise-anyconnect-4-9-stuck-on-acquiring-ip/m-p/4129214#M562055 Xividar 2020-08-02T14:06:27Z https://community.cisco.com/t5/network-access-control/802-1x-with-windows-10-ise-anyconnect-4-9-stuck-on-acquiring-ip/m-p/4129232#M562056 DART bundle from user machine need to be checked for DHCP issue along with the "show authentication session int &lt;&gt; detail&gt; output on the switch . Sun, 02 Aug 2020 16:07:09 GMT https://community.cisco.com/t5/network-access-control/802-1x-with-windows-10-ise-anyconnect-4-9-stuck-on-acquiring-ip/m-p/4129232#M562056 poongarg 2020-08-02T16:07:09Z https://community.cisco.com/t5/network-access-control/802-1x-with-windows-10-ise-anyconnect-4-9-stuck-on-acquiring-ip/m-p/4129625#M562067 <P>It is possible that ISE is showing the authentication/authorization pass and returns an Access-Accept; however, the switch may not be able to apply the policy you are returning.&nbsp; In that case, the switchport remains closed since it cannot apply the policy.&nbsp; But ISE still shows it as good.&nbsp; I have seen this happen a few times over the years.&nbsp; It can happen if you push down a VLAN assignment but the VLAN doesn't exist on the switch.&nbsp; It can also happen when the dACL has an issue with it such as being too long (&gt;63 lines) for older switches (3750) or if the dACL syntax is incorrect.&nbsp; I have seen where ISE says the dACL is fine even when one of the IP addresses was missing an entire octet (3 versus 4).</P><P>Do a "show authentication session interface gx/y detail" and make sure it shows "Authorized".&nbsp; Also, if using a dACL, you need to be using IP device tracking.</P><P>Another thing to look at is with your Anyconnect profile, there is an option to allow traffic to flow before authentication.&nbsp; I recommend allowing the traffic to flow and let the switch control access with default ACLs.&nbsp; Because with Windows, you will probably want to allow some basic connectivity at a minimum to not break GPO's and domain logins.&nbsp; This would include DHCP too.</P> Mon, 03 Aug 2020 15:37:37 GMT https://community.cisco.com/t5/network-access-control/802-1x-with-windows-10-ise-anyconnect-4-9-stuck-on-acquiring-ip/m-p/4129625#M562067 Colby LeMaire 2020-08-03T15:37:37Z https://community.cisco.com/t5/network-access-control/802-1x-with-windows-10-ise-anyconnect-4-9-stuck-on-acquiring-ip/m-p/5376134#M600026 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/327312">@Xividar</a>&nbsp;</P><P>Did you fix it ? and how ? please share&nbsp;</P> Thu, 12 Mar 2026 06:41:59 GMT https://community.cisco.com/t5/network-access-control/802-1x-with-windows-10-ise-anyconnect-4-9-stuck-on-acquiring-ip/m-p/5376134#M600026 ADC Lane 2026-03-12T06:41:59Z