topic Need help with ISE posture in Network Access Control https://community.cisco.com/t5/network-access-control/need-help-with-ise-posture/m-p/4956739#M585100 <P>Dear Cisco community,</P><P>After setting up the temporal agent and configuring the different authorization profiles and Policy Sets, I proceed to test it on a client.</P><P>Initially, everything functions as expected, but an issue arises after the compliance check phase.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_0-1699558618299.png" style="width: 917px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202058iF23540866AF71875/image-dimensions/917x141?v=v2" width="917" height="141" role="button" title="MedTek26_0-1699558618299.png" alt="MedTek26_0-1699558618299.png" /></span></P><P>As you can see in the screenshot above : regardless of whether the device is compliant or not, Cisco ISE won't progress beyond the authorization policy stage. Ideally, it should apply the appropriate authorization profile based on the device's compliance status. Resulting in sending a Blank CoA without any attributes other than ACCESS ACCEPT.</P><P>Authentication Policy :</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_1-1699558788088.png" style="width: 878px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202059i74EA979D2DD5651A/image-dimensions/878x353?v=v2" width="878" height="353" role="button" title="MedTek26_1-1699558788088.png" alt="MedTek26_1-1699558788088.png" /></span></P><P>Authorization Policy :&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_2-1699558832425.png" style="width: 989px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202060i4311935845EB2DD9/image-dimensions/989x238?v=v2" width="989" height="238" role="button" title="MedTek26_2-1699558832425.png" alt="MedTek26_2-1699558832425.png" /></span></P><P>Client PoV :&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_3-1699570702203.png" style="width: 627px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202089iF00F32081B3D572B/image-dimensions/627x312?v=v2" width="627" height="312" role="button" title="MedTek26_3-1699570702203.png" alt="MedTek26_3-1699570702203.png" /></span></P><P>Under the live session the posture status is blank :<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_4-1699570957110.png" style="width: 734px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202090i6BD3642A2067701E/image-dimensions/734x321?v=v2" width="734" height="321" role="button" title="MedTek26_4-1699570957110.png" alt="MedTek26_4-1699570957110.png" /></span></P><P>Under the contexte visibility :&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_5-1699571133871.png" style="width: 639px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202091i081E4165AB918200/image-dimensions/639x401?v=v2" width="639" height="401" role="button" title="MedTek26_5-1699571133871.png" alt="MedTek26_5-1699571133871.png" /></span></P><P>Report :&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_0-1699574175823.png" style="width: 840px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202094i172970AAA7518A9D/image-dimensions/840x210?v=v2" width="840" height="210" role="button" title="MedTek26_0-1699574175823.png" alt="MedTek26_0-1699574175823.png" /></span></P><P>The client is a VM and dosent have the Windows firewall activated and is up to date.<BR />I am using the latest Cisco ISE-3.2.0.542a-virtual-SNS3615-SNS3655-300</P><P>If anyone already had experienced that or have hints to share with me, that could help me a lot and would be greatly appreciated.</P><P>Thank you !<BR /><BR />Regards,</P><P>Mehdi</P> Thu, 09 Nov 2023 23:56:23 GMT MedTek26 2023-11-09T23:56:23Z Need help with ISE posture https://community.cisco.com/t5/network-access-control/need-help-with-ise-posture/m-p/4956739#M585100 <P>Dear Cisco community,</P><P>After setting up the temporal agent and configuring the different authorization profiles and Policy Sets, I proceed to test it on a client.</P><P>Initially, everything functions as expected, but an issue arises after the compliance check phase.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_0-1699558618299.png" style="width: 917px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202058iF23540866AF71875/image-dimensions/917x141?v=v2" width="917" height="141" role="button" title="MedTek26_0-1699558618299.png" alt="MedTek26_0-1699558618299.png" /></span></P><P>As you can see in the screenshot above : regardless of whether the device is compliant or not, Cisco ISE won't progress beyond the authorization policy stage. Ideally, it should apply the appropriate authorization profile based on the device's compliance status. Resulting in sending a Blank CoA without any attributes other than ACCESS ACCEPT.</P><P>Authentication Policy :</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_1-1699558788088.png" style="width: 878px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202059i74EA979D2DD5651A/image-dimensions/878x353?v=v2" width="878" height="353" role="button" title="MedTek26_1-1699558788088.png" alt="MedTek26_1-1699558788088.png" /></span></P><P>Authorization Policy :&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_2-1699558832425.png" style="width: 989px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202060i4311935845EB2DD9/image-dimensions/989x238?v=v2" width="989" height="238" role="button" title="MedTek26_2-1699558832425.png" alt="MedTek26_2-1699558832425.png" /></span></P><P>Client PoV :&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_3-1699570702203.png" style="width: 627px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202089iF00F32081B3D572B/image-dimensions/627x312?v=v2" width="627" height="312" role="button" title="MedTek26_3-1699570702203.png" alt="MedTek26_3-1699570702203.png" /></span></P><P>Under the live session the posture status is blank :<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_4-1699570957110.png" style="width: 734px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202090i6BD3642A2067701E/image-dimensions/734x321?v=v2" width="734" height="321" role="button" title="MedTek26_4-1699570957110.png" alt="MedTek26_4-1699570957110.png" /></span></P><P>Under the contexte visibility :&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_5-1699571133871.png" style="width: 639px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202091i081E4165AB918200/image-dimensions/639x401?v=v2" width="639" height="401" role="button" title="MedTek26_5-1699571133871.png" alt="MedTek26_5-1699571133871.png" /></span></P><P>Report :&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MedTek26_0-1699574175823.png" style="width: 840px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/202094i172970AAA7518A9D/image-dimensions/840x210?v=v2" width="840" height="210" role="button" title="MedTek26_0-1699574175823.png" alt="MedTek26_0-1699574175823.png" /></span></P><P>The client is a VM and dosent have the Windows firewall activated and is up to date.<BR />I am using the latest Cisco ISE-3.2.0.542a-virtual-SNS3615-SNS3655-300</P><P>If anyone already had experienced that or have hints to share with me, that could help me a lot and would be greatly appreciated.</P><P>Thank you !<BR /><BR />Regards,</P><P>Mehdi</P> Thu, 09 Nov 2023 23:56:23 GMT https://community.cisco.com/t5/network-access-control/need-help-with-ise-posture/m-p/4956739#M585100 MedTek26 2023-11-09T23:56:23Z Re: Need help with ISE posture https://community.cisco.com/t5/network-access-control/need-help-with-ise-posture/m-p/4957210#M585126 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1509774">@MedTek26</a> The identity column showed as INVALID so that means the auth was not successful so it seems MAB is not configured properly for your Alcatel device.</P> Sat, 11 Nov 2023 03:33:35 GMT https://community.cisco.com/t5/network-access-control/need-help-with-ise-posture/m-p/4957210#M585126 hslai 2023-11-11T03:33:35Z