Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
941
Views
0
Helpful
1
Replies

ISE posture issue with Meraki switch

Go to solution
xili5
Cisco Employee
Cisco Employee

‎05-31-2018 07:49 AM

Hi,

I am working on ISE(2.3 with patch 3) posture implementation with Meraki switch and AP.

We find a problem during posture test.

For wired connection, when AnyConnect ISE posture module finished the checking and have a status of “compliant” or “not compliant”, then I can see wired connection reconnected and trigger posture check one more time. The same thing happened on windows and Mac laptop. But there is no this kind of issue for wireless connection.  We also test wired connection without NAM and have the same issue.

This is NAM log:

    8:11:30 PM   802.1x_Wired : Authenticating

    8:11:34 PM   802.1x_Wired : Acquiring IP Address

    8:11:34 PM   802.1x_Wired : Connected (10.2.2.182)

    8:11:34 PM   802.1x_Wired : Connected (10.2.2.0)

    8:11:45 PM   802.1x_Wired : Associating

    8:11:45 PM   Disconnected

    8:11:47 PM   Disconnected

    8:11:47 PM   802.1x_Wired : Authenticating

    8:11:51 PM   802.1x_Wired : Authenticating

    8:11:51 PM   802.1x_Wired : Acquiring IP Address

    8:11:51 PM   802.1x_Wired : Connected (10.2.2.0)

This is ISE posture module log:

    8:11:24 PM   Limited or no connectivity.

    8:11:32 PM   Limited or no connectivity.

    8:11:38 PM   Searching for policy server.

    8:11:38 PM   Checking for product updates...

    8:11:38 PM   The AnyConnect Downloader is performing update checks...

    8:11:38 PM   Checking for profile updates...

    8:11:38 PM   Checking for product updates...

    8:11:38 PM   Checking for customization updates...

    8:11:38 PM   Performing any required updates...

    8:11:38 PM   The AnyConnect Downloader updates have been completed.

    8:11:38 PM   Update complete.

    8:11:38 PM   Scanning system ...

    8:11:42 PM   Checking requirement 1 of 1.

    8:11:42 PM   Prepare posture report ...

    8:11:42 PM   Updating network settings ...

    8:11:47 PM   Compliant.

    8:11:55 PM   Searching for policy server.

    8:11:55 PM   Checking for product updates...

    8:11:55 PM   The AnyConnect Downloader is performing update checks...

    8:11:55 PM   Checking for profile updates...

    8:11:55 PM   Checking for product updates...

    8:11:55 PM   Checking for customization updates...

    8:11:55 PM   Performing any required updates...

    8:11:55 PM   The AnyConnect Downloader updates have been completed.

    8:11:55 PM   Update complete.

    8:11:55 PM   Scanning system ...

    8:11:58 PM   Checking requirement 1 of 1.

    8:11:58 PM   Prepare posture report ...

    8:11:59 PM   Compliant.

From ISE radius log, we can see firstly 802.1x session matched Posture redirect authorization policy and then match compliant authorization policy. CoA event could also be found.

Any idea or recommendation on this issue?

thanks in advance.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎05-31-2018 07:56 AM

Hi,

Please work with the TAC to investigate further.

Regards,

-Tim

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎05-31-2018 07:56 AM

Hi,

Please work with the TAC to investigate further.

Regards,

-Tim

0 Helpful
Customers Also Viewed These Support Documents