cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

559
Views
10
Helpful
4
Replies
Beginner

ISE Posture Last state caching

How can ISE on last state of clients

My clients are installed Posture agent and I had configure authorize to be like this pic It's working fine clients can redirecting to url to download an agent to install and posture can health checking and CoA to change status

authorize.jpgBut After I had rebooted my computer, ISE wasn't remember last state of clients which are installed an agent

state.jpgWhat should I have to do more on policy?

Everyone's tags (1)
3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: ISE Posture Last state caching

Hi,

There are 2 things to be considered here.

  1. If you are talking about Posture lease, there is a option Administration->Systems->Settings->Posture->General settings,in which if
    Posture Lease
     
     
     
     
  2. Posture compliant cache status is available in ISE 2.4,there is a option under posture->general settings->below Posture lease
     Cache Last Known Posture Compliant Status
     
    Hours
     where you can mention last known posture compliant state in minutes/hours/days,range upto max 30days/720 hours/43200 minutes can be configured.
-Aravind
Beginner

Re: ISE Posture Last state caching

I think this is what it does.

 

Cisco ISE provides an option to configure grace time for devices that become noncompliant. Cisco ISE caches the results of posture assessment for a configurable amount of time. If a device is found to be noncompliant, Cisco ISE looks for the previously known good state in its cache and provides grace time for the device, during which the device is granted access to the network. You can configure the grace time period in minutes, hours, or days (up to a maximum of 30 days).

4 REPLIES 4

Re: ISE Posture Last state caching

Hi,

There are 2 things to be considered here.

  1. If you are talking about Posture lease, there is a option Administration->Systems->Settings->Posture->General settings,in which if
    Posture Lease
     
     
     
     
  2. Posture compliant cache status is available in ISE 2.4,there is a option under posture->general settings->below Posture lease
     Cache Last Known Posture Compliant Status
     
    Hours
     where you can mention last known posture compliant state in minutes/hours/days,range upto max 30days/720 hours/43200 minutes can be configured.
-Aravind
Highlighted
Contributor

Re: ISE Posture Last state caching

What is the difference?

Beginner

Re: ISE Posture Last state caching

I think this is what it does.

 

Cisco ISE provides an option to configure grace time for devices that become noncompliant. Cisco ISE caches the results of posture assessment for a configurable amount of time. If a device is found to be noncompliant, Cisco ISE looks for the previously known good state in its cache and provides grace time for the device, during which the device is granted access to the network. You can configure the grace time period in minutes, hours, or days (up to a maximum of 30 days).