Solved: AnyConnect/ISE UDID for Quarantine Verification

scamarda · ‎12-18-2019

The UDI function of AnyConnect 4.7 / ISE 2.6 mentions the UDI is shared among all AC modules and is used for ISE Posture

...When AnyConnect is installed on a device, it will have its own unique identifier (UDID) shared among all modules in AnyConnect. This UDID is an identifier for the endpoint and is saved as an endpoint attribute, which ensures posture control on a specific endpoint rather than on a MAC address.

Can the UDI be referenced in a Quarantine scenario, meaning the user violated policy while wired and was quarantined. Is the UDI attribute available to quarantine when the user tries to connect via wireless? Does UDI work for other features besides Posture?

Thanks.

Sam

Timothy Abbott · ‎12-18-2019

No. The use of the UDID with AC requires some additional scripting for use with AD and is a posture only feature.

Regards,
-Tim

View solution in original post

hslai · ‎07-04-2021

Yes.

View solution in original post

Timothy Abbott · ‎12-18-2019

No. The use of the UDID with AC requires some additional scripting for use with AD and is a posture only feature.

Regards,
-Tim

toyip · ‎06-28-2021

Hi Tim,

Is this still the case with ISE 3.0?

hslai · ‎07-04-2021

Yes.

toyip · ‎07-13-2021

Hi all,

Got a customer looking to use the UDID in the posture condition. Do you have a working example of how this is done as as Tim stated above?

arravik2 · ‎08-21-2023

Hi To do that i believe UDID is added as part of description field in the AD for the endpoint or user @hslai @Timothy Abbott please correct me if i am wrong