Re: Can we put endpoint having unknown posture status in blocking or Quarantine vlan.

IshwarBamane2910 · ‎07-07-2021

Can we put endpoint having unknown posture status in blocking or Quarantine vlan.

We have policy for unknown posture condition in which we had configured authorization profile without redirection and applied for unknown posture condition.

But after this changes we observed that unknown posture count goes on increasing day by day.

Does it Cisco best practices configuration ?

What are the reasons that endpoint showing unknown posture status ?

Can we put endpoint having unknown posture status in blocking or quarantine vlan ?

Marcelo Morais · ‎07-07-2021

Hi @IshwarBamane2910 ,

please take a look at: ISE Posture Style Comparison for Pre and Post 2.2. search for Configure Authorization Profiles and Policies.

"...

VLAN Assignment - before successful posture user can be put in restricted VLAN, this approach should work fine for almost any NAD vendor

..."

Hope this helps !!!