Cisco ISE 1.3 Patch 5, window 7 after posture network icon show no internet connection, but actually...

Freemen · ‎02-16-2016

Hi GUys,

My deployment enviroment is BYOD with WLC 7.6, after posture checking done full network access, window 7 PC network connection is show no internet, while the flex connect acl is only permit any any.

bypass ISE, only use PSK authentication no this issue.

any idea?

nspasov · ‎02-16-2016

What does your FlexConnect ACL look like and do you have it correctly mapped to a VLAN and finally are you returning the correct VLAN in your authorization policy?

Thank you for rating helpful posts!

Freemen · ‎02-16-2016

Hi Neno,

is permit any any Flex connect ACL, and same Vlan was in use, no overwrite vlan done.

Freemen · ‎02-24-2016

now actually also show Unauthenticated :( but work fine, any idea?

nspasov · ‎02-24-2016

Sorry Chan, I have been very busy and actually leaving on vacation now :( So I won't be much help for the next 10 days. Perhaps someone else can comment here and help you out or better off open a TAC case.

Ideally, before I can provide any further feedback I will need to see:

1. Logs from the controller: Management > Logs > Message Logs

2. Live Authentication Logs from ISE

3. Policy in ISE

4. Details/Screenshots about the authorization profiles

5. Details/screenshots from all of the tabs on the FlexConnect SSID

Thank you for rating helpful posts!

Freemen · ‎02-25-2016

Hi Neno, Attached is the information you needed, I also attach the debug client from WLC, open authentication and PSK no this symbol, remove ACL only accept_accept also same, so pass though ISE like got the issue, ISE 1.3 patch 6 installed, NAC agent 4.9.5.10 used on the window, window 7, 8, 10 same issue. another SSID, using web agent no issue.

Cisco ISE 1.3 Patch 5, window 7 after posture network icon show no internet connection, but actually work fine