Issue description: when user starts-up pc and login , anyconnect scans and says user is compliant but the user doesn't get intranet or internet access then after a while fails over to mab.
- Authc session on switch shows user is in posture redirect phase
- ISE shows users is posture-pending.
When the user unplugged and plugged back Ethernet cable , user immediately gets intranet and internet access.
Overview| Event | 5411 Supplicant stopped responding to ISE | | Username | UNIDOMAIN\fade | | Endpoint Id | BX:35:5B:88:89:2E | | Endpoint Profile | | | Authentication Policy | Default | | Authorization Policy | Default | | Authorization Result | |
|
Authentication Details| Source Timestamp | 2019-08-29 09:27:05.011 | | Received Timestamp | 2019-08-29 09:27:05.01 | | Policy Server | hq-ise-psn | | Event | 5411 Supplicant stopped responding to ISE | | Failure Reason | 12937 Supplicant stopped responding to ISE after sending it the first inner EAP-MSCHAPv2 message | | Resolution | Verify that supplicant is configured properly to conduct a full EAP conversation with ISE. Verify that NAS is configured properly to transfer EAP messages to/from supplicant. Verify that supplicant or NAS does not have a short timeout for EAP conversation. Check the network that connects the Network Access Server to ISE. Verify that supplicant supports and has a properly configured inner EAP-MSCHAPv2 method and user/machine credentials. | | Root cause | Supplicant stopped responding to ISE after sending it the first inner EAP-MSCHAPv2 message |
|
I hope i can get some help, thanks
