Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1331
Views
0
Helpful
3
Replies

Cisco ISE posture problem

edondurguti
Level 4
Level 4

‎06-14-2012 11:16 AM - edited ‎03-10-2019 07:12 PM

Hi all,

I've been playing around with ISE demo and I am very impressed!!!

After trying different scenarios with my co-workers I came to a point where we find it kind of buggy.

I have rules to redirect unknown users to pasturing through web where they download NAC CLIENT and everything works fine.

Here's the catch:

On a windows 7 machine (connecting wirelessly with built in wireless client) they are stuck on posture pending if they do the following:

They connect - open up web browser - ise redirects them to download the client they hit install and the warning about installing the client pops up - that moment the user decides to close the browser (it's most likely to happen when you have 5000+ users)  - dissconnects from network and tries to re-connect again. NOW - when they open up the web browser ISE says unable to allow access to network and all that error.

So it's not letting them download the nac agent any more.. no matter what they do connect - reconnect wait 2-3 minutes nothing, only after a period of time they are able to get the NAC client installation page.

NOTE: this works totally fine on a windows xp machine with the INTEL PRO SET wireless utility.

It's not a big thing but when you have 5000+ clients and you want to introduce them to something new it will cause alot of helpdesk calls and all that you know how it goes.

Thanks in advance.

P.s I can create a short video of the whole process.

Labels:
0 Helpful
3 Replies 3

infrastructureservices
Level 1
Level 1

‎06-15-2012 09:15 AM

would love to see the video

Sent from Cisco Technical Support iPad App

0 Helpful

jmarsal
Level 1
Level 1

‎06-19-2012 06:36 AM

Very interesting thread. Can you tell me – how can ISE differentiate between a new/unknown computer owned by an employee and/or the organization, which you WANT to load the NAC client on, and a guest that you might want to give Internet access to but you don’t want to load a NAC client on?

0 Helpful

edondurguti
Level 4
Level 4
In response to jmarsal

‎06-19-2012 10:07 AM

Depends on the username they provide and depends on the SSID they are connected.

If they are connected to GUEST SSID they go to WEB AUTH.

0 Helpful
Customers Also Viewed These Support Documents