Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
276
Views
0
Helpful
7
Replies

Client MAC address changing during posture status

Go to solution
DK9
Level 1
Level 1

‎12-05-2024 07:25 AM

We have a strange issue in our environment.

We are using ASA Anyconnect with mfa and ise posture for WFH purpose.so the endpoint will get access to our network only after posture complaint status. But strangely for some devices even though in the client the posture status is compliant in ise live logs it is in pending status. While checking all the posture logs , it is found that authentication request is coming from the wifi mac address and posture unknown status is also in the wifi mac address but the same user posture complaint status is coming from its LAN adapter MAC address. The surprising part is that the device is not connected to LAN. Any similar issue u guys have experienced?

the users are not able to access anything since in ise it is in pending state fro the wifi mac address.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DK9
Level 1
Level 1

‎12-20-2024 05:34 AM

The issue was resolved we deleted old mac address and enabled accounting in the asa and it started working fine 

Thanks all

View solution in original post

0 Helpful
7 Replies 7

Go to solution
ahollifield
VIP
VIP

‎12-05-2024 10:17 AM

What version of ISE?  What version of Secure Client?  What model of ASA?  What version of ASA software?  There have been several bugs on the ISE, ASA, and Secure Client sides regarding ACIDEX attributes.

0 Helpful

Go to solution
DK9
Level 1
Level 1
In response to ahollifield

‎12-05-2024 08:42 PM

Ise version 3.2 patch 6

Anyconnect client- 4.10.08025

ASA virtual version 9.18.4.29

 

 

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to DK9

‎12-05-2024 10:05 PM

Many vendors use randomize MAC' and best solution is disable this feature in device.

MHM

0 Helpful

Go to solution
DK9
Level 1
Level 1
In response to ahollifield

‎12-06-2024 08:55 AM

Yaaa we are in stage of migration to secure client.but still the issue is not happening to all clients.and in the same laptop the users joining via asa1 are able to access the network but the users from asa2 is not able to access it.the ise rules are same for both asa the ise log shows in pending stage i tried manual coa but still same

they were accessing it till28.11.2024

 

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to DK9

‎12-10-2024 07:16 AM

Could you please share both firewalls RADIUS sanitized configs and ISE sanitized posture policies for review?

0 Helpful

Go to solution
DK9
Level 1
Level 1

‎12-20-2024 05:34 AM

The issue was resolved we deleted old mac address and enabled accounting in the asa and it started working fine 

Thanks all

0 Helpful
Customers Also Viewed These Support Documents