06-12-2019 08:29 AM - edited 02-21-2020 11:06 AM
I have a 4 switch 3850 stack on the 16.9.2 code
I'm building a new ISE server on 2.4 code (the production one is 2.2). My clients authenticate, reach the Posture-Unknown authorization profile, but then they don't get provisioned.
This is the device tracking policy for my trunk ports
device-tracking policy DEVICE-TRACKING-UPLINK
trusted-port
device-role switch
no protocol udp
DHCP snooping enabled for the user VLAN and that automatically enables DT-PROGRAMMATIC policy.
Cisco TAC suggested to add a policy to the port as well
device-tracking policy ACCESS_IPv4_GUARD
trusted-port
limit address-count 2
no protocol udp
tracking enable
According to TAC device-tracking config is correct and ISE config is correct. But the clients get stuck in Posture -Unkown auth profile.
This stack has been in production for a long time, along with ise server, and since the upgrade and device-tracking configuration, new clients don't get provisioned. I have to switch the clients to wireless, in order for the ConnectionData.xml file to be updated, afterwards they can provision.
All of this works in my test stack, (2-3850s, same code), I can provision clients in the production ISE and test ISE.
I'm at loss at what else I can do, besides rebooting the production stack after hours.
TIA
Solved! Go to Solution.
07-01-2019 02:48 PM
I hope this issue already resolved. If not, please continue working with Cisco TAC.
As you mentioned needing ConnectionData.xml updated, the issue might be around URL redirect by the switch.
ISE Posture Style Comparison for Pre and Post 2.2 - Cisco has a lot of detailed info.
07-01-2019 02:48 PM
I hope this issue already resolved. If not, please continue working with Cisco TAC.
As you mentioned needing ConnectionData.xml updated, the issue might be around URL redirect by the switch.
ISE Posture Style Comparison for Pre and Post 2.2 - Cisco has a lot of detailed info.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide