Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
0
Helpful
4
Replies

Exclude mobile devices for posturing - Cisco ISE 2.3 patch 6

Go to solution
networkteam@iima.ac.in
Level 1
Level 1

‎07-04-2019 10:33 PM - edited ‎07-04-2019 10:50 PM

Dear Community,

 

We are running Cisco ISE 2.3 patch 6 and we are facing issues in posture policy.

 

I have created 4 policies for posturing in following sequence. I have attached screenshot.

1. Mobile devices ( to exclude mobile devices for posturing )

2. Unknown redirect for client provisioning portal

3. Posture-compliant

4. Posture-Non-compliant

In Windows and MAC OS it is working fine but issue is mobile devices also hits policy no. 2 first and mobile devices get client providing portal after connecting to SSID and after in mobile devices click on start it hits policy no.1 and connects to the network.

 

I want to exclude mobile devices.

Please help.

 

Thanks,

AS

Preview file
143 KB
Preview file
90 KB
Preview file
45 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-05-2019 02:31 PM

This is expected.

Initially, the mobile devices are unknown (not profiled properly yet) so got redirected to ISE client provisioning portal and presented with with a "Start" button. Upon clicking on that "Start" button, ISE evaluates the client operating system info, and matches on the mobile OS. At this stage, the default posture status (configured at ISE admin web UI > Administration > System > Settings > Posture > General Settings) will apply and trigger a CoA re-authentication.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎07-05-2019 05:42 AM

Can you share your client provisioning policies? You should be able to utilize operating system and/or other conditions to exclude the mobile devices as you wish.
0 Helpful

Go to solution
networkteam@iima.ac.in
Level 1
Level 1
In response to Mike.Cifelli

‎07-07-2019 08:59 PM

Dear Mike,

 

Thanks for your update but we tried that but sometimes it detects correct device and sometime not.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-05-2019 02:31 PM

This is expected.

Initially, the mobile devices are unknown (not profiled properly yet) so got redirected to ISE client provisioning portal and presented with with a "Start" button. Upon clicking on that "Start" button, ISE evaluates the client operating system info, and matches on the mobile OS. At this stage, the default posture status (configured at ISE admin web UI > Administration > System > Settings > Posture > General Settings) will apply and trigger a CoA re-authentication.

0 Helpful

Go to solution
networkteam@iima.ac.in
Level 1
Level 1
In response to hslai

‎07-07-2019 09:01 PM

Dear hslai,

 

Is there any way to this?

0 Helpful
Customers Also Viewed These Support Documents