Just upgraded Cisco ISE to 1.1.1 in my lab/demo environment and am now having problems with a basic posture implementation. In short I connect to a wireless SSID and check posture based on the presence of a file. The NAC agent is declaring my host as compliant and granting full network access however about 5 seconds later it it checks for requirements again while placing my host in the temporary network access. At this point it states I am compliant again and 5 seconds later scans again. This behaivour does not stop and continues endlessly until I close the wireless connection. I had no problems with this setup on 1.1.
All logs indicate successful compliance and no errors in terms of compliance. ANy ideas would be appreciated.
ISE 1.2 is scheduled to release soon, however please bring this defect up to you local Cisco account teams and please open TAC cases for these issues. Just like any company Cisco is metrics driven and please make sure the case remains open till the defects are resolved. Even though there is a reasonable workaround, however I understand that this may frustrate a few of you, just explain to the TAC engineer that this will not work with the current requirements of the ISE deployment for you or your customer's network.
Cisco should be able to release a patch to address this issue.
For what it's worth I did get an update from the agent handling my TAC case telling me that this issue is now supposed to be addressed in version 1.1.2 rather than 1.2. Unfortunately, the 1.1.2 release date is currently the end of November.