ISE 1.2 nac agent provision

Mason Tu · ‎03-18-2014

Hi,

Is there any way to do a nac agent auto provision?

I know it can be achieve by cwa portal(web redirect) and user have to install nac agent manually. But we would like to see nac agent be installed right afeter user successfully login using 802.1x.

Saurav Lodh · ‎03-19-2014

As per my knowledge , it is not possible. If NAC is not available, it has to be downloaded from source, which is reflected from Redirect URL.

jgonzales2 · ‎05-08-2014

I dont follow your thought process but this is how i have most of my deployments are setup.

CWA < NSP < COA < 802.1x < Posture Status Unknown *In this state either client does or doesnt have nac agent in which ISE will proceed to install it or continue probing to for the NAC agent.

Remove CWA < NSP < COA from the picture and you have your exact scenario. What is your work flow look like that it is not "automatic" and define what you mean by "manually"?

manjeets · ‎11-20-2014

Could you try endpoint debugging, a new feature in ISE 1.3, and see if that gives a better DEBUG log(s)? You may access it at ISE live log by right-clicking on the endpoint’s MAC address or go to Operations > Troubleshoot > Diagnostic Tools > General Tools > EndPoint Debug.

Also, at exact what point did it give this failure? Right after CWA login and transit to the CPP?