Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1091
Views
0
Helpful
3
Replies

ISE 1.4 Posture scans on non-802.1x wired ports

Go to solution
Shahin901
Level 1
Level 1

‎04-25-2016 07:17 PM - edited ‎03-10-2019 11:42 PM

Hi,

I have an installation of ISE1.4 with patch 6 running posture for the end points.

We configured Anyconnect to run Posture on the wireless clients. Switches are not configured for 802.1x authentication, so we do not want to run the posture check when the same client connects to the wired network.  But the posture assessment happens even the client connects to the wired non-802.1x ports.

I have modified the Posture conditions to more specific requirement by mentioning the WLAN ID. But still the posture assessment happens when the client connects to the Wired network. Even though this assessment does not make any difference for the client's access to the network as there is no 802.1x configuration on the switch but still the users are getting annoyed looking at the assessment scan.

Really would appreciate if someone can help me to stop the scan on non-802.1x wired ports.

Regards,

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Shahin901

‎04-30-2016 06:49 AM

Ah, this is what happens when you don't pay attention :) Sorry I missed the "wired" part. For wired I am not aware of a workaround this and have confirmed that it does scan even though the port/NAD was not configured for 802.1x.

This would be a good suggestion to the Cisco team. 

Thank you for rating helpful posts!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-26-2016 09:13 AM

What do you have configure for the setting "Operate on non-802.1X wireless" on the NAC/AnyConnect profile?

Thank you for rating helpful posts!

0 Helpful

Go to solution
Shahin901
Level 1
Level 1
In response to nspasov

‎04-26-2016 09:10 PM

"Operate on non-802.1x wireless" is set to NO. The anyconnect posture module does not scan on non-802.1x wireless but scans on non-802.1x wired connections.

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Shahin901

‎04-30-2016 06:49 AM

Ah, this is what happens when you don't pay attention :) Sorry I missed the "wired" part. For wired I am not aware of a workaround this and have confirmed that it does scan even though the port/NAD was not configured for 802.1x.

This would be a good suggestion to the Cisco team. 

Thank you for rating helpful posts!

0 Helpful
Customers Also Viewed These Support Documents