cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
396
Views
0
Helpful
1
Replies

ISE 2.3 BYOD with Temporal Agent - Odd Behaviour

David Milne
Beginner
Beginner

Hi Folks,

Working on a POC/Test ISE deployment prior to the full production rollout and I'm encountering some odd behavior with my wireless BYOD setup. I'm seeing the following issues on my test machine, and it seems to happen every time I test.

 

  1. BYOD clients lose posture status every time they log off/reboot (or perhaps more accurately, when they reconnect to the corproate SSID), but posture lease is set to 14 days and there is no periodic re-assessment configured. My understanding is that the posture lease should apply to all clients, but I may be mistaken there?
  2. When BYOD clients are posture-assessed using the temporal agent, the first run through doesn't update the posture status in ISE - I need to be redirected a second time, run the temporal agent a second time and then I get full network access.

 

I have a feeling it may be related to my configuration (specifically the client provisioning/posture setup), but was curious if anyone had any thoughts on those issues? I'm going to try and get some screenshots later to illustrate my client provisioning policy setup, just in case it's something there - I've got separate lines for posture and provisioning as it was the cleanest way I could think to configure it, but there's probably a better way. I'm pretty new to ISE!

Thanks!

1 Accepted Solution

Accepted Solutions
1 Reply 1

hslai
Cisco Employee
Cisco Employee
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers