Working on a POC/Test ISE deployment prior to the full production rollout and I'm encountering some odd behavior with my wireless BYOD setup. I'm seeing the following issues on my test machine, and it seems to happen every time I test.
BYOD clients lose posture status every time they log off/reboot (or perhaps more accurately, when they reconnect to the corproate SSID), but posture lease is set to 14 days and there is no periodic re-assessment configured. My understanding is that the posture lease should apply to all clients, but I may be mistaken there?
When BYOD clients are posture-assessed using the temporal agent, the first run through doesn't update the posture status in ISE - I need to be redirected a second time, run the temporal agent a second time and then I get full network access.
I have a feeling it may be related to my configuration (specifically the client provisioning/posture setup), but was curious if anyone had any thoughts on those issues? I'm going to try and get some screenshots later to illustrate my client provisioning policy setup, just in case it's something there - I've got separate lines for posture and provisioning as it was the cleanest way I could think to configure it, but there's probably a better way. I'm pretty new to ISE!