Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
817
Views
0
Helpful
7
Replies

ISE 3.1 lease setting and devices on 24x7

cgarringer
Level 1
Level 1

‎02-27-2023 01:22 PM

We are running ISE 3.1 patch 4 and rolling out wired connections with posture checking.   the issue we are seeing is with computers on 24x7 , we are a manufacturing plant.     With the lease setting at 24 hrs, and the the posture recheck at 12 hours, the computers will scan for posture automatically once at the end of 12 hours, but when the lease expires a user must login and select re-scan to get the device online.     Has anyone had devices that have to stay on 24x7 for up to months on ISE?    What did you do about the lease and rescan for posture?

0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎02-27-2023 02:45 PM

if that causing the issue, if the industrial device is trusted, I will create a different profile and disable posture checks.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

cgarringer
Level 1
Level 1
In response to balaji.bandi

‎02-27-2023 02:54 PM

For the devices that would work but a significant portion of the systems are Windows PC’s that need to be checked for compliance.
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to cgarringer

‎02-27-2023 04:01 PM

so all windows PC are the industrial requirements? what windows  XP / 7 / 10 or 21H2 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

cgarringer
Level 1
Level 1
In response to balaji.bandi

‎02-28-2023 06:03 AM

Nothing older than 10, most should be 21H2.

0 Helpful

Aref Alsouqi
VIP
VIP

‎02-28-2023 06:39 AM

Are you doing the posture assessment via AnyConnect? and are you referring to the lease in the reassessment page or the general posture assessment settings?

0 Helpful

cgarringer
Level 1
Level 1
In response to Aref Alsouqi

‎02-28-2023 06:42 AM

The reassessment is set to 12 hours, the general setting is 24. The AD group is looking at a possible solution, they have found that the ISE posture services can be stopped/started and that causes a re-scan that appears to keep the PC connected. They tried it on one machine, they are expanding the test.
0 Helpful

Dustin Anderson
VIP
VIP

‎02-28-2023 11:05 AM - edited ‎02-28-2023 11:05 AM

I have not tested, will a radius reauth of the port trigger a rescan? We only use AnyConnect for wireless and they tend to bounce on/off all day so never had an issue. 

 

DustinAnderson_0-1677611089535.png

 

0 Helpful
Customers Also Viewed These Support Documents