05-31-2018 07:49 AM
Hi,
I am working on ISE(2.3 with patch 3) posture implementation with Meraki switch and AP.
We find a problem during posture test.
For wired connection, when AnyConnect ISE posture module finished the checking and have a status of “compliant” or “not compliant”, then I can see wired connection reconnected and trigger posture check one more time. The same thing happened on windows and Mac laptop. But there is no this kind of issue for wireless connection. We also test wired connection without NAM and have the same issue.
This is NAM log:
8:11:30 PM 802.1x_Wired : Authenticating
8:11:34 PM 802.1x_Wired : Acquiring IP Address
8:11:34 PM 802.1x_Wired : Connected (10.2.2.182)
8:11:34 PM 802.1x_Wired : Connected (10.2.2.0)
8:11:45 PM 802.1x_Wired : Associating
8:11:45 PM Disconnected
8:11:47 PM Disconnected
8:11:47 PM 802.1x_Wired : Authenticating
8:11:51 PM 802.1x_Wired : Authenticating
8:11:51 PM 802.1x_Wired : Acquiring IP Address
8:11:51 PM 802.1x_Wired : Connected (10.2.2.0)
This is ISE posture module log:
8:11:24 PM Limited or no connectivity.
8:11:32 PM Limited or no connectivity.
8:11:38 PM Searching for policy server.
8:11:38 PM Checking for product updates...
8:11:38 PM The AnyConnect Downloader is performing update checks...
8:11:38 PM Checking for profile updates...
8:11:38 PM Checking for product updates...
8:11:38 PM Checking for customization updates...
8:11:38 PM Performing any required updates...
8:11:38 PM The AnyConnect Downloader updates have been completed.
8:11:38 PM Update complete.
8:11:38 PM Scanning system ...
8:11:42 PM Checking requirement 1 of 1.
8:11:42 PM Prepare posture report ...
8:11:42 PM Updating network settings ...
8:11:47 PM Compliant.
8:11:55 PM Searching for policy server.
8:11:55 PM Checking for product updates...
8:11:55 PM The AnyConnect Downloader is performing update checks...
8:11:55 PM Checking for profile updates...
8:11:55 PM Checking for product updates...
8:11:55 PM Checking for customization updates...
8:11:55 PM Performing any required updates...
8:11:55 PM The AnyConnect Downloader updates have been completed.
8:11:55 PM Update complete.
8:11:55 PM Scanning system ...
8:11:58 PM Checking requirement 1 of 1.
8:11:58 PM Prepare posture report ...
8:11:59 PM Compliant.
From ISE radius log, we can see firstly 802.1x session matched Posture redirect authorization policy and then match compliant authorization policy. CoA event could also be found.
Any idea or recommendation on this issue?
thanks in advance.
Solved! Go to Solution.
05-31-2018 07:56 AM
05-31-2018 07:56 AM
Hi,
Please work with the TAC to investigate further.
Regards,
-Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide