cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3028
Views
1
Helpful
2
Replies

ISE posture pending loop

kareali@cisco.com
Cisco Employee
Cisco Employee

Hi,

   i'm facing a strange issue while anyconnect posture running it fails in one of the requirement and the configured remediation timer is 3 min

after that it should go to non-compliant with remediation vlan. but we noticed that posture tries to re-scan again every 16 seconds hence remediation timer starts again from beginning which means that user will never hit non-compliant profile !!! he will stay in unknown state forever !!!

it like a loop

1- user gets remediation text message

2- remediation timer starts counting

3- after 16 seconds anyconnect starts scanning again

4- back to step 1

the user status in ISE always pending "unknown state" !!!  so what do you think what is maybe the issue

2 Replies 2

Ravi Singh
Level 7
Level 7

Could you please tell me which version you are on? What i think this is bug CSCul66272. See the detail below

Symptom:
The NAC Agent gets suck in a posture loop. The sequence of events seen for the agent is:
1) An authentication entry is seen for the host and posture is set to pending.
2) A CoA is sent for the host with the posture status matching the globally set default posture status.
3) An authentication is again seen for the host with the posture status set to pending.

Conditions:
ISE 1.2.0.899
An application is installed on the end host that sends an HTTP or HTTPS packet with an unknown user-agent.
Posture is configured and in use.

Last Modified:

Jun 9,2014

Status:

Fixed

Severity:

3 Moderate

Product:

Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases:
(1)

1.2(0.899)

Known Fixed Releases:
(2)

1.2(0.907)

1.2(1.198)

Andre Liverod
Level 1
Level 1

Got the exactly the same issue here in a new solution with version 2.2.0.470-Patch1.

The client just starts reassesment and stays in a posturing state, nothing happens on ISE or switch tough so it seems like a client issue.