01-10-2017 05:05 AM
Hi,
i'm facing a strange issue while anyconnect posture running it fails in one of the requirement and the configured remediation timer is 3 min
after that it should go to non-compliant with remediation vlan. but we noticed that posture tries to re-scan again every 16 seconds hence remediation timer starts again from beginning which means that user will never hit non-compliant profile !!! he will stay in unknown state forever !!!
it like a loop
1- user gets remediation text message
2- remediation timer starts counting
3- after 16 seconds anyconnect starts scanning again
4- back to step 1
the user status in ISE always pending "unknown state" !!! so what do you think what is maybe the issue
01-12-2017 12:49 AM
Could you please tell me which version you are on? What i think this is bug CSCul66272. See the detail below
Symptom:
The NAC Agent gets suck in a posture loop. The sequence of events seen for the agent is:
1) An authentication entry is seen for the host and posture is set to pending.
2) A CoA is sent for the host with the posture status matching the globally set default posture status.
3) An authentication is again seen for the host with the posture status set to pending.
Conditions:
ISE 1.2.0.899
An application is installed on the end host that sends an HTTP or HTTPS packet with an unknown user-agent.
Posture is configured and in use.
Jun 9,2014
Fixed
3 Moderate
Cisco Identity Services Engine (ISE) 3300 Series Appliances
Known Affected Releases: | (1) |
Known Fixed Releases: | (2) |
1.2(1.198)
05-13-2017 12:33 AM
Got the exactly the same issue here in a new solution with version 2.2.0.470-Patch1.
The client just starts reassesment and stays in a posturing state, nothing happens on ISE or switch tough so it seems like a client issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide