Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
677
Views
0
Helpful
2
Replies

ISE Posture status pending with assigned APIPA address at client pc

journey jane
Level 1
Level 1

‎12-29-2022 01:28 AM

Dear all,

I would like to ask some helps for my facing ise posture issue. Posture state is pending and pc and get only APIPA address. When i trouble shoot, i have DC_Unknown authorization profile by attaching DACL name = Test_RD1. That Test_RD1 have the following access-list as screenshot. When i delete ""Deny ip any any"" at Test_RD1, posture flow is completed and working fine. Actually, it was working fine before without removing ""Deny ip any any"" at DACL. I have no changes before facing this posture issue.

NOTE: user switch model >> C2960X and firmware version is 15.2(2)E6.

Could anyone pls suggest to get the cause? how related with it? Thanks much.

 

journeyjane_0-1672305546663.png

journeyjane_1-1672305648638.png

 

 

0 Helpful
2 Replies 2

Rodrigo Diaz
Cisco Employee
Cisco Employee

‎12-30-2022 03:16 PM

hello @journey jane  , are you using a posture based redirection flow ? or redirection-less ? 

0 Helpful

journey jane
Level 1
Level 1

‎01-06-2023 07:39 PM

Hello everyone, 

Thanks alot. As i checked with TAC, they remove DACL and issue was resolved but that was not the cause and tac also cannot find out the cause as well. They just suggest not to put all of the postures and radius policy to a policy set and to do segregation for each. 

0 Helpful
Customers Also Viewed These Support Documents