Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
735
Views
0
Helpful
1
Replies

ISE Profiling before Authorization

Ryan Curry
Level 1
Level 1

‎08-21-2018 09:48 AM

Hi all, I have what I hope is a pretty simple question / issue.  Just recently kicked off dot1x wired in monitor mode and I'm profiling phones, APs, and printers fine for the most part.  In my policy, I have entries matching the endpoint profile that should permit access.  The issue is that when I enable dot1x on the ports and they hit ISE, they match the default policy.  If I clear the authentication on the ports with these devices, they'll then hit the right policy.  I've set the profiling policy to do a COA reauth afterwards hoping that'd send it back through the policy process but so far it's not.

 

Is there something I'm missing or is that just how it's designed?  My concern is that when we go to low impact, a new device will get plugged in and it won't hit the right policy until it reconnects.

 

Thanks in advance!

Labels:
0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎09-01-2018 09:14 AM

Known issue -- CSCvg88945 CoA on Reprofile Still Not F...

0 Helpful
Customers Also Viewed These Support Documents