i'm currently implementing ISE posture on one of my clients, but i'm facing an issue when the endpoint get a non-compliant status, it automatically goes to a unknown state and start re-scaning
The expected behavior is that if and endpoint goes to a non-compliant status, it receives like guests only-internet access with ACL (airspace and DACL)
The redirection portal and compliant status works fine.
I have the unknown and non-compliant authorization profiles with vlan change but i don't know if this trigger the re-scanning
What can be the issue?
Context information:
- ISE 3.0
- Anyconnect 4.10
- Compliance Module: 4.3.3685