Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2102
Views
2
Helpful
6
Replies

ISE WIRELESS POSTURE

Ughur
Level 1
Level 1

‎07-17-2023 07:24 AM

Hi everybody.

I have configured posture for wireless authentication. But when i connect to wireless network reditecting not work. Can you help me?

0 Helpful
6 Replies 6

marce1000
Hall of Fame
Hall of Fame

‎07-17-2023 10:05 AM

 

 - What is the wireless architecture : elaborate on  controller model(s) , AP model(s) , software versions , ...

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Dustin Anderson
VIP Alumni
VIP Alumni

‎07-17-2023 10:48 AM

As Marce said, you didn't give much info, so I will make some assumptions and give you some to look at.

Assumptions: ISE, AirOS WLC, Lab.

When you are doing a posture assessment, the device should be basically quarantined during the time. This is usually done with a wireless ACL that ISE will call. These are spots you could need to check.

1) Syntax of the ACL. ISE will call the exact name you enter in the WLC, capitol letter or lower case does matter. ACL and Acl are different.

2) on the WLC SSID, under advanced make sure the NAC is set to ISE NAC, otherwise the WLC will ignore what comes back from ISE.

3) Make sure you have AnyConnect set up for whatever you want to check and the config is set in ISE. AC will only return a pass/fail, you will not see in ISE if anything is wrong.

4) Make sure the wireless ACL allows the client to do DHCP and DNS. And if there is a firewall that they can talk to the ISE server.

 

Anything else and you'll need to be more specific of what the issue is and what config you have.

 

Ughur
Level 1
Level 1

‎07-21-2023 05:01 AM

Thanks for replying.
I can configure this step. Now, when i tr connect to wireless, cisco ise redirecting portal. But i can not download anyconnect, getting error. Then i installed anyconnect packages manually on windows.

Now, Cisco Anyconnect system scan status is "Compliant" even if user must be "not complain". I'm adding new requirements but status not change to "non-compliant.

0 Helpful

Ughur
Level 1
Level 1

‎07-21-2023 05:05 AM

Ughur_0-1689940935207.pngUghur_1-1689941008818.png

Ughur_2-1689941100880.png

 

0 Helpful

Dustin Anderson
VIP Alumni
VIP Alumni
In response to Ughur

‎07-21-2023 12:47 PM

When you set up, you will usually set a time to recheck posture. So, if you want to recheck before that time is up I usually have to delete the endpoint from ISE.

0 Helpful

thomas
Cisco Employee
Cisco Employee

‎07-21-2023 11:50 AM

Please see How to Ask The Community for Help .

You have not even included a error, a configuration, or anything for us to comment on or suggest in your initial post.

Please review our existing https://cs.co/ise-resources or https://cs.co/ise-guides for potential guides including https://cs.co/ise-posture for Posture Configuration.

0 Helpful
Customers Also Viewed These Support Documents