09-12-2016 04:09 PM
Dear all,
I am doing a POV and the customer is currently using MAB for internal user device (laptop and desktop) access.
They want to add posture to check against AV engine/definition status before allowing access to production network.
We are using latest ISE 2.1 (no patch yet) and AnyConnect ISE Posture agent.
We get CPP working and get the ISE Posture agent software installed. However, I notice that either ISE Posture agent is not talking to ISE or it cannot get “Security products” tab under “System Scan” is empty.
Could I know if it is a limitation for MAB+Posture? And we need to move to 802.1x for posture to work? If we need to minimise the user experience change, should we use Easy Connect?
I read https://cdetsng.cisco.com/webui/#view=CSCtn89841 and not sure if it is already fixed or still an issue.
Thanks, Tommy
Solved! Go to Solution.
09-12-2016 05:07 PM
Tommy,
This should have been addressed by CSCtq83954. However, it is important that you have a user session open which launches posture agent and that client provisioning and/or posture policy can match on the posture policy.
EasyConnect identity is not currently supported in Posture Policy, so that would not help.
Craig
09-12-2016 05:07 PM
Tommy,
This should have been addressed by CSCtq83954. However, it is important that you have a user session open which launches posture agent and that client provisioning and/or posture policy can match on the posture policy.
EasyConnect identity is not currently supported in Posture Policy, so that would not help.
Craig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide