cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

701
Views
0
Helpful
1
Replies
Highlighted
Beginner

MAB+Posture

Dear all,

I am doing a POV and the customer is currently using MAB for internal user device (laptop and desktop) access.

They want to add posture to check against AV engine/definition status before allowing access to production network.

We are using latest ISE 2.1 (no patch yet) and AnyConnect ISE Posture agent.

We get CPP working and get the ISE Posture agent software installed. However, I notice that either ISE Posture agent is not talking to ISE or it cannot get “Security products” tab under “System Scan” is empty.

Could I know if it is a limitation for MAB+Posture? And we need to move to 802.1x for posture to work? If we need to minimise the user experience change, should we use Easy Connect?

I read https://cdetsng.cisco.com/webui/#view=CSCtn89841 and not sure if it is already fixed or still an issue.

Thanks, Tommy

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advocate

Tommy,

This should have been addressed by CSCtq83954.  However, it is important that you have a user session open which launches posture agent and that client provisioning and/or posture policy can match on the posture policy.

EasyConnect identity is not currently supported in Posture Policy, so that would not help.

Craig

View solution in original post

1 REPLY 1
Highlighted
Advocate

Tommy,

This should have been addressed by CSCtq83954.  However, it is important that you have a user session open which launches posture agent and that client provisioning and/or posture policy can match on the posture policy.

EasyConnect identity is not currently supported in Posture Policy, so that would not help.

Craig

View solution in original post

Content for Community-Ad