Solved: MacOS endpoints are not recieving VLAN change after CoA.

dgaikwad · ‎08-26-2022

ISE version 2.7 with patch 5.
Wireless deployment with posture checks.
AnyConnect version 4.10
Rollout for posture of MacOS (Monterey) endpoints in progress, but post posture it seems that the VLAN change pushed from ISE is not being reflected on MacOS.
To push the Mac endpoint in the final access VLAN have to bounce the wireless connection and then only the Macs are seen to receive the new IP address from the final access VLAN.
Has this issue been reported previously or is there anything missing from the setup/configuration?

marce1000 · ‎08-26-2022

- Check this thread : https://community.cisco.com/t5/network-access-control/coa-to-change-endpoint-vlan-when-posture-status-is-compliant/td-p/3882107 , whilst you are on 2.7 patch level 5 also note this important bug : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa00729

Take care!

M

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

marce1000 · ‎08-26-2022

- Check this thread : https://community.cisco.com/t5/network-access-control/coa-to-change-endpoint-vlan-when-posture-status-is-compliant/td-p/3882107 , whilst you are on 2.7 patch level 5 also note this important bug : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa00729

Take care!

M

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

dgaikwad · ‎08-30-2022

The AnyConnect profile is configured for ARP at the moment and the same profile is applied for all Windows machines as well.
Do MacOSes work using ping or ARP configure is also good way to proceed?