Solved: MacOS endpoints are not recieving VLAN change after CoA.

dgaikwad · ‎08-26-2022

ISE version 2.7 with patch 5.
Wireless deployment with posture checks.
AnyConnect version 4.10
Rollout for posture of MacOS (Monterey) endpoints in progress, but post posture it seems that the VLAN change pushed from ISE is not being reflected on MacOS.
To push the Mac endpoint in the final access VLAN have to bounce the wireless connection and then only the Macs are seen to receive the new IP address from the final access VLAN.
Has this issue been reported previously or is there anything missing from the setup/configuration?

Mark Elsen · ‎08-26-2022

- Check this thread : https://community.cisco.com/t5/network-access-control/coa-to-change-endpoint-vlan-when-posture-status-is-compliant/td-p/3882107 , whilst you are on 2.7 patch level 5 also note this important bug : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa00729

Take care!

M

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

View solution in original post

Mark Elsen · ‎08-26-2022

- Check this thread : https://community.cisco.com/t5/network-access-control/coa-to-change-endpoint-vlan-when-posture-status-is-compliant/td-p/3882107 , whilst you are on 2.7 patch level 5 also note this important bug : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa00729

Take care!

M

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

dgaikwad · ‎08-30-2022

The AnyConnect profile is configured for ARP at the moment and the same profile is applied for all Windows machines as well.
Do MacOSes work using ping or ARP configure is also good way to proceed?