Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
0
Helpful
1
Replies

Need help with ISE posture

MedTek26
Level 1
Level 1

‎11-09-2023 03:10 PM - edited ‎11-09-2023 03:56 PM

Dear Cisco community,

After setting up the temporal agent and configuring the different authorization profiles and Policy Sets, I proceed to test it on a client.

Initially, everything functions as expected, but an issue arises after the compliance check phase.

MedTek26_0-1699558618299.png

As you can see in the screenshot above : regardless of whether the device is compliant or not, Cisco ISE won't progress beyond the authorization policy stage. Ideally, it should apply the appropriate authorization profile based on the device's compliance status. Resulting in sending a Blank CoA without any attributes other than ACCESS ACCEPT.

Authentication Policy :

MedTek26_1-1699558788088.png

Authorization Policy : 

MedTek26_2-1699558832425.png

Client PoV : 

MedTek26_3-1699570702203.png

Under the live session the posture status is blank :
MedTek26_4-1699570957110.png

Under the contexte visibility : 

MedTek26_5-1699571133871.png

Report : 

MedTek26_0-1699574175823.png

The client is a VM and dosent have the Windows firewall activated and is up to date.
I am using the latest Cisco ISE-3.2.0.542a-virtual-SNS3615-SNS3655-300

If anyone already had experienced that or have hints to share with me, that could help me a lot and would be greatly appreciated.

Thank you !

Regards,

Mehdi

0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎11-10-2023 07:33 PM

@MedTek26 The identity column showed as INVALID so that means the auth was not successful so it seems MAB is not configured properly for your Alcatel device.

0 Helpful
Customers Also Viewed These Support Documents