Re: Posture required manually scan from user

oumodom · ‎12-01-2024

Dear Cisco ISE lover,

I would like to share current issue whether bug or expected result, as I test in lab for posture scan condition on Wired LAN and it required user to manually click "Scan Again" button to validate trusted device into authorization.

As our objective to automatically scan posture without human interaction, once the user plug in LAN and faster authorization (Permit any).

Cisco ISE v3.1
ISE Posture/Secure Client 5.1.2.42
Compliant module 4.3.3335.6146

Thank you,

ahollifield · ‎12-02-2024

Why ISE 3.1 and not 3.3 or 3.4?

Sounds like CoA is not working. What is the NAD?

oumodom · ‎12-02-2024

You are right, But we found 3.3 and 3.4 are most bug.
How to check CoA is working fine @ahollifield ?

ammahend · ‎12-02-2024

share your switch AAA config config where users connect.

As recommended, this will help verify if COA is enabled.

-hope this helps-

oumodom · ‎12-02-2024

Thank @ammahend

As remember, for Posture v4.9 it was doing well. But I can't confirm that v5.1 is bug existing or not.
If you have more experience, please kindly another approach to check.

Thank so much @ammahend

ahollifield · ‎12-03-2024

https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/anyconnect-secure-mobility-client-v4x-eol.html

ahollifield · ‎12-03-2024

In the Live Logs you will dynamic authorization log messages. These will be either pass or fail.

oumodom · ‎12-04-2024

Could you elaborate than this please?

ahollifield · ‎12-05-2024

What do you mean? Open the Live Logs page, filter on a specific Endpoint ID (MAC Address). You see both authc/authz messages and CoA logs here.