cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

571
Views
5
Helpful
4
Replies
msrfares84
Beginner

The Cisco ISE 2.7 wired posture is compliant in the AC, but the switch is still in an unknown state, stuck in a redirect URL.

Hi,

After I configure the posture with "call home" to detect the PSN servers, the wireless can detect the PSN and check the compliance and the COA is working properly, the endpoint goes from unknown (Redirect URL) to compliant. For the wired, the endpoint is showing that it is compliant, but the switch and ISE are still in an unknown posture (Redirect URL).

After I click on the AC profile again, the endpoint status changes to compliant for the switch and ISE server, and I can browse successfully.

Any suggestions?

1 ACCEPTED SOLUTION

Accepted Solutions

Thank you for your support.

The issue has been fixed. The CoA UDP 1700 was blocked from the firewall.

View solution in original post

4 REPLIES 4
Marcelo Morais
Advocate

Hi,

 please check the status of your Endpoint at Work Centers > Posture > Reports > Reports > Posture Reports > Posture Assessment by Endpoint ... it is Compliant?

It is showing compliant. Check the attached file.

 

 

Hi,

 perfect ... now use a TCP Dump (Operations > Troubleshoot > Diagnostic Tools > General Tools > TCP Dump), use the filter ip host <NAD IP Addr>, to check if you are sending the CoA.

Note: I'm assuming that your Unknown and Compliant Policy is correctly configured.

 

Thank you for your support.

The issue has been fixed. The CoA UDP 1700 was blocked from the firewall.

View solution in original post

Content for Community-Ad