This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
After I configure the posture with "call home" to detect the PSN servers, the wireless can detect the PSN and check the compliance and the COA is working properly, the endpoint goes from unknown (Redirect URL) to compliant. For the wired, the endpoint is showing that it is compliant, but the switch and ISE are still in an unknown posture (Redirect URL).
After I click on the AC profile again, the endpoint status changes to compliant for the switch and ISE server, and I can browse successfully.
Solved! Go to Solution.
please check the status of your Endpoint at Work Centers > Posture > Reports > Reports > Posture Reports > Posture Assessment by Endpoint ... it is Compliant?
perfect ... now use a TCP Dump (Operations > Troubleshoot > Diagnostic Tools > General Tools > TCP Dump), use the filter ip host <NAD IP Addr>, to check if you are sending the CoA.
Note: I'm assuming that your Unknown and Compliant Policy is correctly configured.