04-13-2021 03:07 PM
Hi,
After I configure the posture with "call home" to detect the PSN servers, the wireless can detect the PSN and check the compliance and the COA is working properly, the endpoint goes from unknown (Redirect URL) to compliant. For the wired, the endpoint is showing that it is compliant, but the switch and ISE are still in an unknown posture (Redirect URL).
After I click on the AC profile again, the endpoint status changes to compliant for the switch and ISE server, and I can browse successfully.
Any suggestions?
Solved! Go to Solution.
04-14-2021 02:47 AM
Thank you for your support.
The issue has been fixed. The CoA UDP 1700 was blocked from the firewall.
04-13-2021 06:27 PM
Hi,
please check the status of your Endpoint at Work Centers > Posture > Reports > Reports > Posture Reports > Posture Assessment by Endpoint ... it is Compliant?
04-14-2021 12:34 AM
04-14-2021 01:52 AM
Hi,
perfect ... now use a TCP Dump (Operations > Troubleshoot > Diagnostic Tools > General Tools > TCP Dump), use the filter ip host <NAD IP Addr>, to check if you are sending the CoA.
Note: I'm assuming that your Unknown and Compliant Policy is correctly configured.
04-14-2021 02:47 AM
Thank you for your support.
The issue has been fixed. The CoA UDP 1700 was blocked from the firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide