HI all!
I have an issue (though I am not sure if it should be considered an issue) regarding wireless clients with Posture (CSC). After a client associates with the AP, it completes the Posture assessment and receives a Compliant status. When the client reaches the idle timeout threshold (assumed to be 300s), it normally reconnects to the AP immediately via Auto Connect.
The problem starts here, on the ISE live logs, the client appears to start a new RADIUS session and the Posture state shows as Pending. However, on the Posture agent (CSC), the status remains Compliant and no new Posture assessment is initiated. As a result, although a new RADIUS session is created, the client never receives a CoA message and remains stuck in the Pending state on the ISE live logs.
I am not sure if anyone has encountered this situation before. How can we address it?
From a quick search, configuring a Posture lease may help mitigate the issue, but is it possible to trigger the CSC to initiate a new Posture assessment without clicking Scan Again when this scenario occurs?
. 9800 17.15.5 with ISE 3.4 p5
