Hi,
We try to implement ISE 2.1 posture with Aruba Controller/AP.
Does anyone have any experience how can we do it?
We use EAP-chaning, certificate auth for Machine, and password auth for user.
We can change the Role (from guest to Authenticated) with Aruba-User-Role Radius answer, we can send CoA, and normally we can
succesfully manage the posture.
But - if user logged out from machine, and revert to Role back to Restricted (with succesful machine authentication),
and try to login again, the Aruba WLC (Assume the PMK caching) says "Setting cached role to guest for user <MAC>” , and the posture will not occured,
and the user stuck in Guest role despite of successfull authenticaton.
What is wrong with this? The ISE 2.1 Compatibility Matrix shows Aruba as supported OS.