Just upgraded Cisco ISE to 1.1.1 in my lab/demo environment and am now having problems with a basic posture implementation. In short I connect to a wireless SSID and check posture based on the presence of a file. The NAC agent is declaring my host as compliant and granting full network access however about 5 seconds later it it checks for requirements again while placing my host in the temporary network access. At this point it states I am compliant again and 5 seconds later scans again. This behaivour does not stop and continues endlessly until I close the wireless connection. I had no problems with this setup on 1.1.
All logs indicate successful compliance and no errors in terms of compliance. ANy ideas would be appreciated.
Stephen , take a look at this , it looks like is really a bug and there s nothing we can do ...workaround , chose another authen method , pathetic..
lets wait for a patch
CSCua79768 Bug Details
|EAP Chaining + Posture lost Compliant Session:PostureStatus in reauth|
NAC Agent appears to continually posture endpoint in a continuous loop
EAP-TLS Machine Authentication + Posture
- OR -
EAP-Chaining + Posture
Use different authentication method.