Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

ISE 1.2 nac agent provision


Is there any way to do a nac agent auto provision?

I know it can be achieve by cwa portal(web redirect) and user have to install nac agent manually. But we would like to see nac agent be installed right afeter user successfully login using 802.1x.

Everyone's tags (1)

As per my knowledge , it is

As per my knowledge , it is not possible. If NAC is not available, it has to be downloaded from source, which is reflected from Redirect URL.

Community Member

I dont follow your thought

I dont follow your thought process but this is how i have most of my deployments are setup. 

CWA < NSP < COA < 802.1x < Posture Status Unknown *In this state either client does or doesnt have nac agent in which ISE will proceed to install it or continue probing to for the NAC agent. 


Remove CWA < NSP < COA from the picture and you have your exact scenario. What is your work flow look like that it is not "automatic" and define what you mean by "manually"?

Community Member

Could you try endpoint

Could you try endpoint debugging, a new feature in ISE 1.3, and see if that gives a better DEBUG log(s)? You may access it at ISE live log by right-clicking on the endpoint’s MAC address or go to Operations > Troubleshoot > Diagnostic Tools > General Tools > EndPoint Debug.


Also, at exact what point did it give this failure? Right after CWA login and transit to the CPP?

CreatePlease to create content