11-13-2013 04:24 AM - edited 03-10-2019 09:05 PM
Hello,
I am newly configuring and testing Posturing/Client Provissioning on ISE. I configured Client_Provissioning Policy without any Posture_Policy just to test it works or not.
My Wireless client can authenticate and get and install NAC_Agent successfully, but after that no network access is given to the client pc.
on the ISE Authentication Reports it shows ( Posture Status Pending )
and on the Wireless client everytime when i open browser i get this message " Cisco Agent was detected and is running. If you are still unable to access the network please contact you administrator"
I dont know what is the issue, plz help
11-14-2013 10:11 AM
Please try to remove and re-apply the posture policies.
11-14-2013 10:38 AM
Hi Ravi,
I have not yet configured any Posture policies. i have configured only client-provissioning policy, i want to first test client-provissioning works properly before applying any Posture-Policy.
So My wireless clients are correctly redirected and recieve NAC Agent, but afterthat it seems that the NAC_Agent does not do anything and does not send any report back to ise for further processings.
on the ise Authentication Report i can see, the client is stuck in UKNOWN-STATUS , and shows Posture_Status Pending...
it does not go to Uncompliant or Compliant Status.
I dont know what can be the issue? neither ISE shows me the error , nor the WLC.
11-15-2013 07:04 AM
If no matching posture policy is defined for an endpoint, then the posture compliance status of the endpoint may be set to unknown
11-14-2013 06:37 PM
You must ensure that the latest Windows hotfixes and patches are installed on Windows XP clients so that NAC Agents can establish a secure and encrypted communication with the Cisco ISE server (SSL over TCP).
11-14-2013 10:37 PM
I am using windows 8 as cilent, and it has all the updates and hotfixes.
Can anyone send me a link for configuring Posture-assessment&Client-Provissioning using ISE 1.2 and WLC as NAD ?
I found many links on the web but all of them show Wired-switch configured as NAD, and using ise 1.1
11-15-2013 02:02 AM
Please find the below document
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml#topic19
11-25-2013 06:43 AM
Do you have authrization policies for compliant users?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: