Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2386
Views
0
Helpful
16
Replies

Self Provisioning - Supplicant then NAC

David Boos
Level 1
Level 1

‎08-13-2013 08:41 PM - edited ‎03-10-2019 08:46 PM

I'm trying to setup a scenario such as -

Laptop brought on network - joins open wireless network - through open wireless network it registers with ISE using the supplicant wizard - once the supplicant wizard completes it joins a secure SSID - after navigating to another webpage NAC is delivered and client is postured.

I've gotten all the way to the last part.  It runs through the supplicant wizard, successfully registers, and joins the 802.1x network without a problem.

When I go to any other webpage it redirects me to "Unable to verify credentials required to access the network." page.  The only way to stop it is to remove it from the clients page on the WLC - once it's removed and rejoins the 802.1x network the NAC agent install comes up, installs, and postures according to the posture policies.

It seems like everything is where it should be but it doesn't install at the proper time without being removed from the network.

1 person had this problem
Labels:
0 Helpful
16 Replies 16

blenka
Level 3
Level 3

‎10-25-2013 04:36 PM

Symptoms or Issue

Client machine browser displays a "no policy matched" error message after user authentication and authorization.

Conditions

This issue applies to user sessions during the client provisioning phase of authentication.

Possible Causes

The client provisioning resource policy could be missing required settings.

Resolution

•Ensure that a client provisioning policy exists in Cisco ISE. If yes,  verify the policy identity group, conditions, and type of agent(s)  defined in the policy. (Also ensure whether or not there is any agent  profile configured under Policy > Policy Elements > Results >  Client Provisioning > Resources > Add > ISE Posture Agent  Profile, even a profile with all default values.)

•Try reauthenticating the client machine by bouncing the port on the access switch.

0 Helpful

Ramon Thomas
Level 1
Level 1

‎05-13-2014 10:56 AM

I had the same issue but with wired 802.1x authentication/PEAP, but the resolution was extremely similar. Simply disabling Fast Reconnect under the PEAP settings fixed my problem.

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents