08-29-2009 04:21 AM
IC is used in 802.1x scenario. Currently am running a test scenario before actual deployment; and configured such that if notepad.exe is running then endpt is compliant. Its observed that although if notepad.exe doesnt run, I get compliant vlan applied to the switchport and during reevaluation of policies, I get the correct vlan pushed. Similarly few times its observed that although endpoint is non-compliant get compliant vlan and during reevaluation get the correct vlan. i have ensured that switch is not misbehaving.As a workaround I configured reevauation time as "0", after which I get correct vlan based on compliance / NC, but policy doesnt refersh. I have captured relevant logs for it. Just to update, I have IC & LDAP in time synch (using NTP on IC).
If i set the reevaluation as 1, then i get correct vlan after 1 min and the vlan thats applied before that cant be guaranteed!
Is it some problem with IC config or with Host checker on endpoint machine or something else?
I have attached the logs for your reference.
Thanks in advance
08-30-2009 11:03 AM
can you post screenshots of your role mapping rules page and radius attribute policies page?
also mention to which role you enabled notepad host checker policy.
I wanted to look at the order of roles and radius attribute policies.