Guest

Preview Tool

Cisco Bug: CSCuj65787 - NAC agent should do discovery using client internet settings like proxy

Last Modified

Feb 27, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.2(0.899)

Description (partial)

Symptom:
In wired scenarios with Client provisioning with clients using proxy we need to change the port on the switch for the switch to redirect on the proxy port.
However for posture, the NAC agent does the discovery process on port 80 only so in scenarios where provisioning and posture are configured, the NAC agent discovery process will fail.

The NAC Agent reaches the right ISE Policy Decision Point (PDP) in different ways, depending upon whether the discovery host is defined:

1 - If no discovery host is defined: The NAC Agent sends HTTP request on port 80 to the gateway; this traffic must be redirected to the posture discovery link (CPP) in order for discovery to work properly.

2 - If a discovery host is defined: The NAC Agent sends HTTP request on port 80 to the host; this traffic must be redirected to the posture discovery link (CPP) in order for discovery to work properly. If there is a problem with redirection, the NAC Agent tries to directly contact the discovery host defined on port 8905; posture validation is not guaranteed, because the session information may not be available on that PDP unless node groups are defined, and the PDP is within the same group.

We should allow the agent to retrieve/use the proxy settings on the clients.

Conditions:
NA
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.