...
On AireOS, whenever a client sends an incorrect PMKID the client will be allowed a slow roam and 802.1x may restart. On 9800 WLC it's more strict, when a client sends an incorrect PMKID the WLC sends an access-reject and the client has to restart the whole process. Recovery is not an issue for most deployment, but for 802.1x SSIDs a new session ID is created and this breaks ISE posture.
9800 WLC ISE with Posture
None at this time.
Track CSCwa67566 for a partial fix for this design problem.
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.