Cisco AcessControlServer – Authentication

5 pts.
Tags:
Access Control Server
ACS
Cisco
Radius
Hi I'm configuring a Cisco ACS for our diploma thesis and now i have this problem: The Authentication of the IETF Radius-server operates properlym but the authentication of the nac doesn't work. All clients come in my quarantine-vlan. In the logs there is the SharedRAC: Quarantine_RAC displayed. I had configure 3 components in "Shared Profile Components - RADIUS Authorization Components": Healthy_RAC: IETF Session-Timeout (27) 3600 IETF Termination-Action (29) RADIUS-Request (1) IETF Tunnel-Type (64) [T1] VLAN (13) IETF Tunnel-Medium-Type (65) [T1] 802 (6) IETF Tunnel-Private-Group-ID (81) [T1]secure_lan Quarantine_RAC: IETF Session-Timeout (27) 3600 IETF Termination-Action (29) RADIUS-Request (1) I ETF Tunnel-Type (64) [T1] VLAN (13) IETF Tunnel-Medium-Type (65) [T1] 802 (6) IETF Tunnel-Private-Group-ID (81) [T1] quarantine Transition_RAC: IETF Session-Timeout (27) 30 IETF Termination-Action (29) RADIUS-Request (1) After that i created a Network Access Profile named nac_802.1x. For Testing i disabled the machinepostures in the authentication. my authoriziation rules: *User Group: student System Posture Token: Healthy Deny Access: No Shared RAC: Healthy_RAC ACL: deacitvated *If a condition is not defined or there is no matched condition: Quarantine_RAC Has anyone an idea what the problem is? In windows xp i selected 802.1x peap authentication with eap-mschapv2. Also i checked that the pc is authenticated as a computer. Here's a cut of the acs-log file(Passed Authentications): http://www.datei-upload.eu/file.php?id=e532ee9671a10ba82567b d156f12ebf8 In the logs there occur three times the Healthy_RAC, there i configured the option "If a condition is not defined or there is no matched condition" to Healthy. One more question.. is the CTA Client for the postures needed? some people said that it's not, but others say it's important. in advance. thanks for answers __________________ http://net08.wordpress.com/

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following