Hi I'm configuring a Cisco ACS for our diploma thesis and now i have this problem: The Authentication of the IETF Radius-server operates properlym but the authentication of the nac doesn't work. All clients come in my quarantine-vlan. In the logs there is the SharedRAC: Quarantine_RAC displayed. I had configure 3 components in "Shared Profile Components - RADIUS Authorization Components": Healthy_RAC: IETF Session-Timeout (27) 3600 IETF Termination-Action (29) RADIUS-Request (1) IETF Tunnel-Type (64) [T1] VLAN (13) IETF Tunnel-Medium-Type (65) [T1] 802 (6) IETF Tunnel-Private-Group-ID (81) [T1]secure_lan Quarantine_RAC: IETF Session-Timeout (27) 3600 IETF Termination-Action (29) RADIUS-Request (1) I ETF Tunnel-Type (64) [T1] VLAN (13) IETF Tunnel-Medium-Type (65) [T1] 802 (6) IETF Tunnel-Private-Group-ID (81) [T1] quarantine Transition_RAC: IETF Session-Timeout (27) 30 IETF Termination-Action (29) RADIUS-Request (1) After that i created a Network Access Profile named nac_802.1x. For Testing i disabled the machinepostures in the authentication. my authoriziation rules: *User Group: student System Posture Token: Healthy Deny Access: No Shared RAC: Healthy_RAC ACL: deacitvated *If a condition is not defined or there is no matched condition: Quarantine_RAC Has anyone an idea what the problem is? In windows xp i selected 802.1x peap authentication with eap-mschapv2. Also i checked that the pc is authenticated as a computer. Here's a cut of the acs-log file(Passed Authentications): http://www.datei-upload.eu/file.php?id=e532ee9671a10ba82567b d156f12ebf8 In the logs there occur three times the Healthy_RAC, there i configured the option "If a condition is not defined or there is no matched condition" to Healthy. One more question.. is the CTA Client for the postures needed? some people said that it's not, but others say it's important. in advance. thanks for answers __________________ http://net08.wordpress.com/

Software/Hardware used: