Need help configuring Cisco ACS

1545 pts.
Tags:
Authentication
Cisco
Cisco Secure ACS
EAP
Network access
Remote access
VLAN
I'm configuring a Cisco ACS and now I have this problem: The Authentication of the IETF Radius-server operates properly but the authentication of the NAC doesn't work. All clients come in my quarantine-VLAN. In the logs there is the SharedRAC: Quarantine_RAC displayed. I had configure 3 components in "Shared Profile Components - RADIUS Authorization Components": Healthy_RAC: IETF Session-Timeout (27) 3600 IETF Termination-Action (29) RADIUS-Request (1) IETF Tunnel-Type (64) [T1] VLAN (13) IETF Tunnel-Medium-Type (65) [T1] 802 (6) IETF Tunnel-Private-Group-ID (81) [T1]secure_lan Quarantine_RAC: IETF Session-Timeout (27) 3600 IETF Termination-Action (29) RADIUS-Request (1) I ETF Tunnel-Type (64) [T1] VLAN (13) IETF Tunnel-Medium-Type (65) [T1] 802 (6) IETF Tunnel-Private-Group-ID (81) [T1] quarantine Transition_RAC: IETF Session-Timeout (27) 30 IETF Termination-Action (29) RADIUS-Request (1) After that I had created a Network Access Profile named "nac_802.1x". For testing i disabled the machinepostures in the authentication. My authorization rules: *User Group: student System Posture Token: Healthy Deny Access: No Shared RAC: Healthy_RAC ACL: deactivated *If a condition is not defined or there is no matched condition: Quarantine_RAC What can be the problem? On the client (Windows XP) i selected 802.1x peap authentication with eap-mschapv2. Also i checked that the PC is authenticated as a computer. In the logs there occur three times the Healthy_RAC, there i configured the option "If a condition is not defined or there is no matched condition" to Healthy, but this i have only done for testing VLAN assignment. One more question.. is the CTA Client for the postures needed? some people said that it's not, but others say it's important. Thanks in advance for your input.

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following