I'm configuring a Cisco ACS and now I have this problem: The Authentication of the IETF Radius-server operates properly but the authentication of the NAC doesn't work. All clients come in my quarantine-VLAN. In the logs there is the SharedRAC: Quarantine_RAC displayed. I had configure 3 components in "Shared Profile Components - RADIUS Authorization Components": Healthy_RAC: IETF Session-Timeout (27) 3600 IETF Termination-Action (29) RADIUS-Request (1) IETF Tunnel-Type (64) [T1] VLAN (13) IETF Tunnel-Medium-Type (65) [T1] 802 (6) IETF Tunnel-Private-Group-ID (81) [T1]secure_lan Quarantine_RAC: IETF Session-Timeout (27) 3600 IETF Termination-Action (29) RADIUS-Request (1) I ETF Tunnel-Type (64) [T1] VLAN (13) IETF Tunnel-Medium-Type (65) [T1] 802 (6) IETF Tunnel-Private-Group-ID (81) [T1] quarantine Transition_RAC: IETF Session-Timeout (27) 30 IETF Termination-Action (29) RADIUS-Request (1) After that I had created a Network Access Profile named "nac_802.1x". For testing i disabled the machinepostures in the authentication. My authorization rules: *User Group: student System Posture Token: Healthy Deny Access: No Shared RAC: Healthy_RAC ACL: deactivated *If a condition is not defined or there is no matched condition: Quarantine_RAC What can be the problem? On the client (Windows XP) i selected 802.1x peap authentication with eap-mschapv2. Also i checked that the PC is authenticated as a computer. In the logs there occur three times the Healthy_RAC, there i configured the option "If a condition is not defined or there is no matched condition" to Healthy, but this i have only done for testing VLAN assignment. One more question.. is the CTA Client for the postures needed? some people said that it's not, but others say it's important. Thanks in advance for your input.

Software/Hardware used: