11-25-2007 05:21 AM - edited 03-10-2019 03:32 PM
Hi all,
We deployed NAC solution (802.1x) with CS ACS 4.1 and Cisco Trust Agent 2.1 with bundled supplicant.
we got problem (slow respons) while try to login on windows xp (it takes around 4 minute). however the authentication has succesfull and we got the posture message from ACS.
Please help..
Attached log from CTA
regards,
bongkie
11-26-2007 09:31 AM
Initial suggestion is to do a port-sniff and see what's causing the hold-up. Not particularly experienced with NAC, but certainly 802.1x on Windows can be a bit hit or miss, most of the time it's fine, but sometimes clients just wait an age before sending credentials off.
Sniff the port and see what's taking so long...
Regards,
Richard.
11-27-2007 05:35 AM
Hi Richard,
Thanks for your respons.
the slow logon issue has been solved with deployed customize CTA package with reduce retry authentication settings from 4 (default value) to smaller value.
I have new problem with validation to external posture server using LanDesk 8.7.
Followed all documentation from Cisco and Landesk did not solved this issue.
attached log from Radius Server.
please advice
regards,
Dony
11-27-2007 06:19 AM
I'd have a stab and say your LandeskPVS Policy is what's causing RADIUS to say no, but it's down to you to take a look at the rule-set and see what's what.
Failing that, create some obscenely simple policies, and get them working first. Once something very simple works, start to build on it bit-by-bit, continuously testing & fixing as required.
Sorry I can't help more...
Richard.
11-27-2007 07:20 AM
Hi,
I solve this. You must create group on AD and add to this group both the user and machine.
It works for me. It should take less than 20 sec.
Mugur
11-27-2007 07:47 PM
Hi Mugur,
We did not use AD as user authentication, but using Cisco ACS internal database. The users working environtment is workgroup.
any suggestion ?
thanks
Dony
11-27-2007 07:54 PM
Richard,
All rules from internal policy (ACS internal posture) always worked for me, but if I pointing to the external posture server, Radius reject the request or failed in authentication. I'm still looking if my ACS or there is wrong configuration at my LanDesk Server. Btw thanks for the advice.
regards,
bongkie
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide