NAC Framework NAC-L3-IP, passing posture validation, but no ACLs downloaded

Unanswered Question
Jun 17th, 2008
User Badges:


I've got the NAC Framework NAC-L3-IP setup using an 1800 router and Cisco ACS Server 4.2. When my client attempts to reach the internet (through our NAD configured for network admission), I get a popup saying the Posture is Healthy, the ACS server says its good, yet I never get any of my configured ACLs downloaded to the router. I think my problem is with my RADIUS AUthorization Components...what should the Healthy RAC look like? This is what I've currently got;

IETF Session-Timeout (27) 36000

IETF Termination-Action (29) RADIUS-Request (1)

Cisco IOS/PIX 6.0 cisco-av-pair (1) status-query-timeout=300

I've got that RAC tied to a NAP and a downloadable ACL also associated to it through the Network Access Profiles page.

Can anyone provide help with this. Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jasonhumes Tue, 06/17/2008 - 12:22
User Badges:

Ooops, nevermind, I had to enable aaa authorization network default group radius and then the ACLs downloaded as expected. Thanks!



This Discussion