I am new to the NAC solution but I have a VPN SSO Layer 3 VG INBAND MODE configuration that works with the VPN solution and now I want to expand my current config to do more. I am trying to have a conference room that will have ports that are placed in a CCA server vlan 94 untrust and if they pass posture accessment then they are placed in untrust vlan93. This works for the most part except for DNS...ie I have to put in the yahoo IP...also I am unable to pull a DHCP address...if I assign a vlan 93 IP I get the CAA to pop up and I can log into the local DB...but if I set to DHCP it will not pull an address. see attached sample
do you receive a DHCP ip address when you are on vlan 93 without help of the NAC server? This would help verify the DHCP configuration without the NAC.
Once this is working, you should only need the vlan mapping and managed subnet on the CAS config.. is that already in there?