NAC IB-VG-L2 problem

Answered Question
Oct 2nd, 2010
User Badges:


I am configuring NAC for my network IB – VG –L2  as following:

CAM vlan 2

CAS vlan 3

Authentication vlan (31,41)

Access vlan (10,20)

CAS eth0 native vlan 999

CAS eth1 native vlan 998

Vlan Mapping untrusted to the trusted as follwing :31 to 10 and 41 to 20                      


I have attached all the configuration of the CAM , CAS , core switch and the access switch

I have configured access port on the access switch on vlan 10 for a host machine to test

I also have AD and exch. VM on access vlan 2 . I have created a local account to test but nothing

Happen and I don’t know where is my proplem . By the way I did n’t create Authentication server

As I want it to authenticate locally then do the rest of the lab.

Is there a hope to run this lab?

Correct Answer by Faisal Sehbai about 6 years 9 months ago

Ahmed,


Yes. Unless you put the client on the untrusted side (Vlan 31), it would not cross the CAS and thus won't be authenticated or posture-assessed.


Give that a shot.


HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

Correct Answer by Faisal Sehbai about 6 years 9 months ago

Ahmed,


Where are you plugging in your client for testing on the access switch? Which port?


Faisal

--

If you find this post helpful, please rate so others can find the answer easily

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Faisal Sehbai Sat, 10/02/2010 - 20:31
User Badges:
  • Gold, 750 points or more

Ahmed,


Where are you plugging in your client for testing on the access switch? Which port?


Faisal

--

If you find this post helpful, please rate so others can find the answer easily

a7med_magdy Sun, 10/03/2010 - 02:41
User Badges:


Hello Faisal ,

The client machine is connected to port giga 1/0/11

interface GigabitEthernet1/0/11

switchport access vlan 10

switchport mode access !

Do you think I have to put it in access vlan 31 instead of 10

Correct Answer
Faisal Sehbai Sun, 10/03/2010 - 09:12
User Badges:
  • Gold, 750 points or more

Ahmed,


Yes. Unless you put the client on the untrusted side (Vlan 31), it would not cross the CAS and thus won't be authenticated or posture-assessed.


Give that a shot.


HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

a7med_magdy Mon, 10/04/2010 - 01:44
User Badges:

hello Faisal, it works and it begin to authenticate and download the agent . but after that i begin to test again

and it asks for the User and password (in the lgin page) and nothing happen it doesn't redirect me to anything

or tell me you credentials is invalid . I tested this account on the CAM and works (Authentication syccessful)

I don't know where is the problem!!

Actions

This Discussion