Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
10
Helpful
4
Replies

NAC IB-VG-L2 problem

Go to solution
a7med_magdy
Level 1
Level 1

‎10-02-2010 06:32 AM - edited ‎02-21-2020 04:06 AM

I am configuring NAC for my network IB – VG –L2  as following:

CAM vlan 2

CAS vlan 3

Authentication vlan (31,41)

Access vlan (10,20)

CAS eth0 native vlan 999

CAS eth1 native vlan 998

Vlan Mapping untrusted to the trusted as follwing :31 to 10 and 41 to 20                      

I have attached all the configuration of the CAM , CAS , core switch and the access switch

I have configured access port on the access switch on vlan 10 for a host machine to test

I also have AD and exch. VM on access vlan 2 . I have created a local account to test but nothing

Happen and I don’t know where is my proplem . By the way I did n’t create Authentication server

As I want it to authenticate locally then do the rest of the lab.

Is there a hope to run this lab?

72920-SW conf.rar.zip
72921-CAM&CAS.rar.zip
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Faisal Sehbai
Level 7
Level 7

‎10-02-2010 08:31 PM

Ahmed,

Where are you plugging in your client for testing on the access switch? Which port?

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

View solution in original post

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to a7med_magdy

‎10-03-2010 09:12 AM

Ahmed,

Yes. Unless you put the client on the untrusted side (Vlan 31), it would not cross the CAS and thus won't be authenticated or posture-assessed.

Give that a shot.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

View solution in original post

4 Replies 4

Go to solution
Faisal Sehbai
Level 7
Level 7

‎10-02-2010 08:31 PM

Ahmed,

Where are you plugging in your client for testing on the access switch? Which port?

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

Go to solution
a7med_magdy
Level 1
Level 1
In response to Faisal Sehbai

‎10-03-2010 02:41 AM

Hello Faisal ,

The client machine is connected to port giga 1/0/11

interface GigabitEthernet1/0/11

switchport access vlan 10

switchport mode access !

Do you think I have to put it in access vlan 31 instead of 10

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to a7med_magdy

‎10-03-2010 09:12 AM

Ahmed,

Yes. Unless you put the client on the untrusted side (Vlan 31), it would not cross the CAS and thus won't be authenticated or posture-assessed.

Give that a shot.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

Go to solution
a7med_magdy
Level 1
Level 1
In response to Faisal Sehbai

‎10-04-2010 01:44 AM

hello Faisal, it works and it begin to authenticate and download the agent . but after that i begin to test again

and it asks for the User and password (in the lgin page) and nothing happen it doesn't redirect me to anything

or tell me you credentials is invalid . I tested this account on the CAM and works (Authentication syccessful)

I don't know where is the problem!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card