I'm reposting to see if I can get an answer here. I'm trying to get an In-band NAC configuration working. Out-of-band works great, but I need to get In-band going eventually. I have the NAS set up as a virutal gateway. Layer 3 support is enabled. VLANs have been mapped. If I log in using NAA, I can see the user as being authenticated, however, I can't ping the gateway from a device going through the NAS. If I configure the MAC of that device within the "Filters" area to exclude the device from needing to authenticate, I CAN ping the gateway, so connectivity seems to be set. I seems that I am being authenticated, just not authenticated enough. I created a policy for the user's role that's got all asterisks in it regarding what the user's allowed to do. Any other bright ideas?
I have this problem too.