Hi all i was trying to configure NAC-L2-802.1x with the help of acs 4.1,4900 seris switch and CTA supplicant.. my switch configuration is below for nac..
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout reauth-period server
radius-server attribute 8 include-in-access-req
radius-server host x.x.x.x key cisco123
radius-server source-ports 1645-1646
radius-server vsa send authentication
I had configured the acs wth a relevant NAP profile. The problem is that whenever i try to authenticate the dot1x configured Profile is not matching.it is taking only default profile.the reason for that is that cta is not sending the CTA:PA and CTA:Host details which r required for profile match.i tried a lot with docs but no luck.. please help me..
Service type !=10 and cisco-av-pair not exist aaa:service.. the protcols policy is to match different EAP-FAST options in EAP-FAST coulmn as per the document,and the required posture validation credentials r cisco:pA,cisco:host.. i do as per the doucment but the profile is not matching at all.it matches the default. for test purpose i am using only a single NAP profile i.e. NAC-L2-dot1x profile..
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...