The configuration looks good. I would also include "radius-server vsa send authentication"
When you do debug eou ... what do you see. You can try debug eou all to see if you have packets being generated. Also make sure you have the global command "eou logging" on so you can actually see the basic logs. Next I would do more than ping. I have noticed at times pings don't trigger the process. Trying doing telnet or opening a browser to something. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Tuesday, March 30, 2010 10:19 AM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] stable image for NAC L3 IP Hi Tyson Please find my config. I even tried adding "aaa authorization network" aaa authentication eou default group radius ip admission name nac eapoudp inactivity-time 60 interface GigabitEthernet0/1 ip address 10.20.30.40 255.255.255.0 ip access-group 123 in ip admission nac access-list 123 permit udp any any eq 21862 access-list 123 deny ip any any To trigger NAC, I am trying to ping from PC (10.20.30.44) to 10.20.30.40. Am I missing something? With regards Kings On Tue, Mar 30, 2010 at 6:21 PM, Tyson Scott <[email protected]> wrote: Kinglsey, I have had no problems with the 12.4(24)T2 and 12.4(15)T9 images that we work with in proctorlabs. They have worked well. Whenever I have problems with EAPoUDP not working I have rebooted and it has always worked after a reboot, unless of course I was missing something ;) Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Tuesday, March 30, 2010 6:20 AM To: [email protected] Subject: [OSL | CCIE_Security] stable image for NAC L3 IP Hi all Can someone please let me know a stable image for NAC L3 IP. In the images that I use, EAPoUPD does trigger. Configuration and CTA are fine. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
