Yes Tyson, just a ping doesn't trigger. I tried http across the NAC configured interface and that worked.
With regards Kings On Tue, Mar 30, 2010 at 8:44 PM, Tyson Scott <[email protected]> wrote: > The configuration looks good. I would also include "radius-server vsa > send authentication" > > > > When you do debug eou ... what do you see. You can try debug eou all to > see if you have packets being generated. > > > > Also make sure you have the global command "eou logging" on so you can > actually see the basic logs. > > > > Next I would do more than ping. I have noticed at times pings don't > trigger the process. Trying doing telnet or opening a browser to something. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* Kingsley Charles [mailto:[email protected]] > *Sent:* Tuesday, March 30, 2010 10:19 AM > *To:* Tyson Scott > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] stable image for NAC L3 IP > > > > Hi Tyson > > > > Please find my config. I even tried adding "aaa authorization network" > > > > aaa authentication eou default group radius > > > > ip admission name nac eapoudp inactivity-time 60 > > > > interface GigabitEthernet0/1 > ip address 10.20.30.40 255.255.255.0 > ip access-group 123 in > ip admission nac > > > > access-list 123 permit udp any any eq 21862 > access-list 123 deny ip any any > > > > To trigger NAC, I am trying to ping from PC (10.20.30.44) to 10.20.30.40. > > > > > > Am I missing something? > > > > > > > > With regards > > Kings > > > > > > On Tue, Mar 30, 2010 at 6:21 PM, Tyson Scott <[email protected]> wrote: > > Kinglsey, > > > > I have had no problems with the 12.4(24)T2 and 12.4(15)T9 images that we > work with in proctorlabs. They have worked well. Whenever I have problems > with EAPoUDP not working I have rebooted and it has always worked after a > reboot, unless of course I was missing something ;) > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Tuesday, March 30, 2010 6:20 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] stable image for NAC L3 IP > > > > Hi all > > > > Can someone please let me know a stable image for NAC L3 IP. In the images > that I use, EAPoUPD does trigger. Configuration and CTA are fine. > > > > > > > > With regards > > Kings > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
