cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

543
Views
0
Helpful
2
Replies
kevin.corace
Beginner

NAC (802.1x & ACS) at Windows Logon

I have a question about NAC & Windows Logon. I currently have a Cisco 3560 as the Network Access Device. Cisco ACS Solution Engine is running 4.1.1.23(3) for my ACS Server. I'm doing internal posture for Active Directory Auth, and External Posture for Trend Micro AV. Clients have the CTA + Supplicant installed.

When I logon to Windows upon booting up I'm placed into the quarantine vlan and on the NAD (3560) the log shows CiscoTrustAgent Not Detected. If I disconnect cable and plug back in, everything works fine...my posture comes back healthy, I'm authenticated, and placed into the correct VLAN.

Any idea why it is different first logging into windows versus plugging in after logging in?

Thank You,

Kevin

2 REPLIES 2
owillins
Frequent Contributor

This looks like a misconfig. Better enable the logging function in CTA run the command “ctalogd enable” from the command

line.

I was able to fix the logon to windows issue by changed the timers on the switch for the 802.1x authentications, quit timer, and tx timer. Does this normally need changed from default?

Kevin

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube