Actually it depends on how you configure host check policy on IC. There are two ways of doing it -- 1) Pre Auth host check--- In this host checking is done and depending on its result end user is prompted for credential. So first host check then credential. 2) Post Auth host check--- In this credential screen is provided first and then after successful authetication host checking is done. ... View more

Few questions--- 1) How fast you get IP when port is not dot1x ? 2) What is the OAC Status under Connection information ? 3) If its open and authenticated then try ipconfig/release and ipconfig/renew. Does it get you IP address immediately ? ... View more

With UAC firewall gives access based on combination of resource and ROLE ( not just resource). IC pushes ROLE information to the firewall along with resource subnet. So if user is in remediation vlan and for that role if access is deined , user wont be able to access resource. So firewall doesn't need to know the VLAN id or subnet of remediation VLAN. Decision is done on basis of ROLE. Thats why it is so independent of network subent or source IP . ... View more

IC doesn't push 200 policies to Firewall. It pushes one policy ( From/To Zone Combination). Then IC sends session information for each user logged in to firewall. For each session , this policy gets evaluated to take decision on access. ... View more

Hi, Create a new local auth server with store password in clear text checked. Then create local user here and attach this auth server to realm. Avaya phone should be able to authenticate. ... View more

Check IC side event logs. I hope you have added Cisco 2950 as radius client. Check ping reachablity between Infranet Controller and cisco switch. ... View more