https://community.cisco.com/t5/network-access-control/url-redirection-fail/m-p/2253495#M126921 <HTML><HEAD></HEAD><BODY><P>Well, as far as I remember, port 8906 is not used anymore and it has been replaced by 8909..</P></BODY></HTML> Sun, 09 Jun 2013 21:49:51 GMT Octavian Szolga 2013-06-09T21:49:51Z https://community.cisco.com/t5/network-access-control/url-redirection-fail/m-p/2253493#M126918 <P><SPAN style="font-size: 10pt; font-family: Times-Roman; "></SPAN></P><P align="left">The URL redirection page in the client machine's browser does not correctly guide the end user to the appropriate URL. I am using ISE 1.1.4</P><P align="left"><SPAN style="font-size: 10pt; font-family: Times-Roman; "> </SPAN>any help ?</P><P align="left"><SPAN style="font-size: 10pt; font-family: Times-Roman; "> </SPAN></P><P></P> Mon, 11 Mar 2019 03:28:04 GMT https://community.cisco.com/t5/network-access-control/url-redirection-fail/m-p/2253493#M126918 lucina.donhue 2019-03-11T03:28:04Z https://community.cisco.com/t5/network-access-control/url-redirection-fail/m-p/2253494#M126920 <HTML><HEAD></HEAD><BODY><P>There are multiple causes for this issue.</P><P></P><P>• The two Cisco av-pairs that are configured on the authorization profile should</P><P>exactly match the example below. (Note: Do not replace the “IP” with the actual</P><P>Cisco ISE IP address.)</P><P><SPAN>– url-redirect=</SPAN><A class="jive-link-external-small" href="https://ip:8443/guestportal/gateway?...lue&amp;action=cpp">https://ip:8443/guestportal/gateway?...lue&amp;action=cpp</A></P><P>– url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is</P><P>also defined on the access switch)</P><P></P><P>• Ensure that the URL redirection portion of the ACL have been applied to the</P><P>session by entering the show epm session ip <SESSION ip=""> command on the</SESSION></P><P>switch. (Where the session IP is the IP address that is passed to the client</P><P>machine by the DHCP server.)</P><P>Admission feature : DOT1X</P><P>AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e</P><P>URL Redirect ACL : ACL-WEBAUTH-REDIRECT</P><P>URL Redirect :</P><P><A class="jive-link-external-small" href="https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72">https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72</A></P><P>0000A45A2444BFC2&amp;action=cpp</P><P>• Ensure that the preposture assessment DACL that is enforced from the Cisco ISE</P><P>authorization profile contains the following command lines:</P><P>remark Allow DHCP</P><P>permit udp any eq bootpc any eq bootps</P><P>remark Allow DNS</P><P>permit udp any any eq domain</P><P>remark ping</P><P>permit icmp any any</P><P>permit tcp any host 80.0.80.2 eq 443 --&gt; This is for URL redirect</P><P>permit tcp any host 80.0.80.2 eq www --&gt; Provides access to internet</P><P>permit tcp any host 80.0.80.2 eq 8443 --&gt; This is for guest portal</P><P>port</P><P>permit tcp any host 80.0.80.2 eq 8905 --&gt; This is for posture</P><P>communication between NAC agent and ISE (Swiss ports)</P><P>permit udp any host 80.0.80.2 eq 8905 --&gt; This is for posture</P><P>communication between NAC agent and ISE (Swiss ports)</P><P>permit udp any host 80.0.80.2 eq 8906 --&gt; This is for posture</P><P>communication between NAC agent and ISE</P></BODY></HTML> Mon, 27 May 2013 03:12:16 GMT https://community.cisco.com/t5/network-access-control/url-redirection-fail/m-p/2253494#M126920 Ravi Singh 2013-05-27T03:12:16Z https://community.cisco.com/t5/network-access-control/url-redirection-fail/m-p/2253495#M126921 <HTML><HEAD></HEAD><BODY><P>Well, as far as I remember, port 8906 is not used anymore and it has been replaced by 8909..</P></BODY></HTML> Sun, 09 Jun 2013 21:49:51 GMT https://community.cisco.com/t5/network-access-control/url-redirection-fail/m-p/2253495#M126921 Octavian Szolga 2013-06-09T21:49:51Z