dACL Download Fail

raga.fusionet — Mon, 11 Mar 2019 02:13:55 GMT

Hello,

Im trying to configure Posture Remediation, however I'm not getting the redirect URL when the user is not compliant. Instead I get a "Windows Cannot Connect you to the network" after I authenticate if I have the supplicant enabled on my Windows Test Machine.

I also see the follwing events on the debug radius

Jun 24 20:35:43.762: %EPM-6-AAA: POLICY xACSACLx-IP-POSTURE_REMEDIATION-4fe0538d| EVENT DOWNLOAD-FAIL

If I have the supplicant disabled I dont get any error messages on the PC (and I can browse just just which I think I shouldnt be able to) but I get similar debugs on the switch.

Relevant Switch Config:

RFNET-R1-P-SW1#sh run int gi 1/0/36

Building configuration...

Current configuration : 456 bytes

interface GigabitEthernet1/0/36

switchport access vlan 214

switchport mode access

switchport nonegotiate

switchport voice vlan 221

authentication host-mode multi-auth

authentication open

authentication order mab dot1x

authentication priority dot1x mab

authentication port-control auto

mab

dot1x pae authenticator

storm-control broadcast level 30.00

storm-control multicast level 30.00

storm-control action trap

spanning-tree portfast

end

RFNET-R1-P-SW1#sh run | inc aaa

aaa new-model

aaa authentication login default local

aaa authentication dot1x default group radius

aaa authorization exec AUTH_LIST local

aaa authorization network default group radius

aaa accounting dot1x default start-stop group radius

aaa server radius dynamic-author

aaa session-id common

RFNET-R1-P-SW1#sh run | inc radisus

RFNET-R1-P-SW1#sh run | inc radius

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa accounting dot1x default start-stop group radius

aaa server radius dynamic-author

ip radius source-interface Vlan216

radius-server attribute 6 on-for-login-auth

radius-server attribute 8 include-in-access-req

radius-server attribute 25 access-request include

radius-server dead-criteria time 5 tries 3

radius-server host 172.16.10.50 auth-port 1812 acct-port 1813

radius-server key 7 02050D4808095E731F

radius-server vsa send accounting

radius-server vsa send authentication

Extended IP access list ACL-POSTURE-REDIRECT

5 deny udp any any eq domain

10 deny udp any host 172.16.10.50 eq 8905

20 deny udp any host 172.16.10.50 eq 8906

30 deny tcp any host 172.16.10.50 eq 8443

40 deny tcp any host 172.16.10.50 eq 8905

50 deny tcp any host 74.217.77.52

60 permit ip any any (2 matches)

If somebody could take a look at the debugs and give me some hints about what's going I would appreciate it.

I have attached both debugs.

Thanks.

dACL Download Fail

raga.fusionet — Sun, 24 Jun 2012 21:15:02 GMT

Found it ... I had a typo on the dACL ..

Thanks anyways.

Re: dACL Download Fail

Tarik Admani — Sun, 24 Jun 2012 21:16:29 GMT

Disregard my post i see you just found it.....

Message was edited by: Tarik Admani

dACL Download Fail

raga.fusionet — Sun, 24 Jun 2012 21:18:07 GMT

Yeap, that was it ... I changed a couple of minutes ago and it started working.

Thanks!

dACL Download Fail

raga.fusionet — Sun, 24 Jun 2012 21:19:34 GMT

No worries. Thanks!!

I have same issue now, where

Sherief Ahmed — Sun, 09 Jul 2017 09:31:12 GMT

I have same issue now, where exactly was the issue.

I have same issue, where

Sherief Ahmed — Sun, 09 Jul 2017 09:31:46 GMT

I have same issue, where exactly was the issue.

topic I have same issue now, where in Network Access Control

dACL Download Fail

dACL Download Fail

Re: dACL Download Fail

dACL Download Fail

dACL Download Fail

I have same issue now, where

I have same issue, where