https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239805#M593927 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/146869">@rezaalikhani</a>&nbsp;</P> <P>&nbsp;All similar implementation I can see, uses CoA. Does you device support CoA. </P> <P>&nbsp; <A href="https://www.linkedin.com/pulse/cisco-ise-dns-sinkhole-functionality-smart-way-support-alikhani/" target="_blank">https://www.linkedin.com/pulse/cisco-ise-dns-sinkhole-functionality-smart-way-support-alikhani/</A></P> <P>&nbsp;</P> Sun, 22 Dec 2024 12:29:29 GMT Flavio Miranda 2024-12-22T12:29:29Z https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239788#M593926 <P>Hi all;</P><P>I use Ubiquiti access points in my network and want to implement Guest Services (Central Web Authentication). As far as I know, this type of devices does not support <STRONG>RADIUS URL Redirection</STRONG> from ISE. Therefore, I decided to circumvent this limitation using <STRONG>DNS Sinkhole</STRONG> functionality in ISE. As you can see in the following figures, the endpoint (after connecting to the appropriate SSID), receives required IP Address and DNS info correctly (I have added a second interface to ISE with IP address of <STRONG><EM>172.16.10.120</EM></STRONG><span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><DIV class="">&nbsp;</DIV><DIV class=""><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="1000.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/236407i169D8933040772F6/image-size/large?v=v2&amp;px=999" role="button" title="1000.png" alt="1000.png" /></span><P>&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="1000.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/236408i44C7762A44085B64/image-size/large?v=v2&amp;px=999" role="button" title="1000.png" alt="1000.png" /></span></P><P>After successfully acquiring the required DHCP information from ISE, the client opens the following browser window:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="1000.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/236409iC11530F7D6E8D669/image-size/large?v=v2&amp;px=999" role="button" title="1000.png" alt="1000.png" /></span></P><P>&nbsp;As you can see above, the redirection process times out.&nbsp;<SPAN>The following figures show the Wireshark capture of the process:</SPAN></P></DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="1000.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/236405iFB5362D908B67E9F/image-size/large?v=v2&amp;px=999" role="button" title="1000.png" alt="1000.png" /></span></P><P>&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="2000.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/236406i5BA38A0CDEDC9E1C/image-size/large?v=v2&amp;px=999" role="button" title="2000.png" alt="2000.png" /></span></P><P>Any ideas?</P><P>Thanks</P><P>&nbsp;</P> Sun, 22 Dec 2024 10:53:49 GMT https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239788#M593926 rezaalikhani 2024-12-22T10:53:49Z https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239805#M593927 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/146869">@rezaalikhani</a>&nbsp;</P> <P>&nbsp;All similar implementation I can see, uses CoA. Does you device support CoA. </P> <P>&nbsp; <A href="https://www.linkedin.com/pulse/cisco-ise-dns-sinkhole-functionality-smart-way-support-alikhani/" target="_blank">https://www.linkedin.com/pulse/cisco-ise-dns-sinkhole-functionality-smart-way-support-alikhani/</A></P> <P>&nbsp;</P> Sun, 22 Dec 2024 12:29:29 GMT https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239805#M593927 Flavio Miranda 2024-12-22T12:29:29Z https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239808#M593928 <P>Thanks for your reply;</P><P>Yes, it does...</P><P>I want to know that, if I have several portals published in the dedicated interface, how ISE determines which to offer to the endpoint?</P><P>Thanks</P> Sun, 22 Dec 2024 13:52:06 GMT https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239808#M593928 rezaalikhani 2024-12-22T13:52:06Z https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239815#M593929 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/146869">@rezaalikhani</a>&nbsp;</P> <P>&nbsp;Similar question address here</P> <P><A href="https://community.cisco.com/t5/network-access-control/multiple-different-guest-portals-for-same-fqdn-and-port/td-p/4391499" target="_blank">https://community.cisco.com/t5/network-access-control/multiple-different-guest-portals-for-same-fqdn-and-port/td-p/4391499</A></P> <P>&nbsp;</P> Sun, 22 Dec 2024 14:29:53 GMT https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239815#M593929 Flavio Miranda 2024-12-22T14:29:53Z https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239817#M593930 <P>&nbsp;</P><P>Thanks for your reply;</P><P>I do not think the provided link answers my question because based on my assumption we cannot specify any portals in the Authorization profile, because the target device does not support URL Redirection RADIUS attribute. Right?</P><P>&nbsp;</P> Sun, 22 Dec 2024 14:47:09 GMT https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239817#M593930 rezaalikhani 2024-12-22T14:47:09Z https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239824#M593931 <P>Actually the post in question address you question related to support for multiples portal per interface.</P> <P>&nbsp;Regarding your scenario, the first link have the answer as long as you can do CoA, which seems you are not doing as your attempt stop&nbsp; in the 303 moved permanently.</P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 22 Dec 2024 15:39:57 GMT https://community.cisco.com/t5/network-access-control/auth-vlan-url-redirect-and-dns-sinkhole/m-p/5239824#M593931 Flavio Miranda 2024-12-22T15:39:57Z