cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

5155
Views
12
Helpful
20
Replies
Enthusiast

Re: url web-redirect is not working

Hello,

Could you please tell me the command that was introduced for the L2 redirection on IOS-XE?  I am changing VLANs for guest clients there is no SVI for the guests in this network.  The clients L3 interface in a firewall outside of the network.

Highlighted
Cisco Employee

Re: url web-redirect is not working

I would recommend you review the information in the guest guide around this

https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475
Cisco Employee

Re: url web-redirect is not working

Beginner

Re: url web-redirect is not working

Your answer fixed my issue.

Thank you very much.

 

Beginner

Re: url web-redirect is not working

Does anyone know why it's necessary to enable the web server for the redirect to work? We want to use redirection in ISE for a quarantine function and be able to redirect user to a "splash page" informing them that their PC is quarantined. However, enabling the web server on the switch is raising security concerns and I am not sure why we need to enable it when we don't use the internal web server. Does it act as a proxy? Anyway to get the re-direction to work without enabling HTTP?

 

Edit. The following commands makes the switch not allow any sessions, so at least it will prevent unauthorized logins. 

ip http secure-active-session-modules none

ip http active-session-modules none

 

 

 

Cisco Employee

Re: url web-redirect is not working

The switch intercepts and does the redirection to the ISE URL. You need something inline to do the redirect. ISE is not inline.

https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475

see Configure a Catalyst Switch for Guest Access

View solution in original post