Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
755
Views
0
Helpful
5
Replies

Auth VLAN, URL Redirect and DNS Sinkhole...

rezaalikhani
VIP
VIP

‎12-22-2024 02:45 AM - edited ‎12-22-2024 02:53 AM

Hi all;

I use Ubiquiti access points in my network and want to implement Guest Services (Central Web Authentication). As far as I know, this type of devices does not support RADIUS URL Redirection from ISE. Therefore, I decided to circumvent this limitation using DNS Sinkhole functionality in ISE. As you can see in the following figures, the endpoint (after connecting to the appropriate SSID), receives required IP Address and DNS info correctly (I have added a second interface to ISE with IP address of 172.16.10.120

 
1000.png

 1000.png

After successfully acquiring the required DHCP information from ISE, the client opens the following browser window:

1000.png

 As you can see above, the redirection process times out. The following figures show the Wireshark capture of the process:

1000.png

 2000.png

Any ideas?

Thanks

 

Labels:
0 Helpful
5 Replies 5

Flavio Miranda
VIP
VIP

‎12-22-2024 04:29 AM

@rezaalikhani 

 All similar implementation I can see, uses CoA. Does you device support CoA.

  https://www.linkedin.com/pulse/cisco-ise-dns-sinkhole-functionality-smart-way-support-alikhani/

 

0 Helpful

rezaalikhani
VIP
VIP
In response to Flavio Miranda

‎12-22-2024 05:52 AM

Thanks for your reply;

Yes, it does...

I want to know that, if I have several portals published in the dedicated interface, how ISE determines which to offer to the endpoint?

Thanks

0 Helpful

rezaalikhani
VIP
VIP
In response to Flavio Miranda

‎12-22-2024 06:47 AM

 

Thanks for your reply;

I do not think the provided link answers my question because based on my assumption we cannot specify any portals in the Authorization profile, because the target device does not support URL Redirection RADIUS attribute. Right?

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to rezaalikhani

‎12-22-2024 07:38 AM - edited ‎12-22-2024 07:39 AM

Actually the post in question address you question related to support for multiples portal per interface.

 Regarding your scenario, the first link have the answer as long as you can do CoA, which seems you are not doing as your attempt stop  in the 303 moved permanently.

 

 

0 Helpful
Customers Also Viewed These Support Documents