Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2457
Views
0
Helpful
9
Replies

CWA NOT REDIRECT AUTOMATIC IN CLIENT WEBBROWSER

claudioparker
Level 1
Level 1

‎06-23-2014 08:34 AM - edited ‎03-10-2019 09:49 PM

 

Guys, i have problem, the the portal cwa not open automatic in clients, if the client copy and paste the url of session, this open!! but automatic is the problem, the acl is ok, dns is ok.

 

switch version 15.2

 

 

 

Labels:
0 Helpful
9 Replies 9

claudioparker
Level 1
Level 1

‎06-23-2014 08:38 AM

switch#SH EPm SESSion ip 172.16.1.3
    Admission feature:  DOT1X
              ACS ACL:  xACSACLx-IP-POSTURE_REMEDIATION-53a84454
     URL Redirect ACL:  ACL-POSTURE-REDIRECT
         URL Redirect:  https://xxx:8443/guestportal/gateway?sessionId=AC101E640000005F032D6B3B&action=cwa

0 Helpful

2edc3rfc
Level 1
Level 1
In response to claudioparker

‎04-19-2017 05:20 PM

Did anyone get this working??

0 Helpful

Sam Hertica
Cisco Employee
Cisco Employee

‎06-23-2014 09:45 AM

Could you share what you are using as a redirect ACL please?

0 Helpful

claudioparker
Level 1
Level 1
In response to Sam Hertica

‎06-23-2014 09:48 AM

acl-redirect

deny ip any host ISE

permit tcp any any eq 443

permit tcp any any eq 80

IF I copy and paste url in webrowser work, but automatic redirection not working

0 Helpful

Sam Hertica
Cisco Employee
Cisco Employee
In response to claudioparker

‎06-23-2014 09:52 AM

You also need to deny DNS traffic for this to work. The way it is now, you can try to go to any IP address (like 1.1.1.1) and you should see the redirect pop-up in the URL bar.

It seems like currently we're trying to 'redirect' DNS traffic, which causes the end-clients to time out.

0 Helpful

claudioparker
Level 1
Level 1
In response to Sam Hertica

‎06-23-2014 10:00 AM

then you say that i should add 

deny udp any any eq domain in the acl-redirect in the switch?

0 Helpful

Sam Hertica
Cisco Employee
Cisco Employee
In response to claudioparker

‎06-23-2014 10:34 AM

Right!

0 Helpful

claudioparker
Level 1
Level 1
In response to Sam Hertica

‎06-23-2014 10:41 AM

not work

 

witch#show ip access-lists 
Extended IP access list ACL-POSTURE-REDIRECT
    10 deny ip any host 172.16.30.20 (1927 matches)
    15 deny udp any any eq domain (42 matches)
    20 permit tcp any any eq 443
    30 permit tcp any any eq www
Extended IP access list Auth-Default-ACL
    10 permit udp any range bootps 65347 any range bootpc 65348 (8 matches)
    20 permit udp any any range bootps 65347
    30 deny ip any any (11 matches)
Extended IP access list xACSACLx-IP-POSTURE_REMEDIATION-53a84454 (per-user)
    10 permit tcp any host 172.16.30.20 eq 8443
    20 permit tcp any any eq www
    30 permit tcp any any eq 443
    40 permit udp any any eq domain
    50 permit icmp any any

0 Helpful

claudioparker
Level 1
Level 1
In response to claudioparker

‎06-23-2014 11:10 AM

not work!!! :( 

switch#show authentication sessions interface fastEthernet 0/1

            Interface:  FastEthernet0/1

          MAC Address:  6431.5077.5aa2

           IP Address:  172.16.1.2

            User-Name:  64-31-50-77-5A-A2

               Status:  Authz Success

               Domain:  DATA

       Oper host mode:  multi-auth

     Oper control dir:  both

        Authorized By:  Authentication Server

          Vlan Policy:  N/A

              ACS ACL:  xACSACLx-IP-POSTURE_REMEDIATION-53a84454

     URL Redirect ACL:  ACL-POSTURE-REDIRECT

         URL Redirect:  https://ise.xxxx:8443/guestportal/gateway?sessionId=AC101E64000000000000A676&action=cwa

      Session timeout:  N/A

         Idle timeout:  N/A

    Common Session ID:  AC101E64000000000000A676

      Acct Session ID:  0x00000001

               Handle:  0x90000001

 

Runnable methods list:

       Method   State

       mab      Authc Success

          

       dot1x    Not run

0 Helpful
Customers Also Viewed These Support Documents