Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
0
Replies

CWA Redirection not working on 2960S

neroshake
Level 1
Level 1

‎11-24-2015 11:47 AM - edited ‎03-10-2019 11:16 PM

Hello,

I configured a CWA authentication on ISE, but the redirection of web traffic entered on client machine is not working. Here are the details:

1. Redirect ACL


Extended IP access list ACL-WEBAUTH-REDIRECT
    5 deny udp any any eq domain (520 matches)
    10 deny ip any host 192.168.0.89 (4541 matches) -- this is ISE
    20 permit tcp any any eq www (1186 matches)
    30 permit tcp any any eq 443 (11020 matches)
    50 deny ip any any (3662 matches)

2. dACL

permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any eq 8443
permit udp any any eq domain
permit icmp any any
permit tcp any any eq 23
deny ip any any

The output of 'show authentication session details'

sh auth sessions int gi 1/0/7 det
            Interface:  GigabitEthernet1/0/7
          MAC Address:  000c.2938.92e9
         IPv6 Address:  Unknown
         IPv4 Address:  192.168.30.68
            User-Name:  00-0C-29-38-92-E9
               Status:  Authorized
               Domain:  DATA
       Oper host mode:  multi-auth
     Oper control dir:  both
      Session timeout:  N/A
    Common Session ID:  C0A80A010000009F1EBD6AB3
      Acct Session ID:  0x00000098
               Handle:  0x5400006C
       Current Policy:  POLICY_Gi1/0/7

Local Policies:
        Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)

Server Policies:
         URL Redirect:  https://ise.uic.ge:8443/portal/gateway?sessionId=C0A80A010000009F1EBD6AB3&portal=27ffafe0-e96e-11e4-a30a-005056bf01c9&action=cwa&token=289a94449d416f5b7b38bd57244cf4b1
     URL Redirect ACL:  ACL-WEBAUTH-REDIRECT
              ACS ACL:  xACSACLx-IP-myDACLWEB-5653f387

Method status list:
       Method           State
       dot1x            Stopped
       mab              Authc Success


-----

The redirect link which is shown above is working fine when I copy and paste it on a client machine. the problem is that when I am trying to open any web page is halts - no redirect and teh page is not opening.

From within a switch the client machine is reachable as well as outside networ.

The switch mdoel is

WS-C2960S-48FPS-L         15.2(2)E3             C2960S-UNIVERSALK9-M

--

Any ideas on this?

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents