Solved: Using a DACL for Web redirection?

Chess Norris · ‎11-07-2018

Hi,

I have a customer that is implementing Rapid Threat Containment with Firepower and ISE to contain clients. We are using an authorization policy exception with a DACL that are downloaded to the switch and give the client very limited access. We also use the Web redirect function so when a contained client open a browser, the client will be redirected to a basic splash page, informing the client what to do next. The Web redirect is matching an ACL on the switch, but since this is an environment with a huge amount of switches, it's not doable to add an access list in every switch. We are therefore thinking about the possibility to use a DACL for this, but I am not sure if it's possible to use a DACL for both traffic limitation and Web redirection at the same time. Anyone tried this and know if it's possible? Is there any other option to redirect a client without an access list? Otherwise we need to use some configuration deployment tool that could push configuration changes to multiple switches.

Thanks

/Jorgen

Jason Kunst · ‎11-07-2018

That’s correct. The redirect ACL has to be defined on the network access device. Perhaps you can use a script or network management platform to deploy this change. Unfortunately nothing ISE can help facilitate here.

View solution in original post

Jason Kunst · ‎11-07-2018

That’s correct. The redirect ACL has to be defined on the network access device. Perhaps you can use a script or network management platform to deploy this change. Unfortunately nothing ISE can help facilitate here.

Chess Norris · ‎11-07-2018

Thank you for the quick reply.

Best regards

/Jorgen