So i have Cisco ISE running and im trying to do a web redirect through CoA. I know that I have done every thing right because I debugged radius and I see that I have success on Authentication and Authorization. the DACL downloads and I see the URL there. I also made sure that I had a dns entry present for the url in my environment. The problem is when I connect using MAB and try to go to an actual website it does not get redirected to the authentication portal like it should. It goes to google or whatever I am trying to get to and it shouldn't. Again i know that I did it right because the debugs show success. Also i do a "show authentication sessions interface x" and I can see that the DACL applied and everything. I feel like it is something small that I am missing. Someone please advise. FYI i am using 3750 as authenticator and Windows PC as supplicant.
Sounds like your DACL.
Make sure you are allowing access to ISE , DNS and deny the rest to trigger re-direct.
You can reference this Doc as an example.
There's a few things to check...
1] ip http server - Is this enabled on the switch? If not, the switch won't be able to redirect web requests.
2] CWA Redirect ACL - How have you formatted it and where have you configured it? Remember, the CWA ACL needs to be inverse, so DENY everything you want to allow (DHCP, DNS, ISE portal) and PERMIT everything else. Also, the ACL needs to be configured statically on the switch, not pushed via ISE. This isn't the same as the dACL.
3] Are clients using a proxy? If so, you need to configure the switch to listen on the proxy port instead.