cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
563
Views
0
Helpful
28
Replies
VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

Well the latest cisco recommended version is 15.2.2E7. You could upgrade your test switch and see if this resolves the issue. Have you tested on other switch models?

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

Thanks, I will do the upgrade if this does not work, i'll chenged switch.

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

because on the moment my version is 15.2(2)E5, but i will changed now to 15.2.2E7.

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

Hi, I made the upgrade version, not resulted, I do not have another switch to test unfortunately.

Currently i have: switch c2960x-48lps-l 15.2.(2)E7 

 

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

Ok, can you provide your full configuration as an attachment and I'll go through it

 

EDIT: For testing, can you amend your Authz profile and change the DACL to use the default PERMIT_ALL_TRAFFIC. Then try again please.

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

Hi, i try use DACL permit_all_traffic no result. i share 2 file where is all configuration about this Problem   switch and authorization.

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

Hi RJI, I change device, I am using the 3750-G,i share all the configuration of the new device and changed the conditions of the ise. done all this believer has changed nothing, and there is a debug file and the error that I be is: Not an HTTP(s) packet.

!

In Annex all the config file, and show and debug commands

!

 

More on my device exists:

SW#sh run | inc http
ip http server
ip http secure-server
ip http secure-active-session-modules none

 

Do you have any idea where this problem?

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

Hi,

Ok, I can see on this new switch you do now have the "URL Redirect" which you did not have in the output of your other switch.

 

URL Redirect:  https://ise_name:8443/portal/gateway?sessionId=0A0132FA00000021046D2767&portal=0d2ed780-6d90-11e5-978e-005056bf2f0a&action=cpp&token=d8827bbe94c4afe70d2b53faec0d350f

 

So is redirect now working or not?

If not can you run "debug ip http all" test again and then provide the output.

Are you able to resolve the hostname of the ISE server (from the client machine)? If not remove the DACL for testing and try again.

 

HTH

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

Hi,

Does the output for this command debug ip http all , The client machine reach the ise_name and ise_ip.

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

So is redirect now working or not?

 

Redirect not Working.

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

 

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

 
Highlighted
Beginner

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

Can we get back and rewise the problem?

Do you awaiting that W10 client will automatically pop-out browser window with CWA page? Close to the time when you plug-in ethernet cable.

Do you claim that when you manually open browser in W10 client, then try any web page, the redirect will work?

 

Re: Ise 2.0 Client Machine not Redirect URL Wired Dot1x

Sure, the idea is when I connect the ethernet cable from the client machine i have a pop up or when attempting to access a web site is automatically routed to the Customer Portal Provision and check the anti-virus, etc.

 

At this time if you are trying to access a page not happens the redirect, for me to be able to access the Customer portal provision so copying the url.