cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Redirection is not working (IOL)

abhisheks
Level 1
Level 1

Hi,

 

I am using IOL image - Version 15.2(CML_NIGHTLY_20180510) as a L2 switch, and I really cannot understand why the redirection to the sponsored guest portal is not working. 

 

The endpoint is failing DOT1X as expected and is falling over to MAB. The correct REDIRECT ACL is being applied, as intended, and I can even see hits on the REDIRECT ACL when I browse from the client, however, that's about it, when I browse, the actual webpage opens up without being redirected, and on the REDIRECT ACL, I see the corresponding hits. 

 

When I browse to the URL that is applied by ISE on the switchport, I'm able to load the guest portal as intended. However, the switch just refuses to redirect to that URL.

 

Here are some configurations:

ip http server
ip http active-session-modules none

 

 

 

 

S1#show authentication session int ethernet 1/1 policy
Interface: Ethernet1/1
MAC Address: 5000.0008.0000
IPv6 Address: Unknown
IPv4 Address: 10.10.10.22
User-Name: 50-00-00-08-00-00
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Restart timeout: N/A
Periodic Acct timeout: 86400s (local), Remaining: 85492s
Session Uptime: 953s
Common Session ID: 0A0A0A0A0000001500837926
Acct Session ID: 0x0000000A
Handle: 0xF6000009
Current Policy: POLICY_Et1/1

Local Policies:
Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)
Security Policy: Should Secure
Security Status: Link Unsecure


Server Policies:
URL Redirect: https://ise.mylab.com:8544/portal/gateway?sessionId=0A0A0A0A0000001500837926&portal=e0591220-3e6a-11e9-815c-5000000e0001&action=cwa&token=d6169cfaf69d133a875c68b6b439c85c
URL Redirect ACL: ACL-WEBAUTH-REDIRECT

Resultant Policies:
Security Policy: Should Secure
Security Status: Link Unsecure
URL Redirect: https://ise.mylab.com:8544/portal/gateway?sessionId=0A0A0A0A0000001500837926&portal=e0591220-3e6a-11e9-815c-5000000e0001&action=cwa&token=d6169cfaf69d133a875c68b6b439c85c
URL Redirect ACL: ACL-WEBAUTH-REDIRECT

Method status list:
Method State

dot1x Stopped
mab Authc Success

 

 

 

 

 

 

 

Extended IP access list ACL-WEBAUTH-REDIRECT
10 deny udp any any eq domain (225 matches)
20 permit tcp any any eq www (11330 matches)
30 permit tcp any any eq 443 (21898 matches)

 

 

So, despite hitting the right ACEs, the switch doesn't re-direct the traffic, and the endpoint simply loads up the webpage. 

 

Any help please? Thank you :) 

 

 

Full config is also attached if interested!

Who Me Too'd this topic