Hi, I'm using VIOS L2 version -Version 15.2(4.0.55)E. On this, DOT1X or any kind of authentication is not even starting on the switch. I've attached the full switch config, and I'm pretty it is correct. Of course the interface is up and the switch can reach the ISE server, but the authentication "process" is not initiating at all. The Windows host connected to the switch can browse the internet successfully, so the NIC is also up on the Windows host. I'm not worried about DOT1X etc, as that would be secondary, but any form of authentication is not even beginning on this switch. Any ideas? I've attached the switch config.
... View more
Hi, I am using IOL image - Version 15.2(CML_NIGHTLY_20180510) as a L2 switch, and I really cannot understand why the redirection to the sponsored guest portal is not working. The endpoint is failing DOT1X as expected and is falling over to MAB. The correct REDIRECT ACL is being applied, as intended, and I can even see hits on the REDIRECT ACL when I browse from the client, however, that's about it, when I browse, the actual webpage opens up without being redirected, and on the REDIRECT ACL, I see the corresponding hits. When I browse to the URL that is applied by ISE on the switchport, I'm able to load the guest portal as intended. However, the switch just refuses to redirect to that URL. Here are some configurations: ip http server ip http active-session-modules none S1#show authentication session int ethernet 1/1 policy Interface: Ethernet1/1 MAC Address: 5000.0008.0000 IPv6 Address: Unknown IPv4 Address: 10.10.10.22 User-Name: 50-00-00-08-00-00 Status: Authorized Domain: DATA Oper host mode: multi-auth Oper control dir: both Session timeout: N/A Restart timeout: N/A Periodic Acct timeout: 86400s (local), Remaining: 85492s Session Uptime: 953s Common Session ID: 0A0A0A0A0000001500837926 Acct Session ID: 0x0000000A Handle: 0xF6000009 Current Policy: POLICY_Et1/1 Local Policies: Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150) Security Policy: Should Secure Security Status: Link Unsecure Server Policies: URL Redirect: https://ise.mylab.com:8544/portal/gateway?sessionId=0A0A0A0A0000001500837926&portal=e0591220-3e6a-11e9-815c-5000000e0001&action=cwa&token=d6169cfaf69d133a875c68b6b439c85c URL Redirect ACL: ACL-WEBAUTH-REDIRECT Resultant Policies: Security Policy: Should Secure Security Status: Link Unsecure URL Redirect: https://ise.mylab.com:8544/portal/gateway?sessionId=0A0A0A0A0000001500837926&portal=e0591220-3e6a-11e9-815c-5000000e0001&action=cwa&token=d6169cfaf69d133a875c68b6b439c85c URL Redirect ACL: ACL-WEBAUTH-REDIRECT Method status list: Method State dot1x Stopped mab Authc Success Extended IP access list ACL-WEBAUTH-REDIRECT 10 deny udp any any eq domain (225 matches) 20 permit tcp any any eq www (11330 matches) 30 permit tcp any any eq 443 (21898 matches) So, despite hitting the right ACEs, the switch doesn't re-direct the traffic, and the endpoint simply loads up the webpage. Any help please? Thank you :) Full config is also attached if interested!
... View more