09-19-2013 08:29 PM - edited 07-04-2021 12:53 AM
I am currently trying to set up the Remote LAN feature with MAC Filtering with WLC & ISE. I want to use Central Web Authentication, but the client connected to the wired port 4 of the OEAP does not get redirected. On the WLC I see the correct web redirect URL and ACL being applied (client details), but the redirect on the client itself is not taking place. The RADIUS NAC state of the wired client is also shown as "RUN" instead of the expected "CENTRAL_WEBAUTH_REQD". No anchoring is configured for the Remote LAN, since it is not supported in this WLC software release.
Anybody have any ideas? Is this supported at all? The redirect is working fine with wireless on the OEAP.
WLC 5508 7.4.110.0
AIR-OEAP602I-E-K9
ISE 1.2.0.899
09-22-2013 03:55 PM
Need "show run-config" output. Make a mention of the wlan.
Make sure you are using even numbered wlan on RLAN to be mapped to port 4.
09-22-2013 10:38 PM
Hi,
Thanks for the reply! I have attached the show run-config command, but replaced some sensitive data. The WLAN ID is "44" with name "HomeOffice_RemoteLAN_Port4"
I have set it up by following the guide here (also with correct group mapping): http://www.cisco.com/en/US/products/ps11579/products_tech_note09186a0080b7f10e.shtml#t100
The general function seems fine. I get an IP address and can Ping, but there is no redirect. Hope you can help me!
Regards
09-23-2013 08:22 AM
You are trying web-auth redirect on rlan correct? On remote lan 44 config:
Remote LAN Configuration
Remote LAN Identifier............................ 44
Profile Name..................................... HomeOffice_RemoteLAN_Port4
Status........................................... Enabled
MAC Filtering.................................... Enabled
AAA Policy Override.............................. Enabled
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ 300 seconds
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... XXX-XXXXXX
Webauth DHCP exclusion........................... Disabled
Interface........................................ homeoffice
Remote LAN ACL................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
PMIPv6 Mobility Type............................. none
Radius Servers
Authentication................................ 10.65.30.220 1812
Authentication................................ 10.65.30.221 1812
Accounting.................................... 10.65.30.220 1813
Accounting.................................... 10.65.30.221 1813
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.1X........................................ Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
802.11u........................................ Disabled
MSAP Services.................................. Disabled
09-23-2013 10:41 PM
Yes that is correct, but I want to do MAC Filtering and redirect to ISE, and not use the local WLC Web Auth. Thats why the option is disabled. I also have this configured for WLAN ID 20, which is redirecting fine
I now have a tac case open on this issue.
09-24-2013 09:28 AM
Glad you opened a TAC case on this. Not sure if i understood the problem description correct here. If you are trying for a RADIUS NAC solution on OEAP, this is not a supported feature on RLAN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide