Foro en Español

Reply
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Cisco URL Redirect

Estimados buenas tardes:

 

Estoy configurando Onguard con un switch Cisco con 802.1x. Desde CPPM estoy enviando un acl con nu redirect al portal de onguard, sin embargo el switch cisco no recibe la condición. Alguien tiene idea de que puede estar pasando. El modelo del switch es un cisco catalys 2960, con firmware Version 15.0(2)SE5.

 

Cisco.JPGcppm.JPG

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Cisco URL Redirect

[ Edited ]
Habilitaste el "ip http" ?

En el URL que envías tienes que agregar esto ya que el Cisco en re directo no incluye el Mac address :
.php?mac=%{Connection:Client-Mac-Address-Colon}
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Cisco URL Redirect

Podrías compartir el ACL que estas usando?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: Cisco URL Redirect

Adjunto mi configuracion

 



P_Venta#show running-config
Building configuration...

Current configuration : 8603 bytes
!
! Last configuration change at 04:01:02 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P_Venta
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication dot1x default group radius local
aaa authorization network default local group radius
aaa authorization auth-proxy default group radius
aaa accounting dot1x default start-stop group radius
!
!
!
!
!
aaa server radius dynamic-author
 client 10.0.1.70 server-key aruba123
 port 3799
 auth-type all
!
aaa session-id common
system mtu routing 1500
!
ip dhcp pool Corporativo
 relay source 10.0.60.0 255.255.255.0
 relay destination 10.0.1.60
 relay destination 10.0.1.70
!
ip dhcp pool Cuarentena
 relay source 10.0.50.0 255.255.255.0
 relay destination 10.0.1.60
 relay destination 10.0.1.70
!
ip dhcp pool Printer
 relay source 10.0.40.0 255.255.255.0
 relay destination 10.0.1.60
 relay destination 10.0.1.70
!
ip dhcp pool VoIP
 relay source 10.0.30.0 255.255.255.0
 relay destination 10.0.1.60
 relay destination 10.0.1.70
!
ip dhcp pool Mgmt
 relay source 10.0.1.0 255.255.255.0
 relay destination 10.0.1.60
 relay destination 10.0.1.70
!
ip dhcp pool Guest
 relay source 10.0.20.0 255.255.255.0
 relay destination 10.0.1.60
 relay destination 10.0.1.70
!
ip dhcp pool Employee
 relay source 10.0.10.0 255.255.255.0
 relay destination 10.0.1.60
 relay destination 10.0.1.70
!
!
ip dhcp snooping
ip device tracking
!
!
crypto pki trustpoint TP-self-signed-3219550976
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3219550976
 revocation-check none
 rsakeypair TP-self-signed-3219550976
!
!
crypto pki certificate chain TP-self-signed-3219550976
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33323139 35353039 3736301E 170D3933 30333031 30303031
  30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32313935
  35303937 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B274 C8F2FE5A B5FB40A8 EF5C9030 623FD6B2 9314C93B DC412194 CD3C3D29
  BC7208CA 251DFDD6 D821FD60 C78162FD 6C6547C6 BAAE779E E9AEDF95 BEB72342
  9FCA1141 8C845301 4B212BF1 71965731 6137B9B8 1D03A654 7498F884 F3DF7A89
  3E5EE6FC CBC465D8 FDA9CE61 52CF0820 55D7286A 791A1A5A 49B7CFBC A536ACBA
  BEA30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 148E1CFD F4E6D3E6 7A062C36 69414ECA 17CCC272 59301D06
  03551D0E 04160414 8E1CFDF4 E6D3E67A 062C3669 414ECA17 CCC27259 300D0609
  2A864886 F70D0101 05050003 8181004D 6F531243 F8BE1084 B96777FE C23A9024
  0DD25F98 17C92E8C 148A4CA4 68B1D0B2 8A0DDD8C BBBF1CDC C9BED381 CB0E68CD
  C663C4D0 8C46BEBF A47F310E 821BAC29 FDC73504 A21F10A9 67A3A653 B2707100
  5B767F16 47337EEA DE4C75D8 B0C45B2A F712EDB4 35714C3E 03A09D20 5DB07B63
  01A93C3E 60D84FFD F9A831F0 3336DC
        quit
dot1x system-auth-control
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
interface FastEthernet0/1
 description Conexion_Fortigate
 switchport trunk allowed vlan 1,10,100,200,300,400,500,600
 switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
 switchport access vlan 100
 switchport mode access
!
interface FastEthernet0/13
 switchport access vlan 100
 switchport mode access
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 10
 dot1x max-req 3
 dot1x max-reauth-req 3
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 100
 switchport mode access
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 10
 dot1x max-req 3
 dot1x max-reauth-req 3
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport access vlan 100
 switchport mode access
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 10
 dot1x max-req 3
 dot1x max-reauth-req 3
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport access vlan 100
 switchport mode access
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 10
 dot1x max-req 3
 dot1x max-reauth-req 3
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport access vlan 100
 switchport mode access
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 10
 dot1x max-req 3
 dot1x max-reauth-req 3
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport access vlan 100
 switchport mode access
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 10
 dot1x max-req 3
 dot1x max-reauth-req 3
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport access vlan 100
 switchport mode access
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 10
 dot1x max-req 3
 dot1x max-reauth-req 3
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport access vlan 100
 switchport mode access
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 10
 dot1x max-req 3
 dot1x max-reauth-req 3
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/22
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/23
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/24
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 no ip route-cache
!
interface Vlan10
 description mMgmt
 ip address 10.0.1.40 255.255.255.0
 no ip route-cache
!
interface Vlan100
 ip address 10.0.10.2 255.255.255.0
 ip helper-address 10.0.1.70
 no ip route-cache
!
interface Vlan200
 ip address 10.0.20.2 255.255.255.0
 ip helper-address 10.0.1.70
 no ip route-cache
!
interface Vlan300
 ip address 10.0.30.2 255.255.255.0
 ip helper-address 10.0.1.70
 no ip route-cache
!
interface Vlan400
 ip address 10.0.40.2 255.255.255.0
 ip helper-address 10.0.1.70
 no ip route-cache
!
interface Vlan500
 ip address 10.0.50.2 255.255.255.0
 ip helper-address 10.0.1.70
 no ip route-cache
!
interface Vlan600
 ip address 10.0.60.2 255.255.255.0
 ip helper-address 10.0.1.70
 no ip route-cache
!
ip default-gateway 10.0.1.1
ip http server
ip http secure-server
!
ip access-list extended cisco
ip access-list extended cisco-wired-guest-acl
 deny   tcp any host 10.0.1.70
 permit tcp any any
tacacs-server host 10.0.1.70
tacacs-server directed-request
tacacs-server key aruba123
radius-server host 10.0.1.70 key aruba123
radius-server vsa send accounting
radius-server vsa send authentication
!
!
!
!
line con 0
line vty 5 15
!
end

P_Venta#

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Cisco URL Redirect

La configuración se ve bien , sólo tienes que agregar la parte de el Mac address en el URL (enforcement profile)
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: Cisco URL Redirect

Hola Victor, acabo de realizar el cambio pero aun no tengo exito.

 

Cisco.JPGcisco1.JPG

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Cisco URL Redirect

Tienes que agregarlo de esta manera:
Http://10.0.1.70/guest/onguard-redirect.php?mac=%{Connection:Client-Mac-Address-Colon}
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: Cisco URL Redirect

Acabo de hacer el cambio, ahora esta por http. Pero nada :(

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Cisco URL Redirect

Me Puedes mostrar el access tracker ?

Cuando desconectas el puerto y lo reconectas?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Super Contributor I
Posts: 290
Registered: ‎11-05-2012

Re: Cisco URL Redirect

Exactamente que parte del Access Tracker

 

Saludos,

Search Airheads
Showing results for 
Search instead for 
Did you mean: