Security

I have tested my url redirect on a cisco switch for onboarding and it works great; however, when I change it to use the hostname, its not resolving.  I have added the dns servers into the ACL, but im still not resolving. 

 

The ACL looks like the following:

Extended IP access list cisco-wired-onboard-acl
5 deny tcp any host {clearpass vip on our f5} (2221 matches)
10 permit ip any host {name-server 1} (2 matches)
15 permit ip any host {name-server 2} (62 matches)
20 permit tcp any any (15727 matches)

 

Am I missing something?

 

Thanks.

This is what I have on my 3750 for onboard/onguard/guest portal

ip access-list extended cisco-wired-guest-acl
###Change per your local config specifics###
deny tcp any host 10.0.1.70
permit tcp any any

Does that work with FQDN as well?  

 

I can work when I use the IP address, its just when I try and use the FQDN for certificate reasons.

 

Thanks.

Yes.

 

Try running nslookup in the comand line on the client and see if the dns resolves correctly.

It is resolving correctly.  it looks like the page just doesnt load.  Its an instant reply for a dead page.

Try a different browser. Ive noticed that a few act weird if you dont clear the cache during testing. 

Sorry for the late reply.  Both the test laptops I had browser had issues.  I finally got another test machine and it worked as expected.

 

Another question though,

 

Ideally, I would like to redirect to a page that they can either onboard, or accept terms and conditions and pass onto our guest network.  Is this possible on a wired port using guest self registration?  I know it would use guest licenses, but we should be well within our license capacity.