(MCA_OCMEXICO) #show aaa authentication captive-portal CP_Guest_Over Captive Portal Authentication Profile "CP_Guest_Over" ----------------------------------------------------- Parameter Value --------- ----- Default Role CP_Guest_ISE Default Guest Role guest Server Group Cisco_ISE Redirect Pause 10 sec User Login Disabled Guest Login Disabled Logout popup window Enabled Use HTTP for authentication Disabled Logon wait minimum wait 5 sec Logon wait maximum wait 10 sec logon wait CPU utilization threshold 60 % Max Authentication failures 0 Show FQDN Disabled Authentication Protocol PAP Login page https://X.X.X.X:8443/portal/PortalSetup.action?portal=395dad40-5de3-11e8-80b8-0242e34e4594&action=cwa Welcome page /auth/welcome.html Show Welcome Page Yes Add switch IP address in the redirection URL Disabled Adding user vlan in redirection URL Disabled Add a controller interface in the redirection URL N/A Allow only one active user session Disabled White List N/A Black List N/A Show the acceptable use policy page Disabled User idle timeout N/A Redirect URL N/A Bypass Apple Captive Network Assistant Disabled URL Hash Key N/A (MCA_OCMEXICO) #show rights CP_Guest_ISE Valid = 'Yes' CleanedUp = 'No' Derived Role = 'CP_Guest_ISE' Up BW:No Limit Down BW:No Limit L2TP Pool = default-l2tp-pool PPTP Pool = default-pptp-pool Number of users referencing it = 0 Periodic reauthentication: Disabled DPI Classification: Enabled Youtube education: Disabled Web Content Classification: Enabled IP-Classification Enforcement: Enabled ACL Number = 95/0 Openflow: Disabled Max Sessions = 65535 Check CP Profile for Accounting = TRUE Captive Portal profile = CP_Guest_Over Application Exception List -------------------------- Name Type ---- ---- Application BW-Contract List ---------------------------- Name Type BW Contract Id Direction ---- ---- ----------- -- --------- access-list List ---------------- Position Name Type Location -------- ---- ---- -------- 1 global-sacl session 2 apprf-CP_Guest_ISE-sacl session 3 CP_Guest_ACL session 4 logon-control session 5 captiveportal session global-sacl ----------- Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract -------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ -------- apprf-CP_Guest_ISE-sacl ----------------------- Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract -------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ -------- CP_Guest_ACL ------------ Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract -------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ -------- 1 user X.X.X.X svc-http permit Low 4 2 user X.X.X.X svc-https permit Low 4 logon-control ------------- Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract -------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ -------- 1 user any udp 68 deny Low 4 2 any any svc-icmp permit Low 4 3 any any svc-dns permit Low 4 4 any any svc-dhcp permit Low 4 5 any any svc-natt permit Low 4 6 any 169.254.0.0 255.255.0.0 any deny Low 4 7 any 240.0.0.0 240.0.0.0 any deny Low 4 captiveportal ------------- Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract -------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ -------- 1 user controller svc-https dst-nat 8081 Low 4 2 user any svc-http dst-nat 8080 Low 4 3 user any svc-https dst-nat 8081 Low 4 4 user any svc-http-proxy1 dst-nat 8088 Low 4 5 user any svc-http-proxy2 dst-nat 8088 Low 4 6 user any svc-http-proxy3 dst-nat 8088 Low 4 Expired Policies (due to time constraints) = 0 (MCA_OCMEXICO) #show aaa server-group Cisco_ISE Fail Through:No Load Balance:No Auth Servers ------------ Name Server-Type trim-FQDN Match-Type Match-Op Match-Str ---- ----------- --------- ---------- -------- --------- Cisco_ISE Radius No Role/VLAN derivation rules --------------------------- Priority Attribute Operation Operand Type Action Value Validated -------- --------- --------- ------- ---- ------ ----- --------- (MCA_OCMEXICO) #show aaa authentication-server all Auth Server Table ----------------- Name Type FQDN IP addr AuthPort AcctPort Status Requests ---- ---- ---- ------- -------- -------- ------ -------- Internal Local n/a X.X.X.X n/a n/a Enabled 0 Cisco_ISE Radius none X.X.X.X 1812 1813 Enabled 460 (MCA_OCMEXICO) #show wlan virtual-ap Guest_Over Virtual AP profile "Guest_Over" ------------------------------ Parameter Value --------- ----- AAA Profile Guest_CP_ISE 802.11K Profile default Hotspot 2.0 Profile N/A SSID Profile Guest_Over Virtual AP enable Enabled VLAN 20 Forward mode tunnel Allowed band all Band Steering Disabled Cellular handoff assist Disabled Openflow Enable Disabled Steering Mode prefer-5ghz Dynamic Multicast Optimization (DMO) Disabled Dynamic Multicast Optimization (DMO) Threshold 6 Drop Broadcast and Unknown Multicast Disabled Convert Broadcast ARP requests to unicast Enabled Authentication Failure Blacklist Time 3600 sec Blacklist Time 3600 sec Deny inter user traffic Disabled Deny time range N/A DoS Prevention Disabled HA Discovery on-association Enabled Mobile IP Enabled Preserve Client VLAN Disabled Remote-AP Operation standard Station Blacklisting Enabled Strict Compliance Disabled VLAN Mobility Disabled WAN Operation mode always FDB Update on Assoc Disabled WMM Traffic Management Profile N/A Anyspot profile N/A (MCA_OCMEXICO) #