last person joined: 9 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

URL redirect using DNS

Jump to Best Answer
  • 1.  URL redirect using DNS

    Posted Sep 24, 2014 03:09 PM

    I have tested my url redirect on a cisco switch for onboarding and it works great; however, when I change it to use the hostname, its not resolving.  I have added the dns servers into the ACL, but im still not resolving. 


    The ACL looks like the following:

    Extended IP access list cisco-wired-onboard-acl
    5 deny tcp any host {clearpass vip on our f5} (2221 matches)
    10 permit ip any host {name-server 1} (2 matches)
    15 permit ip any host {name-server 2} (62 matches)
    20 permit tcp any any (15727 matches)


    Am I missing something?



  • 2.  RE: URL redirect using DNS
    Best Answer

    Posted Sep 24, 2014 03:31 PM
    This is what I have on my 3750 for onboard/onguard/guest portal

    ip access-list extended cisco-wired-guest-acl
    ###Change per your local config specifics###
    deny tcp any host
    permit tcp any any

  • 3.  RE: URL redirect using DNS

    Posted Sep 24, 2014 03:33 PM

    Does that work with FQDN as well?  


    I can work when I use the IP address, its just when I try and use the FQDN for certificate reasons.



  • 4.  RE: URL redirect using DNS

    Posted Sep 24, 2014 03:37 PM



    Try running nslookup in the comand line on the client and see if the dns resolves correctly.

  • 5.  RE: URL redirect using DNS

    Posted Sep 24, 2014 03:54 PM

    It is resolving correctly.  it looks like the page just doesnt load.  Its an instant reply for a dead page.

  • 6.  RE: URL redirect using DNS

    Posted Sep 24, 2014 03:57 PM

    Try a different browser. Ive noticed that a few act weird if you dont clear the cache during testing. 

  • 7.  RE: URL redirect using DNS

    Posted Oct 08, 2014 12:14 PM

    Sorry for the late reply.  Both the test laptops I had browser had issues.  I finally got another test machine and it worked as expected.


    Another question though,


    Ideally, I would like to redirect to a page that they can either onboard, or accept terms and conditions and pass onto our guest network.  Is this possible on a wired port using guest self registration?  I know it would use guest licenses, but we should be well within our license capacity.