Hi,
I am struggling with setting up a Captive Portal redirect for wired guest. The configurations are all from the prescribed documents and guidelines but the web redirect is not happening.
Relevant switch configurations are as below:
!
aaa authentication dot1x default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 1
aaa accounting dot1x default start-stop group radius
aaa accounting network default start-stop group tacacs+ group radius
aaa accounting system default start-stop group tacacs+ group radius
!
aaa server radius dynamic-author
client 192.168.1.242 server-key test123
port 3799
auth-type all
!
aaa session-id common
switch 1 provision ws-c2960s-24ps-l
authentication mac-move permit
!
ip dhcp snooping
no ip domain-lookup
ip name-server 192.168.1.240
ip device tracking
!
dot1x system-auth-control
!
interface GigabitEthernet1/0/1
switchport access vlan 99
switchport mode access
authentication control-direction in
authentication event server dead action authorize vlan 96
authentication event no-response action authorize vlan 96
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab webauth
authentication priority dot1x mab webauth
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 30
dot1x timeout tx-period 2
dot1x timeout supp-timeout 20
dot1x max-req 1
dot1x max-reauth-req 1
spanning-tree portfast
!
interface Vlan1
ip address 192.168.1.11 255.255.255.0
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
ip http secure-active-session-modules disable_webmgmt
ip http session-module-list disable_webmgmt NONE
ip http active-session-modules disable_webmgmt
!
ip access-list extended ANY
permit ip any any
ip access-list extended Web-Redirect
deny udp host 0.0.0.0 host 255.255.255.255 eq bootps
deny udp any any eq domain
deny tcp any host 192.168.1.242
permit tcp any any
ip radius source-interface Vlan1
ip sla enable reaction-alerts
radius-server attribute 4 192.168.1.11
radius-server host 192.168.1.242 auth-port 1812 acct-port 1813 key test123
radius-server vsa send accounting
radius-server vsa send authentication
!
Services on ClearPass and the outputs are attached.
Any guidance would be good enough. Thanks