Clearpass onboard URL redirect on cisco 9300
05-13-2019 11:55 PM
At this moment we are in a proof of concept phase for a NAC-deployment for which we use the clearpass, and cisco 2960 and cisco 9300.
On the 2960 all works as intented:
- known devices in the AD (and via certificates) are allowed
- not known devices are redirected and/or prompted with the redirect URL where they might regisiter themself on the onboarding page.
On th 9300 however, despite the fact that with a "show authentication session interface gX/X/X details" we get the same situation as with the 2960, the devices do not receive the redirect. Althought the switchport received this information from the Clearpass.
If we enter the URL by hand, it works as intented, but this is not userfrienly at all (certainly not because users should then enter their MAC-address by hand instead of automatic)
The config of the switch is in attach.
We're pretty sure of the setup of clearpass, because it works on the 2960.
Anybody an idea on how to resolve this issue?
Re: Clearpass onboard URL redirect on cisco 9300
05-14-2019 11:28 PM
So the URL redirect didn't work because there are some dependencies in the diff between IOS (C2960) & IOS-XE(C9300).
On the C2960 you'll need ip device-tracking (IPDT) before the redirect works. On the C9300 it's replaced by SISF device tracking.
Once SISF was implemented it worked as it should be.