Security

last person joined: 16 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest URL-REDIRECT on Cisco L2 Switch

This thread has been viewed 13 times

  • 1.  Guest URL-REDIRECT on Cisco L2 Switch

    Posted Aug 02, 2016 03:46 AM

    Hi

     

    I have a setup of Guest Users connected to Cisco L2 switch (2960), I want to redirect their internet browsing access to the Guest Captive-Portal page, then got internet access after authentication.

     

    The CP service configured "as attached", and the guest captive-portal configured.

     

    The users assigned to guest VLAN but they are not redirected to the captive-portal page

     

    - The used switch is 2960

    - The used switch version is (C2960-LANBASEK9-M), Version 12.2(55)SE7

    - The switch is L2 switch.

    - The users VLAN GW is in another L3 switch

     

    SO::

     

    - Is the switch must be L3 switch?

    - Is the users VLAN GW must be on the target switch (for the URL-Redirect to be accepted)

    - Is there a special configuration required on the switch rather than the below?;

     

    ==============================================

    aaa new-model

    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    aaa accounting dot1x default start-stop group radius

    aaa server radius dynamic-author
    client 10.0.0.179 server-key aruba123
    port 3799
    auth-type all

     

    dot1x system-auth-control

     

    interface FastEthernet0/2
    switchport access vlan 10
    switchport mode access
    authentication order dot1x mab
    authentication priority dot1x mab
    authentication port-control auto
    authentication periodic
    authentication timer reauthenticate server
    mab
    dot1x pae authenticator
    dot1x timeout server-timeout 30
    dot1x timeout tx-period 10
    dot1x max-req 3
    dot1x max-reauth-req 3
    spanning-tree portfast

     

    ip http server
    ip http secure-server

     

    radius-server host 10.0.0.179 auth-port 1645 acct-port 1646 key aruba123
    radius-server vsa send authentication

    ======================================== 

     

    Thanks



  • 2.  RE: Guest URL-REDIRECT on Cisco L2 Switch

    Posted Aug 08, 2016 04:48 AM

    - Is the switch must be L3 switch?

    - Is the users VLAN GW must be on the target switch (for the URL-Redirect to be accepted)

     

    I think, in short, the answer to both of the above questions is "yes" for this to work.



  • 3.  RE: Guest URL-REDIRECT on Cisco L2 Switch

    Posted Aug 09, 2016 03:10 AM

    Hello

     

    Do you have any documnet/article about this issue?

     

    If so, then this URL-Redirect feature is not reliable, because most of the users are connected to L2 switches and their GW resides in one switch (the Core L3 switch)...

     

    Is it?

     

    Thanks 



  • 4.  RE: Guest URL-REDIRECT on Cisco L2 Switch

    Posted Aug 09, 2016 04:26 AM

    Can you not set the url-redirect up on the L3 switch?

     



  • 5.  RE: Guest URL-REDIRECT on Cisco L2 Switch

    Posted Aug 25, 2016 01:19 PM
      |   view attached

    Hi,

     

    Have you had any success with url-redirect?

     

    I've found the following Cisco document that lists the supported platforms for the url-redirect command.

     

    http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ibns/configuration/15-e/ibns-15-e-book/ibns-webauth-origin-url.pdf

    Attachment(s)

    pdf
    ibns-webauth-origin-url.pdf   1.34 MB 1 version