Security

Hi,

I'm trying to set up a splash screen for my wired clients if they are put in a untusted vlan due to profiling confilicts or unknown Mac.

 

- Switch is HP 5406 with Firmware 16.08.001

 

show port-access clients B7 detailed  shows me the corret VLAN, Correct ACL and the correct captive portal string

...

Untagged VLAN : 666

...

RADIUS ACL List :
permit in tcp from any to 10.1.1.46 80
permit in tcp from any to 10.1.1.46 443
deny in tcp from any to any 80
deny in tcp from any to any 443
permit in udp from any to any 53
permit in udp from any to any 67

...

Captive Portal Details :
URL : http://10.1.1.46/mysite.htm

 

show captive-portal

Captive Portal Configuration

Redirection Enabled : Yes
URL Hash Key Configured : No

 

- The captive portal is in VLAN1 - also the switch Mangement

- the Switch has a static IP in VLAN666

- for the clients I created a firewall rule so that they ca reach the ip of the captive portal

- the client can reach the page if i open it directly in the browser

 

But there is no redirect happening if i try to open any other site in the explorer. Tested with Win10 - Edge, Firefox, InternetExplorer - local Firewall disabled.

 

Any Ideas

Does the client have a valid and working (nslookup resolves...) DNS server?

Not bu do i need it? I'm working only with ip addresses and only on http not https.

Usually yes, since the controller/switch will intercept the initial DNS
reply and re-direct this to the Captive Portal. Without a working DNS
server, there is no DNS reply and therefore no re-direct occurs.

Solved,

 

i forgotten the cpy in the ACL

 

 

deny in tcp from any to any 80 cpy
deny in tcp from any to any 443 cpy