NAC L2-IP on 6500 . URL Redirection Not working

Unanswered Question
Jun 4th, 2007
User Badges:


We are testing NAC L2-IP on a Cat 6506 running 12.2(18)SXF9.

When configuring for NAC L2-IP, the switch is able to download the required ACL

entries. The HTTP Server is enabled in the Switch, however still the HTTP

redirection is Not working.

From the Client side, I can see the SYN packets going to port 80 but no

response (Redirect etc) comes back from the switch.

This is the Port-ACL

10 permit udp any eq 21862 any

11 permit icmp any any echo-reply

20 permit udp any any eq bootps

30 permit udp any any eq domain

40 permit tcp any eq 3389 any

50 deny ip any any

This is the ACL as specified in the "url-redirect-acl" attribute

70 deny tcp any host eq www

80 deny tcp any host eq www

90 deny tcp any host eq www

100 deny tcp any host eq www

110 permit tcp any any eq www

Any ideas ?


show eou ip

Address :

MAC Address : 0006.5ba0.5705

Interface : FastEthernet2/47


Audit Session ID : 0000002C1387D1FB0000000D0AC0631B

PostureToken : -------

Age(min) : 15

URL Redirect : http://x.x.x/y

URL Redirect ACL : redirect-policy

ACL Name : #ACSACL#-IP-NAC_NoCTA_ACL-464b3186


Revalidation Period : 36000 Seconds

Status Query Period : 300 Seconds

Current State : CLIENTLESS


Exactly the Same configuration and Secure ACS configuration works for a 3560 Switch.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion