Hi,
We are testing NAC L2-IP on a Cat 6506 running 12.2(18)SXF9.
When configuring for NAC L2-IP, the switch is able to download the required ACL
entries. The HTTP Server is enabled in the Switch, however still the HTTP
redirection is Not working.
From the Client side, I can see the SYN packets going to port 80 but no
response (Redirect etc) comes back from the switch.
This is the Port-ACL
10 permit udp any eq 21862 any
11 permit icmp any any echo-reply
20 permit udp any any eq bootps
30 permit udp any any eq domain
40 permit tcp any eq 3389 any
50 deny ip any any
This is the ACL as specified in the "url-redirect-acl" attribute
70 deny tcp any host 10.140.4.116 eq www
80 deny tcp any host 10.140.4.202 eq www
90 deny tcp any host 10.1.194.15 eq www
100 deny tcp any host 172.25.1.15 eq www
110 permit tcp any any eq www
Any ideas ?
+++++++++++++++++
show eou ip 10.192.99.27
Address : 10.192.99.27
MAC Address : 0006.5ba0.5705
Interface : FastEthernet2/47
AuthType : CLIENTLESS
Audit Session ID : 0000002C1387D1FB0000000D0AC0631B
PostureToken : -------
Age(min) : 15
URL Redirect : http://x.x.x/y
URL Redirect ACL : redirect-policy
ACL Name : #ACSACL#-IP-NAC_NoCTA_ACL-464b3186
User Name : UNKNOWN USER
Revalidation Period : 36000 Seconds
Status Query Period : 300 Seconds
Current State : CLIENTLESS
++++++++++++++++++++++++++++++++
Exactly the Same configuration and Secure ACS configuration works for a 3560 Switch.
Thanks,
Naman