×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

OEAP Remote LAN & MAC Filtering

Unanswered Question
Sep 19th, 2013
User Badges:

I am currently trying to set up the Remote LAN feature with MAC Filtering with WLC & ISE. I want to use Central Web Authentication, but the client connected to the wired port 4 of the OEAP does not get redirected. On the WLC I see the correct web redirect URL and ACL being applied (client details), but the redirect on the client itself is not taking place. The RADIUS NAC state of the wired client is also shown as "RUN" instead of the expected "CENTRAL_WEBAUTH_REQD". No anchoring is configured for the Remote LAN, since it is not supported in this WLC software release.


Anybody have any ideas? Is this supported at all? The redirect is working fine with wireless on the OEAP.


WLC 5508 7.4.110.0

AIR-OEAP602I-E-K9

ISE 1.2.0.899

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Shankar Ramanathan Sun, 09/22/2013 - 15:55
User Badges:
  • Cisco Employee,

Need "show run-config" output. Make a mention of the wlan.


Make sure you are using even numbered wlan on RLAN to be mapped to port 4.

ivarnhagen Sun, 09/22/2013 - 22:38
User Badges:

Hi,


Thanks for the reply! I have attached the show run-config command, but replaced some sensitive data. The WLAN ID is "44" with name "HomeOffice_RemoteLAN_Port4"


I have set it up by following the guide here (also with correct group mapping): http://www.cisco.com/en/US/products/ps11579/products_tech_note09186a0080b7f10e.shtml#t100


The general function seems fine. I get an IP address and can Ping, but there is no redirect. Hope you can help me!


Regards

Shankar Ramanathan Mon, 09/23/2013 - 08:22
User Badges:
  • Cisco Employee,

You are trying web-auth redirect on rlan correct? On remote lan 44 config:


Remote LAN Configuration



Remote LAN Identifier............................ 44

Profile Name..................................... HomeOffice_RemoteLAN_Port4

Status........................................... Enabled

MAC Filtering.................................... Enabled

AAA Policy Override.............................. Enabled

Maximum number of Associated Clients............. 0

Number of Active Clients......................... 0

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. 86400 seconds

User Idle Timeout................................ 300 seconds

User Idle Threshold.............................. 0 Bytes

NAS-identifier................................... XXX-XXXXXX

Webauth DHCP exclusion........................... Disabled

Interface........................................ homeoffice

Remote LAN ACL................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Enabled

PMIPv6 Mobility Type............................. none

Radius Servers

   Authentication................................ 10.65.30.220 1812





   Authentication................................ 10.65.30.221 1812

   Accounting.................................... 10.65.30.220 1813

   Accounting.................................... 10.65.30.221 1813

      Interim Update............................. Disabled

   Dynamic Interface............................. Disabled

   Dynamic Interface Priority.................... wlan

Local EAP Authentication......................... Disabled

Security



   802.1X........................................ Disabled

   Web Based Authentication...................... Disabled

   Web-Passthrough............................... Disabled

AVC Visibilty.................................... Disabled

AVC Profile Name................................. None

Flow Monitor Name................................ None



802.11u........................................ Disabled



MSAP Services.................................. Disabled

ivarnhagen Mon, 09/23/2013 - 22:41
User Badges:

Yes that is correct, but I want to do MAC Filtering and redirect to ISE, and not use the local WLC Web Auth. Thats why the option is disabled. I also have this configured for WLAN ID 20, which is redirecting fine


I now have a tac case open on this issue.

Shankar Ramanathan Tue, 09/24/2013 - 09:28
User Badges:
  • Cisco Employee,

Glad you opened a TAC case on this. Not sure if i understood the problem description correct here. If you are trying for a RADIUS NAC solution on OEAP, this is not a supported feature on RLAN.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode