NAC L2-IP on 6500 . URL Redirection Not working

mnlatif · ‎06-04-2007

Hi,

We are testing NAC L2-IP on a Cat 6506 running 12.2(18)SXF9.

When configuring for NAC L2-IP, the switch is able to download the required ACL

entries. The HTTP Server is enabled in the Switch, however still the HTTP

redirection is Not working.

From the Client side, I can see the SYN packets going to port 80 but no

response (Redirect etc) comes back from the switch.

This is the Port-ACL

10 permit udp any eq 21862 any

11 permit icmp any any echo-reply

20 permit udp any any eq bootps

30 permit udp any any eq domain

40 permit tcp any eq 3389 any

50 deny ip any any

This is the ACL as specified in the "url-redirect-acl" attribute

70 deny tcp any host 10.140.4.116 eq www

80 deny tcp any host 10.140.4.202 eq www

90 deny tcp any host 10.1.194.15 eq www

100 deny tcp any host 172.25.1.15 eq www

110 permit tcp any any eq www

Any ideas ?

+++++++++++++++++

show eou ip 10.192.99.27

Address : 10.192.99.27

MAC Address : 0006.5ba0.5705

Interface : FastEthernet2/47

AuthType : CLIENTLESS

Audit Session ID : 0000002C1387D1FB0000000D0AC0631B

PostureToken : -------

Age(min) : 15

URL Redirect : http://x.x.x/y

URL Redirect ACL : redirect-policy

ACL Name : #ACSACL#-IP-NAC_NoCTA_ACL-464b3186

User Name : UNKNOWN USER

Revalidation Period : 36000 Seconds

Status Query Period : 300 Seconds

Current State : CLIENTLESS

++++++++++++++++++++++++++++++++

Exactly the Same configuration and Secure ACS configuration works for a 3560 Switch.

Thanks,

Naman

wdrootz · ‎06-08-2007

Check this bug-id: CSCse02269.