Different NAC Portal Page

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
Hi community

I would like to configure different NAC portal pages for different locations.
I have created additional portal pages.
I have created a rule that forces the use of the new Portal page when I authenticate from a specific location but this seem intermittent.
Some users get the default portal page and other get the Custom Portal Page

What is the correct setup for this Solution?
I have attached a copy of my rules.
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,160 Points 5k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 46,868 Points 20k badge 2x thumb
Check which rule is hit = which role/portal the client get's.

If the client hit the "Client-Andre" rule he should get the custom portal - if rule "unregistered" is hit then the default portal is used.

If the problem is related that "Client-Andre" rule isn't used right-click the client in the NAC end-system tab and click > configuration evaluation tool > run evaluation ...and look why the rule isn't used.

BTW, how is your location group configured - are you using AP zone or what is your option to get the location right?

-Ron
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 46,868 Points 20k badge 2x thumb
...and make sure that the NAC configuration is enforced :-)
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 46,868 Points 20k badge 2x thumb
(Edited)
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 46,868 Points 20k badge 2x thumb
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,160 Points 5k badge 2x thumb
Thx Ronald

I think I have found my problem.
Currently the V2110 and NAC is deployed in the cloud.
I have the VNS setup to return the SSID via radius attributes to the NAC.

What seems to be happening is that when a client connects the "Switch Port" in nac first displays the "Topology name" and only 10 seconds later updates this with the SSID.

So when I connect and wait a few seconds and then open a browser I receive the correct Page.
If I browse within the 10 seconds the default NAC rule applies because the location does not match.
I am going to add the topology name in the location list.

Thx
Andre