Redirect @ AP NAC enforce deleting rules

  • 0
  • 2
  • Question
  • Updated 2 months ago
  • Answered
  • (Edited)
Hi,

Currently running Extreme Control version 8.1.2.59 and Extreme Wireless (identiFi) 10.41.02.0014.

I'm in the process of configuring redirection at the AP which works with the following rules:



Which I entered in the wireless controller first and then did an import from the wireless device into NAC. The rules in the NAC now look like the following:



When I then do an enforce back to the EWC it wipes out the redirect rules and now looks like the following (ignore the change in IP's for a moment, just a couple of different shots from different systems, but the results are the same):



I notice in the NAC rule configuration an option for HTTP Redirect, perhaps I have to configure the redirect rules using this form, which will successfully write the redirect rules back to the EWC on enforce?



Thought that maybe the values in the 'Listen Sockets' might be 80,8080,443



But whenever I 'OK' it the 'HTTP redirect' option comes back 'Disabled':



I'm probably driving this completely wrong, but would appreciate any advise.

Many thanks in advance.
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb

Posted 2 months ago

  • 0
  • 2
Photo of Tyler Marcotte

Tyler Marcotte, Official Rep

  • 2,740 Points 2k badge 2x thumb
Hi Martin,

The redirect rule is most likely there, just hidden in the dropdown list. If you drop down the item that says "Disabled" you should see one item that says "HTTP Redirect 1" or something along those lines.

Tyler
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb
Hi Tyler,

Thanks for replying. So had a bit more of a play around and it does remain disabled, and when you go into the 'Listen Sockets' is still there, but I can't see anything anywhere that says 'HTTP Redirect 1'?



I did change the rule to permit and set the rule type to 'Wireless Controller', and then when I did an enforce it looked like the redirect are there:



Now the rules on the wireless controller look like the following:


So as you can see the rules for ports 80, 8080 and 443 are not showing up as redirect.

Here is the example https (443) rule that I configured:





Don't suppose you can see where I'm going wrong?

Many thanks.
(Edited)
Photo of Tyler Marcotte

Tyler Marcotte, Official Rep

  • 2,740 Points 2k badge 2x thumb
Hi Martin,

Sorry, I missed a part of your screenshot when I first read it. After you define the sockets to listen on in the redirect config, you need to add a Redirect Group that is your redirect URL. If you are redirecting to NAC there should already be pre-configured ones available in the drop down. If you're using something else then you can list the URL. Just be sure to include the port number (:80 or :443) in the URL.



See if that gets you a bit further. I think that's the piece you're missing though.

Tyler
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb
Hi Tyler,

No problem.

Not sure what happened but I did post a large reply with lots more screenshots, as I managed to work it out in the end.

But you are correct, that's exactly what I missed, and it all worked as expected after that.

Thanks for replying anyway.

Cheers,

Martin