Header Only - DO NOT REMOVE - Extreme Networks

NAC dns proxy redirection not working any alternatives?


Hi,

Currently we have setup NAC to run as a DNS proxy to display a portal page from NAC when wireless devices have been quarantined. We have not setup PBR but are just forcing the client to a VLAN with the DNS server settings in DHCP pointing to NAC and the wireless controller having a policy only allowing access to the NAC DNS.

This seems to be buggy where at times the user is displayed with the page but at times they are not. At it stands this has now completely stopped working.

So question is do I try to debug this issue or is there a better method which will work all the time? Requirement is we want the device to display a message when it has been quarantined.

Is it possible to force a device to a http page from the extreme controller using policy, which we can point to the NAC http page?

Or is there some instructions on how I can setup PBR on the S series switches and C series to help with this?

Thanks

4 replies

Userlevel 3
Kunal,

PBR on the S series should be no problem. I don't think the C series can perform PBR (at least not without Advanced Routing Licensing - not sure)...

You will need to mark the packets within the VNS Role Policy for Unregistered as cs2. Occasionally, we have needed to match on IP addresses of the Quarantine/Unregistered VLAN. Change the access-list accordingly.

The S series code should be:

ip access-list extended UR
permit tcp any any eq 80 dscp cs2
permit tcp any any eq 8080 dscp cs2
exit

route-map policy Unreg permit 10
match ip address UR
set next-hop
exit

Thanks,

Bill
thanks, will give it a go
Userlevel 3
Kunal,

I forgot to add, in your routing interface config for the Unregistered/Quarantine VLAN add:

ip policy route-map Unreg
Userlevel 7
Reference: https://gtacknowledge.extremenetworks.com/articles/How_To/How-To-Configure-a-Route-map-to-Re-direct-...

Reply