Header Only - DO NOT REMOVE - Extreme Networks

Redirect @ AP NAC enforce deleting rules

Userlevel 5

Currently running Extreme Control version and Extreme Wireless (identiFi)

I'm in the process of configuring redirection at the AP which works with the following rules:

Which I entered in the wireless controller first and then did an import from the wireless device into NAC. The rules in the NAC now look like the following:

When I then do an enforce back to the EWC it wipes out the redirect rules and now looks like the following (ignore the change in IP's for a moment, just a couple of different shots from different systems, but the results are the same):

I notice in the NAC rule configuration an option for HTTP Redirect, perhaps I have to configure the redirect rules using this form, which will successfully write the redirect rules back to the EWC on enforce?

Thought that maybe the values in the 'Listen Sockets' might be 80,8080,443

But whenever I 'OK' it the 'HTTP redirect' option comes back 'Disabled':

I'm probably driving this completely wrong, but would appreciate any advise.

Many thanks in advance.

4 replies

Userlevel 4
Hi Martin,

The redirect rule is most likely there, just hidden in the dropdown list. If you drop down the item that says "Disabled" you should see one item that says "HTTP Redirect 1" or something along those lines.

Userlevel 5
Hi Tyler,

Thanks for replying. So had a bit more of a play around and it does remain disabled, and when you go into the 'Listen Sockets' is still there, but I can't see anything anywhere that says 'HTTP Redirect 1'?

I did change the rule to permit and set the rule type to 'Wireless Controller', and then when I did an enforce it looked like the redirect are there:

Now the rules on the wireless controller look like the following:

So as you can see the rules for ports 80, 8080 and 443 are not showing up as redirect.

Here is the example https (443) rule that I configured:

Don't suppose you can see where I'm going wrong?

Many thanks.
Userlevel 4
Hi Martin,

Sorry, I missed a part of your screenshot when I first read it. After you define the sockets to listen on in the redirect config, you need to add a Redirect Group that is your redirect URL. If you are redirecting to NAC there should already be pre-configured ones available in the drop down. If you're using something else then you can list the URL. Just be sure to include the port number (:80 or :443) in the URL.

See if that gets you a bit further. I think that's the piece you're missing though.

Userlevel 5
Hi Tyler,

No problem.

Not sure what happened but I did post a large reply with lots more screenshots, as I managed to work it out in the end.

But you are correct, that's exactly what I missed, and it all worked as expected after that.

Thanks for replying anyway.