https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32147#M3405 Kunal,<BR /> <BR /> I forgot to add, in your routing interface config for the Unregistered/Quarantine VLAN add:<BR /> <BR /> ip policy route-map Unreg<BR /> <BR /> Wed, 14 Oct 2015 16:20:00 GMT Bill_Handler 2015-10-14T16:20:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32144#M3402 Hi,<BR /> <BR /> Currently we have setup NAC to run as a DNS proxy to display a portal page from NAC when wireless devices have been quarantined. We have not setup PBR but are just forcing the client to a VLAN with the DNS server settings in DHCP pointing to NAC and the wireless controller having a policy only allowing access to the NAC DNS.<BR /> <BR /> This seems to be buggy where at times the user is displayed with the page but at times they are not. At it stands this has now completely stopped working. <BR /> <BR /> So question is do I try to debug this issue or is there a better method which will work all the time? Requirement is we want the device to display a message when it has been quarantined.<BR /> <BR /> Is it possible to force a device to a http page from the extreme controller using policy, which we can point to the NAC http page?<BR /> <BR /> Or is there some instructions on how I can setup PBR on the S series switches and C series to help with this?<BR /> <BR /> Thanks<BR /> <BR /> Tue, 13 Oct 2015 21:04:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32144#M3402 Kunal_Waghela 2015-10-13T21:04:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32145#M3403 Kunal,<BR /> <BR /> PBR on the S series should be no problem. I don't think the C series can perform PBR (at least not without Advanced Routing Licensing - not sure)...<BR /> <BR /> You will need to mark the packets within the VNS Role Policy for Unregistered as cs2. Occasionally, we have needed to match on IP addresses of the Quarantine/Unregistered VLAN. Change the access-list accordingly.<BR /> <BR /> The S series code should be:<BR /> <BR /> ip access-list extended UR<BR /> permit tcp any any eq 80 dscp cs2 <BR /> permit tcp any any eq 8080 dscp cs2<BR /> exit<BR /> <BR /> route-map policy Unreg permit 10<BR /> match ip address UR<BR /> set next-hop <NAC ip="" address=""><BR /> exit<BR /> <BR /> Thanks,<BR /> <BR /> Bill<BR /> <BR /></NAC> Wed, 14 Oct 2015 16:15:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32145#M3403 Bill_Handler 2015-10-14T16:15:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32146#M3404 thanks, will give it a go Wed, 14 Oct 2015 16:18:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32146#M3404 Kunal_Waghela 2015-10-14T16:18:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32147#M3405 Kunal,<BR /> <BR /> I forgot to add, in your routing interface config for the Unregistered/Quarantine VLAN add:<BR /> <BR /> ip policy route-map Unreg<BR /> <BR /> Wed, 14 Oct 2015 16:20:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32147#M3405 Bill_Handler 2015-10-14T16:20:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32148#M3406 Reference: <A href="https://gtacknowledge.extremenetworks.com/articles/How_To/How-To-Configure-a-Route-map-to-Re-direct-Traffic-marked-with-a-ToS-Value" target="_blank" rel="nofollow noreferrer noopener">https://gtacknowledge.extremenetworks.com/articles/How_To/How-To-Configure-a-Route-map-to-Re-direct-...</A> Thu, 15 Oct 2015 19:46:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/nac-dns-proxy-redirection-not-working-any-alternatives/m-p/32148#M3406 Doug 2015-10-15T19:46:00Z