This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

10.11 HTTP Redirection at AP

10.11 HTTP Redirection at AP

Andre_Brits_Kan
Contributor II

‎08-05-2016 01:34 PM

Hi Guys

So I am playing with the new HTTP redirection at the AP (Bridge@AP).

For my test I would like to redirect users to the NAC portal page using a Bridge at AP.
Not sure what I am doing wrong here:

I have enabled HTTP Redirection globally:

9d06f8421b624d83b9a37b498cdf53db_RackMultipart20160805-73557-4n39zv-1_inline.jpg



I have created a redirection role with the following rules:

9d06f8421b624d83b9a37b498cdf53db_RackMultipart20160805-112574-htozkb-2_inline.jpg



9d06f8421b624d83b9a37b498cdf53db_RackMultipart20160805-122662-p3fm1s-3_inline.jpg



The user connect and receives an IP, but is never redirected.
If I browse to the "Redirection URL" I do get the NAC Portal Page:

9d06f8421b624d83b9a37b498cdf53db_RackMultipart20160805-69387-ii3vla-4_inline.jpg


Looking at the note at the bottom of the "Redirection URL"
Note: token=&dest=
&hwcip=&hwcport=
will be APPENDED to the redirection URL

This might be the problem....

Any idea??
0 Kudos
5 REPLIES 5

Anonymous
Not applicable

‎09-22-2017 11:16 AM

Have it working, screenshots of the configuration below. I did end up using FFECP but I didn't need to fill in feilds except the URL.

68f44acc7b294b1dbb3ffdcda3fc9e7d_RackMultipart20170922-10231-awsfxj-Role_inline.png



68f44acc7b294b1dbb3ffdcda3fc9e7d_RackMultipart20170922-101466-1s2xkw8-Rule_inline.png


68f44acc7b294b1dbb3ffdcda3fc9e7d_RackMultipart20170922-120594-zc4rtt-RuleRedirect_inline.png


68f44acc7b294b1dbb3ffdcda3fc9e7d_RackMultipart20170922-51830-12lgl94-WLAN_inline.png


68f44acc7b294b1dbb3ffdcda3fc9e7d_RackMultipart20170922-9481-1x3qffw-FFECP_inline.png



Mistakes I made to avoid:
  • Make sure redirect rule is set to 0.0.0.0/0 for HTTP and HTTPS, and not NAC IP (As Above)
  • Make sure you enter NAC IP address in, otherwise you get an 'Internal Error' when redirected (As Above)
  • You don't need to fill out any fields in FFECP config other than URL (As Above)
  • IP 10.199.0.120 is NAC
  • IP 10.114.15.101/32 can be removed, this is a mistake. This was a hangup when originally configured for Bridge@EWC
Thanks.

0 Kudos

Anonymous
Not applicable

‎09-21-2017 04:01 PM

Hi, Been in the process of setting this up myself but been struggling also to get the redirect working. (Think it might be having the redirect firewall rule set to the NAC address instead of 0.0.0.0 as above, as you would traditionally do - will test and post back) Would it be possible to provide the detail of an exact working configuration that redirects to NAC Captive Portal - the above details 90% of it but not sure how accurate it is and some bits are missing like if FFECP was required, and its elements. Are the settings above, all the firewall entries exactly how they should be? Did this require FFECP in the end to work? What was entered for the mandatory fields, like 'identity' for example (perhaps wireless controller hostname?) I'm running on code 10.34.x Many thanks.
0 Kudos

Andre_Brits_Kan
Contributor II

‎08-12-2016 01:35 PM

Hi Gareth The FFECP only applies to routed or b@ewc topologies. With new redirect options should allow you to redirect traffic with a Bridge at AP topology. I have tried to set this and the controller then warns you that it only applies to routed and B@EWC topologies. Enhanced Access Points (AP38XX/39XX) to directly support redirection and Firewall Friendly External Captive Portal (FFECP) for distributed topologies. Thx
0 Kudos

Gareth_Mitchell
Extreme Employee
In response to Andre_Brits_Kan

‎08-12-2016 01:35 PM

Andre

My understanding is that the wlan service must be of type FFECP (see the manual pages in my first post.)

If it is not, and the identity/shared secret fields are not complete, the AP will not redirect.

I would recommend attaching your configs to a case and we will take a look at it, I have it working in the lab on this code, in a wireless trace I see the AP sending http redirect.

-Gareth
0 Kudos
GTM-P2G8KFN