Here is the output:
show client detail a088b41773a4
Client MAC Address............................... a0:88:b4:17:73:a4
Client Username ................................. N/A
AP MAC Address................................... 00:27:0d:4a:77:b0
AP Name.......................................... dial1142wap-test
AP radio slot Id................................. 0
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 4
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 00:27:0d:4a:77:b3
Connected For ................................... 36 secs
Channel.......................................... 1
IP Address....................................... Unknown
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
IPv6 Address..................................... fe80::bc0b:5c58:e766:93de
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... OFF
Current Rate..................................... 54.0
Supported Rates.................................. 12.0,18.0,24.0,36.0,48.0,
............................................. 54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
AAA Override ACL Name............................ none
AAA Override ACL Applied Status.................. Unavailable
AAA Override Flex ACL Name....................... none
AAA Override Flex ACL Applied Status............. Unavailable
AAA URL redirect................................. none
Audit Session ID................................. ac1fff1400000016544952a8
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... PreAuth4WebRedirect
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Yes
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
No. of mDNS Services Advertised.................. 0
Policy Type...................................... N/A
Encryption Cipher................................ None
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ guest-wl
VLAN............................................. 500
Quarantine VLAN.................................. 0
Access VLAN...................................... 500
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 90
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 12120
Number of Bytes Sent....................... 0
Total Number of Bytes Sent................. 0
Total Number of Bytes Recv................. 12120
Number of Bytes Sent (last 90s)............ 0
Number of Bytes Recv (last 90s)............ 12120
Number of Packets Received................. 126
Number of Packets Sent..................... 0
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 0
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 0
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -67 dBm
Signal to Noise Ratio...................... 25 dB
Client Rate Limiting Statistics:
Number of Data Packets Recieved............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Recieved.............. 0
Number of Data Rx Bytes Dropped............ 0
Number of Realtime Packets Recieved........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Recieved.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
dial1142wap-test(slot 0)
antenna0: 36 secs ago.................... -64 dBm
antenna1: 36 secs ago.................... -66 dBm
dial1142wap-test(slot 1)
antenna0: 112 secs ago................... -77 dBm
antenna1: 112 secs ago................... -77 dBm
DNS Server details:
DNS server IP ............................. 0.0.0.0
DNS server IP ............................. 0.0.0.0
Assisted Roaming Prediction List details:
Client Dhcp Required: True
Allowed (URL)IP Addresses
-------------------------
Thanks,
_______________________________________
Chris Mielke | Lead, ISS Network Systems
Drake Technology Services (DTS) | Drake University
T 515.271.4640
E [email protected]
On 10/23/14, 1:57 PM, "Fabrice DURAND" <[email protected]> wrote:
>Strange it doesn´t detect that it´s a wlc redirection.
>Can you paste a sh client @mac (wlc) ?
>
>Regards
>Fabrice
>
>Le 2014-10-23 14:35, Christopher Mielke a écrit :
>> I didn’t try to ping because of the ACL, but I was able to telnet to the
>> server on port 80. When I open a browser it tries to redirect to
>>
>>“https://pf.drake.edu/captive-portal?destination_url=http://192.168.254.1
>>0/
>> &”, but then it times out.
>>
>> Thanks,
>> _______________________________________
>> Chris Mielke | Lead, ISS Network Systems
>> Drake Technology Services (DTS) | Drake University
>>
>> T 515.271.4640
>> E [email protected]
>>
>>
>>
>>
>> On 10/23/14, 12:39 PM, "Fabrice DURAND" <[email protected]> wrote:
>>
>>> Yes this is correct but are you able to ping the portal ip address ?
>>> (Also change the acl to allow icmp)
>>>
>>> Fabrice
>>>
>>> Le 2014-10-23 12:36, Christopher Mielke a écrit :
>>>> Sorry it took so long to respond. I had to rebuild my test
>>>>environment.
>>>> I
>>>> am able to connect to the SSID and on the wlc I can see the “PreAuth”
>>>> access-list is being applied. However, when I open a web browser I do
>>>> not
>>>> get to the captive portal. I am pointing to production DNS right now.
>>>>Is
>>>> that correct?
>>>>
>>>> Thanks,
>>>> _______________________________________
>>>> Chris Mielke | Lead, ISS Network Systems
>>>> Drake Technology Services (DTS) | Drake University
>>>>
>>>> T 515.271.4640
>>>> E [email protected]
>>>>
>>>>
>>>>
>>>>
>>>> On 10/15/14, 12:23 PM, "Fabrice DURAND" <[email protected]> wrote:
>>>>
>>>>> Hello Christopher,
>>>>>
>>>>> it depend of your network configuration, but you can use an alias
>>>>> (eth0:1) as the ip address of the captive portal.
>>>>>
>>>>> But let´s start with a simple config, in packetfence create a
>>>>> management
>>>>> interface, registration interface and a isolation interface.
>>>>>
>>>>> The registration interface must be able to talk with the wlc and the
>>>>> devices connected on and don´t forget to disable dhcp on the reg
>>>>> interface.
>>>>> So on the wlc side configure an ACL (Pre-Auth-For-WebRedirect) that
>>>>> forward the traffic to the ip address of the registration interface
>>>>>and
>>>>> configure another ACL (Authorize_any) to allow any any and configure
>>>>> the
>>>>> WLC to be the dhcp server for the client.
>>>>>
>>>>> Then try to connect on the ssid and check the status of the client in
>>>>> the WLC, if all is ok you will be able to see that the ACL applied to
>>>>> the client is the Pre-Auth-For-WebRedirect.
>>>>>
>>>>> Let me know if it´s ok.
>>>>>
>>>>> Regards
>>>>> Fabrice
>>>>>
>>>>> Le 2014-10-14 17:49, Christopher Mielke a écrit :
>>>>>> I am completely new to PacketFence and trying to set up WebAuth for
>>>>>>a
>>>>>> guest SSID using a Cisco WLC running 7.6.130.0. I have installed
>>>>>> PacketFence ZEN 4.4.1 and have it running. I am trying to follow the
>>>>>> instructions for ³Wireless LAN Controller (WLC) Web Auth² from the
>>>>>> network
>>>>>> configuration guide, but I¹m confused about the captive portal
>>>>>> configuration. In the guide it says the captive portal is using IP
>>>>>> address
>>>>>> 172.16.0.250 and the administration (I presume management) interface
>>>>>> uses
>>>>>> IP address 172.16.0.249. How do I set up a captive portal IP address
>>>>>> in
>>>>>> the same subnet as the management IP address? I apparently cannot
>>>>>>use
>>>>>> the
>>>>>> management IP for the captive portal because iptables blocks HTTP(S)
>>>>>> traffic to that IP address because it is in the
>>>>>>³input-management-if²
>>>>>> chain.
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Chris
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>---------------------------------------------------------------------
>>>>>>--
>>>>>> --
>>>>>> -----
>>>>>> Comprehensive Server Monitoring with Site24x7.
>>>>>> Monitor 10 servers for $9/Month.
>>>>>> Get alerted through email, SMS, voice calls or mobile push
>>>>>> notifications.
>>>>>> Take corrective actions from your mobile device.
>>>>>> http://p.sf.net/sfu/Zoho
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>> --
>>>>> Fabrice Durand
>>>>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
>>>>> PacketFence
>>>>> (http://packetfence.org)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>----------------------------------------------------------------------
>>>>>--
>>>>> --
>>>>> ----
>>>>> Comprehensive Server Monitoring with Site24x7.
>>>>> Monitor 10 servers for $9/Month.
>>>>> Get alerted through email, SMS, voice calls or mobile push
>>>>> notifications.
>>>>> Take corrective actions from your mobile device.
>>>>> http://p.sf.net/sfu/Zoho
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>-----------------------------------------------------------------------
>>>>--
>>>> -----
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>> --
>>> Fabrice Durand
>>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
>>>PacketFence
>>> (http://packetfence.org)
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>>--
>>> ----
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>-------------------------------------------------------------------------
>>-----
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>--
>Fabrice Durand
>[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>(http://packetfence.org)
>
>
>--------------------------------------------------------------------------
>----
>_______________________________________________
>PacketFence-users mailing list
>[email protected]
>https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
