What role are you setting after registration? Did you setup acls authorize_any on the controller?
Did you check NAC State Radius NAC? Did you set acl authorize_any to this role? From: Helen Chen [mailto:[email protected]] Sent: Thursday, April 6, 2017 10:14 AM To: [email protected] Subject: [PacketFence-users] Captive Portal Redirection not working Hi All, Lately I've been struggling one problem for weeks now. Any of your help would really be appreciated. We have one Cisco WLC 2504 here. I put the switch mode to registration, then the captive portal is redirected fine. However, after I passed the credential authentication, the ACL failed to redirect. The error says "Your network should be enabled within a minute or two. If it is not reboot your computer". I checked the log and notice the reason I cannot achieve reassignment is because I was not on a production mode so pf cannot perform deauthentiation. So I change the switch mode to production. The problem will be the captive portal will jump to "captive. Apple.com" instead of packetfence. If I cancel it and open a browser it will say could not open the page because the server stopped responding. I disabled pfsetvlan and snmptrapd as it's wireless traffic, it's not necessary to enable it,right? Please see related logs below. Any suggestions? (Cisco Controller) >show client detail 7c:01:91:25:f9:eb Client MAC Address............................... 7c:01:91:25:f9:eb Client Username ................................. N/A AP MAC Address................................... 5c:83:8f:9f:1b:90 AP Name.......................................... Tech_TestAP AP radio slot Id................................. 0 Client State..................................... Associated Client User Group................................ Client NAC OOB State............................. Access Wireless LAN Id.................................. 4 Wireless LAN Network Name (SSID)................. Guest Wireless LAN Profile Name........................ Guest_Test Hotspot (802.11u)................................ Not Supported BSSID............................................ 5c:83:8f:9f:1b:93 Connected For ................................... 97 secs Channel.......................................... 1 IP Address....................................... 172.17.0.10 Gateway Address.................................. Unknown Netmask.......................................... Unknown Association Id................................... 169 Authentication Algorithm......................... Open System Reason Code...................................... 1 Status Code...................................... 0 Session Timeout.................................. 1800 Client CCX version............................... No CCX support QoS Level........................................ Silver Avg data Rate.................................... 0 Burst data Rate.................................. 0 Avg Real time data Rate.......................... 0 Burst Real Time data Rate........................ 0 802.1P Priority Tag.............................. disabled CTS Security Group Tag........................... Not Applicable KTS CAC Capability............................... No Qos Map Capability............................... No WMM Support...................................... Enabled APSD ACs....................................... BK BE VI VO Current Rate..................................... m12 Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0, ............................................. 12.0,18.0,24.0,36.0,48.0, ............................................. 54.0 Mobility State................................... Local Mobility Move Count.............................. 0 Security Policy Completed........................ No Policy Manager State............................. WEBAUTH_REQD AAA Override ACL Name............................ Pre-Auth-For-WebRedirect AAA Override ACL Applied Status.................. Yes AAA Override Flex ACL Name....................... none AAA Override Flex ACL Applied Status............. Unavailable AAA URL redirect................................. http://10.1.254.126/Cisco::WLC/sid189bef Audit Session ID................................. 0a0105320000bdd258e5e518 AAA Role Type.................................... none Local Policy Applied............................. none IPv4 ACL Name.................................... none FlexConnect ACL Applied Status................... Unavailable IPv4 ACL Applied Status.......................... Unavailable IPv6 ACL Name.................................... none IPv6 ACL Applied Status.......................... Unavailable Layer2 ACL Name.................................. none Layer2 ACL Applied Status........................ Unavailable mDNS Status...................................... Enabled mDNS Profile Name................................ default-mdns-profile No. of mDNS Services Advertised.................. 0 Policy Type...................................... N/A Encryption Cipher................................ None Protected Management Frame ...................... No Management Frame Protection...................... No EAP Type......................................... Unknown Interface........................................ guest VLAN............................................. 51 Quarantine VLAN.................................. 0 Access VLAN...................................... 51 Local Bridging VLAN.............................. 51 Client Capabilities: CF Pollable................................ Not implemented CF Poll Request............................ Not implemented Short Preamble............................. Implemented PBCC....................................... Not implemented Channel Agility............................ Not implemented Listen Interval............................ 20 Fast BSS Transition........................ Not implemented 11v BSS Transition......................... Not implemented Client Wifi Direct Capabilities: WFD capable................................ No Manged WFD capable......................... No Cross Connection Capable................... No Support Concurrent Operation............... No Fast BSS Transition Details: Client Statistics: Number of Bytes Received................... 14034 Number of Bytes Sent....................... 9976 Total Number of Bytes Sent................. 9976 Total Number of Bytes Recv................. 14034 Number of Bytes Sent (last 90s)............ 2256 Number of Bytes Recv (last 90s)............ 4646 Number of Packets Received................. 145 Number of Packets Sent..................... 71 Number of Interim-Update Sent.............. 0 Number of EAP Id Request Msg Timeouts...... 0 Number of EAP Id Request Msg Failures...... 0 Number of EAP Request Msg Timeouts......... 0 Number of EAP Request Msg Failures......... 0 Number of EAP Key Msg Timeouts............. 0 Number of EAP Key Msg Failures............. 0 Number of Data Retries..................... 119 Number of RTS Retries...................... 0 Number of Duplicate Received Packets....... 44 Number of Decrypt Failed Packets........... 0 Number of Mic Failured Packets............. 0 Number of Mic Missing Packets.............. 0 Number of RA Packets Dropped............... 0 Number of Policy Errors.................... 0 Radio Signal Strength Indicator............ -66 dBm Signal to Noise Ratio...................... 22 dB Client Rate Limiting Statistics: Number of Data Packets Received............ 0 Number of Data Rx Packets Dropped.......... 0 Number of Data Bytes Received.............. 0 Number of Data Rx Bytes Dropped............ 0 Number of Realtime Packets Received........ 0 Number of Realtime Rx Packets Dropped...... 0 Number of Realtime Bytes Received.......... 0 Number of Realtime Rx Bytes Dropped........ 0 Number of Data Packets Sent................ 0 Number of Data Tx Packets Dropped.......... 0 Number of Data Bytes Sent.................. 0 Number of Data Tx Bytes Dropped............ 0 Number of Realtime Packets Sent............ 0 Number of Realtime Tx Packets Dropped...... 0 Number of Realtime Bytes Sent.............. 0 Number of Realtime Tx Bytes Dropped........ 0 Nearby AP Statistics: Tech_TestAP(slot 0) antenna0: 7 secs ago..................... -63 dBm antenna1: 7 secs ago..................... -70 dBm Tech_TestAP(slot 1) antenna0: 7 secs ago..................... -76 dBm antenna1: 7 secs ago..................... -74 dBm QD-G5-2702-4F-B3(slot 0) antenna0: 7 secs ago..................... -83 dBm antenna1: 7 secs ago..................... -82 dBm QD-G5-2702-4F-B3(slot 1) antenna0: 7 secs ago..................... -95 dBm antenna1: 7 secs ago..................... -91 dBm DNS Server details: DNS server IP ............................. 0.0.0.0 DNS server IP ............................. 0.0.0. [10.1.5.50] deauthMethod=RADIUS description=QD-G5-2504-1 type=Cisco::WLC_2500 SNMPCommunityRead=xxxx registrationVlan=51 SNMPCommunityWrite=xxxx isolationVlan=52 radiusSecret=xxxxx SNMPVersion=2c defaultVlan=51 coaPort=1700 RoleMap=Y registrationUrl=http://10.1.254.126/Cisco::WLC UrlMap=Y guestVlan=51 RSPEmployeeVlan=51 defaultRole=Authorize_any registrationRole=Pre-Auth-For-WebRedirect controllerIp=10.1.5.50 ExternalPortalEnforcement=Y VlanMap=N mode=production [172.17.0.0] dns=172.17.254.254 dhcp_start=172.17.0.10 gateway=172.17.254.254 domain-name=vlan-registration.resourcepro0.resourcepro.com nat_enabled=disabled named=enabled dhcp_max_lease_time=30 fake_mac_enabled=disabled dhcpd=enabled dhcp_end=172.17.255.246 type=vlan-registration netmask=255.255.0.0 dhcp_default_lease_time=30 [172.18.0.0] dns=172.18.254.254 dhcp_start=172.18.0.10 gateway=172.18.254.254 domain-name=vlan-isolation.resourcepro0.resourcepro.com nat_enabled=disabled named=enabled dhcp_max_lease_time=30 fake_mac_enabled=disabled dhcpd=disabled dhcp_end=172.18.255.246 type=vlan-isolation netmask=255.255.0.0 dhcp_default_lease_time=30 --- Helen
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
