Comware Based
1748104 Members
4465 Online
108758 Solutions
New Discussion юеВ

Re: How to make redirection work for HP5130 switch

 
Dinesh4
Occasional Advisor

How to make redirection work for HP5130 switch

Hi Experts,

We are in the middle of deploying Cisco's NAC solution in our wired environment. There is use-case where in of a user does not have a posture module, then that user would be redicrected NAC solution to download the module, and then will be postured and allowed further network access.

Now what is happening is that, we are not able to get the redirection to work with the HP5130 model of switches. Even when we can see that NAC is sending the redirection URL, but the switch is somehow not able to interpret and apply it for the connected use session.

While I was looking for some documentation, there was this one documentation that talks about integrating 5130 with Clearpass, where we need to have these two additional attributes, attributes #210, H3C-AVPair and attribute #250, H3C-Web-URL.

When I use any one of these attributes, I do not see any URL being pushed from the NAC, but if I use attribute HPE-Captive-Portal-URL, I see that the URL is being pushed fine, but the switch is not able intepret it.

So has anyone got this working earlier?
Is redirection supported for those model of switches?

Attached are screenshots where you can see what URL are being pushed.

Any pointers are much appreciated!

2 REPLIES 2
Dinesh4
Occasional Advisor

Re: How to make redirection work for HP5130 switch

I was able to push the redirection URL on the switch, by making a change on the attribute. Now this is how I see the URL, when I run, display dot1x connection:
URL redirect.jpg

But, now when the user tries to browse something from the browser, he is not given this URL, instead, there is just a black page that is sitting there.

Am I missing out on any other configuration on switch, that will make this work?
Also, I am using this simple ACL to test out this use case:
 3000 ACL.jpg

Any pointers are much appreiciated... 

AA666
Occasional Advisor

Re: How to make redirection work for HP5130 switch

Hi Dinesh,

I am not an HPE expert, but anyway...

Do you have a Guest VLAN configured for dot1x for this port and

DNS server and your Authorization URL are accessible from this Guest VLAN from this port?

And from your 1st screen ACL 3003 is used for Auth, but you shown ACL 3000 instead.

Regards