Reset Search
 

 

Article

Issues with NAC redirect for external guest portal, log in page not displayed to the user.

« Go Back

Information

 
TitleIssues with NAC redirect for external guest portal, log in page not displayed to the user.
Symptoms
  • External Captive Portal not redirecting client traffic
  • URL redirect to NAC failing
  • Tcpdump on the controllers L3 topology shows packets for the failing client making it to the controller but not to NAC
Environment
  • IdentiFi Wireless
  • Firmware All
  • NAC
  • Software All
  • ECP
Cause
NAC Setting: 
Login-Lat-Port was configured for a 1 (authenticated user)

Should have been Login-Lat-Port configured for a 0 (unauthenticated user)
Resolution
The controller needs to have the user in an unauthenticated state in order for External Captive Portal to work. For all Unregistered Roles, Login-Lat-Port should be a 0 in the RADIUS accept packet. The controllers client reports will show this as a gray lock that is unlocked. If the lock is locked and green next to the suspect user with an unauthenticated role, it means NAC returned back the Login-Lat-Port=1 at which time External Captive Portal will fail.

Steps:
  1. Go to the NAC Rules Engine
  2. Select Accept Policy:Unregistered, the Edit Policy Mapping will pop up
  3. Change Login-LAT-Port to a 0
  4. Save and enforce the change
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255