Security

Check Wired Policy Enforcement document and Security Guide for your switch model. All info is there.

Best, Gorazd

as mentioned, there are a number of roles that you can use. here you can find a short technote on it and how to configure it.

- Critical role
- Auth role
- Reject role
- Fallback role
- Pre-authentication role

Check Wired Policy Enforcement document and Security Guide for your switch model. All info is there.

Best, Gorazd

Check Wired Policy Enforcement document and Security Guide for your switch model. All info is there.

Best, Gorazd

Hi Gorzad 

thanks , but its AOS and i didnt fined what i asking 

CX switches itself does not have built-in captive portal capabilities. You need to use external captive portal. 

You define a role with redirect to external captive portal. 

Not a real working example, but just to show the princip:

aaa authentication port-access captive-portal-profile splash-page
  url http://webserver/splash-page-to-display

port-access role captive-portal
    associate captive-portal-profile splash-page

Best, Gorazd

Hi Gorzad 

thanks , but its AOS and i didnt fined what i asking 

Check Wired Policy Enforcement document and Security Guide for your switch model. All info is there.

Best, Gorazd

Hi i try this , i associate to fallback vlan and after the user get the vlan 

there is no any redirect or anything .... for testing i try to add web pages and google dns only for the testing 

to see if i get redirect to.. any its noy working , i dont understand what is wrong . 

config:

aaa authentication port-access captive-portal-profile test     
    url http://www.msftconnecttest.com/redirect  

port-access role fallback01                                    
    associate captive-portal-profile test                      
    auth-mode client-mode  

interface 1/1/1
    no shutdown
    vlan access 1
    port-access fallback-role fallback01
    aaa authentication port-access dot1x authenticator
        enable                                             

CX switches itself does not have built-in captive portal capabilities. You need to use external captive portal. 

You define a role with redirect to external captive portal. 

Not a real working example, but just to show the princip:

aaa authentication port-access captive-portal-profile splash-page
  url http://webserver/splash-page-to-display

port-access role captive-portal
    associate captive-portal-profile splash-page

Best, Gorazd

Hi Gorzad 

thanks , but its AOS and i didnt fined what i asking 

Hi.

You should treat this redirect as captive portal. Allow access to dns, dhcp and portal page itself. 

If you would like to have full network access and redirect, it won't work.

Best, Gorazd

Hi i try this , i associate to fallback vlan and after the user get the vlan 

there is no any redirect or anything .... for testing i try to add web pages and google dns only for the testing 

to see if i get redirect to.. any its noy working , i dont understand what is wrong . 

config:

aaa authentication port-access captive-portal-profile test     
    url http://www.msftconnecttest.com/redirect  

port-access role fallback01                                    
    associate captive-portal-profile test                      
    auth-mode client-mode  

interface 1/1/1
    no shutdown
    vlan access 1
    port-access fallback-role fallback01
    aaa authentication port-access dot1x authenticator
        enable                                             

CX switches itself does not have built-in captive portal capabilities. You need to use external captive portal. 

You define a role with redirect to external captive portal. 

Not a real working example, but just to show the princip:

aaa authentication port-access captive-portal-profile splash-page
  url http://webserver/splash-page-to-display

port-access role captive-portal
    associate captive-portal-profile splash-page

Best, Gorazd

Hi Gorzad 

thanks , but its AOS and i didnt fined what i asking 

Check Wired Policy Enforcement document and Security Guide for your switch model. All info is there.

Best, Gorazd

thanks.

can it work in fallback vlan role ?

if yes can you attached config example?

Hi.

You should treat this redirect as captive portal. Allow access to dns, dhcp and portal page itself. 

If you would like to have full network access and redirect, it won't work.

Best, Gorazd

Hi i try this , i associate to fallback vlan and after the user get the vlan 

there is no any redirect or anything .... for testing i try to add web pages and google dns only for the testing 

to see if i get redirect to.. any its noy working , i dont understand what is wrong . 

config:

aaa authentication port-access captive-portal-profile test     
    url http://www.msftconnecttest.com/redirect  

port-access role fallback01                                    
    associate captive-portal-profile test                      
    auth-mode client-mode  

interface 1/1/1
    no shutdown
    vlan access 1
    port-access fallback-role fallback01
    aaa authentication port-access dot1x authenticator
        enable                                             

CX switches itself does not have built-in captive portal capabilities. You need to use external captive portal. 

You define a role with redirect to external captive portal. 

Not a real working example, but just to show the princip:

aaa authentication port-access captive-portal-profile splash-page
  url http://webserver/splash-page-to-display

port-access role captive-portal
    associate captive-portal-profile splash-page

Best, Gorazd

Hi Gorzad 

thanks , but its AOS and i didnt fined what i asking 

It should work in fallback role..

I currently have no working example available. You should check Policy Wired Enforcement Guide for details on redirect roles.

Best, Gorazd 

thanks.

can it work in fallback vlan role ?

if yes can you attached config example?

Hi.

You should treat this redirect as captive portal. Allow access to dns, dhcp and portal page itself. 

If you would like to have full network access and redirect, it won't work.

Best, Gorazd

Hi i try this , i associate to fallback vlan and after the user get the vlan 

there is no any redirect or anything .... for testing i try to add web pages and google dns only for the testing 

to see if i get redirect to.. any its noy working , i dont understand what is wrong . 

config:

aaa authentication port-access captive-portal-profile test     
    url http://www.msftconnecttest.com/redirect  

port-access role fallback01                                    
    associate captive-portal-profile test                      
    auth-mode client-mode  

interface 1/1/1
    no shutdown
    vlan access 1
    port-access fallback-role fallback01
    aaa authentication port-access dot1x authenticator
        enable                                             

CX switches itself does not have built-in captive portal capabilities. You need to use external captive portal. 

You define a role with redirect to external captive portal. 

Not a real working example, but just to show the princip:

aaa authentication port-access captive-portal-profile splash-page
  url http://webserver/splash-page-to-display

port-access role captive-portal
    associate captive-portal-profile splash-page

Best, Gorazd

Hi Gorzad 

thanks , but its AOS and i didnt fined what i asking 

Check Wired Policy Enforcement document and Security Guide for your switch model. All info is there.

Best, Gorazd

thanks i will try .

can i redirect to central guest page url ? 

It should work in fallback role..

I currently have no working example available. You should check Policy Wired Enforcement Guide for details on redirect roles.

Best, Gorazd 

thanks.

can it work in fallback vlan role ?

if yes can you attached config example?

Hi.

You should treat this redirect as captive portal. Allow access to dns, dhcp and portal page itself. 

If you would like to have full network access and redirect, it won't work.

Best, Gorazd

Hi i try this , i associate to fallback vlan and after the user get the vlan 

there is no any redirect or anything .... for testing i try to add web pages and google dns only for the testing 

to see if i get redirect to.. any its noy working , i dont understand what is wrong . 

config:

aaa authentication port-access captive-portal-profile test     
    url http://www.msftconnecttest.com/redirect  

port-access role fallback01                                    
    associate captive-portal-profile test                      
    auth-mode client-mode  

interface 1/1/1
    no shutdown
    vlan access 1
    port-access fallback-role fallback01
    aaa authentication port-access dot1x authenticator
        enable                                             

CX switches itself does not have built-in captive portal capabilities. You need to use external captive portal. 

You define a role with redirect to external captive portal. 

Not a real working example, but just to show the princip:

aaa authentication port-access captive-portal-profile splash-page
  url http://webserver/splash-page-to-display

port-access role captive-portal
    associate captive-portal-profile splash-page

Best, Gorazd

Hi Gorzad 

thanks , but its AOS and i didnt fined what i asking 

thanks i will try .

can i redirect to central guest page url ? 

It should work in fallback role..

I currently have no working example available. You should check Policy Wired Enforcement Guide for details on redirect roles.

Best, Gorazd 

thanks.

can it work in fallback vlan role ?

if yes can you attached config example?

Hi.

You should treat this redirect as captive portal. Allow access to dns, dhcp and portal page itself. 

If you would like to have full network access and redirect, it won't work.

Best, Gorazd

Hi i try this , i associate to fallback vlan and after the user get the vlan 

there is no any redirect or anything .... for testing i try to add web pages and google dns only for the testing 

to see if i get redirect to.. any its noy working , i dont understand what is wrong . 

config:

aaa authentication port-access captive-portal-profile test     
    url http://www.msftconnecttest.com/redirect  

port-access role fallback01                                    
    associate captive-portal-profile test                      
    auth-mode client-mode  

interface 1/1/1
    no shutdown
    vlan access 1
    port-access fallback-role fallback01
    aaa authentication port-access dot1x authenticator
        enable                                             

CX switches itself does not have built-in captive portal capabilities. You need to use external captive portal. 

You define a role with redirect to external captive portal. 

Not a real working example, but just to show the princip:

aaa authentication port-access captive-portal-profile splash-page
  url http://webserver/splash-page-to-display

port-access role captive-portal
    associate captive-portal-profile splash-page

Best, Gorazd

Hi Gorzad 

thanks , but its AOS and i didnt fined what i asking