we configured web authentication, and force web redirect in domain, but after getting ip address from pre-authentication domain, we input a certain URL in IE, the expected portal web-page did not occured..
After Analyzing one by one, we found that we have already configured web-server, and user-group can only access web-portal, also we apply the traffic-policy in system view, and we have default route to uplinks. See below:
acl number 6000
rule 5 permit ip source user-group pretest destination ip-address 192.168.200.200 0.0.0.0
rule 10 permit ip source ip-address 192.168.200.200 0.0.0.0destination user-group pretest
acl number 6001
rule 5 permit ip source user-group pretest
rule 10 permit ip source ip-address any destination user-group pretest
traffic classifier predeny operator or
if-match acl 6001
traffic classifier prepermit operator or
if-match acl 6000
traffic behavior permit
traffic behavior deny
traffic policy pretest
classifier prepermit behavior permit
classifier predeny behavior deny
traffic-policy pretest inbound
traffic-policy pretest outbound
web-server url http://192.168.200.200/portal/default.portal
in Hiden view, we also see that web item is correct:
[PTT-BRAS-hidecmd]disp cm item cid 9
Cid :9 LLCID:-1 SlotCid:1/9
Port :0/3 Vlan :0/0 PVC:0/0(VCD:0 Encap:2)
State :UP/BUTT WaitMsg:UNKNOWN TimeoutMsg:UNKNOWN
IpAddr :192.168.50.253/32 OldIp :255.255.255.255 GateWay :192.168.50.1/24
Actual :192.168.50.253 NextHop:255.255.255.255 GreIndex:65535
UserMac:0012-3f11-3657 PeerMac:ffff-ffff-ffff NextHopMac:ffff-ffff-ffff
Web :192.168.200.200 Portal :255.255.255.255 WebAuth :255.255.255.255/255
Dhcp :192.168.50.1 Dns1 :0.0.0.0 Dns2 :0.0.0.0
IfPadm :0 NBNSIP1:0.0.0.0 NBNSIP2 :0.0.0.0
But why still can not work? after we analyzed, we found that for http connection, it needs three handshaking. that means first of all subscriber make connection to destination, and destination ip reply HTTP ACK. but in the acl , we deny all ip except portal server 192.168.200.200. after we delete rule 10 in acl 6001, problem is solved.
Reasons which maybe cause the problem:
1. Not configure web-server and web-server url in domain.
2. Not limite the user-group in traffic-policy.
3. Not apply the traffic policy in system view or interface view.
4. No route to destination ip address.
5. URL can not redirect because of deny the source IP address(URL address) in traffic policy.