Configure a portal redirect web-server.
Syntax
Syntax
[no]
portal free-rule [
rule-number
] vlan [VLAN-ID
] destination <<
>ip-address
> | mask <mask-length
> | any tcp <des-tcp-port
> | udp <des-udp-port
> | source <ip-address
> | mask <mask-length
> | any tcp <src-tcp-port
> |udp <src-udp-port
>
Term Meaning portal Configure the BYOD-redirect feature. free-rule Configure a BYOD-free rule. rule-number Free rule number as an INTEGER<1-6>. vlan Free rule source VLAN ID. VLAN-ID VLAN identifier or VLAN name. destination Free rule destination. ip-address IP address mask Mask mask-length Mask length. tcp TCP protocol udp UDP Protocol des-udp-port tcp port destination source Free rule source. <src/des-tcp/udp-port> TCP or UDP port number, as an integer<1-65534>. any Free rule source any. ip Free rule source IP. IP Free rule destination IP. any Free rule source or destination any.
BYOD enables employees to register and access corporate resources with personally-owned devices. Though BYOD provides flexibility to employees, it can bring challenges to IT departments. BYOD-redirect is designed to help manage and control personal devices and policies at the enterprise network level.
Before implementing BYOD-redirect ensure that:
|
|
NOTE: Until the registration process has been completed, a client device cannot access the internet or the enterprise network. Any traffic from this unauthorized device is redirected to the BYOD server. |
|
|
The following examples show how to implement BYOD-redirect for both wired and wireless solutions.
BYOD configuration on a distribution switch
To facilitate the BYOD-redirect function, complete the following tasks on the distribution switch:
-
Configure DNS and make FQDN solution successful:
ip dns server-address priority 1 <
DNS-server-IP>.
NOTE: The argument to the URL can be an FQDN or IP address. If you use the IP address as an argument, this step is not necessary.
-
Configure BYOD web-server URL: portal web-server "byod" url http://imc.com:8080/byod.
-
Enable BYOD-redirect on a VLAN: vlan 101 portal web-server "byod."
-
Configure BYOD-redirect free-rules on the on-boarding VLAN 101 to permit client traffic transit through DNS and DHCP servers using the following commands.
To permit DNS traffic to/from a DNS server to a client through on-boarding VLAN:
To permit DHCP traffic to/from DHCP server to client through on-boarding VLAN:
-
Register device in IMC on the on-boarding VLAN. When registration is successful, client traffic is placed into different VLAN (guest/corporate) configurations.
Client authentication configuration on edge switch
Enable MAC authentication on edge switch port 1-2 using the following commands:
Wired and wireless components configured in a network topology
Access Type | Edge Switch | Distribution Switch | Configuration ProcedureNote |
---|---|---|---|
Wired Access | HP 2530 switch | HP 5400 switch |
|
Wireless Access |
|
Wired clients solution
Access Type | Edge Switch | Distribution Switch | Configuration Procedure |
---|---|---|---|
Wired Access |
HP 2530 switch |
HP 3800 switch |
|
Configuration and access for wired clients on an edge switch
Access Type |
Edge Switch |
Distribution Switch |
Configuration Procedure |
---|---|---|---|
Wired Access | HP 3500 switch | N/A |
|
Display all BYOD servers and their attributes or specify a BYOD web-server-name to display its details.
Syntax
Term Meaning portal Display BYOD server details.. web-server Specify the BYOD web-server. web-server name Enter BYOD web-server name in ASCII. Sample output
Portal Server: 1)imc: Resolved IP : 15.146.197.224 VPN Instance : n/a URL : http://15.146.197.224:80/byod VLAN : 101 DNS Cache Status : 20 seconds
Show redirect statistics of a BYOD.