Cisco Cisco Wireless Services Module 2 (WiSM2) 기술 매뉴얼
WLC Configuration
The WLC configuration is fairly straightforward. A "trick? is used (same as on switches) to obtain the
dynamic authentication URL from the ISE. (Since it uses CoA, a session needs to be created as the session ID
is part of the URL.) The SSID is configured to use MAC filtering, and the ISE is configured to return an
Access−Accept message even if the MAC address is not found so that it sends the redirection URL for all
users.
dynamic authentication URL from the ISE. (Since it uses CoA, a session needs to be created as the session ID
is part of the URL.) The SSID is configured to use MAC filtering, and the ISE is configured to return an
Access−Accept message even if the MAC address is not found so that it sends the redirection URL for all
users.
In addition, RADIUS Network Admission Control (NAC) and AAA Override must be enabled. The RADIUS
NAC allows the ISE to send a CoA request that indicates the user is now authenticated and is able to access
the network. It is also used for posture assessment in which the ISE changes the user profile based on posture
result.
NAC allows the ISE to send a CoA request that indicates the user is now authenticated and is able to access
the network. It is also used for posture assessment in which the ISE changes the user profile based on posture
result.
Ensure that the RADIUS server has RFC3576 (CoA) enabled, which is the default.
1.
Create a new WLAN. This example creates a new WLAN named CWAFlex and assigns it to vlan33.
(Note that it will not have much effect since the access point is in local switching mode.)
(Note that it will not have much effect since the access point is in local switching mode.)
2.