Cisco Cisco 2504 Wireless Controller 문제 해결 가이드

Refer to Cisco Technical Tips Conventions for more information on document conventions.

This setting enables the WLC to look for the URL redirection AV−Pairs coming from the ISE RADIUS
server. This is only on a WLAN that is tied to an interface with the RADIUS NAC setting enabled. When the
Cisco AV−Pair for URL Redirection is received, the client is put into the POSTURE_REQD state. This is
basically the same as the WEBAUTH_REQD state internally in the controller.

When the ISE RADIUS server deems the Client is Posture_Compliant, it issues a CoA ReAuth. The
Session_ID is used to tie it together. With this new AuthC (re−Auth) it does not send the URL−Redirec
AV−Pairs. Because there are no URL Redirect AV−Pairs, the WLC knows the client does not require Posture
any longer.

If the RADIUS NAC setting is not enabled, the WLC ignores the URL Redirect VSAs.

CoA−ReAuth: This is enabled with the RFC 3576 Setting. ReAuth capability was added to the existing CoA
commands that were supported previously.

The RADIUS NAC setting is mutually exclusive from this capability, although it is required for the CoA to
work.

Pre−Posture ACL: When a client is in POSTURE_REQ state, the default behavior of the WLC is to block all
traffic except DHCP/DNS. The Pre−Posture ACL (which it is called in the url−redirect−acl AV−Pair) is
applied to the client, and what is permitted in that ACL is what the client can reach.