Do Route-Maps Need to be Configured on All Routers in the Datapath to Redirect Traffic to a Content Filter or the Default Portal in NAC
Does PBR need to be configured on all routers in a NAC network design?
Layer three redirect
WebSense (Network Filter Server)
All routers handling traffic from clients needing to be registered before accessing network resources - (client internet access for example) will need to be configured with PBR.
PBR configuration changes the router's logic used in the choice of a next-hop, not the IP address in the packet. PBR operation for NAC redirect is normally limited to preempting a routing table based ('normal') next hop decision.
Specifically: To which next hop mac address should this router forward client traffic as it forwards toward the registration portal or content filter.
The next hop router will need to make the same evaluation upon receipt of the client traffic to forward the packet another hop closer toward the portal or content filter.