RADIUS/Policy/NetLogin

RADIUS/Policy/NetLogin mappings are not persistent.

Actions when RADIUS is enabled::

Policy maptable may be configured to use policy, tunnel, or both.
RADIUS may return a policy name, a VLAN, and possibly an Network Service Identifier (NSI) mapping.
If RADIUS returns a VLAN/NSI mapping:
- Policy is not enabled: policy does not install an NSI mapping.
- Policy is enabled: the mapping is installed if the following conditions are met.
  - Policy must be configured to make use of the RADIUS (RFC3580) VLAN, meaning:
    - The Policy maptable response must be set to “tunnel” or “both”.
    - If the response is set to “policy” (the default), the VLAN/NSI is not used.
    - Vlanauthorization must be enabled.
  - The VLAN and NSI must both be specified for the NSI to be used (see Defining VLAN/NSI Mappings with RADIUS Standards Attributes or VSAs).
  - The authentication response is an initial authentication for the given user or a re-authentication of an existing user with a mapping that differs from the existing mapping.

9039153-00 Rev AA