Applying Policy Using Hybrid Authentication Mode
- Applies the VLAN tunnel attributes if they exist and the filter-ID attribute does not exist
- Applies the filter-ID attribute if it exists and the VLAN tunnel attributes do not exist
- Applies both the filter-ID and the VLAN tunnel attributes if all
attributes exist If all attributes exist, the following rules apply:
- The policy role will be enforced, with the exception that any port PVID specified in the role will be replaced with the VLAN tunnel attributes
- The policy map is ignored because the policy role is explicitly assigned
- VLAN classification rules are assigned as defined by the policy role
vlanauthorization must be enabled or the VLAN tunnel attributes are ignored and the default VLAN is used.
Hybrid Mode support eliminates the dependency of VLAN assignment based on roles. As a result, VLANs can be assigned via the tunnel-private-group-ID, as defined per RFC3580, while assigning roles via the filter-ID. This separation gives administrators more flexibility to segment their networks for efficiency beyond the role limits.