RADIUS/Policy/NetLogin
RADIUS/Policy/NetLogin mappings are not persistent.
Actions when RADIUS is enabled::
- Policy maptable may be configured to use policy, tunnel, or both.
- RADIUS may return a policy name, a VLAN, and possibly an Network Service
Identifier (NSI) mapping.
If RADIUS returns a VLAN/NSI mapping:
- Policy is not enabled:
policy does not install an NSI mapping.
- Policy is enabled: the
mapping is installed if the following conditions are met.
- Policy must be configured to make use of the RADIUS
(RFC3580) VLAN, meaning:
- The Policy maptable response must be set to “tunnel”
or “both”.
- If the response is set to “policy” (the default), the
VLAN/NSI is not used.
- The VLAN and NSI must both be specified for the NSI to be
used (see Defining VLAN/NSI Mappings with RADIUS Standards Attributes or VSAs).
- The authentication response is an initial authentication
for the given user or a re-authentication of an existing user with a mapping
that differs from the existing mapping.