Implementing Policy

To implement policy:

1. Identify the roles of users and devices in your organization that access the network.
2. Create a policy role for each identified user role (see Policy Roles and Configuring Policy Roles and Related Functionality).
3. Associate classification rules and administrative profiles with each policy role (see Classification Rules and Configuring Classification Rules as an Administrative Profile or to Assign Policy Rules to a Policy Role).
4. Optionally, configure a class of service and associate it directly with the policy role or through a classification rule (see Assigning a Class of Service to Policy Role, Classification Rules, and Configuring Policy Roles and Related Functionality).
5. Optionally, enable hybrid authentication, which allows RADIUS filter-ID and tunnel attributes to be used to dynamically assign policy roles and VLANs to authenticating users (see Applying Policy Using Hybrid Authentication Mode).
6. Optionally, set device response to invalid policy (see Device Response to Invalid Policy).
7. Optionally, set captive portal to use HTTP redirection to force a client‘s web browser to be redirected to a particular administrative web page for authentication purposes (user login and password), payment (for example, at an airport hotspot), or use-policy enforcement (installing necessary software, agreeing to terms of service (TOS), etc.) (see Captive Portal Redirection and Setting Up Captive Portal Redirection).