RADIUS/Policy/NetLogin mappings are not persistent.
Actions when RADIUS is enabled::
- Policy maptable may be configured to use policy, tunnel, or both.
- RADIUS may return a policy name, a VLAN, and possibly an Network Service
Identifier (NSI) mapping.If RADIUS returns a VLAN/NSI mapping:
- Policy is not enabled: policy does not install an NSI mapping.
- Policy is enabled: the
mapping is installed if the following conditions are met.
- Policy must be configured to make use of the RADIUS
(RFC3580) VLAN, meaning:
- The Policy maptable response must be set to “tunnel” or “both”.
- If the response is set to “policy” (the default), the VLAN/NSI is not used.
- Vlanauthorization must be enabled.
- The VLAN and NSI must both be specified for the NSI to be used (see Defining VLAN/NSI Mappings with RADIUS Standards Attributes or VSAs).
- The authentication response is an initial authentication for the given user or a re-authentication of an existing user with a mapping that differs from the existing mapping.
- Policy must be configured to make use of the RADIUS (RFC3580) VLAN, meaning: