Implementing Policy
To implement policy:
- Identify the roles of users and devices in your organization that access the network.
- Create a policy role for each identified user role (see Policy Roles and Configuring Policy Roles and Related Functionality).
- Associate classification rules and administrative profiles with each policy role (see Classification Rules and Configuring Classification Rules as an Administrative Profile or to Assign Policy Rules to a Policy Role).
- Optionally, configure a class of service and associate it directly with the policy role or through a classification rule (see Assigning a Class of Service to Policy Role, Classification Rules, and Configuring Policy Roles and Related Functionality).
- Optionally, enable hybrid authentication, which allows RADIUS filter-ID and tunnel attributes to be used to dynamically assign policy roles and VLANs to authenticating users (see Applying Policy Using Hybrid Authentication Mode).
- Optionally, set device response to invalid policy (see Device Response to Invalid Policy).
- Optionally, set captive portal to use HTTP redirection to force a client‘s web browser to be redirected to a particular administrative web page for authentication purposes (user login and password), payment (for example, at an airport hotspot), or use-policy enforcement (installing necessary software, agreeing to terms of service (TOS), etc.) (see Captive Portal Redirection and Setting Up Captive Portal Redirection).