Set Location Policy - 3Com WX4400 Command Reference Manual

248 C 8: AAA C
HAPTER

set location policy

OMMANDS
display aaa on page 223
set authentication admin on page 233
set authentication console on page 235
set authentication dot1x on page 237
set authentication last-resort on page 240
Creates and enables a location policy on an WX switch. The location
policy enables you to locally set or change authorization attributes for a
user after the user is authorized by AAA, without making changes to the
AAA server.
Syntax —
set location policy deny if {ssid operator ssid-name
| vlan operator vlan-glob | user operator user-glob | port
port-list | dap dap-num} [before rule-number | modify
rule-number ]
Syntax —
set location policy permit
{vlan vlan-name | inacl inacl-name | outacl outacl-name}
if {ssid operator ssid-name | vlan operator
operator user-glob | port port-list | dap dap-num}
[before rule-number | modify rule-number]
deny — Denies access to the network to users with characteristics that
match the location policy rule.
permit — Allows access to the network or to a specified VLAN,
and/or assigns a particular security ACL to users with characteristics
that match the location policy rule.
Action options
assigned to the user to the values specified by the following options:
vlan vlan-name
characteristics that match the location policy rule.
inacl inacl-name
packets sent to the WX switch with characteristics that match the
location policy rule.
Optionally, you can add the suffix .in to the name.
outacl outacl-name
packets sent from the WX switch with characteristics that match the
location policy rule.
— For a permit rule, MSS changes the attributes
— Name of an existing VLAN to assign to users with
— Name of an existing security ACL to apply to
— Name of an existing security ACL to apply to
vlan-glob | user