Setting The Location Policy - 3Com WX1200 3CRWX120695A Configuration Manual

Setting the Location
Policy
Overriding or Adding Attributes Locally with a Location Policy
To enable the location policy function on a WX switch, you must create at
least one location policy rule with one of the following commands:
set location policy deny if
{ssid operator ssid-name | vlan operator vlan-glob | user
operator user-glob | port port-list | dap dap-num} [before
rule-number | modify rule-number]
set location policy permit
{vlan vlan-name | inacl inacl-name | outacl outacl-name}
if {ssid operator ssid-name | vlan operator vlan-glob | user
operator user-glob | port port-list | dap dap-num}
[before rule-number | modify rule-number]
Asterisks (wildcards) are not supported in SSID names. You must specify
the complete SSID name.
You must specify whether to permit or deny access, and you must
identify a VLAN, username, or access port to match. Use one of the
following operators to specify how the rule must match the VLAN or
username:
eq — Applies the location policy rule to all users assigned VLAN
names matching vlan-glob or having usernames that match user-glob.
(Like a user glob, a VLAN glob is a way to group VLANs for use in this
command. For more information, see "VLAN Globs" on page 31.)
neq — Applies the location policy rule to all users assigned VLAN
names not matching vlan-glob or having usernames that do not
match user-glob.
For example, the following command denies network access to all users
matching *.theirfirm.com, causing them to fail authorization:
WX1200# set location policy deny if user eq *.theirfirm.com
The following command authorizes access to the guest_1 VLAN for all
users who do not match *.ourfirm.com:
WX1200# set location policy permit vlan guest_1 if user neq
*.ourfirm.com
501