D-Link DWS-1008 Cli Reference Manual page 145
8 port 10/100 wireless switch with power over ethernet
Hide thumbs
Also See for DWS-1008:
- Cli reference manual (531 pages) ,
- Product manual (502 pages) ,
- User manual (454 pages)
Table of Contents
Advertisement
DWS-1008 CLI Reference Guide
set location policy (continued)
Usage: Only a single location policy is allowed per DWS-1008 switch. Once configured, the
location policy becomes effective immediately. To disable location policy operation,
use the clear location policy command.
Conditions within a rule are ANDed. All conditions in the rule must match in order for MSS
to take the specified action. If the location policy contains multiple rules, MSS compares
the user information to the rules one at a time, in the order the rules appear in the switch's
configuration file, beginning with the rule at the top of the list. MSS continues comparing until
a user matches all conditions in a rule or until there are no more rules.
The order of rules in the location policy is important to ensure users are properly granted
or denied access. To position rules within the location policy, use before rule-number and
modify rule-number in the set location policy command, and the clear location policy
rule-number command.
When applying security ACLs:
• Use inacl inacl-name to filter traffic that enters the switch from users via a
DWL-8220AP access port or wired authentication port, or from the network via
• Use outacl outacl-name to filter traffic sent from the switch to users via a
DWL-8220AP access port or wired authentication port, or from the network via
a network port.
• You can optionally add the suffixes .in and .out to inacl-name and outacl-name
so that they match the names of security ACLs stored in the local database.
Examples: The following command denies network access to all users at *.theirfirm.com,
DWS-1008# set location policy deny if user eq *.theirfirm.com
The following command authorizes access to the guest_1 VLAN for all users who are not at
*.wodefirm.com:
DWS-1008# set location policy permit vlan guest_1 if user neq *.wodefirm.com
The following command authorizes users at *.ny.ourfirm.com to access the bld4.tac VLAN
instead, and applies the security ACL tac_24 to the traffic they receive:
DWS-1008# set location policy permit vlan bld4.tac outacl tac_24 if user eq *.ny.ourfirm.
com
The following command authorizes access to users on VLANs with names matching bld4.*
and applies security ACLs svcs_2 to the traffic they send and svcs_3 to the traffic they
receive:
DWS-1008# set location policy permit inacl svcs_2 outacl svcs_3 if vlan eq bldg4.*
D-Link Systems, Inc.
causing them to fail authorization:
AAA Commands
144
Advertisement
Table of Contents
