Applying Security Acls In A Location Policy Rule - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual
8 port 10/100 wireless switch with power over ethernet
Hide thumbs
Also See for DWS-1008 - AirPremier MobileLAN Switch:
- Cli reference manual (531 pages) ,
- User manual (454 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
You must specify whether to permit or deny access, and you must identify a VLAN, username, or
access port to match. Use one of the following operators to specify how the rule must match the VLAN
or username:
• eq—Applies the location policy rule to all users assigned VLAN names matching vlan-glob
or having usernames that match user-glob. (Like a user glob, a VLAN glob is a way to
group VLANs for use in this command. For more information, see "VLAN Globs" on page
12.)
• neq—Applies the location policy rule to all users assigned VLAN names not matching
vlan-glob or having usernames that do not match user-glob.
For example, the following command denies network access to all users matching *.theirfirm.com,
causing them to fail authorization:
DWS-1008# set location policy deny if user eq *.theirfirm.com
The following command authorizes access to the guest_1 VLAN for all users who do not match *.ourfirm.
com:
DWS-1008# set location policy permit vlan guest_1 if user neq *.ourfirm.com
The following command places all users who are authorized for SSID tempvendor_a into
VLAN kiosk_1:
DWS-1008# set location policy permit vlan kiosk_1 if ssid eq tempvendor_a
success: change accepted.
Applying Security ACLs in a Location Policy Rule
When reassigning security ACL filters, specify whether the filter is an input filter or an output filter, as
follows:
• Input filter—Use inacl inacl-name to filter traffic that enters the switch from users via an
AP access port or wired authentication port, or from the network via a network port.
• Output filter—Use outacl outacl-name to filter traffic sent from the switch to users via an
AP access port or wired authentication port, or from the network via a network port.
For example, the following command authorizes users at *.ny.ourfirm.com to access the bld4.tac VLAN,
and applies the security ACL tac_24 to the traffic they receive:
DWS-1008# set location policy permit vlan bld4.tac outacl tac_24 if user eq *.ny.
ourfirm.com
The following command authorizes access to users on VLANs with names matching bld4.* and applies
security ACLs svcs_2 to the traffic they send and svcs_3 to the traffic they receive:
DWS-1008# set location policy permit inacl svcs_2 outacl svcs_3 if vlan eq bldg4.*
You can optionally add the suffixes .in and .out to inacl-name and outacl-name for consistency with
their usage in entries stored in the local database.
D-Link DWS-1008 User Manual
Advertisement
Table of Contents
