206 CHAPTER 7: AAA COMMANDS
Use outacl outacl-name to filter traffic sent from the switch to users via
an MAP access port or wired authentication port, or from the network via
a network port.
You can optionally add the suffixes .in and .out to inacl-name and
outacl-name so that they match the names of security ACLs stored in the
local WX database.
Examples — The following command denies network access to all users
at *.theirfirm.com, causing them to fail authorization:
WX4400# set location policy deny if user eq *.theirfirm.com
The following command authorizes access to the guest_1 VLAN for all
users who are not at *.wodefirm.com:
WX4400# set location policy permit vlan guest_1 if user neq
*.wodefirm.com
The following command authorizes users at *.ny.ourfirm.com to access
the bld4.tac VLAN instead, and applies the security ACL tac_24 to the
traffic they receive:
WX4400# set location policy permit vlan bld4.tac
outacl tac_24 if user eq *.ny.ourfirm.com
The following command authorizes access to users on VLANs with names
matching bld4.* and applies security ACLs svcs_2 to the traffic they send
and svcs_3 to the traffic they receive:
WX4400# set location policy permit inacl svcs_2 outacl svcs_3
if vlan eq bldg4.*
The following command authorizes users entering the network on WX
ports 1 and 2 to use the floor2 VLAN, overriding any settings from AAA:
WX4400# set location policy permit vlan floor2 if port 1-2
See Also
■ “clear location policy” on page 171
■ “display location policy” on page 184
set mac-user Configures a user profile in the local database on the WX switch for a
user who can be authenticated by a MAC address, and optionally adds
the user to a MAC user group.
To Next Page
Loading...
