3com WXR100 3CRWXR10095A User Manual

You can set filters for incoming and outgoing packets:

„

Use acl-name.in to filter traffic that enters the WX switch from users 
via a MAP access port or wired authentication port, or from the 
network via a network port. 

„

Use acl-name.out to filter traffic sent from the WX switch to users via 
a MAP access port or wired authentication port, or from the network 
via a network port.

For example, the following command applies security ACL acl-101 to 
packets coming into the WX from user Jose:

WX1200# set user Jose attr filter-id acl-101.in
success: change accepted.

The following command applies the incoming filters of acl-101 to the 
users who belong to the group eastcoasters:

WX1200# set usergroup eastcoasters attr filter-id acl-101.in
success: change accepted.

To assign a security ACL name as the Filter-Id authorization attribute of a 
user or group record on a RADIUS server, see the documentation for your 
RADIUS server. 

To clear a security ACL from the profile of a user, MAC user, or group of 
users or MAC users in the local WX database, use the following 
commands:

clear user username attr filter-id
clear usergroup groupname attr filter-id
clear mac-user username attr filter-id
clear mac-usergroup groupname attr filter-id

If you have assigned both an incoming and an outgoing filter to a user or 
group, enter the appropriate command twice to delete both security 
ACLs. Verify the deletions by entering the display aaa command and 
checking the output.

To delete a security ACL from a user’s configuration on a RADIUS server, 
see the documentation for your RADIUS server.