3com WXR100 3CRWXR10095A User Manual

C

HAPTER

 21: C

ONFIGURING

 AAA 

FOR

 N

ETWORK

 U

SERS

The following command places all users who are authorized for SSID 
tempvendor_a into VLAN kiosk_1:

WX1200# 

tempvendor_a
success: change accepted.

When reassigning security ACL filters, specify whether the filter is an 
input filter or an output filter, as follows:

„

Input filter — Use inacl inacl-name to filter traffic that enters the 
switch from users via a MAP access port or wired authentication port, 
or from the network via a network port. 

„

Output filter — Use outacl outacl-name to filter traffic sent from the 
switch to users via a MAP access port or wired authentication port, or 
from the network via a network port. 

For example, the following command authorizes users at 
*.ny.ourfirm.com to access the bld4.tac VLAN, and applies the security 
ACL tac_24 to the traffic they receive:

WX1200# set location policy permit vlan bld4.tac outacl 
tac_24 if user eq *.ny.ourfirm.com

The following command authorizes access to users on VLANs with names 
matching bld4.* and applies security ACLs svcs_2 to the traffic they send 
and svcs_3 to the traffic they receive:

WX1200# set location policy permit inacl svcs_2 
outacl svcs_3 if vlan eq bldg4.*

You can optionally add the suffixes .in and .out to inacl-name and 
outacl-name for consistency with their usage in entries stored in the local 
WX database.

The order of location policy rules is significant. MSS checks a location 
policy rule that is higher in the list before those lower in the list. Rules are 
listed in the order in which you create them, unless you move them.

To position location policy rules within the location policy, use before 
rule-number and modify rule-number in the set location policy 
command, or use the clear location policy rule-number command.