3com WX4400 3CRWX440095A Manuel D’Utilisation

C

HAPTER

 21: C

ONFIGURING

 AAA 

FOR

 N

ETWORK

 U

SERS

Each WX switch can have one location policy. The location policy consists of 
a set of rules. Each rule contains conditions, and an action to perform if all 
conditions in the rule match. The location policy can contain up to 50 rules.

The action can be one of the following:

„

Deny access to the network

„

Permit access, but set or change the user’s VLAN assignment, inbound 
ACL, outbound ACL, or any combination of these attributes

The conditions can be one or more of the following:

„

AAA-assigned VLAN

„

Username

„

MAP access port, Distributed MAP number, or wired authentication 
port through which the user accessed the network

„

SSID name with which the user is associated

Conditions within a rule are ANDed. All conditions in the rule must match 
in order for MSS to take the specified action. If the location policy 
contains multiple rules, MSS compares the user information to the rules 
one at a time, in the order the rules appear in the switch’s configuration 
file, beginning with the rule at the top of the list. MSS continues 
comparing until a user matches all conditions in a rule or until there are 
no more rules.

Any authorization attributes not changed by the location policy remain 
active.

Although structurally similar, the location policy and security ACLs have 
different functions. The location policy on a WX switch can be used to 
locally redirect a user to a different VLAN or locally control the traffic to 
and from a user. 

In contrast, security ACLs are packet filters applied to the user throughout 
a Mobility Domain. (For more information, see Chapter 19, “Configuring 
and Managing Security ACLs,” on page 377.)

You can use the location policy to locally apply a security ACL to a user.