3com WX4400 3CRWX440095A Manuale Utente
Assigning Authorization Attributes
495
You can set filters for incoming and outgoing packets:
Use acl-name.in to filter traffic that enters the WX switch from users
via a MAP access port or wired authentication port, or from the
network via a network port.
via a MAP access port or wired authentication port, or from the
network via a network port.
Use acl-name.out to filter traffic sent from the WX switch to users via
a MAP access port or wired authentication port, or from the network
via a network port.
a MAP access port or wired authentication port, or from the network
via a network port.
For example, the following command applies security ACL acl-101 to
packets coming into the WX from user Jose:
packets coming into the WX from user Jose:
WX1200# set user Jose attr filter-id acl-101.in
success: change accepted.
success: change accepted.
The following command applies the incoming filters of acl-101 to the
users who belong to the group eastcoasters:
users who belong to the group eastcoasters:
WX1200# set usergroup eastcoasters attr filter-id acl-101.in
success: change accepted.
success: change accepted.
Assigning a Security ACL on a RADIUS Server
To assign a security ACL name as the Filter-Id authorization attribute of a
user or group record on a RADIUS server, see the documentation for your
RADIUS server.
user or group record on a RADIUS server, see the documentation for your
RADIUS server.
Clearing a Security
ACL from a User or
Group
To clear a security ACL from the profile of a user, MAC user, or group of
users or MAC users in the local WX database, use the following
commands:
users or MAC users in the local WX database, use the following
commands:
clear user username attr filter-id
clear usergroup groupname attr filter-id
clear mac-user username attr filter-id
clear mac-usergroup groupname attr filter-id
clear usergroup groupname attr filter-id
clear mac-user username attr filter-id
clear mac-usergroup groupname attr filter-id
If you have assigned both an incoming and an outgoing filter to a user or
group, enter the appropriate command twice to delete both security
ACLs. Verify the deletions by entering the display aaa command and
checking the output.
group, enter the appropriate command twice to delete both security
ACLs. Verify the deletions by entering the display aaa command and
checking the output.
To delete a security ACL from a user’s configuration on a RADIUS server,
see the documentation for your RADIUS server.
see the documentation for your RADIUS server.