3com WX1200 用户手册

244

HAPTER

8: AAA C

OMMANDS

display aaa on page 219

set authentication admin on page 229

set authentication console on page 231

set authentication dot1x on page 233

set authentication last-resort on page 236

set location policy

Creates and enables a location policy on an WX switch. The location
policy enables you to locally set or change authorization attributes for a
user after the user is authorized by AAA, without making changes to the
AAA server.

Syntax —

set location policy deny if {ssid operator ssid-name

| vlan operator vlan-glob | user operator user-glob | port
port-list | dap dap-num} [before rule-number | modify
rule-number ]

Syntax —

set location policy permit

{vlan vlan-name | inacl inacl-name | outacl outacl-name}
if {ssid operator ssid-name | vlan operator vlan-glob | user
operator user-glob | port port-list | dap dap-num}
[before rule-number | modify rule-number]

deny

— Denies access to the network to users with characteristics that

match the location policy rule.

permit

— Allows access to the network or to a specified VLAN,

and/or assigns a particular security ACL to users with characteristics
that match the location policy rule.

Action options

— For a permit rule, MSS changes the attributes

assigned to the user to the values specified by the following options:

vlan

vlan-name

— Name of an existing VLAN to assign to users with

characteristics that match the location policy rule.

inacl

inacl-name

— Name of an existing security ACL to apply to

packets sent to the WX switch with characteristics that match the
location policy rule.

Optionally, you can add the suffix .in to the name.

outacl

outacl-name

— Name of an existing security ACL to apply to

packets sent from the WX switch with characteristics that match the
location policy rule.