Nortel 2350 用户指南

Configuring AAA for network users 541

Nortel WLAN—Security Switch 2300 Series Configuration Guide

For example, the following command authorizes users at *.ny.ourfirm.com to access the bld4.tac VLAN, and applies the 
security ACL tac_24 to the traffic they receive:

The following command authorizes access to users on VLANs with names matching bld4.* and applies security ACLs 
svcs_2 to the traffic they send and svcs_3 to the traffic they receive:

WSS# set location policy permit inacl svcs_2 outacl svcs_3 if vlan eq bldg4.*

You can optionally add the suffixes .in and .out to inacl-name and outacl-name for consistency with their usage in 
entries stored in the local WSS database.

The order of location policy rules is significant. WSS Software checks a location policy rule that is higher in the list 
before those lower in the list. Rules are listed in the order in which you create them, unless you move them.

To position location policy rules within the location policy, use before rule-number and modify rule-number in the set 
location policy command, or use the clear location policy rule-number command.

For example, suppose you have configured the following location policy rules:

WSS show location policy
Id Clauses
----------------------------------------------------------------
1) deny if user eq *.theirfirm.com
2) permit vlan guest_1 if vlan neq *.ourfirm.com
3) permit vlan bld4.tac inacl tac_24.in if user eq *.ny.ourfirm.com
4) permit inacl svcs_2.in outacl svcs_3.out if vlan eq bldg4.*

To move the first rule to the end of the list and display the results, type the following commands:

WSS clear location policy 1
success: clause 1 is removed.

WSS show location policy
Id Clauses
----------------------------------------------------------------
1) permit vlan guest_1 if vlan neq *.ourfirm.com
2) permit vlan bld4.tac inacl tac_24.in if user eq *.ny.ourfirm.com
3) permit inacl svcs_2.in outacl svcs_3.out if vlan eq bldg4.*
4) deny if user eq *.theirfirm.com