204CHAPTER 7: AAA COMMANDS

„permit — Allows access to the network or to a specified VLAN, and/or assigns a particular security ACL to users with characteristics that match the location policy rule.

„Action options — For a permit rule, MSS changes the attributes assigned to the user to the values specified by the following options:

„vlan vlan-name— Name of an existing VLAN to assign to users with characteristics that match the location policy rule.

„inacl inacl-name— Name of an existing security ACL to apply to packets sent to the WX switch with characteristics that match the location policy rule.

Optionally, you can add the suffix .in to the name.

„outacl outacl-name— Name of an existing security ACL to apply to packets sent from the WX switch with characteristics that match the location policy rule.

Optionally, you can add the suffix .out to the name.

„Condition options — MSS takes the action specified by the rule if all conditions in the rule are met. You can specify one or more of the following conditions:

„ssid operator ssid-name— SSID with which the user is associated. The operator must be eq, which applies the location policy rule to all users associated with the SSID. Asterisks (wildcards) are not supported in SSID names. You must specify the complete SSID name.

„vlan operator vlan-globVLAN-Name attribute assigned by AAA and condition by which to determine if the location policy rule applies. Replace operator with one of the following operands:

„eq — Applies the location policy rule to all users assigned VLAN names matching vlan-glob.

„neq — Applies the location policy rule to all users assigned VLAN names not matching vlan-glob.

For vlan-glob, specify a VLAN name, use the double-asterisk wildcard character (**) to specify all VLAN names, or use the single-asterisk wildcard character (*) to specify a set of VLAN names up to or following the first delimiter character, either an at sign (@) or a period

(.). (For details, see “VLAN Globs” on page 26.)

„user operator user-glob— Username and condition by which to determine if the location policy rule applies. Replace operator with one of the following operands:

Page 204
Image 204
3Com 3CRWX440095A, 3CRWX120695A manual AAA Commands