210 CHAPTER 7: AAA COMMANDS

Table 40 Authentication Attributes for Local Users (continued)

filter-id

Inbound or outbound

If configured in the WX switch’s local

 

ACL to apply to the

database, this attribute can be an

 

user.

access control list (ACL) to filter

 

 

outbound or inbound traffic. Use the

 

 

following format:

 

 

filter-id inboundacl.in

 

 

or

 

 

filter-id outboundacl.out

 

 

If you are configuring the attribute on

 

 

a RADIUS server, the value field of

 

 

filter-id can specify up to two ACLs.

 

 

Any of the following are valid:

 

 

filter-id = "Profile=acl1"

 

 

filter-id = "OutboundACL=acl2"

 

 

filter-id = "Profile=acl1

 

 

OutboundACL=acl2"

 

 

(Each example goes on a single line on

 

 

the server.) The format in which to

 

 

specify the values depends on the

 

 

RADIUS server.

 

 

Regardless of whether the attributes

 

 

are defined locally or on a RADIUS

 

 

server, the ACLs must already be

 

 

configured on the WX switch.

 

 

(For more information, see “Mapping

 

 

User-Based Security ACLs” on

 

 

page 242.)

 

 

idle-timeout

This option is not implemented in the current MSS version.

 

 

 

mobility-profile

Mobility Profile attribute

Name of an existing Mobility Profile,

(network access

for the user. (For more

which can be up to 32 alphanumeric

information, see set

characters, with no tabs or spaces.

mode only)

 

 

mobility-profileon

If the Mobility Profile feature is

page 215.)

enabled, and a user is assigned the

 

 

name of a Mobility Profile that does

 

not exist on the WX switch, the user is

 

denied access.

 

 

Page 210
Image 210
3Com 3CRWX440095A, 3CRWX120695A manual Authentication Attributes for Local Users, Filter-id outboundacl.out