Viewing and Changing Location Policy Rules 325
Viewing and Changing Location Policy RulesDuring the login process, the AAA authorization process is started immediately
after clients are authenticated to use the WX switch. During authorization,
MSS assigns the user to a VLAN and applies optional user attributes, such as a
session timeout value and one or more security ACL filters.
A location policy is a set of rules that enables you to locally set or change
authorization attributes for a user after the user is authorized by AAA,
without making changes to the AAA server. For example, you might want
to enforce VLAN membership and security ACL policies on a particular
WX based on a client’s organization or physical location, or assign a VLAN
to users who have no AAA assignment. For these situations, you can
configure the location policy on the switch.
You can use a location policy to locally set or change the Filter-Id and
VLAN-Name authorization attributes obtained from AAA.
Conditions within a rule are ANDed. All conditions in the rule must match
in order for MSS to take the specified action. If the location policy
contains multiple rules, MSS compares the user information to the rules
one at a time, in the order the rules appear in the switch’s configuration
file, beginning with the rule at the top of the list. MSS continues
comparing until a user matches all conditions in a rule or until there are
no more rules.
Any authorization attributes not changed by the location policy remain
active.
Each WX switch can have one location policy. The location policy consists
of a set of rules. Each rule contains conditions, and an action to perform
if all conditions in the rule match. The location policy can contain up to
150 rules.
Viewing Location
Policy Rules
To view location policy rules:
1Select the Configuration tool bar option.
2In the Organizer panel, click the plus sign next to the WX switch.
3Click the plus sign next to AAA.
4Select Location Policy.
The configured location policy rules appear.