Configuring Location Policies 299

To change the order of access rules

1From the AAA page of the WX Switch wizard, select Admin Access or Network Access.

2Select a rule from the list of rules.

3To change the position of the rule, click Move Up or Move Down until the rule is in the position you want.

4To move other rules, repeat step 2 and step 3 until all rules are in the order you want.

5To close the wizard and save the changes, click Finish.

Configuring

During the login process, the AAA authorization process is started

Location Policies

immediately after clients are authenticated to use the WX switch. During

 

authorization, MSS assigns the user to a VLAN and applies optional user

 

attributes, such as a session timeout value and one or more security ACL

 

filters.

 

A location policy is a set of rules that enables you to locally set or change

 

authorization attributes for a user after the user is authorized by AAA,

 

without making changes to the AAA server. For example, you might want

 

to enforce VLAN membership and security ACL policies on a particular

 

WX based on a client’s organization or physical location, or assign a

 

VLAN to users who have no AAA assignment. For these situations, you

 

can configure the location policy on the switch.

 

You can use a location policy to locally set or change the Filter-Id and

 

VLAN-Name authorization attributes obtained from AAA.

About the Location

Each WX switch can have one location policy. The location policy consists

Policy

of a set of rules. Each rule contains conditions, and an action to perform

 

if all conditions in the rule match.

 

The action can be one of the following:

 

„ Deny access to the network

 

„ Permit access, but set or change the user’s VLAN assignment, inbound

 

ACL, outbound ACL, or any combination of these attributes

Page 299
Image 299
HP Manager Software manual Location Policies, To change the order of access rules, About the Location, Policy