User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point

301

302

303

304

305

306

307

308

309

310

305

DWS-1008 User’s Manual

D-Link Systems, Inc.

Conguring AAA for Network Users

Applying Security ACLs in a Location Policy Rule

When reassigning security ACL lters, specify whether the lter is an input lter or an output

lter, as follows:

• Input lter - Use inacl inacl-name to lter trafc that enters the switch from users via

a DWL-8220AP access port or wired authentication port, or from the network via a

network port.

• Output lter - Use outacl outacl-name to lter trafc sent from the switch to users via

a DWL-8220AP access port or wired authentication port, or from the network via a

network port.

For example, the following command authorizes users at *.ny.ourrm.com to access the

bld4.tac VLAN, and applies the security ACL tac_24 to the trafc they receive:

DWS-1008# set location policy permit vlan bld4.tac outacl tac_24 if user eq *.ny.

ourrm.com

The following command authorizes access to users on VLANs with names matching bld4.*

and applies security ACLs svcs_2 to the trafc they send and svcs_3 to the trafc they

receive:

DWS-1008# set location policy permit inacl svcs_2 outacl svcs_3 if vlan eq bldg4.*

You can optionally add the sufxes .in and .out to inacl-name and outacl-name for consistency

with their usage in entries stored in the local DWS-1008 switch database.

Displaying and Positioning Location Policy Rules

The order of location policy rules is signicant. MSS checks a location policy rule that is

higher in the list before those lower in the list. Rules are listed in the order in which you

create them, unless you move them.

To position location policy rules within the location policy, use before rule-number and

modify rule-number in the set location policy command, or use the clear location policy

rule-number command.

For example, suppose you have congured the following location policy rules:

DWS-1008 show location policy

Id Clauses

----------------------------------------------------------------

1) deny if user eq *.theirﬁrm.com

2) permit vlan guest_1 if vlan neq *.ourﬁrm.com

3) permit vlan bld4.tac inacl tac_24.in if user eq *.ny.ourﬁrm.com

4) permit inacl svcs_2.in outacl svcs_3.out if vlan eq bldg4.*