Specifications
8-40 AAA Commands
set location policy
CreatesandenablesalocationpolicyonaRAS.Alocationpolicyenablesyoutolocallysetor
changeauthorizationattributesforauseraftertheuserisauthorizedbyAAA,withoutmaking
changestotheAAAserver.
Syntax
set location policy deny if {ssid operator ssid-name | vlan operator vlan-glob |
user operator user-glob | port port-list | dap dap-num} [before rule-number |
modify rule-number]
Syntax
set location policy permit {vlan vlan-name | inacl inacl-name | outacl
outacl-name} if {ssid operator ssid-name | vlan operator vlan-glob |
user operator user-glob | port port-list | dap dap-num} [before rule-number |
modify rule-number]
Parametersl
deny Deniesaccesstothenetworktouserswithcharacteristicsthatmatchthe
locationpolicyrule.
permit AllowsaccesstothenetworkortoaspecifiedVLAN,and/orassignsa
particularsecurityACLtouserswithcharacteristicsthatmatchthelocation
policyrule.
Actionoptions—Forapermitrule,MSSchangestheattributes
assignedtotheusertothevalues
specifiedbythefollowingoptions:
vlanvlan‐name NameofanexistingVLANtoassigntouserswithcharacteristicsthatmatch
thelocationpolicyrule.
inaclinacl‐name NameofanexistingsecurityACLtoapplytopacketssenttotheRASwith
characteristicsthatmatch
thelocationpolicyrule.
Optionally,youcanaddthesuffix.intothename.
outacl
outacl‐name
NameofanexistingsecurityACLtoapplytopacketssentfromtheRASwith
characteristicsthatmatchthelocationpolicyrule.
Optionally,youcanaddthesuffix.outtothename.
Conditionoptions—MSS
takestheactionspecifiedbytheruleifallconditionsintheruleare
met.Youcanspecifyoneormoreofthefollowingconditions:
ssidoperator
ssid‐name
SSIDwithwhichtheuserisassociated.Theoperatormustbeeq,which
appliesthelocationpolicyruletoallusersassociated
withtheSSID.
Asterisks(wildcards)arenotsupportedinSSIDnames.Youmustspecifythe
completeSSIDname.