Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRBT-8200

271

272

273

274

275

276

277

278

279

280

RoamAbout Mobility System Software Command Line Reference 8-41

Bydefault,usersarepermittedVLANaccessand assignedsecurityACLsaccordingtotheVLAN‐

NameandFilter‐Idattrib utesappliedtotheusersduringnormalauthenticationand

authorization.

Mode

Enabled.

Usage

OnlyasinglelocationpolicyisallowedperRAS.Onceconfigured,thelocationpolicybecomes

effectiveimmediately.Todisablelocationpolicyoperation,usetheclearlocationpolicy

command.

ConditionswithinaruleareANDed.AllconditionsintherulemustmatchinorderforMSSto

takethespecifiedaction.If

thelocationpolicycontainsmultiplerules,MSScomparestheuser

informationtotherulesoneatatime,intheordertherulesappearintheswitch’sconfiguration

file,beginningwiththeruleatthetopofthelist.MSScontinuescomparinguntilausermatchesall

conditionsinarule

oruntiltherearenomorerules.

vlanoperator

vlan‐glob

VLAN‐NameattributeassignedbyAAAandconditionbywhichto

determineifthelocationpolicyruleapplies.Replaceoperatorwithoneofthe

followingoperands:

• eq—AppliesthelocationpolicyruletoallusersassignedVLAN names

matchingvlan‐glob.



• neq—AppliesthelocationpolicyruletoallusersassignedVLANnames

notmatchingvlan‐glob.

Forvlan‐glob,specifyaVLANname,usethedouble‐asteriskwildcard

character(**)tospecifyallVLANnames,orusethesingle‐asteriskwildcard

character(*)tospecifyasetofVLANnames

uptoorfollowing thefirst

delimitercharacter,eitheranatsign(@)oraperiod(.).(Fordetails,see

“VLANGlobs”onpage 1‐4.)

useroperator

user‐glob

Usernameandconditionbywhichtodetermineifthelocationpolicyrule

applies.Replaceoperatorwithoneofthefollowingoperands:

• eq

—Appliesthelocationpolicyruletoallusernamesmatchinguser‐glob.

• neq—Appliesthelocationpolicyruletoallusernamesnotmatchinguser‐

glob.

Foruser‐glob,specifyausername,usethedouble‐asteriskwildcardcharacter

(**)tospecifyallusernames,orusethesingle‐asteriskwildcardcharacter(*)

tospecify

asetofusernamesuptoorfollowingthefirstdelimitercharacter,

eitheranatsign(@)oraperiod(.).(Fordetails,see“UserGlobs”onpage 1‐3.)

before

rule‐number

Insertsthenewlocationpolicyruleinfrontofanotherruleinthe location

policy.Specifythenumber

oftheexistinglocationpolicyrule.(Todetermine

thenumber,usetheshowlocationpolicycommand.)

modify

rule‐number

Replacestheruleinthelocationpolicywiththenewrule.Specifythenumber

oftheexistinglocationpolicyrule.(Todeterminethenumber,usetheshow

locationpolicycommand.)

portport‐list List

ofphysicalport(s)bywhichtodetermineifthelocationpolicyrule

applies.