Specifications

Overriding or Adding Attributes Locally with a Location Policy

RoamAbout Mobility System Software Configuration Guide 17-53

Setting the Location Policy

ToenablethelocationpolicyfunctiononaRoamAboutSwitch,youmustcreateatleastone

locationpolicyrulewithoneofthefollowingcommands:

set location policy deny if {ssid operator ssid-name | vlan operator vlan-glob |

user operator user-glob | port port-list | dap dap-num} [before rule-number |

modify rule-number]

set location policy permit {vlan vlan-name | inacl inacl-name | outacl

outacl-name} if {ssid operator ssid-name | vlan operator vlan-glob | user

operator user-glob | port port-list | dap dap-num} [before rule-number |

modify rule-number]

Youmustspecifywhethertopermitordenyaccess,andyoumustidentifyaVLANorusername

tomatch.UseoneofthefollowingoperatorstospecifyhowtherulemustmatchtheVLANor

username:

• eq—AppliesthelocationpolicyruletoallusersassignedVLANnamesmatchingvlan‐glob

or

havingusernamesthatmatchuser‐glob.

(Likeauserglob,aVLANglobisawaytogroupVLANsforuseinthiscommand.Formore

information,see“VLANGlobs”onpage 1‐5.)

• neq—AppliesthelocationpolicyruletoallusersassignedVLANnamesnotmatchingvlan‐

glob

orhavingusernamesthatdonotmatchuser‐glob.

Examples

Thefollowingcommanddeniesnetworkaccesstoallusersmatching*.theirfirm.com,causing

themtofailauthorization:

RBT-8100# set location policy deny if user eq *.theirfirm.com

Thefollowingcommandauthorizesaccesstotheguest_1VLANforalluserswhodonotmatch

*.ourfirm.com:

RBT-8100#setlocationpolicypermitvlanguest_1ifuserneq*.ourfirm.com

ThefollowingcommandplacesalluserswhoareauthorizedforSSIDtempvendor_aintoVLAN

kiosk_1:

RBT-8100# set location policy permit vlan kiosk_1 if ssid eq tempvendor_a

success: change accepted.

Note: Asterisks (wildcards) are not supported in SSID names. You must specify the complete SSID

name.