Hub/Switch Reference Guide

ManualsBrandsNortel Networks ManualsSwitch2300 Series

201

202

203

204

205

206

207

208

209

210

AAA Commands 203

Nortel WLAN—Security Switch 2300 Series Command Line Reference

• set authentication admin on page 182

• set authentication console on page 183

• set authentication dot1x on page 185

• show aaa on page 210

set location policy

Creates and enables a location policy on a WSS. A location policy enables you to locally set or change authorization

attributes for a user after the user is authorized by AAA, without making changes to the AAA server.

Syntax

set location policy deny if {ssid operator ssid-name | vlan operator vlan-wildcard | user

operator user-wildcard |

port port-list | ap ap-num}

[before rule-number | modify rule-number]

Syntax

set location policy permit {vlan vlan-name | inacl inacl-name | outacl outacl-name}

if {ssid operator ssid-name | vlan operator vlan-

wildcard | user operator user-wildcard | port port-

list | ap ap-num}

[before rule-number | modify rule-number]

deny Denies access to the network to users with characteristics that match the

location policy rule.

permit Allows access to the network or to a specified VLAN, and/or assigns a

particular security ACL to users with characteristics that match the

location policy rule.

Action options—For a permit rule, WSS Software changes the attributes assigned to the user to

the values specified by the following options:

vlan vlan-name Name of an existing VLAN to assign to users with characteristics that

match the location policy rule.

inacl inacl-name Name of an existing security ACL to apply to packets sent to the WSS

with characteristics that match the location policy rule.

Optionally, you can add the suffix.in to the name.

outacl outacl-name Name of an existing security ACL to apply to packets sent from the WSS

with characteristics that match the location policy rule.

Optionally, you can add the suffix.out to the name.

Condition options—WSS Software takes the action specified by the rule if all conditions in the

rule are met. You can specify one or more of the following conditions:

ssid operator ssid-

name

SSID with which the user is associated. The operator must be eq, which

applies the location policy rule to all users associated with the SSID.

Asterisks (wildcards) are not supported in SSID names. You must specify

the complete SSID name.