Hub/Switch Reference Guide

AAA Commands 205

Nortel WLAN—Security Switch 2300 Series Command Line Reference

•Use inacl inacl-name to filter traffic that enters the switch from users via an AP access port or wired

authentication port, or from the network via a network port.

•Use outacl outacl-name to filter traffic sent from the switch to users via an AP access port or wired

authentication port, or from the network via a network port.

• You can optionally add the suffixes.in and.out to inacl-name and outacl-name so that they match the

names of security ACLs stored in the local WSS database.

Examples

The following command denies network access to all users at *.theirfirm.com, causing

them to fail authorization:

WSS# set location policy deny if user eq *.theirfirm.com

The following command authorizes access to the guest_1 VLAN for all users who are not at *.wodefirm.com:

WSS# set location policy permit vlan guest_1 if user neq *.wodefirm.com

The following command authorizes users at *.ny.ourfirm.com to access the bld4.tac VLAN instead, and

applies the security ACL tac_24 to the traffic they receive:

WSS# set location policy permit vlan bld4.tac outacl tac_24 if user eq

*.ny.ourfirm.com

The following command authorizes access to users on VLANs with names matching bld4.* and applies

security ACLs svcs_2 to the traffic they send and svcs_3 to the traffic they receive:

WSS# set location policy permit inacl svcs_2 outacl svcs_3 if vlan eq bldg4.*

The following command authorizes users entering the network on WSS ports 3 through 7 and port 12 to use

the floor2 VLAN, overriding any settings from AAA:

WSS# set location policy permit vlan floor2 if port 3-7,12

The following command places all users who are authorized for SSID tempvendor_a into VLAN kiosk_1:

WSS# set location policy permit vlan kiosk_1 if ssid eq tempvendor_a

success: change accepted.