Specifications
set location policy
Chapter 9
AAA Commands
217
set location policy
Creates and enables a location policy on a UNIVERGE WL Controller. A location
policy enables you to locally set or change authorization attributes for a user after
the user is authorized by AAA, without making changes to the AAA server.
Syntax
set location policy deny if {ssid operator ssid-name |
vlan operator vlan-glob | user operator user-glob |
port port-list | ap ap-num}
[before rule-number | modify rule-number]
Syntax
set location policy permit {vlan vlan-name | inacl inacl-name | outacl
outacl-name}
if {ssid operator ssid-name | vlan operator vlan-glob | user operator user-glob |
port port-list | ap ap-num}
[before rule-number | modify rule-number]
deny Denies access to the network to users with attributes that
match the location policy rule.
permit Allows access to the network or to a specified VLAN, and/
or assigns a particular security ACL to users with attributes
matching the location policy rule.
Action options—For a permit rule, UNIVERGE WL Control System changes
the attributes assigned to the user to the values specified by the following
options:
vlan vlan-name Name of an existing VLAN to assign to users with attributes
matching the location policy rule.
inacl inacl-name Name of an existing security ACL to apply to packets sent
to the UNIVERGE WL Controller with attributes matching
the location policy rule.
Optionally, you can add the suffix .in to the name.
outacl
outacl-name
Name of an existing security ACL to apply to packets sent
from the UNIVERGE WL Controller with characteristics
that match the location policy rule.
Optionally, you can add the suffix .out to the name.