Specifications

ManualsBrandsSimplicity ManualsSewing MachineSA2200

221

222

223

224

225

226

227

228

229

230

set location policy

Chapter 9

AAA Commands

219

Defaults

By default, users are permitted VLAN access and assigned security

ACLs according to the VLAN-Name and Filter-Id attributes applied to the users

during normal authentication and authorization.

Access

Enabled.

Usage

Only a single location policy is allowed per UNIVERGE WL Controller.

The location policy can contain up to 150 rules. Once configured, the location

policy becomes effective immediately. To disable location policy operation, use

the clear location policy command.

Conditions within a rule are AND’ed. All conditions in the rule must match in

order for UNIVERGE WL Control System to take the specified action. If the

location policy contains multiple rules, UNIVERGE WL Control System

compares the user information to the rules one at a time, in the order the rules

appear in the UNIVERGE WL Controller configuration file, beginning with the

rule at the top of the list. UNIVERGE WL Control System continues comparing

until a user matches all conditions in a rule or until there are no more rules.

The order of rules in the location policy is important to ensure users are properly

granted or denied access. To position rules within the location policy, use before

rule-number and modify rule-number in the set location policy command, and

the clear location policy rule-number command.

When applying security ACLs:

l Use inacl inacl-name to filter traffic that enters the UNIVERGE WL

Controller from the network via a network port.

l Use outacl outacl-name to filter traffic sent from the UNIVERGE WL

Controller from the network via a network port.

l You can optionally add the suffixes .in and .out to inacl-name and

outacl-name so that they match the names of security ACLs stored in the local

UNIVERGE WL Controller database.

modify

rule-number

Replaces the rule in the location policy with the new rule.

Specify the number of the existing location policy rule. (To

determine the number, use the show location policy

command.)

port port-list List of physical port(s) that determines if the location policy

rule applies.