Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

171

172

173

174

175

176

177

178

179

180

AAA Commands

Mobility System Software Command Reference Guide

Version 7.3

9 – 176

Defaults

By default, users are permitted VLAN access and assigned security ACLs according to

the VLAN-Name and Filter-Id attributes applied to the users during normal authentication and

authorization.

Access

Enabled.

History

outacl outacl-name Name of an existing security ACL to apply to packets sent from

the MX switch with characteristics that match the location

policy rule.

Optionally, you can add the suffix .out to the name.

Condition options—MSS takes the action specified by the rule if all conditions in

the rule are met. You can specify one or more of the following conditions:

ssid operator

ssid-name

SSID with which the user is associated. The operator must be

eq, which applies the location policy rule to all users associated

with the SSID.

Asterisks (wildcards) are not supported in SSID names. You

must specify the complete SSID name.

time-of-day

operator

time-of-day

Time of day that the user is allowed or denied access to the

wireless network.

❑ eq—Defines a specific timeframe.

❑ neq—Defines any other time than the specified timeframe.

vlan operator

vlan-glob

VLAN-Name attribute assigned by AAA and condition that

determines if the location policy rule applies. Replace operator

with one of the following operands:

❑ eq—Applies the location policy rule to all users assigned

VLAN names matching vlan-glob.

❑ neq—Applies the location policy rule to all users assigned

VLAN names not matching vlan-glob.

For vlan-glob, specify a VLAN name, use the double-asterisk

wildcard character (**) to specify all VLAN names, or use the

single-asterisk wildcard character (*) to specify a set of VLAN

names up to or following the first delimiter character, either an

at sign (@) or a period (.). (For details, see “VLAN Globs” on

page 2–8.)

user operator

user-glob

Username and condition that determines if the location policy

rule applies. Replace operator with one of the following

operands:

❑ eq—Applies the location policy rule to all usernames

matching user-glob.

❑ neq—Applies the location policy rule to all usernames not

matching user-glob.

For user-glob, specify a username, use the double-asterisk

wildcard character (**) to specify all usernames, or use the

single-asterisk wildcard character (*) to specify a set of

usernames up to or following the first delimiter character,

either an at sign (@) or a period (.). (For details, see “User

Globs” on page 2–7.)

before rule-number Inserts the new location policy rule in front of another rule in

the location policy. Specify the number of the existing location

policy rule. (To determine the number, use the show location

policy command.)

modify rule-number Replaces the rule in the location policy with the new rule.

Specify the number of the existing location policy rule. (To

determine the number, use the show location policy

command.)

port port-list List of physical port(s) that determines if the location policy

rule applies.

Version 1.1 Command introduced

Version 3.2 ssid option added