3Com WX2200 3CRWX220095A Switch User Manual


 
Assigning Authorization Attributes 495
You can set filters for incoming and outgoing packets:
Use acl-name.in to filter traffic that enters the WX switch from users
via a MAP access port or wired authentication port, or from the
network via a network port.
Use acl-name.out to filter traffic sent from the WX switch to users via
a MAP access port or wired authentication port, or from the network
via a network port.
For example, the following command applies security ACL acl-101 to
packets coming into the WX from user Jose:
WX1200# set user Jose attr filter-id acl-101.in
success: change accepted.
The following command applies the incoming filters of acl-101 to the
users who belong to the group eastcoasters:
WX1200# set usergroup eastcoasters attr filter-id acl-101.in
success: change accepted.
Assigning a Security ACL on a RADIUS Server
To assign a security ACL name as the Filter-Id authorization attribute of a
user or group record on a RADIUS server, see the documentation for your
RADIUS server.
Clearing a Security
ACL from a User or
Group
To clear a security ACL from the profile of a user, MAC user, or group of
users or MAC users in the local WX database, use the following
commands:
clear user username attr filter-id
clear usergroup groupname attr filter-id
clear mac-user username attr filter-id
clear mac-usergroup groupname attr filter-id
If you have assigned both an incoming and an outgoing filter to a user or
group, enter the appropriate command twice to delete both security
ACLs. Verify the deletions by entering the display aaa command and
checking the output.
To delete a security ACL from a user’s configuration on a RADIUS server,
see the documentation for your RADIUS server.