Filter
Top Products
D-Link DWS-1008 CLI Manual 197
set location policy
Creates and enables a location policy on a switch. A location policy enables you to locally set or
change authorization attributes for a user after the user is authorized by AAA, without making
changes to the AAA server.
Syntax: set location policy deny if {ssid operator ssid-name | vlan operator vlan-glob | user
operator user-glob | port port-list | dap dap-num} [before rule-number | modify rule-number]
Syntax: set location policy permit {vlan vlan-name | inacl inacl-name | outacl outacl-name}
if {ssid operator ssid-name | vlan operator vlan-glob | user operator user-glob | port port-list |
dap dap-num} [before rule-number | modify rule-number]
deny Denies access to the network to users with characteristics that match the location
policy rule.
permit Allows access to the network or to a specified VLAN, and/or assigns a particular
security ACL to users with characteristics that match the location policy rule.
Action options—For a permit rule, MSS changes the attributes assigned to the user to the
values specified by the following options:
vlan vlan-name Name of an existing VLAN to assign to users with characteristics that
match the location policy rule.
inacl inacl-name Name of an existing security ACL to apply to packets sent to the switch
with characteristics that match the location policy rule. Optionally, you
can add the suffix .in to the name.
outacl outacl-name Name of an existing security ACL to apply to packets sent from the
switch with characteristics that match the location policy rule.
Optionally, you can add the suffix .out to the name.
Condition options—MSS takes the action specified by the rule if all conditions in the rule are
met. You can specify one or more of the following conditions:
ssid operator ssid-name SSID with which the user is associated. The operator must be eq,
which applies the location policy rule to all users associated with the
SSID. Asterisks (wildcards) are not supported in SSID names. You must
specify the complete SSID name.
vlan operator vlan-glob VLAN-Name attribute assigned by AAA and condition by which to
determine if the location policy rule applies.