set location policy 205
■ before rule-number — Inserts the new location policy rule in front of
another rule in the location policy. Specify the number of the existing
location policy rule. (To determine the number, use the display
location policy command.)
■ modify rule-number — Replaces the rule in the location policy with
the new rule. Specify the number of the existing location policy rule.
(To determine the number, use the display location policy
command.)
■ port port-list — List of physical port(s) by which to determine if the
location policy rule applies.
Defaults — By default, users are permitted VLAN access and assigned
security ACLs according to the VLAN-Name and Filter-Id attributes applied
to the users during normal authentication and authorization.
Access — Enabled.
History — Introduced in MSS Version 3.0.
Usage — Only a single location policy is allowed per WX switch. Once
configured, the location policy becomes effective immediately. To disable
location policy operation, use the clear location policy command.
The location policy can contain up to 512 location policy rules. MSS
compares a user’s VLAN-Name attribute, username, or WX port of entry
to the location policy rules in order, starting with rule 1. If no matching
rule is found, authorization proceeds normally.
The order of rules in the location policy is important to ensure users are
properly granted or denied access. To position rules within the location
policy, use before rule-number and modify rule-number in the set
location policy command, and the clear location policy rule-number
command.
When applying security ACLs:
Use inacl inacl-name to filter traffic that enters the switch from users via
an MAP access port or wired authentication port, or from the network via
a network port.
