D-Link DWS-1008 User Manual
The conditions can be one or more of the following:
• AAA-assigned VLAN
• Username
• DWL-8220AP access port, Distributed AP number, or wired authentication port through
which the user accessed the network
• SSID name with which the user is associated
Conditions within a rule are ANDed. All conditions in the rule must match in order for MSS to take the
specified action. If the location policy contains multiple rules, MSS compares the user information to
the rules one at a time, in the order the rules appear in the switch’s configuration file, beginning with the
rule at the top of the list. MSS continues comparing until a user matches all conditions in a rule or until
there are no more rules.
Any authorization attributes not changed by the location policy remain active.
How the Location Policy Differs from a Security ACL
Although structurally similar, the location policy and security ACLs have different functions. The location
policy on a switch can be used to locally redirect a user to a different VLAN or locally control the traffic
to and from a user.
You can use the location policy to locally apply a security ACL to a user.
Setting the Location Policy
To enable the location policy function on a switch, you must create at least one location policy rule with
one of the following commands:
set location policy deny if {ssid
operator ssid-name
| vlan
operator vlan-glob
| user
operator
ser-glob
| port
port-list
| dap
dap-num
} [before
rule-number
| modify
rule-number
]
set location policy permit {vlan
vlan-name
| inacl
inacl-name
| outacl
outacl-name
}
if {ssid
operator ssid-name
| vlan
operator vlan-glob
| user
operator user-glob
| port
port-list
|
dap
dap-num
} [before
rule-number
| modify
rule-number
]
Note: Asterisks (wildcards) are not supported in SSID names. You must specify the complete SSID
name.
Содержание DWS-1008
Страница 1: ......