display aaa on page 219
set authentication admin on page 229
set authentication console on page 231
set authentication dot1x on page 233
set authentication last-resort on page 236
set location policy Creates and enables a location policy on an WX switch. The location
policy enables you to locally set or change authorization attributes for a
user after the user is authorized by AAA, without making changes to the
AAA server.
Syntax —
set location policy deny if {ssid operator ssid-name
| vlan operator vlan-glob | user operator user-glob | port
port-list | dap dap-num} [before rule-number | modify
rule-number ]
Syntax — set location policy permit
{vlan vlan-name | inacl inacl-name | outacl outacl-name}
if {ssid operator ssid-name | vlan operator vlan-glob | user
operator user-glob | port port-list | dap dap-num}
[before rule-number | modify rule-number]
deny — Denies access to the network to users with characteristics that
match the location policy rule.
permit — Allows access to the network or to a specified VLAN,
and/or assigns a particular security ACL to users with characteristics
that match the location policy rule.
Action options — For a permit rule, MSS changes the attributes
assigned to the user to the values specified by the following options:
vlan vlan-name — Name of an existing VLAN to assign to users with
characteristics that match the location policy rule.
inacl inacl-name — Name of an existing security ACL to apply to
packets sent to the WX switch with characteristics that match the
location policy rule.
Optionally, you can add the suffix .in to the name.
outacl outacl-name — Name of an existing security ACL to apply to
packets sent from the WX switch with characteristics that match the
location policy rule.