206 CHAPTER 7: AAA C OMMANDSUse outacl outacl-name to filter traffic sent from the switch to users viaan MAP access port or wired authentication port, or from the network viaa network port.You can optionally add the suffixes .in and .out to inacl-name andoutacl-name so that they match the names of security ACLs stored in thelocal WX database.Examples — The following command denies network access to all usersat *.theirfirm.com, causing them to fail authorization:WX4400# set location policy deny if user eq *.theirfirm.comThe following command authorizes access to the guest_1 VLAN for allusers who are not at *.wodefirm.com:WX4400# set location policy permit vlan guest_1 if user neq*.wodefirm.comThe following command authorizes users at *.ny.ourfirm.com to accessthe bld4.tac VLAN instead, and applies the security ACL tac_24 to thetraffic they receive:WX4400# set location policy permit vlan bld4.tacoutacl tac_24 if user eq *.ny.ourfirm.comThe following command authorizes access to users on VLANs with namesmatching bld4.* and applies security ACLs svcs_2 to the traffic they sendand svcs_3 to the traffic they receive:WX4400# set location policy permit inacl svcs_2 outacl svcs_3if vlan eq bldg4.*The following command authorizes users entering the network on WXports 1 and 2 to use the floor2 VLAN, overriding any settings from AAA:WX4400# set location policy permit vlan floor2 if port 1-2See Also■ “clear location policy” on page 171■ “display location policy” on page 184set mac-user Configures a user profile in the local database on the WX switch for auser who can be authenticated by a MAC address, and optionally addsthe user to a MAC user group.
