248 CHAPTER 8: AAA C OMMANDS display aaa on page 223 set authentication admin on page 233 set authentication console on page 235 set authentication dot1x on page 237 set authentication last-resort on page 240set location policy Creates and enables a location policy on an WX switch. The locationpolicy enables you to locally set or change authorization attributes for auser after the user is authorized by AAA, without making changes to theAAA server.Syntax — set location policy deny if {ssid operator ssid-name| vlan operator vlan-glob | user operator user-glob | portport-list | dap dap-num} [before rule-number | modifyrule-number ]Syntax — set location policy permit{vlan vlan-name | inacl inacl-name | outacl outacl-name}if {ssid operator ssid-name | vlan operator vlan-glob | useroperator user-glob | port port-list | dap dap-num}[before rule-number | modify rule-number] deny — Denies access to the network to users with characteristics thatmatch the location policy rule. permit — Allows access to the network or to a specified VLAN,and/or assigns a particular security ACL to users with characteristicsthat match the location policy rule. Action options — For a permit rule, MSS changes the attributesassigned to the user to the values specified by the following options: vlan vlan-name — Name of an existing VLAN to assign to users withcharacteristics that match the location policy rule. inacl inacl-name — Name of an existing security ACL to apply topackets sent to the WX switch with characteristics that match thelocation policy rule.Optionally, you can add the suffix .in to the name. outacl outacl-name — Name of an existing security ACL to apply topackets sent from the WX switch with characteristics that match thelocation policy rule.
