246 CHAPTER 8: AAA C OMMANDS modify rule-number — Replaces the rule in the location policy withthe new rule. Specify the number of the existing location policy rule.(To determine the number, use the display location policycommand.) port port-list — List of physical port(s) by which to determine if thelocation policy rule applies.Defaults — By default, users are permitted VLAN access and assignedsecurity ACLs according to the VLAN-Name and Filter-Id attributesapplied to the users during normal authentication and authorization.Access — Enabled.History —Introduced in MSS Version 3.0. SSID option added in MSSVersion 3.2.Usage — Only a single location policy is allowed per WX switch. Onceconfigured, the location policy becomes effective immediately. To disablelocation policy operation, use the clear location policy command.Conditions within a rule are ANDed. All conditions in the rule must matchfor MSS to take the specified action. If the location policy containsmultiple rules, MSS compares the user information to the rules one at atime, in the order the rules appear in the switch’s configuration file,beginning with the rule at the top of the list. MSS continues comparinguntil a user matches all conditions in a rule or until there are no morerules.The order of rules in the location policy is important to ensure users areproperly granted or denied access. To position rules within the locationpolicy, use before rule-number and modify rule-number in the setlocation policy command, and the clear location policy rule-numbercommand.When applying security ACLs:Use inacl inacl-name to filter traffic that enters the switch from users viaa MAP access port or wired authentication port, or from the network viaa network port.Use outacl outacl-name to filter traffic sent from the switch to users via aMAP access port or wired authentication port, or from the network via anetwork port.
