Assigning a security acl to a user or a group, Assigning a security acl locally – 3Com WX4400 3CRWX440095A User Manual

494

C

HAPTER

21: C

ONFIGURING

AAA

FOR

N

ETWORK

U

SERS

All of the authorization attributes listed in Table 40 on page 448 can be
specified in a service profile except ssid.

Assigning a Security

ACL to a User or a

Group

Once a security access control list (ACL) is defined and committed, it can
be applied dynamically and automatically to users and user groups
through the 802.1X authentication and authorization process. When you
assign a Filter-Id attribute to a user or group, the security ACL name value
is entered as an authorization attribute into the user or group record in
the local WX database or RADIUS server.

If the Filter-Id value returned through the authentication and
authorization process does not match the name of a committed security
ACL in the WX, the user fails authorization and cannot be connected.

(For details about security ACLs, see Chapter 19, “Configuring and
Managing Security ACLs,” on page 377.)

Assigning a Security ACL Locally

To use the local WX database to restrict a user, a MAC user, or a group of
users or MAC users to the permissions stored within a committed security
ACL, use the commands shown in Table 44.

Table 44 Commands for Assigning a Security ACL Locally

Security ACL Target Commands

User authenticated
by a password

set user username attr filter-id acl-name.in

set user username attr filter-id acl-name.out

Group of users
authenticated by a
password

set usergroup groupname attr filter-id acl-name.in

set usergroup groupname attr filter-id acl-name.out

User authenticated
by a MAC address

set mac-user username attr filter-id acl-name.in

set mac-user username attr filter-id acl-name.out

Group of users
authenticated by a
MAC address

set mac-usergroup groupname attr filter-id acl-name.in

set mac-usergroup groupname attr filter-id acl-name.out