Assigning a security acl on a radius server, Clearing a security acl from a user or group – 3Com WX4400 3CRWX440095A User Manual

Assigning Authorization Attributes

495

You can set filters for incoming and outgoing packets:

„

Use acl-name.in to filter traffic that enters the WX switch from users
via a MAP access port or wired authentication port, or from the
network via a network port.

„

Use acl-name.out to filter traffic sent from the WX switch to users via
a MAP access port or wired authentication port, or from the network
via a network port.

For example, the following command applies security ACL acl-101 to
packets coming into the WX from user Jose:

WX1200# set user Jose attr filter-id acl-101.in
success: change accepted.

The following command applies the incoming filters of acl-101 to the
users who belong to the group eastcoasters:

WX1200# set usergroup eastcoasters attr filter-id acl-101.in
success: change accepted.

Assigning a Security ACL on a RADIUS Server

To assign a security ACL name as the Filter-Id authorization attribute of a
user or group record on a RADIUS server, see the documentation for your
RADIUS server.

Clearing a Security

ACL from a User or

Group

To clear a security ACL from the profile of a user, MAC user, or group of
users or MAC users in the local WX database, use the following
commands:

clear user username attr filter-id
clear usergroup groupname attr filter-id
clear mac-user username attr filter-id
clear mac-usergroup groupname attr filter-id

If you have assigned both an incoming and an outgoing filter to a user or
group, enter the appropriate command twice to delete both security
ACLs. Verify the deletions by entering the display aaa command and
checking the output.

To delete a security ACL from a user’s configuration on a RADIUS server,
see the documentation for your RADIUS server.