Home > Motorola > Wireless > Motorola Wing 5 Manual

Motorola Wing 5 Manual

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 1128
    Add page 961 to Favourites
    image text
    Enable zoom 
    							ROLE-POLICY 20 - 3
20.1.1 default-role
role-policy
Assigns a default role to a wireless client that fails to find a matching role. Use this command to configure a wireless client 
not matching any role.
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
default-role use [ip-access-list|mac-access-list]
default-role use ip-access-list [in|out]  precedence 
default-role use mac-access-list [in|out]  precedence 
Parameters
• default-role use ip-access-list [in|out]  precedence 
default-role use Enables the configuration of a wireless client not matching any role
 Use – Enables the use of an IP or a MAC access list
ip-access-list [in|out] Enables the use of an IP access list
 in – Applies the rule to incoming packets
 out – Applies the rule to outgoing packets
 Specifies the IP access list
  – Sets the IP access list name
precedence 
After specifying the IP access list, specify the access list precedence value.
 precedence – Based on the packets received, the lower precedence value is 
evaluated first
  – Sets a precedence value from 1 - 100
    Add page 962 to Favourites
    image text
    Enable zoom 
    							20 - 4 WiNG CLI Reference Guide
• default-role use mac-access-list [in|out] MAC-ACCESS-LIST> precedence 
Examples
rfs7000-37FABE(config-role-policy-test)#default-role use ip-access-list in test 
precedence 1
rfs7000-37FABE(config-role-policy-test)#show context
role-policy test
 default-role use ip-access-list in test precedence 1
rfs7000-37FABE(config-role-policy-test)#
Related Commands
default-role use Enables the configuration of a wireless client not matching any role
 Use – Enables the use of an IP or MAC access list
mac-access-list [in|out] Enables the use of a MAC access list
 in – Applies the rule to incoming packets
 out – Applies the rule to outgoing packets
 Specifies the MAC access list
  – Sets the MAC access list name
precedence 
After specifying the MAC access list, specify the ACL precedence value.
 precedence – Based on the packets received, the lower precedence value is evaluated 
first
  – Sets a precedence value from 1 - 100
noRemoves the default role assigned to a client
ip-access-listCreates a new IP based access list. Access lists control access to the network using a set 
of rules. Each rule specifies an action taken when a packet matches a given set of rules. If 
the action is deny, the packet is dropped. If the action is permit, the packet is allowed.
    Add page 963 to Favourites
    image text
    Enable zoom 
    							ROLE-POLICY 20 - 5
20.1.2 no
role-policy
Negates a command or resets settings to their default. When used in the config role policy mode, the no command 
removes the default role assigned to a wireless client. It also disables existing user roles from being assigned to new 
users.
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
no [default-role|user-role]
no default-role use [ip-access-list|mac-access-list]
no default-role use ip-access-list [in|out]  precedence 
no default-role use mac-access-list [in|out]  precedence 
no user-role 
Parameters
• no default-role use ip-access-list [in|out]  precedence 
no default-role use Removes the default role assigned to a wireless client
 Use – Disables the use of an IP or MAC access list
ip-access-list [in|out] Disables the use of an IP access list
 in – Removes the rule applied to incoming packets
 out – Removes the rule applied to outgoing packets
 Specifies the IP access list to remove
  – Sets the IP access list name
precedence 
After specifying the IP access list, specify the ACL precedence value applied.
 precedence – Based on the packets received, the lower precedence value is evaluated 
first.
  – Specify the precedence value from 1 - 100.
    Add page 964 to Favourites
    image text
    Enable zoom 
    							20 - 6 WiNG CLI Reference Guide
• no default-role use mac-access-list [in|out]  precedence 
• no user-role 
Examples
rfs7000-37FABE(config-role-policy-test)#no default-role use ip-access-list in test 
precedence 1
rfs7000-37FABE(config-role-policy-test)#show context
role-policy test
 role role1 precedence 1
rfs7000-37FABE(config-role-policy-test)#
Related Commands
no default-role use Removes the default role assigned to a wireless client
 Use – Disables the use of an IP or MAC access list
mac-access-list [in|out] Disables the use of a MAC access list
 in – Removes the rule applied to incoming packets
 out – Removes the rule applied to outgoing packets
 Specifies the MAC access list to remove
  – Sets the MAC access list name
precedence 
After specifying the MAC access list to remove, specify the ACL precedence value 
applied.
 precedence – Based on the packets received, the lower precedence value is evaluated 
first.
  – Specify the precedence value from 1 - 100.
no user-role Deletes a user role
  – Specify the user role name.
default-roleAssigns a default role to a wireless client
user-role commandsCreates a role and associates it to the newly created role policy
    Add page 965 to Favourites
    image text
    Enable zoom 
    							ROLE-POLICY 20 - 7
20.1.3 user-role
role-policy
This command creates a user defined role and associates it to a role policy. This command defines a number of settings 
used to assign a user defined role to the role policy.
user-roleCreates a user defined role
user-role commandsSummarizes the user role commands
    Add page 966 to Favourites
    image text
    Enable zoom 
    							20 - 8 WiNG CLI Reference Guide
20.1.3.1 user-role
user-role
Creates a user defined role. A user defined role configures a set of rules for this role.
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
user-role  precedence 
Parameters
• user-role  precedence 
Examples
rfs7000-37FABE(config)#role-policy test
rfs7000-37FABE(config-role-policy-test)#show context
role-policy test
 default-role use ip-access-list in test precedence 1
rfs7000-37FABE(config-role-policy-test)#user-role testing precedence 10
rfs7000-37FABE(config-role-policy-test-user-role-testing)#
rfs7000-37FABE(config-role-policy-test-user-role-testing)#show context
 user-role testing precedence 10
 default-role use ip-access-list in test precedence 1
Related Commands
user-role  Configures the user defined role name
  – Sets the user defined role name
precedence  Configures the rule precedence
  – Sets the precedence for this role. If multiple roles match, then the 
role with the lower precedence number is selected.
noRemoves the user defined role assigned to a client
    Add page 967 to Favourites
    image text
    Enable zoom 
    							ROLE-POLICY 20 - 9
20.1.3.2 user-role commands
role-policy
Table 20.2 summarizes user role commands
Table 20.2user-role Commands
Commands Description Reference
ap-locationSets an AP’s deployment locationpage 20-10
authentication-
typeSelects an authentication type for a user rolepage 20-11
captive-portalDefines a captive portal role based filterpage 20-13
encryption-typeSelects the encryption typepage 20-14
groupSets a group configuration for the rolepage 20-16
mu-macConfigures the client MAC addresses for the role based firewallpage 20-17
noNegates a command or sets its defaultpage 20-18
ssidSpecifies a SSIDpage 20-21
useDefines the settings used with the role policypage 20-23
clrscrClears the display screenpage 5-3
commitCommits (saves) changes made in the current sessionpage 5-4
doRuns commands from EXEC modepage 4-66
endEnds and exits the current mode and moves to the PRIV EXEC modepage 5-5
exitEnds the current mode and moves to the previous modepage 5-6
helpDisplays the interactive help systempage 5-7
revertReverts changes to their last saved configurationpage 5-13
serviceInvokes service commands to troubleshoot or debug 
(config-if) instance 
configurationspage 5-14
showDisplays running system informationpage 6-4
writeWrites the system running configuration to memory or terminalpage 5-42
    Add page 968 to Favourites
    image text
    Enable zoom 
    							20 - 10 WiNG CLI Reference Guide
20.1.3.2.1  ap-location
user-role commands
Sets an AP’s deployment location
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
ap-location [any|contains|exact|not-contains]
ap-location any
ap-location [contains|exact|not-contains] 
Parameters
• ap-location any
• ap-location [contains|exact|not-contains] 
Examples
rfs7000-37FABE(config-role-policy-test-user-role-testing)#ap-location contains 
office
rfs7000-37FABE(config-role-policy-test-user-role-testing)#
rfs7000-37FABE(config-role-policy-test-user-role-testing)#show context
 user-role role1 precedence 1
 ap-location contains office
rfs7000-37FABE(config-role-policy-test-user-role-testing)#
Related Commands
ap-location any Defines an AP’s location as any
contains  Defines an AP location that contains a specified string
  – Sets a string to match
exact  Defines an AP location that contains the exact specified string
  – Sets an exact string to match
not-contains  Defines an AP location that does not contain the string
  – Sets a string that does not match the AP location
noRemoves an AP’s deployment location
    Add page 969 to Favourites
    image text
    Enable zoom 
    							ROLE-POLICY 20 - 11
20.1.3.2.2  authentication-type
user-role commands
Selects the authentication type for this user role
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
authentication-type [any|eq|neq]
authentication-type any
authentication-type [eq|neq] [eap|kerberos|mac-auth|none] 
{(eap|kerberos|mac-auth|none)}
Parameters
• authentication-type any
any The authentication type is any supported type
    Add page 970 to Favourites
    image text
    Enable zoom 
    							20 - 12 WiNG CLI Reference Guide
• authentication-type [eq|neq] [eap|kerberos|mac-auth|none] {(eap|kerberos|mac-auth|
none)}
Examples
rfs7000-37FABE(config-role-policy-test-user-role-testing)#authentication-type eq 
kerberos
rfs7000-37FABE(config-role-policy-test-user-role-testing)#show context
 user-role role1 precedence 1
  authentication-type eq kerberos
  ap-location contains office
rfs7000-37FABE(config-role-policy-test-user-role-testing)#
Related Commands
eq [eap|kerberos|mac-auth|
none]The authentication type equals one of the following types:
 eap – Extensible authentication protocol
 kerberos – Kerberos authentication
 mac-auth – MAC authentication protocol
 none – no authentication used
These parameters are recursive, and you can configure more than one unique 
authentication type for this user role.
neq [eap|kerberos|
mac-auth|none]The authentication type does not match one or more of the following types:
 eap – Extensible authentication protocol
 kerberos – Kerberos authentication
 mac-auth – MAC authentication protocol
 none – no authentication used
These parameters are recursive, and you can configure more than one unique ‘not equal 
to’ authentication type for this user role.
noRemoves the authentication type configured for a user role
    All Motorola manuals Comments (0)