allowed-locations

Configures an allowed-locations tag and associates locations (RF Domains/sites/tree-node paths) with the tag. In the management policy, create an allowed-locations tag and associate it with a user to restrict the user's access to the locations associated with the tag.

Note

Note

The allowed-locations tag is ONLY applicable to the WiNG 'device-provisioning-admin' user. By applying the allowed-locations tag, the device provisioning user will only be able to provision devices that fall within his/her purview of responsibility.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

allowed-locations <WORD> locations [NONE|ALL|<LIST-OF-LOCATIONS>]

Parameters

allowed-locations <WORD> locations [NONE|ALL|<LIST-OF-LOCATIONS>]
allowed-locations <WORD> Configures a location tag and associates a single or multiple locations (RF Domains/sites/tree-node paths) with the tag
  • <WORD> – Provide a location tag name not exceeding 32 characters in length. The name should be user-friendly and should easily identify the associated locations.
locations [NONE|ALL| <LIST-OF-LOCATIONS>] Associates locations with the above created location tag
  • NONE – Use this option to specify that this allowed-locations tag has no associated locations. Users associated with this location tag will have access to none of the RF Domains/sites/tree-node paths defined within your managed network.
  • ALL – Use this option to specify that this allowed-locations tag is associated with all locations within your managed network. Users associated with this location tag will have access to all RF Domains/sites/tree-node paths defined within your managed network.
  • <LIST-OF-LOCATIONS> – Use this option to associate a list of locations with this allowed-locations tag. You can associate a single RF Domain or multiple RF Domains (for example, test1 test2 test3). You can also define the location as a single tree-node path (for example, /US/CA/SJ/Site-1) or multiple tree-node paths (for example, /US/CA/SJ/SJSite-1 /US/CA/LA/LACampus-1).Users associated with this location tag will have access only to RF Domains or sites associated with this tag.
Note:

After configuring the allowed locations tag, use the user command to associate this tag with a device-provisioning-admin user. Once associated, the device-provisioning-admin user will have access only to the RF Domains/sites associated with this tag.

Example

nx9500-6C8809(config-management-policy-test)#allowed-locations TechPubs locations /US/CA/SJ/TechPubs
nx9500-6C8809(config-management-policy-test)#allowed-locations TEST locations NONE
nx9500-6C8809(config-management-policy-test)#show context
management-policy test
 telnet
 no http server
 https server
 ssh
 user admin password 1 superuser role superuser access all
 allowed-location TEST locations NONE
 allowed-location TechPubs locations /US/CA/SJ/TechPubs
nx9500-6C8809(config-management-policy-test)#

An allowed-locations tag can be associated with multiple RF Domains, as shown in the following example:

nx9500-6C8809(config-management-policy-test1)#show context
management-policy test1
 telnet
 no http server
 https server
 ssh
 user admin1 password 1 superuser1 role superuser access all
 user dev-admin1 password 1 dev-admin1 role device-provisioning-admin access all allowed-locations SanJose                                                          e
 allowed-location TEST locations None
 allowed-location TechPubs locations /US/CA/SJ/TechPubs
 allowed-location SanJose locations test1 test2 test3
nx9500-6C8809(config-management-policy-test1)#

An allowed-locations tag can be associated with multiple tree-node paths as shown in the following example:

nx9500-6C8809(config-management-policy-test2)#show context
management-policy test2
 telnet
 no http server
 https server
 ssh
 user admin2 password 1 superuser2 role superuser access all
 user dev-admin2 password 1 dev-admin2 role device-provisioning-admin access allowed-locations California
 allowed-location California locations /US/CA/SJ/SJEngineering /US/CA/LA/LAEngineering
nx9500-6C8809(config-management-policy-test2)#
Note

Note

For more information on configuring tree-node on an RF Domain, refer to tree-node.

Related Commands

no Removes an allowed-locations configuration