access-control

Use the access-control command to configure access to APs and/or controllers assigned this role. The access-control command is accessible from within the role:<named-role> context.

access-control (none | no-change | allow | deny | new | containment vlan-id |redirect)

Parameters

none Specifies no access allowed.
no-change Specifies no change to current access status (keep using previous role/filter).
allow Specifies access allowed.
deny Specifies access denied.
new Specifies new.
containment vlan-id Specifies a containment VLAN access, by the VLAN ID.
redirect Specifies redirection based on policy rules.

Usage

If the access-control command is set to no-change, any filters that exist in the previous role are applied to this station. For example, if the previous role is the default-role, default-role filters are applied to this station.

The show named-role command, within the role context, and the show command, within a role:<named-role> context, specify the current role-status command setting with the line “Do not change role settings when this Role is applied:”.

Examples

The following example enables access to AC and AP filter configuration within the p1 <named-role> context:

EWC.extremenetworks.com:role:p1# access-control no-change
EWC.extremenetworks.com:role:p1# apply
EWC.extremenetworks.com:role:p1# show
Assigned topology: Seg1_Routed
Ingress rate profile: no change
Egress rate profile: no change
Do not change role settings when this Role is applied: enable
Name: Auth
Synchronize: disable