Filter
Top Products
2. Click Add to add a new set of derivation rules. Enter a name for the set of rules, and click Add. The name
appears in the User Rules Summary list.
3. In the User Rules Summary list, select the name of the rule set to configure rules.
4. Click Add to add a rule. For Set Type, select the VLAN name or ID from the VLAN the drop-down menu. (You
can select VLAN to create d>erivation rules for setting the VLAN assigned to a client.)
5. Configure the condition for the rule by setting the Rule Type, Condition, Value parameters and optional
description of the rule. See Table 82 for descriptions of these parameters.
6. Select the role assigned to the client when this condition is met.
7. Click Add.
8. You can configure additional rules for this rule set. When you have added rules to the set, use the up or down
arrows in the Actions column to modify the order of the rules. (The first matching rule is applied.)
9. Click Apply.
10. (Optional) If the rule uses the DHCP-Option condition, best practices is to enable the Enforce DHCP
parameter in the AP group’s AAA profile, which requires users to complete a DHCP exchange to obtain an IP
address. For details on configuring this parameter in an AAA profile, see"Configuring Authentication" on page
318.
Configuring a User-derived Role or VLAN in the CLI
(host)(config) #aaa derivation-rules user <name>
set role|vlan
condition bssid|dhcp-option|dhcp-option-77|encryption-type|essid|location|macaddr
contains|ends-with|equals|not-equals|starts-with|value-of <string>
set-value <role>
position <number>
See Table 82 for descriptions of these parameters.
User-Derived Role Example
The example rule shown in Figure 83 below sets a user role for clients whose host name (DHCP option 12) has a
value of 6C6170746F70, which is the hexadecimal equivalent of the ASCII string
laptop
. The first two digits in the
Value field are the hexadecimal value of 12 (which is 0C), followed by the specific signature to be matched.
NOTE: There are many online tools available for converting ASCII text to a hexadecimal string.
Figure 83: DHCP Option Rule
To identify DHCP strings used by an individual device, access the command-line interface in config mode and issue
the following command to include DHCP option values for DHCP-DISCOVER and DHCP-REQUEST frames in
DellPowerConnectW-SeriesArubaOS6.2 | User Guide Rolesand Policies | 308