Manualshelf

CLI Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000
51525354555657585960
60 | aaa derivation-rules Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide
Usage Guidelines
The user role can be derived from attributes from the client’s association with an AP. User-derivation rules are
executed
before
the client is authenticated.
You configure the user role to be derived by specifying condition rules; when a condition is met, the specified user
role is assigned to the client. You can specify more than one condition rule; the order of rules is important as the
first matching condition is applied. You can also add a description of the rule.
The table below describes the conditions for which you can specify a user role or VLAN.
Rule Type Condition Value
bssid: Assign client to a role or VLAN based upon
the BSSID of AP to which client is associating.
One of the following:
l contains
l ends with
l equals
l does not equal
l starts with
MAC address (xx:xx:xx:xx:xx:xx)
dhcp-option: Assign client to a role or VLAN
based upon the DHCP signature ID.
One of the following:
l equals
l starts with
DHCP signature ID.
Note: This string is
not
case sensitive.
dhcp-option-77: Assign client to a role or VLAN
based upon the user class identifier returned by
DHCP server.
equals string
encryption-type: Assign client to a role or VLAN
based upon the encryption type used by the
client.
One of the following:
l equals
l does not equal
l Open (no encryption)
l WPA/WPA2 AES
l WPA-TKIP (static or dynamic)
l Dynamic WEP
l WPA/WPA2 AES PSK
l Static WEP
l xSec
essid: Assign client to a role or VLAN based upon
the ESSID to which the client is associated
One of the following:
l contains
l ends with
l equals
l does not equal
l starts with
l value of (does not
take
string
; attribute
value is used as role)
string
location: Assign client to a role or VLAN based
upon the ESSID to which the client is associated
One of the following:
l equals
l does not equal
string
macaddr: MAC address of the client One of the following:
l contains
l ends with
l equals
l does not equal
l starts with
MAC address (xx:xx:xx:xx:xx:xx)