User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

371

372

373

374

375

376

377

378

379

380

373 | Roles and Policies Dell Networking W-Series ArubaOS 6.4.x| User Guide

Working with User-Derived VLANs

Attributes derived from the client’s association with an AP can be used to assign the client to a specific role or

VLAN, as user-derivation rules are executed before the client is authenticated.

You configure the user role or VLAN to be assigned to the client by specifying condition rules; when a condition

is met, the specified user role or VLAN is assigned to the client. You can specify more than one condition rule;

the order of rules is important as the first matching condition is applied. You can optionally add a description

of the user rule.

Table 63 describes the conditions for which you can specify a user role or VLAN.

Rule Type Condition Value

BSSID: Assign client to a role or VLAN

based upon the BSSID of AP to which client

is associating.

One of the following:

l contains

l ends with

l equals

l does not equal

l starts with

MAC address (xx:xx:xx:xx:xx:xx)

DHCP-Option: Assign client to a role or

VLAN based upon the DHCP signature ID.

One of the following:

l equals

l starts with

DHCP signature ID.

NOTE: This string is not case

sensitive.

DHCP-Option-77: Assign client to a role or

VLAN based upon the user class identifier

returned by DHCP server.

equals string

Encryption: Assign client to a role or VLAN

based upon the encryption type used by

the client.

One of the following:

l equals

l does not equal

l Open (no encryption)

l WPA/WPA2 AES

l WPA-TKIP (static or dynamic)

l Dynamic WEP

l WPA/WPA2 AES PSK

l Static WEP

l xSec

ESSID: Assign client to a role or VLAN

based upon the ESSID to which the client is

associated

One of the following:

l contains

l ends with

l equals

l does not equal

l starts with

l value of (does not

take string;

attribute value is

used as role)

string

Location: Assign client to a role or VLAN

based upon the ESSID to which the client is

associated

One of the following:

l equals

l does not equal

string

MAC address of the client One of the following:

l contains

l ends with

l equals

l does not equal

l starts with

MAC address (xx:xx:xx:xx:xx:xx)

Table 63: Conditions for a User-Derived Roleor VLAN