Manualshelf

User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000
371372373374375376377378379380
Understanding Device Identification
The device identification feature allows you to assign a user role or VLAN to a specific device type by identifying
a DHCP option and signature for that device. If you create a user rule with the DHCP-Option rule type, the first
two characters in the Value field must represent the hexadecimal value of the DHCP option that this rule
should match, while the rest of the characters in the Value field indicate the DHCP signature the rule should
match. To create a rule that matches DHCP option 12 (host name), the first two characters of the in the Value
field must be the hexadecimal value of 12, which is 0C. To create a rule that matches DHCP option 55, the first
two characters in the Value field must be the hexadecimal value of 55, which is 37.
The following table describes some of the DHCP options that are useful for assigning a user role or VLAN.
DHCP Option Description Hexadecimal Equivalent
12 Host name 0C
55 Parameter Request List 37
60 Vendor Class Identifier 3C
81 Client FQDN 51
DHCP Option values
The device identification features in ArubaOS can also automatically identify different client device types and
operating systems by parsing the User-Agent strings in the clients HTTP packets. To enable this feature, select
the Device Type Classification option in the AP’s AAA profile. For details, see WLAN Authentication on page
421.
Configuring a User-derived VLAN in the WebUI
1. Navigate to the Configuration > Security > Authentication > User Rules page.
2. Click Add to add a new set of derivation rules. Enter a name for the set of rules, and click Add. The name
appears in the User Rules Summary list.
3. In the User Rules Summary list, select the name of the rule set to configure rules.
4. Click Add to add a rule. For Set Type, select the VLAN name or ID from the VLAN the drop-down menu.
(You can select VLAN to create d>erivation rules for setting the VLAN assigned to a client.)
5. Configure the condition for the rule by setting the Rule Type, Condition, Value parameters and optional
description of the rule. See Table 63 for descriptions of these parameters.
6. Select the role assigned to the client when this condition is met.
7. Click Add.
8. You can configure additional rules for this rule set. When you have added rules to the set, use the up or
down arrows in the Actions column to modify the order of the rules. (The first matching rule is applied.)
9. Click Apply.
10.(Optional) If the rule uses the DHCP-Option condition, best practices is to enable the Enforce DHCP
parameter in the AP group’s AAA profile, which requires users to complete a DHCP exchange to obtain an IP
address. For details on configuring this parameter in an AAA profile, seeWLAN Authentication on page 421.
Configuring a User-derived Role or VLAN in the CLI
(host)(config) #aaa derivation-rules user <name>
set role|vlan
condition bssid|dhcp-option|dhcp-option-77|encryption-type|essid|location|macaddr
contains|ends-with|equals|not-equals|starts-with|value-of <string>
set-value <role>
Dell Networking W-Series ArubaOS 6.4.x | User Guide Roles and Policies | 374