Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 304/305 Access Points

191

192

193

194

195

196

197

198

199

200

RADIUS VSA Attributes

The user role can be derived from Dell Vendor-Specific Attributes (VSA) for RADIUS server authentication. The

role derived from a Dell VSA takes precedence over roles defined by other methods.

MAC-Address Attribute

The first three octets in a MAC address are known as Organizationally Unique Identifier (OUI), and are

purchased from the Institute of Electrical and Electronics Engineers, Incorporated (IEEE) Registration Authority.

This identifier uniquely identifies a vendor, manufacturer, or other organization (referred to by the IEEE as the

“assignee”) globally and effectively reserves a block of each possible type of derivative identifier (such as MAC

addresses) for the exclusive use of the assignee.

W-IAPs use the OUI part of a MAC address to identify the device manufacturer and can be configured to assign

a desired role for users who have completed 802.1X authentication and MAC authentication. The user role can

be derived from the user attributes after a client associates with an W-IAP. You can configure rules to assign a

user role to clients that match a MAC-address-based criteria. For example, you can assign a voice role to any

client with a MAC address starting with a0:a1:a2.

Roles Based on Client Authentication

The user role can be the default user role configured for an authentication method, such as 802.1X

authentication. For each authentication method, you can configure a default role for the clients who are

successfully authenticated using that method.

DHCP Option and DHCP Fingerprinting

The DHCP fingerprinting allows you to identify the operating system of a device by looking at the options in

the DHCP frame. Based on the operating system type, a role can be assigned to the device.

For example, to create a role assignment rule with the DHCP option, select equals from the Operator drop-

down list and enter 370103060F77FC in the String text box. Since 370103060F77FC is the fingerprint for

Apple iOS devices such as iPad and iPhone, W-IAP assigns Apple iOS devices to the role that you choose.

Device DHCP Option DHCP Fingerprint

Apple iOS Option 55 370103060F77FC

Android Option 60 3C64686370636420342E302E3135

Blackberry Option 60 3C426C61636B4265727279

Windows 7/Vista Desktop Option 55 37010f03062c2e2f1f2179f92b

Windows XP (SP3, Home,

Professional)

Option 55 37010f03062c2e2f1f21f92b

Windows Mobile Option 60 3c4d6963726f736f66742057696e646f777320434500

Windows 7 Phone Option 55 370103060f2c2e2f

Apple Mac OS X Option 55 370103060f775ffc2c2e2f

Table 41: Validated DHCP Fingerprint

Creating a Role Derivation Rule

You can configure rules for determining the role that is assigned for each authenticated client.

Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide Roles and Policies | 198