Manualshelf

Release Notes

ManualsBrandsDell ManualsTVs & monitorsW-620
71727374757677787980
77 | aaa derivation-rules Dell Networking W-Series ArubaOS 6.4.x| Reference Guide
aaa derivation-rules
aaa derivation-rules user <name>
no ...
set {aaa-profile|role|vlan} condition <rule-type> <attribute> <value> set-value
{<role>|<vlan>} [description <rule description>][position <number>]
Description
This command configures rules which assigns a AAA profile, user role or VLAN to a client based upon the client’s
association with an AP.
A user role cannot be assigned by an AAA derivation rule unless the controller has an installed PEFNG license.
Syntax
Parameter Description
<name>
Name that identifies this set of user derivation rules.
no
Negates a configured rule.
set {role|vlan}
Specify whether the action of the rule is to set the role or the VLAN.
condition
Condition that should be checked to derive role/VLAN
<rule-type>
For a rule that sets an AAA profile, use the user-vlan rule type.
For a role or VLAN user derivation rule, select one of the following rules:
l bssid: BSSID of access point.
l dhcp-option: Use DHCP signature matching to assign a role or VLAN.
l dhcp-option-77: Enable DHCP packet processing.
l encryption-type: Encryption method used by station.
l essid: ESSID of access point.
l location: user location (ap name).
l macaddr: MAC address of user.
NOTE: If you use the dhcp-option rule type, best practices are to enable the
enforce-dhcp option in the AAA profile referenced by AP groups
Virtual AP profile.
<attribute><value>
Specify one of the following conditions:
l contains: Check if attribute contains the string in the <value> parameter.
l ends-with: Check if attribute ends with the string in the <value>
parameter.
l equals: Check if attribute equals the string in the <value> parameter.
l not-equals: Check if attribute is not equal to the string in the <value>
parameter.
l starts-with: Check if attribute starts with the string in the <value>
parameter.
set-value <role>|<vlan>
Specify the user role or VLAN ID to be assigned to the client if the above
condition is met.
description
Describes the user derivation rule. This parameter is optional and has a 128
character maximum.
position
Position of this rule relative to other rules that are configured.