388| Roles and Policies AOS-W 6.5.3.x| User Guide
In the CLI
(host)(config) #aaa profile <profile>
Working with User-Derived VLANs
Attributes derived from the client’s association with an AP can be used to assign the client to a specific role or
VLAN, as user-derivation rules are executed before the client is authenticated.
You configure the user role or VLAN to be assigned to the client by specifying condition rules; when a condition
is met, the specified user role or VLAN is assigned to the client. You can specify more than one condition rule;
the order of rules is important as the first matching condition is applied. You can optionally add a description
of the user rule.
Table 88 describes the conditions for which you can specify a user role or VLAN.
Rule Type Condition Value
BSSID: Assign client to a role or VLAN
based upon the BSSID of AP to which client
is associating.
One of the following:
n contains
n ends with
n equals
n does not equal
n starts with
MAC address (xx:xx:xx:xx:xx:xx)
DHCP-Option: Assign client to a role or
VLAN based upon the DHCP signature ID.
One of the following:
n equals
n starts with
DHCP signature ID.
NOTE: This string is not case
sensitive.
DHCP-Option-77: Assign client to a role or
VLAN based upon the user class identifier
returned by DHCP server.
equals string
Encryption: Assign client to a role or VLAN
based upon the encryption type used by
the client.
One of the following:
n equals
n does not equal
n Open (no encryption)
n WPA/WPA2 AES
n WPA-TKIP (static or dynamic)
n Dynamic WEP
n WPA/WPA2 AES PSK
n Static WEP
n xSec
Table 88: Conditions for a User-Derived Role or VLAN
To Next Page
Loading...