This article applies to Aruba Mobility Controllers running Aruba OS.
The DHCP option feature allows you to assign a user role or VLAN to a client device type by identifying a
DHCP signature for that device. DHCP-Option based UDR has the highest priority and cannot be overridden by further L2 authentication, unless RADIUS server sends “Aruba-No-DHCP-Fingerprint” VSA attribute during L2 auth.
Before creating a DHCP-Option based UDR (User Derivate Rule), one have to find the DHCP signature of a client which is specific to client operating system. This signature is sent by client in the initial DHCP discover packet and for this reason the new rules will not take effect until the user is completely deleted from the controller and rejoins.
Below debug need to be enabled on controller to identify DHCP signature :
- logging level debugging network subcat dhcp
- logging level debugging network process dhcpd
Below is the output shown from a controller
(Aruba) #show log network all | include ption
Jun 14 04:18:54 :202536: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan4: REQUEST 24:77:03:5d:b0:80 Transaction ID:0xf0a31ca6 reqIP=126.96.36.199 Options 3d:012477035db080 0c:41646d696e2d5043 51:00000041646d696e2d50432e726468696d616e2e776c616
NOTE: DHCP signature ID is not case sensitive and need to be entered removing the colon. For example, the above signature need to be entered as 37010f03062c2e2f1f2179f
Following is the DHCP-Option UDR configuration show from controller CLI:
NOTE: DHCP-Option-77 rules in UDR is only for wired-users.