Requirement:How to use the Device Name as the User Name for a Non-802.1x authenticated Clients?
The controllers should be running minimum AOS: 6.5.x or above.
Solution:
By default for all Non-802.1x authenticated client, the MAC address of the host device were used as the user name. Using the MAC address it was difficult to identify the host. So starting from AOS: 6.5.x we have introduced an option called "Set username from dhcp option 12" under the aaa profile. When this option is set it will use the Device Name as the User Name for the Non-802.1x authenticated clients.
This option is disabled by default. When this option is enabled it gets the device name using the DHCP option 12 and uses it as the user name for the host. After enabling this option it is mandatory for the client/host to go through the DHCP transaction at least once so that the controller can capture the DHCP option 12 and use it as the user name.
Configuration:Configuring username-from-dhcp-opt12:
(Aruba-Master) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba-Master) (config) #aaa profile test-aaa
(Aruba-Master) (AAA Profile "test-aaa") #username-from-dhcp-opt12
(Aruba-Master) (AAA Profile "test-aaa") #exit
Verification
(Aruba-Master7240) #show aaa profile test-aaa
AAA Profile "test-aaa"
---------------------
Parameter Value
--------- -----
Initial role logon
MAC Authentication Profile N/A
MAC Authentication Default Role guest
MAC Authentication Server Group default
802.1X Authentication Profile N/A
802.1X Authentication Default Role guest
802.1X Authentication Server Group N/A
Download Role from CPPM Disabled
Set username from dhcp option 12 Enabled
L2 Authentication Fail Through Disabled
Multiple Server Accounting Disabled
User idle timeout N/A
Max IPv4 for wireless user 2
RADIUS Accounting Server Group N/A
RADIUS Interim Accounting Disabled
XML API server N/A
RFC 3576 server N/A
User derivation rules N/A
Wired to Wireless Roaming Enabled
SIP authentication role N/A
Device Type Classification Enabled
Enforce DHCP Disabled
PAN Firewall Integration Disabled
Open SSID radius accounting Disabled
Example:
Before enabling username-from-dhcp-opt12:
(Aruba-Master7240) #show user-table
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- ---------
20.20.20.1 f0:1f:af:52:42:9f logon 00:00:01 0/0/1 Wired test-aaa tunnel
User Entries: 1/1
Curr/Cum Alloc:1/8 Free:0/7 Dyn:1 AllocErr:0 FreeErr:0
After enabling username-from-dhcp-opt12:
(Aruba-Master7240) #show user-table
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- ---------
20.20.20.1 f0:1f:af:52:42:9f Test-aruba-PC logon 00:00:01 0/0/1 Wired test-aaa tunnel Windows
User Entries: 1/1
Curr/Cum Alloc:1/8 Free:0/7 Dyn:1 AllocErr:0 FreeErr:0
In the above example the Test-aruba-PC is the the computer name on the host. The controller reads the device name from DHCP option 12 and it reflects in the above output.