Priority of UDR (User Derivation Rule) rules

Aruba Employee
Aruba Employee
The process of deriving VLAN through various methods is a very widely used  functionality.

Vlan hardening changes are done in order to:
  • Have a predictable scheme of derivation and well defined priorities.
  • Have a history of VLANs derived.
  • Capture better debugging logs.
  • Have clear areas where VLAN information is communicated with STM
  • Check using show commands what VLANs would count for a contention if a current VLAN is to be chosen.

Below step by Step Flow of VLANs Derivation:

  • After Client Associates and Station UP
  • Controller stores the Default incoming VLAN
  • Does Vlan derivation from the initial role and store it.
  • Does Vlan derivation from UDR or UDR based role and store the Vlan.
  • Does Vlan derivation from mac-auth or dot1x auth if authenticated. Honor SDR if configured.
  • Does Vlan derivation from any VSA if configured.
  • Checks if any dhcp-option based UDR is configured under AAA profile.
  • Controller allocates the correct vlan to client based on the highest priority rule.

Below is the diagram explains the lowest and highest priority of UDR to assign VLAN.





















Version history
Revision #:
1 of 1
Last update:
‎07-01-2014 05:13 PM
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: