I have used this to deny my andriods with dhcpfingerprint,but I want to allow to someone to access to the internet。There I have tried to create rules with mac-address to allow my andriod to access to internet ,at the same time , the other devices are allowed to access to internet ,too.This is what I don't want to see. I don't known you can understand my words.
policies :
ip access-list session mdac
user any udp 68 deny log
user any svc-icmp permit
user any svc-dns permit
aaa derivation-rules user devices
set role condition macaddr equals "84:74:2a:f9:ee:af" set-value authenticated description "myandriod"
set role condition dhcp-option equals "0c616E64726F69645F" set-value devices-ctrl description "andriod 2.3"
set role condition dhcp-option equals "3c6468637063642034" set-value devices-ctrl description "andriod 2"
set role condition dhcp-option equals "37010f03062c2e2f1f217" set-value devices-ctrl description "unkown1"
set role condition dhcp-option equals "37012103060f1c333a3b" set-value devices-ctrl description "andriod4.x"
my device's derivation-rules is devices ,but it can't access to internet.