[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Classifying DHCP Subscribers with the SRC CLI

Use the following configuration statements to configure DHCP classification scripts:

shared sae dhcp-classifier rule name {
target target; 

script script; 
}

shared sae dhcp-classifier rule name condition name ...

A classification script can contain either a target and a condition or a script. If you do not define a script, the classifier must have both a target and a condition.

To configure DHCP classification scripts:

  1. From configuration mode, enter the DHCP classifier configuration. In this sample procedure, the classifier is configured in the west-region SAE group.
  2. user@host# edit shared sae group west-region dhcp-classifier 
    
    
    
  3. Create a rule for the subscriber classifier. You can create multiple rules for the classifier.
  4. [edit shared sae group west-region dhcp-classifier]
    
    user@host# edit rule rule-1 
    
    
    
  5. Configure either a target or a script for the rule.
  6. (Optional) Configure the target for the rule.
  7. [edit shared sae group east-region dhcp-classifier rule rule-1]
    
    user@host# set target target 
    
    
    

OR

[edit shared sae group east-region dhcp-classifier rule rule-1]
user@host# set script script 

If you configure a target, see DHCP Classification Targets.

  1. If you configured a target for the rule, configure a match condition for the rule. You can create multiple conditions for the rule. See DHCP Classification Conditions.
  2. [edit shared sae group east-region dhcp-classifier rule rule-1]
    
    user@host# edit condition name 
    
    
    
  3. (Optional) Change the order of rules.
  4. [edit shared sae group east-region dhcp-classifier]
    
    user@host# insert rule rule-5 before rule-4 
    
    
    
  5. (Optional) Rename a rule.
  6. [edit shared sae group east-region dhcp-classifier]
    
    user@host# rename rule rule-2 to dhcp 
    
    
    
  7. (Optional) Verify the classifier rule configuration.
  8. [edit shared sae group east-region dhcp-classifier rule rule-1]
    
    user@host# show 
    
    target cn=default,<-dhcpProfileDN->;
    
    condition {
    
      1;
    
    }
    
    
    
  9. (Optional) Verify the DHCP classifier configuration.
  10. [edit shared sae group west-region dhcp-classifier]
    
    user@host# show 
    
    rule rule-1 {
    
      script "# DHCP classification script
    
    #
    
    # The DHCP classification script can use the following fields:
    
    #
    
    # interfaceName          - interface where DHCP DISCOVER was received.
    
    # ifAlias                - \"ip description\" of interface
    
    # ifDesc                 - SNMP standard name of interface
    
    # nasPortId              
    
    # virtualRouterName      - VR where DHCP DISCOVER was received
    
    # macAddress             - MAC address of DHCP client
    
    # dhcp                   - DHCP options
    
    # poolName               - DHCP Pool name set by authorization plug-in
    
    # authVirtualRouterName  - VR name set by authorization plug-in
    
    # dhcpProfileDN          - search base for DHCP Profiles
    
    
    
    ";
    
    }
    
    rule rule-2 {
    
      target cn=default,<-dhcpProfileDN->;
    
      condition {
    
        1;
    
      }
    
    }
    

DHCP Classification Conditions

DHCP classification conditions define match criteria that are used to find the DHCP profile. Use the fields in this section to define DHCP classification conditions.

authVirtualRouterName

dhcp

dhcpProfileDN

interfaceName

ifAlias

ifDesc

macAddress

nasPortId

poolName

virtualRouterName

DHCP Classification Targets

The target of the DHCP classification script uses a syntax similar to an LDAP URL. With the exception of baseDN, all fields are optional. The syntax is:

baseDN [ ? [ attributes ] [ ? [ scope ] [ ? [ filter ] ] ] ]

You can use the attribute configuration to override attributes in the directory. For example, to override the IP pool name that is stored in the DHCP profile with the pool name that the authorization plug-in sends, use the attribute statement radiusFramedPool=<-poolName->.


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]