Concept Guide

Table Of Contents
841| show aaa derivation-rules Dell Networking W-Series ArubaOS 6.5.x| Reference Guide
Parameter Description
Priority
The priority in which the rules are applied. Rules at the top of the list are
applied before rules at the bottom.
Attribute
This is the attribute returned by the authentication server that is examined for
Operation and Operand match
Operation
This is the match method by which the string in Operand is matched with the
attribute value returned by the authentication server.
l contains The rule is applied if and only if the attribute value contains the
string in parameter Operand.
l starts-with The rule is applied if and only if the attribute value returned
starts with the string in parameter Operand.
l ends-with The rule is applied if and only if the attribute value returned
ends with the string in parameter Operand.
l equals The rule is applied if and only if the attribute value returned
equals the string in parameter Operand.
l not-equals The rule is applied if and only if the attribute value returned
is not equal to the string in parameter Operand.
l value-of This is a special condition. What this implies is that the role or
VLAN is set to the value of the attribute returned. For this to be successful,
the role and the VLAN ID returned as the value of the attribute selected
must be already configured on the controller when the rule is applied.
Operand
This is the string to which the value of the returned attribute is matched.
Action
This parameter identifies whether the rule sets a server group role (set role)
or a VLAN (set vlan).
Value
Sets the user role or VLAN ID to be assigned to the client if the condition is
met.
Total Hits
Number of times the rule has been applied since the last server reboot.
New Hits
Number of times the rule has been applied since the show aaa derivation-
rules command was last issued.
To display derivation rules for a user group, include the user <name> parameter. You can also display a table
of all user rules by including the user parameter, but omitting the <name> parameter
(host) #show aaa derivation-rules user user44
User Rule Table
---------------
Priority Attribute Operation Operand Action Value Total Hits New Hits
Description
-------- --------- --------- ------- ------ ----- ---------- -------- ----------
-
1 location equals ap23 set role guest 56 18
guestrole1
The following data columns appear in the output of this command: