Configuring Client-Classes
You can differentiate client services in the following ways:
- Register clients using the Cisco Prime Network Registrar database (this section) or the Lightweight Directory Access Protocol (see Configuring Cisco Prime Network Registrar to Use LDAP).
- Register intermediary devices (such as cable modems) so that you can differentiate their upstream clients by class of service.
- Use the contents of client
packets without the foreknowledge of client data:
- Known DHCP options that can be in the packet, such as the dhcp-user-class-id DHCP option (77), or the radius-attribute suboption of the relay-agent-info DHCP option (82, see Processing Client Data Including External Sources).
- Other data in the packet to extract using an expression in the client-class-lookup-id DHCP server attribute (see Calculating Client-Classes and Creating Keys).
- Use a two-stage process of first creating a client-class to assign clients, then set a client-lookup-id for certain clients (see Expression Processing for Subscriber Limitation).
Related Topics
Setting Selection Tags on Scopes and Prefixes
Defining Client-Class Hostname Properties
Editing Clients and Their Embedded Policies
Client-Class Process
Enable or disable client-class processing for the DHCP server and apply a set of properties to groups of clients. With client-class enabled, the server assigns the client to an address from a matching DHCPv4 scope or DHCPv6 prefix. The server acts according to the data in the packet. To configure client-classes:
- Enable client-class processing for the DHCP server.
- Define client-classes that include or exclude selection tags (criteria).
- Apply the selection tags to specific scopes or prefixes (or their templates).
- Assign clients to these classes.
This process is for clients configured through Cisco Prime Network Registrar. For processing affected by data from external sources, see Processing Client Data Including External Sources.
Defining Client-Classes
You enable and define client-classes at the server level.
Local Web UI
Procedure
Step 1 |
To enable client-classes, in the Basic or Advanced mode:
|
Step 2 |
From the Design menu, choose Client Classes under the DHCP Settings submenu to open the List/Add DHCP Client Classes page. |
Step 3 |
Click the Add Client Classes icon in the Client Classes pane to open the Add DHCP Client Class dialog box. |
Step 4 |
Enter a name for the client-class. |
Step 5 |
Set other client-class properties. The hostname and domain name attributes are mainly used for DNS updates if not using a DNS update configuration (see Creating DNS Update Configurations). The hostname properties are described in Defining Client-Class Hostname Properties. You can also choose the appropriate policy for the client-class. |
Step 6 |
Click Add Client Class. |
Step 7 |
Define the selection criteria. The critical step in creating a client-class is defining its selection criteria so that you can associate the client-class with a DHCPv4 scope or DHCPv6 prefix. Use the selection-criteria attribute (see also Table 24). You can enter multiple selection tags by separating them with commas. The values have to match the selection tags set for the desired scope or prefix (see Setting Selection Tags on Scopes and Prefixes). |
Step 8 |
To add an embedded policy to the client-class, see Editing Clients and Their Embedded Policies. |
Step 9 |
Click Save. |
Step 10 |
Debug as needed. To debug client-class errors, enable the client-criteria-processing attribute in the Log Settings section of the Local DHCP Server page. |
Step 11 |
To delete a client-class, select the client and click the Delete Client Classes icon in the Client Classes pane on the left, and confirm the deletion. |
CLI Commands
Enable client-classes by using dhcp enable client-class . To create the client-class, use client-class name create . The name should clearly identify its intent. It is not case-sensitive; classPC is the same as Classpc.
Set properties of the clients in the client-class by using client-class name set attribute= value. For example, set the desired policy to associate with the client-class by using client-class name set policy-name= value. Associate a scope with the client-class by using client-class name set selection-criteria . (See the Setting Selection Tags on Scopes and Prefixes).
Show the properties of a created client-class by using client-class name [show ]. You can also list the properties for all the client-classes created, or list just their names. To debug the client-class processing, use dhcp set log-settings=client-criteria-processing . To delete the client-class, use client-class name delete .
Configuring DHCPv6 Client-Classes
You can configure DHCPv6 client-class attributes, which are:
- v6-client-lookup-id —Key value to use to look up the DHCPv6 client in the client database (locally or through LDAP), specified as an expression that evaluates to a string (or a blob as a valid string).
- v6-override-client-id —Value that replaces any client-identity value in an incoming packet, specified as an expression that evaluates to a blob.
Local Advanced Web UI
From the Design menu, choose Clients under the DHCP Settings submenu to open the List/Add DHCP Clients page. Select an existing client to open the Edit DHCP Client page or click the Add Clients icon on Clients pane to add a new client-class, choose the client-class that includes the DHCPv6 attributes that were set (see Configuring DHCPv6 Client-Classes), then click Save .
Tip |
Disable the validate-client-name-as-mac attribute for the DHCP server. |
CLI Commands
Use client list or client name show to show the existing clients. To set the client-class name for the client, use client name set client-class-name= value. Also ensure that the validate-client-name-as-mac attribute is disabled for the DHCP server.
Setting Selection Tags on Scopes and Prefixes
To assign clients to different address pools, you must define the DHCPv4 scope (or template) or DHCPv6 prefix (or template) with the selection tags that you specified in the selection-criteria for the client-class. All the selection-criteria tags that the client-class has must match the tags the scope or prefix has, even though the scope or prefix might have additional tags. If the client-class omits all selection-criteria, no limitations apply to the scope or prefix selection.
For example:
Scope A has tag1, tag2
Scope B has tag3, tag4
Assuming both scopes are on the same network, a client in a client-class with:
- Tag1, tag2, or both, gets leases from scope A.
- Tag3, tag4, or both, gets leases from scope B.
- One or more tags from both scopes (such as tag1 and tag3) does not get leases from either scope.
- No tags gets leases from either scope.
The table below describes the attributes Cisco Prime Network Registrar uses to refer to selection tags or selection criteria for network objects.
Object |
Attribute |
---|---|
Client |
selection-criteria |
Client-class |
selection-criteria |
Scope |
selection-tag-list |
Scope template |
selection-tag-list |
Prefix |
selection-tags |
Prefix template |
selection-tags |
Address block |
selection-tags |
Subnets |
selection-tags |
Local Basic or Advanced Web UI
Create or edit a scope or prefix or its template; on the Add or Edit page for the scope or prefix (or its template), find the Selection Tags attribute and enter a list of comma-separated selection tags created in the selection-criteria attribute for the client-class that you want to associate with this scope or prefix (or its template). Then save the changes and reload the DHCP server, if necessary.
CLI Commands
Use scope name set selection-tag-list . For a scope template, use scope-template name set selection-tag-list . For a prefix, use prefix name set selection-tags . For a prefix template, use prefix-template name set selection-tags .
Defining Client-Class Hostname Properties
You can specify the hostname that each client should adopt, using the Hostname (host-name) attribute of the client-class. This can be an absolute, valid DNS value to override the one included in the DHCP client request, or can be any of these:
- @host-name-option—The server uses whatever hostname option the client sent.
- @no-host-name-option—The server ignores the hostname that the client sends. If DNS name generation is in effect, the server uses a generated name, if set up as such for dynamic DNS updating.
- @use-macaddress—The server synthesizes a hostname from the client MAC address, hyphenates the octets, then adds an x at the front. For example, if a client MAC address is 1,6:00:d0:ba:d3:bd:3b, the synthesized hostname would be x1-6-00-d0-ba-d3-bd-3b.
If you omit a value, the hostname is unspecified. You can also synthesize hostnames by using a DNS update configuration (see Creating DNS Update Configurations).
Related Topics
Editing Clients and Their Embedded Policies
Processing Client Data Including External Sources
Troubleshooting Client-Classes
Editing Client-Classes and Their Embedded Policies
Editing a client-class involves the same attributes as creating a client-class. You can also add and modify an embedded policy for the client-class so that you can set its policy options. The embedded policy has no properties or DHCP options associated with it until you add them. (See also Creating and Editing Embedded Policies). The client-class embedded policy setting is the third priority the DHCP server uses in its policy selection, after that set for the client itself (see DHCPv4 Policy Hierarchy).
Local Advanced Web UI
Procedure
Step 1 |
Create the client-class. |
Step 2 |
Select the client-class in the Client Classes pane on the left to open the Edit DHCP Client Class page. |
Step 3 |
Make changes to attribute settings as required. |
Step 4 |
To add a new embedded policy for the client-class, click Create New Embedded Policy . If there is an existing embedded policy that you want to edit, click Edit Existing Embedded Policy . (If you want to unset the existing embedded policy, click Unset on the Edit DHCP Client-Class page; this resets the button to Create New Embedded Policy .)
|
Step 5 |
Click Save. |
CLI Commands
To check if there are any embedded policy values already set for a client-class, use client-class-policy client-class-name show . To set the attributes for the embedded policy, use client-class-policy client-class-name set attribute =value.
To set the DHCP options, use one of these commands:
nrcmd> client-class-policy client-class-name setOption {opt-name | id} value [-blob] [-roundrobin]
nrcmd> client-class-policy client-class-name setV6Option {opt-name | id}[.instance] value [-blob] [-roundrobin]
nrcmd> client-class-policy client-class-name setVendorOption {opt-name | id} opt-set-name value [-blob]
nrcmd> client-class-policy client-class-name setV6VendorOption {opt-name | id} opt-set-name value [-blob]
To set the lease time, use client-class-policy client-class-name setLeaseTime value.
Processing Client Data Including External Sources
Information about network hosts running DHCP clients and their users can arrive at the DHCP server from several external sources. The server can use this data as part of client-class processing, and capture it in its lease database to make it available to the Cisco Prime Network Registrar management system.
Recently introduced external factors that can influence client definitions are:
- A subscriber-id suboption of the relay-agent-info DHCP option (82), whereby a network administrator defines a network subscriber or client and sends this data to the DHCP server.
- RADIUS authentication server data, as part of 802.1x protocol deployments where the RADIUS data can be helpful in DHCP decision making. In this case, a device can send the data as part of radius-attribute suboption attributes in the relay-agent-info DHCP option (82).
Both these external options use DHCP option 82, as described in Subscriber Limitation Using Option 82. The RADIUS source can end the following attributes:
- Client user or account name (the user attribute)
- Administratively defined class string (the class attribute)
- Vendor-specific data (the vendor-specific attribute)
- Session timeout value (the session-timeout attribute)
- IP address pool to use for the client (the framed-pool attribute)
- IPv6 address pool to use for the client (the framed-ipv6-pool attribute)
Cisco Prime Network Registrar provides extension support for the subscriber-id suboption and the user, class, and framed-pool attributes of the RADIUS suboption, and expression support for all of the suboptions (see Using Expressions). Additionally, the DHCP server now includes attribute settings to configure how the server handles the RADIUS class and framed-pool attributes. Cisco Prime Network Registrar can use the server attributes to map the RADIUS attribute value as a selection tag or client-class name, or append the value to the selection tag that it finds in its client database. For example:
nrcmd> dhcp set map-radius-class=append-to-tags
For client-classes and selection tags determined from external resources such as RADIUS, the processing order is slightly more complex than that described in Client-Class Process. See the following subsections. Remember that to use the client-class feature, you must enable the DHCP server client-class attribute.
Related Topics
Processing Order to Determine Client-Classes
The order in which the DHCP server uses possible sources to determine client-class names is as follows:
- It uses the client-class name in the extension environment dictionary.
- If it finds a real client-entry in the database, it uses its client-class-name. (If you believe that looking up clients in a database is unnecessary, you can prevent the database lookup by enabling the skip-client-lookup DHCP server attribute; see Skipping Client Entries for Client-Classing.)
- If you map the RADIUS framed-pool value to a client-class (by using dhcp set map-radius-pool-name=map-as-class ), it uses the framed-pool value.
- If you map the RADIUS class value to a client-class (by using dhcp set map-radius-class=map-as-class ), it uses the class value.
- If you map the dhcp-user-class-id DHCP option (77) to a client-class (by using dhcp set map-user-class-id=map-as-class ), it uses the option value. (Note that you can alternatively use a lookup ID expression instead of this mapping; see Client-Class Lookup Expression Processing.)
- If it finds no mapping or user-class ID, it uses the default-client-class-name from the environment dictionary.
- If it finds no default-client-class-name or client-class configured in a client-entry, it uses the client-class-name from the client named default (if found).
Processing Order to Determine Selection Tags
The order in which the server uses the possible sources to determine selection tags (it uses the first nonnull source) is as follows:
- Selection tags in the extension environment dictionary.
- If it finds a real client-entry in the database, it uses the client-entry selection-tags. (To prevent this unnecessary database read, enable the skip-client-lookup DHCP server attribute; see Skipping Client Entries for Client-Classing.)
- Selection tags in the client-class.
- If you map an available RADIUS framed-pool value to a tag (by using dhcp set map-radius-pool-name=map-as-tag ), it uses that tag.
- If you map an available RADIUS class value to a tag (by using dhcp set map-radius-class=map-as-tag ), it uses that tag.
- If you map an available dhcp-user-class-id DHCP option (77) to a tag (by using dhcp set map-user-class-id=map-as-tag ), it uses that tag.
Next, the server could append one of the following to the list of selection tags (if any):
- If a RADIUS framed-pool value is available and you set the map-radius-pool DHCP attribute to append to the tags (by using dhcp set map-radius-pool=append-to-tags ), the server appends it.
- If a RADIUS class value is available and you set the map-radius-class DHCP attribute to append to the selection tags (by using dhcp set map-radius-class=append-to-tags ), the server appends it.
- If a dhcp-user-class-id is available and you set the map-user-class-id DHCP attribute to append to the selection tags (by using dhcp set map-user-class-id=append-to-tags ), the server appends it.