[an error occurred while processing this directive] [an error occurred while processing this directive]

Creating Unique Usernames for DHCP Clients

You can configure the extended DHCP application to include additional information in the username that is passed to the external AAA authentication service when the DHCP client logs in. This additional information enables you to construct usernames that uniquely identify subscribers.

Note: If you do not include a username in the authentication configuration, the router does not perform authentication; however, the IP address is provided by the local pool if it is configured.

The following list describes the optional information that you can include as part of the username:

  • circuit-type—The circuit type used by the DHCP client, for example enet.
  • delimiter—The delimiter character that separates components that make up the concatenated username. The default delimiter is a period (.). The semicolon (;) is not supported as a delimiter character.
  • domain-name—The client domain name as string. The router adds the @ delimiter to the username.
  • logical-system-name—The name of the logical system, if the receiving interface is in a logical system.
  • mac-address—The client MAC address, in a string of the format xxxx.xxxx.xxxx.
  • option-60—The portion of the option 60 payload that follows the length field.
  • option-82 <circuit-id> <remote-id>—The specified contents of the option 82 payload.
    • circuit-id—The payload of the Agent Circuit ID suboption.
    • remote-id—The payload of the Agent Remote ID suboption.
    • Both circuit-id and remote-id—The payloads of both suboptions, in the format: circuit-id[delimiter]remote-id.
    • Neither circuit-id or remote-id—The raw payload of the option 82 from the PDU is concatenated to the username.
  • routing-instance-name—The name of the routing instance, if the receiving interface is in a routing instance.
  • user-prefix—A string indicating the user prefix.

The router creates the unique username by including the specified additional information in the following order, with the fields separated by a delimiter. 

user-prefix[delimiter]mac-address[delimiter]logical-system-name[delimiter]
routing-instance-name[delimiter]circuit-type[delimiter]option-82[delimiter]
option-60@domain-name

To configure a unique username:

  1. Specify that you want to configure authentication.
    • For DHCP local server:
      [edit system services dhcp-local-server]
      user@host# edit authentication
    • For DHCP relay agent:
      [edit forwarding-options dhcp-relay]
      user@host# edit authentication
  2. Specify that you want to include optional information in the username. (DHCP local server and DHCP relay agent both support the username-include statement.)
    [edit system services dhcp-local-server authentication]
    user@host# set username-include
  3. (Optional) Specify the optional information you want to include in the username.
    [edit system services dhcp-local-server authentication username-include]
    user@host# set username-include circuit-type
    user@host# set username-include domain-name isp55.com
    user@host# set username-include mac-address
    user@host# set username-include user-prefix wallybrown

    The previous username-include configuration produces this unique username:

    wallybrown.0090.1a01.1234.enet@isp55.com

Updated: 2009-04-06

[an error occurred while processing this directive]