Creating Unique Usernames for DHCP Clients

You can configure the extended DHCP application to include additional information in the username that is passed to the external AAA authentication service when the DHCP client logs in. This additional information enables you to construct usernames that uniquely identify subscribers.

Note: If you do not include a username in the authentication configuration, the router does not perform authentication; however, the IP address is provided by the local pool if it is configured. When you use the DHCPv6 local server, you must configure authentication and the client username; otherwise client login fails.

The following list describes the optional information that you can include as part of the username:

• circuit-type—The circuit type used by the DHCP client, for example enet.
• client-id—The client identifier option (option 1). (DHCPv6 local server only)
• delimiter—The delimiter character that separates components that make up the concatenated username. The default delimiter is a period (.). The semicolon (;) is not supported as a delimiter character.
• domain-name—The client domain name as a string. The router adds the @ delimiter to the username.
• logical-system-name—The name of the logical system, if the receiving interface is in a logical system.
• mac-address—The client MAC address, in a string of the format xxxx.xxxx.xxxx. (Not supported for DHCPv6 local server)
• option-60—The portion of the option 60 payload that follows the length field. (Not supported for DHCPv6 local server)
• option-82 <circuit-id> <remote-id>—The specified contents of the option 82 payload. (Not supported for DHCPv6 local server)
  • circuit-id—The payload of the Agent Circuit ID suboption.
  • remote-id—The payload of the Agent Remote ID suboption.
  • Both circuit-id and remote-id—The payloads of both suboptions, in the format: circuit-id[delimiter]remote-id.
  • Neither circuit-id or remote-id—The raw payload of the option 82 from the PDU is concatenated to the username.
• relay-agent-interface-id—The Interface-ID option (option 18). (DHCPv6 local server only)
• relay-agent-remote-id—The DHCPv6 Relay Agent Remote-ID option (option 37). (DHCPv6 local server only)
• relay-agent-subscriber-id—The DHCPv6 Relay Agent Subscriber-ID option (option 38). (DHCPv6 local server only)
• routing-instance-name—The name of the routing instance, if the receiving interface is in a routing instance.
• user-prefix—A string indicating the user prefix.

The router creates the unique username by including the specified additional information in the following order, with the fields separated by a delimiter.

To configure a unique username:

1. Specify that you want to configure authentication.
   • For DHCP local server:

     [edit system services dhcp-local-server]

     user@host# edit authentication

   • For DHCPv6 local server:

     [edit system services dhcp-local-server dhcpv6]

     user@host# edit authentication

   • For DHCP relay agent:

     [edit forwarding-options dhcp-relay]

     user@host# edit authentication

2. Specify that you want to include optional information in the username. (DHCP local server, DHCPv6 local server, and DHCP relay agent all support the username-include statement.)

   [edit system services dhcp-local-server authentication]

   user@host# set username-include

3. (Optional) Specify the optional information you want to include in the username.

   [edit system services dhcp-local-server authentication username-include]

   user@host# set username-include circuit-type

   user@host# set username-include domain-name isp55.com

   user@host# set username-include mac-address

   user@host# set username-include user-prefix wallybrown

   The previous username-include configuration produces this unique username:

   wallybrown.0090.1a01.1234.enet@isp55.com

Related Topics

• Extended DHCP Local Server Overview
• DHCPv6 Local Server Overview
• Extended DHCP Relay Agent Overview
• Using External AAA Authentication Services with DHCP