ArubaOS and Controllers

Guru Elite

Private IP Address until authentication

Hello - We use public class B direct assignment for our IP address space and we have found that many addresses are wasted by users simply sitting in the login role as they walk through the buildings (mostly mobile devices).

Has anyone used private addresses for pre-authentication and then once the user is authenticated, move them to a public campus address? Is this possible?


Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Guru Elite

What can be done

What you would need to make this work is:

- A DHCP server that can be configured with lease times of seconds
- A "logon" role with the initial VLAN hardcoded
- A "success role" with that new VLAN hardcoded

The user would first sit in the logon role in that initial VLAN with a very short DHCP lease time. After the user authenticates, the user would be switched to a different "success" VLAN, but the client would NOT be able to pass traffic until an IP address from the new VLAN was received---that is where the short lease time comes in. The client will request a new IP and get placed into the new VLAN. Very tricky, but possible. The key is to have a DHCP server that allows you to configure scopes in seconds...

NAT, would be another suggestion.....

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
Showing results for 
Search instead for 
Did you mean: