Command of the Day

Reply
Guru Elite
Posts: 21,010
Registered: ‎03-29-2007

COTD: Enforcing DHCP on your Network (ArubaOS 6.1)

[ Edited ]

These days, most clients obtain an ip address via DHCP. One method for ensuring that users do not use static ip addresses is to turn on the Enforce DHCP parameter in the AAA profile for that WLAN:


You can find out the DHCP server that a user obtained the ip address from by typing "show user ip "

Name: , IP: 192.168.1.192, MAC: 00:23:6c:90:05:11, Role:authenticated, ACL:56/0, Age: 00:00:00
Authentication: No, status: not started, method: , protocol: , server:
Role Derivation: AAA profile default role
VLAN Derivation: unknown
Idle timeouts: 0, ICMP requests sent: 0, replies received: 0, Valid ARP: 0
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=0
Flags: innerip=0, outerip=0, guest=0, download=1, nodatapath=0, wispr=0
Auth fails: 0, phy_type: g-HT, reauth: 0, BW Contract: up:0 down:0, user-how: 1
Vlan default: 1, Assigned: 0, Current: 1 vlan-how: 0
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, ProxyArp=0, Flags=0x0
Tunnel=0, SlotPort=0xfdf, Port=0x10ca (tunnel 10)
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role : n/a
Current Role name: authenticated role-how: 10
Essid: iperf, Bssid: 00:1a:1e:50:19:f0 AP name/group: 00:0b:86:64:34:80/default Phy-type: g-HT
RadAcct sessionID:n/a
RadAcct Traffic In 15/3121714928769182928 Out 722203740/65151000500 (0:15/11090:36656:11090:11472,11019:62556/0:15:11085:24500)
Timers: arp_reply 0, spoof reply 0, reauth 0
Profiles AAA:iperf-aaa_prof, dot1x:dot1x_prof-ild63, mac: CP: def-role:'authenticated' sip-role:'' via-auth-profile:''
ncfg flags udr 0, mac 0, dot1x 1, RADIUS interim accounting 0
Born: 1316439943 (Mon Sep 19 08:45:43 2011)
Upstream AP ID: 0, Downstream AP ID: 0
DHCP assigned IP address 192.168.1.192, from DHCP server 192.168.1.3 <-------------------------
Device Type: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:6.0.2) Gecko/20100101 Firefox/6.0.2



Enforcing DHCP can also deal with issues like secondary ip addresses of clients finding their way into the controller user table like in the post here: http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/Weirdness-with-mobile-handsets/td-p/14463 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: