Controller Based WLANs

How to prevent a client from sending multiple DHCP dicoveries using different mac addresses?

by on ‎07-03-2014 04:15 PM

This article explains:

a. Feature used to prevent a client from sending multiple IP address request using different mac addresses.
b. Configuring the "DHCP exhaustion prevention" feature on the controller.
c. Verifying the configured feature.

 

This article applies to all the controllers running at least AOS software version 6.2.0.0. Any version prior to this do not support the feature explained in this article.

A new feature called "DHCP Exhaustion Prevention" is introduce in AOS version 6.2.x.x. When this feature is enabled, the controller checks the DHCP DISCOVER frame's source MAC and compares with the requesting client's hardware address. In case, the two do not match, the packet is dropped. Thus, a client is prevented from submitting multiple DHCP requests with different hardware addresses which in turn helps in saving IP addresses.

This can be enabled by turning on the "Prevent DHCP Exhaustion" knob under the Stateful Firewall on the controller.

 

 

Environment : Aruba OS version 6.2.1.0 is used to recreate the scenario and get the sample output explained in this article.

By default, this feature is disabled on the controller.

 

Through WebUI:

Navigate to Configuration> Advanced Services> Stateful Firewall

 

rtaImage.png

 

Through CLI:

 

rtaImage (2).png

 

rtaImage (1).png

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.