What does enforce-dhcp option in aaa profile do?

Aruba Employee
This article explains:
  1. What does “enforce-dhcp” option do ?
  2. Configuring “enforce-dhcp” on the mobility controller.
The “enforce-dhcp” option under the AAA Profile on the controller ensures only the clients that gets an IP address from a DHCP server be allowed in the controller’s user-table. Any client that configures a static IP address would not be allowed in the user-table and so it cannot pass any traffic.
 
Two use case scenarios:
  1. one where a user never does a successful DHCP exchange and uses a static IP instead.
  2. Another where a successful DHCP exchange was seen, but the user has since modified their IP address to something else that wasn't assigned by a DHCP server to them.

Environment : This article applies to all the controller running a minimum of AOS  version 6.1.

 

 

From WebUI:
  1. Navigate to Configuration> Authentication> AAA Profile
  2. Check the “enforce-dhcp” option. By default this option is disabled.

rtaImage (5).png

 

3. Click on "Apply" and save the configuration.

 

From CLI:

 

rtaImage (7).png

 

 

 

Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 04:32 PM
Updated by:
 
Labels (1)
Contributors
Comments

Hi,

 

Can I check what is the advantages of enabling "enforce-dhcp" vs disabling "enforce-dhcp"?

(Is it meant to be more "secure" or more "proper"?) 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.