Controller Based WLANs

What is the purpose of denying UDP 68 traffic?

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.

 

The deny UDP 68 ACL (the default) prevents DHCP replies on a wireless network from wireless users from acting as a DHCP server.

 

If we deny UDP port 68, then what are we doing when we permit DHCP in the policy right after the deny UDP 68?

 

Example


ip access-list session control
user any udp 68 deny
any any svc-dhcp permit

 

The 'any any svc-dhcp permit' allows the udp 68 from a DHCP server to be sent to the client because the first statement is an 'any' instead of a 'user'.

 

If you had an 'any any udp 68' deny, then the client would never get an IP address because the traffic is blocked bidirectional.

Version History
Revision #:
1 of 1
Last update:
‎07-01-2014 01:58 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.