Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

DHCP Enforcement on IAP 

Mar 08, 2016 04:16 PM

Requirement:

How to block traffic for IAP clients that do not obtain IP address from DHCP

(This article is applicable only for IAP's running on 6.4.3.4-4.2.1.0 code & later)



Solution:

Enable "enforce-dhcp" parameter in the SSID  --> This would ensure that the traffic for IAP clients that do not obtain IP address from DHCP is blocked. The device may get connected and show up under "show clients". However, the user will not be able to even ping its gateway.



Configuration:

WebUI

Edit the SSID--> Goto Security --> Enable "enforce dhcp" --> Click on Next and Finish

 

 

CLI

18:64:72:c9:c4:9c (config) # wlan ssid-profile <ssid-name>

18:64:72:c9:c4:9c (SSID Profile "<ssid-name") # enforce-dhcp

18:64:72:c9:c4:9c# commit apply



Verification

Check the running-config for the specific SSID

wlan ssid-profile <ssid-profile>
 enable
 index 3
 type employee
 essid test
 opmode opensystem
 max-authentication-failures 0
 rf-band all
 captive-portal disable
 dtim-period 1
 broadcast-filter none
 enforce-dhcp
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

Statistics
0 Favorited
10 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.