DHCP Enforcement on IAP

Aruba Employee

How to block traffic for IAP clients that do not obtain IP address from DHCP

(This article is applicable only for IAP's running on code & later)


Enable "enforce-dhcp" parameter in the SSID  --> This would ensure that the traffic for IAP clients that do not obtain IP address from DHCP is blocked. The device may get connected and show up under "show clients". However, the user will not be able to even ping its gateway.



Edit the SSID--> Goto Security --> Enable "enforce dhcp" --> Click on Next and Finish




18:64:72:c9:c4:9c (config) # wlan ssid-profile <ssid-name>

18:64:72:c9:c4:9c (SSID Profile "<ssid-name") # enforce-dhcp

18:64:72:c9:c4:9c# commit apply


Check the running-config for the specific SSID

wlan ssid-profile <ssid-profile>
 index 3
 type employee
 essid test
 opmode opensystem
 max-authentication-failures 0
 rf-band all
 captive-portal disable
 dtim-period 1
 broadcast-filter none
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

Version history
Revision #:
2 of 2
Last update:
‎03-08-2016 01:16 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.