Wireless Access

Hi,

i have a query regarding the validuser ACL. we have SC1 controller in master-local setup with 5.0.4.X version. the actual issue is in our controller we see that in the user-table we the see the enteries with different IP address with the same wifi MAC address. hence we decided to configure the validuser ACL in order to permit only the IP addresses configured in the netdestination should be placed in the user table. hence we removed any any any permit in the validuser ACL. 

After configuring the validuser ACL the wifi client is not getting the IP address from the dhcp server instead it is getting only APIPA address. However if we removed the validuser ACL and then reconfigured with any any any permit then client was getting IP address. 

Do we need to configure the any any svc-dhcp permit in the validuser ACL above the other policies in order to make the client to get IP address?

can we also enable the enforce DHCP option in the AAA profile so that those duplicate enteries will not be allowed to display in the user-table since the different IP address displaying in the user-table is not assigned to the client wifi MAC address via DHCP?

Awaiting your valuable feedbck.

Thank you. 

- Leave the ValidUser ACL at any any any permit

- Use enforce DHCP in the AAA profile to obtain the results you desire.

Hi,

thank you for the reply. however there is no enforce dhcp option is not available in 5.0 version and it is introduced only in 6.x version. 

Can you please confirm whether enforce dhcp option is available in 5.0 verson?

if there is no enforce dhcp option in 5.0 version then only option is to have the dhcp service policy in the validser ACL?

thanks in advance. 

There is no enforce DHCP below ArubaOS 6.0, correct.

There is no real way to enforce DHCP in 5.x with the validuser ACL.