Wireless Access

last person joined: 10 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

enforce-dhcp not working - 6.4.3.7

This thread has been viewed 2 times

  • 1.  enforce-dhcp not working - 6.4.3.7

    Posted Apr 07, 2016 09:25 AM

    I've recently started setting up a small WLAN for fixed-ip (static) devices.  I've duplicated my AAA profile and added the "enforce-dhcp" option to it and use it only for my static WLAN.

     

    So using a fixed-ip that comes from the DHCP server works ok:

     

    # show user-table  ip 1.1.1.2 detail | include DHCP
    Address is from DHCP: yes
      DHCP role: n/a, Default role: cp-logon, Cached role: n/a

     

    But when I set the same system (MBair) with a static IP address, it still continues to work, incorrectly stating that the Address is from DHCP.  I've verified that the DHCP server did not hand out this address.

     

    # show user-table  ip 1.1.1.3 detail | include DHCP
    Address is from DHCP: yes
      DHCP role: n/a, Default role: cp-logon, Cached role: n/a

     

    The DHCP address shows up in the route-cache, but the static IP does not.  Interestingly though, even after setting the static and clearing the route-cache, it still remains.

     

    # show datapath route-cache table | include f4:f8:f5:fE:fF:fC
    1.1.1.2      f4:f8:f5:fE:fF:fC         2016  H

    #clear datapath route-cache 1.1.1.2                                    
    #clear datapath route-cache 1.1.1.2
    # show datapath route-cache table | include f4:f8:f5:fE:fF:fC
    1.1.1.2      f4:f8:f5:fE:fF:fC         2016  H

     

     

    I've never used enforce-dhcp in the past to be able to say if the new ArubaOS version isn't working or my concept isn't working.

     

    thanks

    mike

     



  • 2.  RE: enforce-dhcp not working - 6.4.3.7

    EMPLOYEE
    Posted Apr 07, 2016 09:32 AM

    Please open a TAC case, so that they can investigate whether this is a bug or not.



  • 3.  RE: enforce-dhcp not working - 6.4.3.7

    Posted Oct 13, 2017 11:26 AM

    Any news on this? We have the issue at a customer as well. Using Macbook with the option DHCP with manual address...



  • 4.  RE: enforce-dhcp not working - 6.4.3.7

    Posted Oct 13, 2017 11:29 AM

    We were funnelled into upgrading to 6.5 for new hardware so the fix was incorporated there and into later 6.4 versions.. I don't have the bug id handy.



  • 5.  RE: enforce-dhcp not working - 6.4.3.7

    Posted Oct 13, 2017 11:31 AM

    We are using 6.5.1. but it is still possible to change the IP on a Macbook.



  • 6.  RE: enforce-dhcp not working - 6.4.3.7

    Posted Oct 13, 2017 11:37 AM

    I can see the fix in 6.4.4.10. I will double check the software version.



  • 7.  RE: enforce-dhcp not working - 6.4.3.7

    Posted Oct 13, 2017 11:39 AM

    I looked back through my email and found the case.  It was assigned Bug ID: 140731.  (I honestly haven't checked on it in 6.5 as I've been chasing much more important bugs :(  )

     

    Bug ID

    Description

    Component

    Platform

    Reported Version

    Resolved in Version

    140731

    Symptom: DHCP enforcement in the AAA profile failed in a controller for some clients connecting with static IP addresses. The fix ensures that the traffic from all clients with static IP address is blocked when DHCP enforcement is enabled in the AAA profile. Scenario: This issue occurred when MAC-OS clients with static IP address connected to a controller on which the DHCP enforcement was enabled in the AAA profile. This issue was observed in controllers running ArubaOS 6.4.3.x.

    Controller- Datapath

    All platforms

    ArubaOS 6.4.3.7

    ArubaOS 6.4.4.10

          
          
          
          


  • 8.  RE: enforce-dhcp not working - 6.4.3.7

    Posted Nov 02, 2017 09:56 AM

    Hi Mike,

     

    is it possible to track if the fix is included in the 6.5 version?

     

    Thanks a lot.