HI,
If you look at "logon-control" inbuild policy in Aruba box, first line is to stop DHCP server traffic from the client. "User any UDP 68 deny" means any traffic from a wireless client with dest port as UDP 68 should be denied. hence if any client working as a rouge DHCP will be blocked.
For your ref :
Hope you got some more clarity on this.