Wireless Access

Frequent Contributor II

how to stop rogue DHCP in the network



How can i stop rogue DHCP in the wired & wireless network?


Thanks in advance..

Re: how to stop rogue DHCP in the network

On the wireless you put a rule in like this.


user any udp 68 deny
any any svc-dhcp permit



If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294

Re: how to stop rogue DHCP in the network

And for the wired part - make sure that the VLAN you would like to protect on is passing trough your controller.

and assign ACL role to that VLAN , it will do the trick . (user > any > udp 68 deny>) ... dont forget it will make your VLAN not trusted , so you will need to build a full ACL with allowed services.

*You may also create an ACL to a spesefic PORT*


read here more info:


*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Valued Contributor II

Re: how to stop rogue DHCP in the network



If you look at "logon-control" inbuild policy in Aruba box, first line is to stop DHCP server traffic from the client. "User any UDP 68 deny" means any traffic from a wireless client with dest port as UDP 68 should be denied. hence if any client working as a rouge DHCP will be blocked.


For your ref :


Hope you got some more clarity on this.

Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Search Airheads
Showing results for 
Search instead for 
Did you mean: