Wireless Access

dear all,

i'm using arubaOS 6.4.2.2.

enforcing dhcp is not working with me any idea or suggestion, do any  one know how it work.

 

When you say it is not working, do you have an example?

Are you configuring the correct AAA profile?

 

yes  i do it with guest network, i  used the same address given by the dhcp , with that i get access to the network .

 

If the controller sees your device get an ip address via DHCP it will allow the device to keep the same static ip address.  If you change it to a different static ip address, it should not work.

yes, i confirm,
the only problem that the dns is not enforced , even if the ip address is enforced, a the user can modify the dns ip address.
thank you 

So your firewall policy for a user would be to only allow DNS traffic to a server you have defined.  The feature is "enforce dhcp" not enforce dns...

good idea, i will  do it

 

the dns ip address is given by the dhcp  so i finds logical that the controller enforce it .

 

 

regard

The enforce DHCP only enforces an ip address.  A DNS server is NOT an ip address..

You can enforce a DNS server by using destination NAT under an aruba user role. See this example that someone else did for chrome cast. You could modify rule to include all DNS server. I don't have best practice on this but I would allow DNS traffic to your server before doing dst-NAT.

http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Chromecast-DNS-Hard-code/m-p/141887/highlight/true#M30220

Hope this helps.