Wireless Access

Reply
MVP
Posts: 330
Registered: ‎04-25-2013

inforcing DHCP issue

dear all,

i'm using arubaOS 6.4.2.2.

enforcing dhcp is not working with me any idea or suggestion, do any  one know how it work.

dhcp-enforce.PNG

 

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: inforcing DHCP issue

When you say it is not working, do you have an example?

Are you configuring the correct AAA profile?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 330
Registered: ‎04-25-2013

Re: inforcing DHCP issue

yes  i do it with guest network, i  used the same address given by the dhcp , with that i get access to the network .

 

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: inforcing DHCP issue

If the controller sees your device get an ip address via DHCP it will allow the device to keep the same static ip address.  If you change it to a different static ip address, it should not work.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 330
Registered: ‎04-25-2013

Re: inforcing DHCP issue

yes, i confirm,
the only problem that the dns is not enforced , even if the ip address is enforced, a the user can modify the dns ip address.
thank you 

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: inforcing DHCP issue

So your firewall policy for a user would be to only allow DNS traffic to a server you have defined.  The feature is "enforce dhcp" not enforce dns...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 330
Registered: ‎04-25-2013

Re: inforcing DHCP issue

good idea, i will  do it

 

the dns ip address is given by the dhcp  so i finds logical that the controller enforce it .

 

 

regard

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: inforcing DHCP issue

The enforce DHCP only enforces an ip address.  A DNS server is NOT an ip address..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: inforcing DHCP issue

You can enforce a DNS server by using destination NAT under an aruba user role. See this example that someone else did for chrome cast. You could modify rule to include all DNS server. I don't have best practice on this but I would allow DNS traffic to your server before doing dst-NAT.

http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Chromecast-DNS-Hard-code/m-p/141887/highlight/true#M30220

Hope this helps.
Search Airheads
Showing results for 
Search instead for 
Did you mean: