Making DHCP mandatory on Aruba WLAN

By ozerdo posted Nov 12, 2011 01:34 AM


These days, most clients obtain an ip address via DHCP. One method for ensuring that users do not use static ip addresses is to turn on the Enforce DHCP parameter in the AAA profile for that WLAN:

You can find out the DHCP server that a user obtained the ip address from by typing "show user ip "

Name: , IP:, MAC: 00:23:6c:90:05:11, Role:authenticated, ACL:56/0, Age: 00:00:00
Authentication: No, status: not started, method: , protocol: , server:
Role Derivation: AAA profile default role
VLAN Derivation: unknown
Idle timeouts: 0, ICMP requests sent: 0, replies received: 0, Valid ARP: 0
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=0
Flags: innerip=0, outerip=0, guest=0, download=1, nodatapath=0, wispr=0
Auth fails: 0, phy_type: g-HT, reauth: 0, BW Contract: up:0 down:0, user-how: 1
Vlan default: 1, Assigned: 0, Current: 1 vlan-how: 0
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, ProxyArp=0, Flags=0x0
Tunnel=0, SlotPort=0xfdf, Port=0x10ca (tunnel 10)
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role : n/a
Current Role name: authenticated role-how: 10
Essid: iperf, Bssid: 00:1a:1e:50:19:f0 AP name/group: 00:0b:86:64:34:80/default Phy-type: g-HT
RadAcct sessionID:n/a
RadAcct Traffic In 15/3121714928769182928 Out 722203740/65151000500 (0:15/11090:36656:11090:11472,11019:62556/0:15:11085:24500)
Timers: arp_reply 0, spoof reply 0, reauth 0
Profiles AAA:iperf-aaa_prof, dot1x:dot1x_prof-ild63, mac: CP: def-role:'authenticated' sip-role:'' via-auth-profile:''
ncfg flags udr 0, mac 0, dot1x 1, RADIUS interim accounting 0
Born: 1316439943 (Mon Sep 19 08:45:43 2011)
Upstream AP ID: 0, Downstream AP ID: 0
DHCP assigned IP address, from DHCP server <-------------------------
Device Type: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:6.0.2) Gecko/20100101 Firefox/6.0.2

Enforcing DHCP can also deal with issues like secondary ip addresses of clients finding their way into the controller user table like in the post here: