Command of the Day

Guru Elite

COTD: Enforcing DHCP on your Network (ArubaOS 6.1)

These days, most clients obtain an ip address via DHCP. One method for ensuring that users do not use static ip addresses is to turn on the Enforce DHCP parameter in the AAA profile for that WLAN:

You can find out the DHCP server that a user obtained the ip address from by typing "show user ip "

Name: , IP:, MAC: 00:23:6c:90:05:11, Role:authenticated, ACL:56/0, Age: 00:00:00
Authentication: No, status: not started, method: , protocol: , server:
Role Derivation: AAA profile default role
VLAN Derivation: unknown
Idle timeouts: 0, ICMP requests sent: 0, replies received: 0, Valid ARP: 0
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=0
Flags: innerip=0, outerip=0, guest=0, download=1, nodatapath=0, wispr=0
Auth fails: 0, phy_type: g-HT, reauth: 0, BW Contract: up:0 down:0, user-how: 1
Vlan default: 1, Assigned: 0, Current: 1 vlan-how: 0
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, ProxyArp=0, Flags=0x0
Tunnel=0, SlotPort=0xfdf, Port=0x10ca (tunnel 10)
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role : n/a
Current Role name: authenticated role-how: 10
Essid: iperf, Bssid: 00:1a:1e:50:19:f0 AP name/group: 00:0b:86:64:34:80/default Phy-type: g-HT
RadAcct sessionID:n/a
RadAcct Traffic In 15/3121714928769182928 Out 722203740/65151000500 (0:15/11090:36656:11090:11472,11019:62556/0:15:11085:24500)
Timers: arp_reply 0, spoof reply 0, reauth 0
Profiles AAA:iperf-aaa_prof, dot1x:dot1x_prof-ild63, mac: CP: def-role:'authenticated' sip-role:'' via-auth-profile:''
ncfg flags udr 0, mac 0, dot1x 1, RADIUS interim accounting 0
Born: 1316439943 (Mon Sep 19 08:45:43 2011)
Upstream AP ID: 0, Downstream AP ID: 0
DHCP assigned IP address, from DHCP server <-------------------------
Device Type: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:6.0.2) Gecko/20100101 Firefox/6.0.2

Enforcing DHCP can also deal with issues like secondary ip addresses of clients finding their way into the controller user table like in the post here: 

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
Showing results for 
Search instead for 
Did you mean: