How to prevent a client from sending multiple DHCP dicoveries using different mac addresses?

Aruba Employee
Aruba Employee

This article explains:

a. Feature used to prevent a client from sending multiple IP address request using different mac addresses.
b. Configuring the "DHCP exhaustion prevention" feature on the controller.
c. Verifying the configured feature.


This article applies to all the controllers running at least AOS software version Any version prior to this do not support the feature explained in this article.

A new feature called "DHCP Exhaustion Prevention" is introduce in AOS version 6.2.x.x. When this feature is enabled, the controller checks the DHCP DISCOVER frame's source MAC and compares with the requesting client's hardware address. In case, the two do not match, the packet is dropped. Thus, a client is prevented from submitting multiple DHCP requests with different hardware addresses which in turn helps in saving IP addresses.

This can be enabled by turning on the "Prevent DHCP Exhaustion" knob under the Stateful Firewall on the controller.



Environment : Aruba OS version is used to recreate the scenario and get the sample output explained in this article.

By default, this feature is disabled on the controller.


Through WebUI:

Navigate to Configuration> Advanced Services> Stateful Firewall




Through CLI:


rtaImage (2).png


rtaImage (1).png

Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 04:15 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: