What does enforce-dhcp option in aaa profile do?

Aruba Employee
Aruba Employee
This article explains:
  1. What does “enforce-dhcp” option do ?
  2. Configuring “enforce-dhcp” on the mobility controller.
The “enforce-dhcp” option under the AAA Profile on the controller ensures only the clients that gets an IP address from a DHCP server be allowed in the controller’s user-table. Any client that configures a static IP address would not be allowed in the user-table and so it cannot pass any traffic.
Two use case scenarios:
  1. one where a user never does a successful DHCP exchange and uses a static IP instead.
  2. Another where a successful DHCP exchange was seen, but the user has since modified their IP address to something else that wasn't assigned by a DHCP server to them.

Environment : This article applies to all the controller running a minimum of AOS  version 6.1.



From WebUI:
  1. Navigate to Configuration> Authentication> AAA Profile
  2. Check the “enforce-dhcp” option. By default this option is disabled.

rtaImage (5).png


3. Click on "Apply" and save the configuration.


From CLI:


rtaImage (7).png




Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 04:32 PM
Updated by:
Labels (1)



Can I check what is the advantages of enabling "enforce-dhcp" vs disabling "enforce-dhcp"?

(Is it meant to be more "secure" or more "proper"?) 

Search Airheads
Showing results for 
Search instead for 
Did you mean: