Wireless Access

Frequent Contributor I

DHCP server off an 93H

So I probably am missing something easy here, but we have several 93H access points deployed in our network and it appears a user plugged a home router incorrectly into the 4 port switch causing a rouge DHCP to appear on the network.  I applied a security policy:

user to [network effected] with svc-dhcp deny


Is there a more effective way to block these DHCP requests or am I going down the correct path?



Guru Elite

Re: DHCP server off an 93H

Here is the ACL:


user any udp 68  deny 

 Make sure your port is untrusted and make sure the initial role in the AAA profile attached to that wired port has that ACL at the top

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Frequent Contributor II

Re: DHCP server off an 93H

The reason cjoseph's andser is better than using the svc-dhcp option is that the svc-dhcp blocks both UDP 67 and UDP68.

You only want to block UDB 68. This way you allow DHCP discovery from users but not DHCP offers. You want the users to be able to obtain an IP ;)


The more effective way would than what cjoseph describes would be to walk over to the user and confiscate his Home Router :smileytongue:

-ACMX #352-
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Frequent Contributor I

Re: DHCP server off an 93H

That is in the works - but it is a new deployment and until everything is fully setup we are being a little nice.  Things will be harder for them once they have to authenticate on the wire too...

Search Airheads
Showing results for 
Search instead for 
Did you mean: