Wireless Access

I don't think the AAA profile Enforce DHCP option is widely used, but wanted to share our test results: We found that Apple Macs with valid DCHP leases would be blocked when moving from AP to AP.

I think in this case the Mac is attempting to save time by continuing to use its current DHCP license right after it changes APs, and this causes the new AP to block it.

Symptoms for user are that Mac won't connnect for a few minutes, and then is fine. (Not sure where the retry timeout setting for a user blocked for bad DHCP is.)

If the user is watching their network preferences pannel, they may see an IP for a few seconds after the AP change, and then it will be blanked out, and the Mac will report that it doesn't have an address, or may mark the wifi connection with an !. 

We are running Mobility Controller firmware version 6.5.4.12

(Problem doesn't seem to happen on Windows machines, but I didn't do packet captures to confirm why: My guess is that they always just do a full DHCP Discover after changing APs, rather than trying to keep their lease.)

This should not happen on the same controller.  Make sure your ACL is any any service dhcp permit, or allow all.

Thanks, I would think this would central in the controller, but the problems occur when moving AP to AP, basically from one side of the office to the other. 

Not sure which ACLs you mean: for my test, I ticked the box for "Enforce DHCP", and the connection delays happened. I un-checked the box, (which is how we had been operating) and the problem went away.