Wireless Access

Contributor I

Prevent DHCP Starvation on Guest Networks?



does anyone knows have to avoid DHCP starvation on Guest Networks? people how dont have access to the guest network see an open SSID an try to connect, the captive portal opens but because anyone is givin them access they leave the "Association Open" .  On the controller they are on logon role, wich is ok. But this kind of users are consuming all the ips availables.  The problem is when a legitime user tries to connect there is no free ip available.


A shortcout could be to configure a bigger networks, but the issue is that we will need bigger and bigger networks. 


Does anyone have a solution, kind of " if the user is on logon role more than 60 minutes the controller can kick the user"


thanks :)


Re: Prevent DHCP Starvation on Guest Networks?

Hi Cmedranosim,


You assumption is correct!


An captive poral works based on an open SSID with only a DNS redirection. Yes clients passing by will automatic connecting to a open SSID. Normally seen on the "guest" SSID because this should the only SSID thats allowed to be open or open-captiveportal.


Couple of things you can do to prevent this;

- Shorten the DHCP lease time, a half hour/one hour or so, not 7 days ;)

- Or increase the DHCP scope

- Or use more smaller subnets with "named vlans" / vlan pooling.

- Stop using een open SSID and use PSK encryption, or PSK combined with an captiveportal.


Hope this helps you!



Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Search Airheads
Showing results for 
Search instead for 
Did you mean: