Wireless Access

Occasional Contributor I

Secure DHCP communication

Hi Airheads,


 I would like to ask some help here in the following. We have several VLANs for the wifi clients and there are a gateway in the background network in each VLAN (so not the controller the dgw in the VLANs). There are dhcp helpers defined in the default gateway of the VLAN.


 We tried to make communication secure that we enable dhcp traffic only the dedicated dhcp helpers insteed of this: any any svc-dhcp permit.

The situation, that as soon as we changed the default DHCP ACL (any any svc-dhcp permit) anything else (any network svc-dhcp permit), the DHCP is stopped working.


 What should be the issue here? Is it possible to filter dhcp traffic with ACL on the controller side at all?


Many thanks for the answers.




Guru Elite

Re: Secure DHCP communication

On the face of it, you cannot, because the client request to the DHCP server is a broadcast, not a unicast.  The client is unaware of the DHCP server that would be servicing its request.


What are you trying to prevent?  There is an ACL that prevents clients from being dhcp servers:


user any  udp 68  deny 

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: Secure DHCP communication

Dear cjoseph,


 thanks for the answer this was my thought too.


 I know the dhcp permit and deny ACLs. What we tried to do that enable dhcp only from some dedicated dhcp szervers not any. So something like this:

any host svc-dhcp permit

any any svc-dhcp deny

So the client can communicate with the for dhcp but nothing else.

Thanks a lot!

Best Regards,


Search Airheads
Showing results for 
Search instead for 
Did you mean: