< Home

learn-client-address dhcp-strict

Function

The learn-client-address dhcp-strict command enables strict STA IP address learning through DHCP.

The undo learn-client-address dhcp-strict command disables strict STA IP address learning through DHCP.

By default, strict STA IP address learning through DHCP is disabled.

Format

learn-client-address dhcp-strict [ blacklist enable ]

undo learn-client-address dhcp-strict

Parameters

Parameter

Description

Value

blacklist enable

Adds STAs with bogus IP addresses to a blacklist.

By default, STAs with bogus IP addresses are not added to a blacklist.

-

Views

VAP profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a STA associates with an AP, the following situation occurs after strict STA IP address learning through DHCP is enabled:
  • If the STA obtains an IP address through DHCP, the AP will automatically report the IP address to the AC. The STA IP address can be used to maintain the mapping between STA IP addresses and MAC addresses.
  • For a STA using a static IP address:
    • If blacklist enable is specified, the STA will be added to a dynamic blacklist of the AP and cannot associate with the AP before the blacklist entry ages.
    • If blacklist enable is not specified, the STA can associate with the AP but the AP does not learn the IP address of the STA.

Prerequisites

STA address learning has been enabled using the undo learn-client-address disable command.

Precautions

After strict STA IP address learning is enabled, it is recommended that you run the ip source check user-bind enable and arp anti-attack check user-bind enable commands to enable IP source guard and dynamic ARP inspection so that STAs cannot communicate with the network before obtaining an IP address through DHCP.

If strict STA IP address learning is disabled, you can manually configure static IP addresses. If a STA obtains an IP address dynamically using DHCP, goes online, and then statically modifies its IP address, the administrator cannot check the IP address change of this STA.

Example

# Enable strict STA IP address learning through DHCP.

<HUAWEI> system-view
[HUAWEI] wlan 
[HUAWEI-wlan-view] vap-profile name vap1
[HUAWEI-wlan-vap-prof-vap1] learn-client-address dhcp-strict
Parent Topic: WLAN Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >