Enforce DHCP for UBT Clients

Enforce DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  helps to manage roles and VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. with UBT more efficiently, allowing clients to enable the option individually or globally for tunneled users. This option is enabled in the local and the downloadable user roles.

Enable Enforce DHCP for UBT Clients in the WebUI

In the Managed Network node hierarchy:

1. Navigate to the Configuration > Roles & Policies > Roles.

2. Click the name of the role then in More > Network

3. Click the checkbox to enable Enforce DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  for UBT clients.

Enable Enforce DHCP for UBT Clients in the CLI

The following commands enable and disable Enforce DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  for UBT clients in the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:

• To enable:

(host) [mynode] (config-submode)#user-role <profile name>

(host) [mynode] (config-submode)# enforce-dhcp

• To disable:

(host) [mynode] (config-submode)#user-role <profile name>

(host) [mynode] (config-submode)#no enforce-dhcp

Examples of How Enforce DHCP for UBT Clients Displays When Enabled for Static and Downloadable User Roles

For static user-role:

(host) [mynode] #show rights <profile name>

Valid = 'Yes'

CleanedUp = 'No'

Derived Role = '<profile name>'

Up BW:No Limit Down BW:No Limit

L2TP Pool = default-l2tp-pool

PPTP Pool = default-pptp-pool

Number of users referencing it = 2

Assigned VLAN = 31

Periodic reauthentication: Disabled

DPI Classification: Enabled

Youtube education: Disabled

Web Content Classification: Enabled

IP-Classification Enforcement: Enabled

ACL Number = 87/0

Openflow: Enabled

Enforce Dhcp: Enabled

Max Sessions = 65535

Check CP Profile for Accounting = TRUE

Application Exception List

--------------------------

For downloadable user-role:

(ST-61.61) *[mynode] #show rights <profile name>

Valid = 'Yes'

CleanedUp = 'No'

Derived Role = '<profile name>'

Up BW:No Limit Down BW:No Limit

L2TP Pool = default-l2tp-pool

PPTP Pool = default-pptp-pool

Number of users referencing it = 2

Assigned VLAN = 31

Periodic reauthentication: Disabled

DPI Classification: Enabled

Youtube education: Disabled

Web Content Classification: Enabled

IP-Classification Enforcement: Enabled

ACL Number = 90/0

Openflow: Enabled

Enforce Dhcp: Enabled

Max Sessions = 65535

Check CP Profile for Accounting = TRUE

Application Exception List

--------------------------

Using show running-config:

user-role <profile name>

vlan 31

enforce-dhcp

access-list session global-sacl

access-list session apprf-authenticated-sacl

access-list session ra-guard

access-list session allowall

access-list session v6-allowall

Using show aaa state debug-statistics | include ubt:

This command displays the presence of static clients. The value of the counters is the number of times the static client attempted to send traffic and got blocked by enforce-dhcp feature.

(host) [mynode] #show aaa state debug-statistics | include ubt

user miss: mac mismatch=0, spoof=0 (0), drop=42, ncfg=0 enforce_dhcp=0 ubt_enforce_dhcp=42