You are here: CLI_commands > ip dhcp
Previous TopicNext Topic

ip dhcp

ip dhcp <dhcp_profile>

bid <bid>

client-count <idx>

default-router <default_router>


dhcp-server <dhcp_server>


dns-server <dns_server>

domain-name <domain-name>

exclude-address <exclude_address>

host <mac>

ip-range <start_IP> <end_IP>

lease-time <lease_time>

option <option_type> <option_value>

option82 alu

reserve {first <count>| last <count>}

server-type <server_type>

server-vlan <idx>

subnet <subnet>

subnet-mask <Subnet-Mask>

vlan-ip <VLAN_IP> mask <VLAN mask>



This command configures DHCP assignment modes and scopes for Instant network.






ip dhcp <profile>

Creates a DHCP profile with a unique name.

bid <bid>

Defines the branch ID.

NOTE: You can allocate multiple branch IDs (BID) per subnet. The IAP generates a subnet name from the DHCP IP configuration, which the controller can use as a subnet identifier. If static subnets are configured in each branch, all of them are assigned the with BID 0, which is mapped directly to the configured static subnet.

client-count <idx>

Defines the number of clients allowed per DHCP branch.

NOTE: The client count configured for a branch determines the use of IP addresses from the IP address range defined for a DHCP scope. For example, if 20 IP addresses are available in an IP address range configured for a DHCP scope and a client count of 9 is configured, only a few IP addresses (in this example, 9) from this range will be used and allocated to a branch. The IAP does not allow the administrators to assign the remaining IP addresses to another branch, although a lower value is configured for the client count.

default-router <default_router> Defines the IP address of the default router for the Distributed, L2 DHCP scope.

Enables the IAPs to intercept the broadcast packets and relay DHCP requests directly to corporate network.

The DHCP relay is enabled for the centralized DHCP scopes to reduce network traffic caused by the broadcasting of DHCP requests to the corporate network. With a centralized DHCP scope, the clients in the branch are in the same subnet as clients in the corporate network. Normally the DHCP request goes through the VPN tunnel and is broadcast into the corporate network. This feature allows it to succeed without requiring to broadcast and thus reduces the network traffic.

dhcp-server <dhcp_server> Defines the IP address of the corporate DHCP server for DHCP request relay.


Disables split tunnel functionality for Centralized L2 subnets.

Split tunneling allows a VPN user to access a public network and a local LAN or WAN network at the same time through the same physical network connection.

When split-tunnel is disabled, all the traffic including the corporate and Internet traffic is tunneled irrespective of the routing profile specifications. If the GRE tunnel is down and when the corporate network is not reachable, the client traffic is dropped.

dns-server <IP-address>

Defines the DNS server IP address.
domain-name <domain-name> Defines the domain name.
host <mac> Allows you to specify the host MAC address.

exclude-address <exclude_address>

Defines the IP address to exclude for the Local,L3 DHCP scope. The value entered in the field determines the exclusion range of the subnet. Based on the size of the subnet, the IP addresses that come before or after the IP address value specified in this field are excluded.

ip-range <start_IP> <end_IP>

Defines a range of IP addresses to use in the distributed,l2 and distributed,l3 DHCP scopes. You can configure a range of DHCP IP addresses used in the branches and the number of client addresses allowed per branch. You can also specify the IP addresses that must be excluded from those assigned to clients, so that they are assigned statically. You can configure up to four different ranges of IP addresses

l For Distributed,L2 mode, ensure that all IP ranges are in the same subnet as the default router. On specifying the IP address ranges, a subnet validation is performed to ensure that the specified ranges of IP address are in the same subnet as the default router and subnet mask. The configured IP range is divided into blocks based on the configured client count.
l For Distributed,L3 mode, you can configure any discontiguous IP ranges. The configured IP range is divided into multiple IP subnets that are sufficient to accommodate the configured client count.
lease-time <lease_time> Defines a lease time for the client in minutes. 720
option <option_type> <option_value>

Defines the type and a value for the DHCP option to use.

You can configure up to eight DHCP options supported by the DHCP server and enter the option value in "" not exceeding 255 characters.

option82 alu

Enables the DHCP Option 82 for the Centralized,l2 DHCP scope to allow clients to send DHCP packets with the Option 82 string.

reserve {first <count>| last <count>}

Reserves the first few and last few IP addresses in the subnet.

server-type <server_type>

Defines any of the following DHCP assignment modes:

l Distributed, L2
l Distributed, L3
l Local
l Local, L3
l Centralized, L2
l Centralized, L3

distributed,l2, distributed,l3,local, local,l3,centralized,l2, centralized,l3


server-vlan <idx> Configures a VLAN ID for the DHCP scope. To use this subnet, ensure that the VLAN ID specified here is assigned to an SSID profile. 1-4093
subnet <subnet> Defines the network IP address
subnet-mask <subnet_mask> Defines the subnet mask for Local, Local,L3, and distributed,l3 DHCP scopes. The subnet mask and the network determine the size of subnet.
vlan-id <VLAN_IP> mask <VLAN mask> Defines the IP address and subnet mask for vlan of the DHCP server.
no… Removes any existing configuration.

Usage Guidelines

Use this command to configure the DHCP address assignment for the branches connected to the corporate network through VPN. You can configure the following types of DHCP profiles.

Distributed, L2 — In this mode, the Virtual Controller acts as the DHCP server, but the default gateway is in the data center. Based on the number of clients specified for each branch, the range of IP addresses is divided. Based on the IP address range and client count configuration, the DHCP server in the Virtual Controller controls a scope that is a subset of the complete IP Address range for the subnet distributed across all the branches. This DHCP Assignment mode is used with the L2 forwarding mode.
Distributed, L3 — In this mode, the Virtual Controller acts as the DHCP server and the default gateway. Based on the number of clients specified for each branch, the range of IP addresses is divided. Based on the IP address range and client count configuration, the DHCP server in the Virtual Controller is configured with a unique subnet and a corresponding scope.
Local — In this mode, the Virtual Controller acts as both the DHCP Server and the default gateway. The configured subnet and the corresponding DHCP scope are independent of subnets configured in other IAP clusters. The Virtual Controller assigns an IP address from a local subnet and forwards traffic to both corporate and non-corporate destinations. The network address is translated appropriately and the packet is forwarded through the IPSec tunnel or through the uplink. This DHCP assignment mode is used for the NAT forwarding mode.
Local, L3— In this mode, the Virtual Controller acts as a DHCP server and the gateway, and assigns an IP address from the local subnet. The IAP routes the packets sent by clients on its uplink. This mode does not provide corporate access through the IPsec tunnel. This DHCP assignment mode is used with the L3 forwarding mode.
Centralized, L2—When a Centralized, L2 DHCP scope is configured, the Virtual Controller bridges the DHCP traffic to the controller over the VPN/GRE tunnel. The IP address is obtained from the DHCP server behind the controller serving the VLAN/GRE of the client. This DHCP assignment mode also allows you to add the DHCP option 82 to the DHCP traffic forwarded to the controller.
Centralized, L3—For Centralized, L3 clients, the Virtual Controller acts as a DHCP relay agent that forwards the DHCP traffic to the DHCP server located either in the corporate or local network. The centralized L3 VLAN IP is used as the source IP. The IP address is obtained from the DHCP server.


The following example configures a distributed,l2 DHCP scope:

(Instant AP)(config)# ip dhcp corpNetwork1

(Instant AP)(DHCP Profile"corpNetwork1")# ip dhcp server-type distributed,l2

(Instant AP)(DHCP Profile"corpNetwork1")# server-vlan 1

(Instant AP)(DHCP Profile"corpNetwork1")# subnet

(Instant AP)(DHCP Profile"corpNetwork1")# subnet-mask

(Instant AP)(DHCP Profile"corpNetwork1")# default-router

(Instant AP)(DHCP Profile"corpNetwork1")# client-count 0

(Instant AP)(DHCP Profile"corpNetwork1")# dns-server

(Instant AP)(DHCP Profile"corpNetwork1")# domain-name

(Instant AP)(DHCP Profile"corpNetwork1")# lease-time 1200

(Instant AP)(DHCP Profile"corpNetwork1")# ip-range

(Instant AP)(DHCP Profile"corpNetwork1")# reserve first 2

(Instant AP)(DHCP Profile"corpNetwork1")# option 176 "MCIPADD=,MCPORT=1719,TFTPSRVR=,L2Q=1,L2QVLAN=2,L2QAUD=5,L2QSIG=3"

(Instant AP)(DHCP Profile"corpNetwork1")# end

(Instant AP)# commit apply

Command History



Aruba Instant This command is modified.

Aruba Instant

This command is introduced.

Command Information

IAP Platform

Command Mode

All platforms

Configuration mode and IP DHCP profile configuration sub-mode.