Configuring DHCP Scopes on IAPs

The Virtual Controller (VC) supports the following types of DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  address assignments:

Configuring Distributed DHCP Scopes

Aruba Central allows you to configure the DHCP address assignment for the branches connected to the corporate network through VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.. You can configure the range of DHCP IP addresses used in the branches and the number of client addresses allowed per branch. You can also specify the IP addresses that must be excluded from those assigned to clients, so that they are assigned statically.

Aruba Central supports the following distributed DHCP scopes:

• Distributed, L2—In this mode, the VC acts as the DHCP server, but the default gateway is in the data center. Based on the number of clients specified for each branch, the range of IP addresses is divided. Based on the IP address range and client count configuration, the DHCP server in the VC controls a scope that is a subset of the complete IP Address range for the subnet Subnet is the logical division of an IP network. distributed across all the branches. This DHCP Assignment mode is used with the L2 forwarding mode.
• Distributed, L3—In this mode, the VC acts as the DHCP server and the default gateway. Based on the number of clients specified for each branch, the range of IP addresses is divided. Based on the IP address range and client count configuration, the DHCP server in the VC is configured with a unique subnet and a corresponding scope.

To configure distributed DHCP scopes such as Distributed, L2 or Distributed, L3, complete the following steps:

1. In the Aruba Central app, set the filter to a group containing at least one AP.

   The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

   A list of APs is displayed in the List view.

3. Click the Config icon.

   The tabs to configure the APs are displayed.

4. Click Show Advanced.
5. Click the System tab.

   The System page is displayed.

6. Click the DHCP accordion.
7. To configure distributed DHCP scope, click + under Distributed DHCP Scopes.

   The New Distributed DHCP Scopes pane is displayed.

8. Based on the type of distributed DHCP scope, configure the following parameters:

   Table 1: Distributed DHCP Scope Configuration Parameters

   Data pane item	Description
   Name	Enter a name for the DHCP scope.
   Type	Select any of the following options: Distributed, L2—On selecting Distributed, L2, the VC acts as the DHCP Server but the default gateway is in the data center. Traffic is bridged into VPN tunnel. Distributed, L3—On selecting Distributed, L3, the VC acts as both DHCP Server and default gateway. Traffic is routed into the VPN tunnel.
   VLAN	Specify a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID. To use this subnet, ensure that the VLAN ID specified here is assigned to an SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile.
   Netmask	If Distributed, L2 is selected for type of DHCP scope, specify the subnet mask. The subnet mask and the network determine the size of subnet.
   Default Router	If Distributed, L2 is selected for type of DHCP scope, specify the IP address of the default router.
   DNS Server	If required, specify the IP address of a DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. server.
   Domain Name	If required, specify the domain name.
   Lease Time	Specify a lease time for the client in minutes.
   DDNS Profile	Select a DDNS profile from the DDNS Profile drop-down list. For more information on configuring a DDNS profile, see Configuring a DDNS Server Profile.
   IP Address Range	Specify a range of IP addresses to use. To add another range, click the + icon. You can specify up to four different ranges of IP addresses. For Distributed, L2 mode, ensure that all IP ranges are in the same subnet as the default router. On specifying the IP address ranges, a subnet validation is performed to ensure that the specified ranges of IP address are in the same subnet as the default router and subnet mask. The configured IP range is divided into blocks based on the configured client count. For Distributed, L3 mode, you can configure any dis-contiguous IP ranges. The configured IP range is divided into multiple IP subnets that are sufficient to accommodate the configured client count. NOTE: You can allocate multiple branch IDs (BID) per subnet. The Instant AP generates a subnet name from the DHCP IP configuration, which the controller can use as a subnet identifier. If static subnets are configured in each branch, all of them are assigned the with BID 0, which is mapped directly to the configured static subnet.
   DHCP Reservation	Displays the total number of DHCP reservations. Click the number to view the list of DHCP reservations. NOTE: You can configure DHCP reservation only on virtual controllers. From the filter bar, select a virtual controller and click the + icon to configure DHCP reservation. Specify the following details: MAC—Specify the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the device for which the IP address has to be reserved. IP—Specify the IP address that has to be reserved for the MAC address. The IP address should be in the IP address range. NOTE: Aruba Central allows you to configure a maximum of 32 DHCP reservations. To delete a DHCP reservation, click the delete icon.
   Option	Specify the type and a value for the DHCP option. You can configure the organization-specific DHCP options supported by the DHCP server. For example, 176, 242, 161, and so on. To add multiple DHCP options, click the + icon. You can add up to eight DHCP options.

9. Click Next. The Branch Size tab is displayed. Specify the number of clients to use per branch. The client count configured for a branch determines the use of IP addresses from the IP address range defined for a DHCP scope. For example, if 20 IP addresses are available in an IP address range configured for a DHCP scope and a client count of 9 is configured, only a few IP addresses (in this example, 9) from this range will be used and allocated to a branch. The Instant Access Point (IAP) does not allow the administrators to assign the remaining IP addresses to another branch, although a lower value is configured for the client count.
10. Click Next. The Static IP tab is displayed. Specify the number of first and last IP addresses to reserve in the subnet.
11. Click Finish.

Configuring a Centralized DHCP Scope

The centralized DHCP scope supports L2 and L3 clients.

When a centralized DHCP scope is configured:

• The virtual controller does not assign an IP address to the client and the DHCP traffic is directly forwarded to the DHCP Server.
• For L2 clients, the virtual controller bridges the DHCP traffic to the controller over the VPN/GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel. The IP address is obtained from the DHCP server behind the controller serving the VLAN/GRE of the client. This DHCP assignment mode also allows you to add the DHCP option 82 to the DHCP traffic forwarded to the controller.
• For L3 clients, the virtual controller acts as a DHCP relay agent that forwards the DHCP traffic to the DHCP server located behind the controller in the corporate network and reachable through the IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel. The centralized L3 VLAN IP is used as the source IP. The IP address is obtained from the DHCP server.

To configure a centralized DHCP scope, complete the following steps:

1. In the Aruba Central app, set the filter to a group containing at least one AP.

   The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

   A list of APs is displayed in the List view.

3. Click the Config icon.

   The tabs to configure the APs are displayed.

4. Click Show Advanced.
5. Click the System tab.

   The System page is displayed.

6. Click the DHCP accordion.
7. To configure centralized DHCP scopes, click + under Centralized DHCP Scopes.

   The New Centralized DHCP Scope data pane is displayed.

8. Based on type of centralized DHCP scope, configure the following parameters:

   Table 2: DHCP mode configuration parameters

   Data pane item	Description
   Name	Enter a name for the DHCP scope.
   Type	Select one of the following options: Centralized, Layer-2 Centralized, Layer-3
   VLAN	Specify a VLAN ID or multiple VLAN IDs by entering a list of comma separated digits or ranges, for example 1,2,5, or 1- 4, or all. You can enter the VLAN ID in the range of 1-4093. To use this subnet, ensure that the VLAN ID(s) specified here is assigned to an SSID profile.
   Split Tunnel	Enable the split tunnel function if you want allow a VPN user to access a public network and a local LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. or WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. network at the same time through the same physical network connection. For example, a user can use a remote access VPN software client connecting to a corporate network using a home wireless network. When the split tunnel function is enabled, the user can connect to file servers, database servers, mail servers, and other servers on the corporate network through the VPN connection. When the user connects to resources on the Internet (websites, FTP File Transfer Protocol. A standard network protocol used for transferring files between a client and server on a computer network. sites, and so on), the connection request goes directly to the gateway provided by the home network. The split DNS functionality intercepts DNS requests from clients for non-corporate domains (as configured in Enterprise Domains list) and forwards to the IAP's own DNS server. When split tunnel is disabled, all the traffic including the corporate and the Internet traffic is tunneled irrespective of the routing profile specifications. If the GRE tunnel is down and when the corporate network is not reachable, the client traffic is dropped. NOTE: When split tunnel is enabled, you can specify only a single VLAN ID in the VLAN field. When split tunnel is disabled, you can enter multiple VLAN IDs separated by commas in the VLAN field.
   DHCP Relay	Select the DHCP Relay check box to allow the IAPs to intercept the broadcast packets and relay DHCP requests.
   Helper Address	Enter the IP address of the DHCP server.
   VLAN IP	Field is applicable only if you select Centralized, Layer-3. Specify the VLAN IP address of the DHCP relay server.
   VLAN Mask	Field is applicable only if you select Centralized, Layer-3. Specify the VLAN subnet mask of the DHCP relay server.
   Option 82	Select one of the following options: None—If you have configured the DHCP Option 82 XML Extensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. file, the ALU option scope is disabled in the drop-down list. To enable ALU, set the drop-down list to None and delete the DHCP Option 82 XML file. To enable the XML option, select None from the drop-down list and select the XML file from the DHCP Option 82 XML drop-down list. ALU—ALU option is disabled if an XML file is selected from the DHCP Option 82 XML drop-down list in the System > General pane. Select ALU to enable DHCP Option 82 to allow clients to send DHCP packets with the Option 82 string. The Option 82 string is available only in the Alcatel (ALU) format. The ALU format for the Option 82 string consists of the following: Remote Circuit ID; X AP-MAC; SSID; SSID-Type Remote Agent; X IDUE-MAC XML—XML option is enabled only if an XML file is selected from the DHCP Option 82 XML drop-down list in the System > General pane. Alternatively, to enable the XML option, select None from the drop-down list and select the XML file from the DHCP Option 82 XML drop-down list. For information related to XML files, see Configuring System Parameters for an IAP

9. Click Save Settings.

The following table describes the behavior of the DHCP Relay Agent and Option 82 in the IAP.

Table 3: DHCP Relay and Option 82

DHCP Relay	Option 82	Behavior
Enabled	Enabled	DHCP packet relayed with the ALU-specific Option 82 string
Enabled	Disabled	DHCP packet relayed without the ALU-specific Option 82 string
Disabled	Enabled	DHCP packet not relayed, but broadcast with the ALU-specific Option 82 string
Disabled	Disabled	DHCP packet not relayed, but broadcast without the ALU-specific Option 82 string

Configuring Local DHCP Scopes

You can configure the following types of local DHCP scopes on an IAP:

• Local—In this mode, the VC acts as both the DHCP Server and default gateway. The configured subnet and the corresponding DHCP scope are independent of subnets configured in other IAP clusters. The VC assigns an IP address from a local subnet and forwards traffic to both corporate and non-corporate destinations. The network address is translated appropriately and the packet is forwarded through the IPsec tunnel or through the uplink. This DHCP assignment mode is used for the NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. forwarding mode.
• Local, L2—In this mode, the VC acts as a DHCP server and the gateway is located outside the IAP.
• Local, L3—In this mode, the VC acts as a DHCP server and default gateway, and assigns an IP address from the local subnet. The IAP routes the packets sent by clients on its uplink. This DHCP assignment mode is used with the L3 forwarding mode.

To configure a new local DHCP scope, complete the following steps:

1. In the Aruba Central app, set the filter to a group containing at least one AP.

   The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

   A list of APs is displayed in the List view.

3. Click the Config icon.

   The tabs to configure the APs are displayed.

4. Click Show Advanced.
5. Click the System tab.

   The System page is displayed.

6. Click the DHCP accordion.
7. To configure local DHCP scopes, click + under Local DHCP Scopes.

   The New DHCP Scopes data pane is displayed.

8. Based on type of local DHCP scope, configure the following parameters:

   Table 4: Local DHCP Configuration Parameters

   Data pane item	Description
   Name	Enter a name for the DHCP scope.
   Type	Select any of the following options: Local—On selecting Local, the DHCP server for local branch network is used for keeping the scope of the subnet local to the IAP. In the NAT mode, the traffic is forwarded through the uplink. Local, L2—On selecting Local, L2, the VC acts as a DHCP server and a default gateway in the local network is used. Local, L3—On selecting Local, L3, the VC acts as a DHCP server and gateway.
   VLAN	Enter the VLAN ID. To use this subnet, ensure that the VLAN ID specified here is assigned to an SSID profile.
   Network	Specify the network to use.
   Netmask	Specify the subnet mask. The subnet mask and the network determine the size of subnet.
   Excluded Address	Specify a range of IP addresses to exclude. You can add up to two exclusion ranges. Based on the size of the subnet and the value configured for Excluded address, the IP addresses either before or after the defined range are excluded.
   DHCP Reservation	Displays the total number of DHCP reservations. Click the number to view the list of DHCP reservations. NOTE: You can configure DHCP reservation only on virtual controllers. From the filter bar, select a virtual controller and click the + icon to configure DHCP reservation. Specify the following details: MAC—Specify the MAC address of the device for which the IP address has to be reserved. IP—Specify the IP address that has to be reserved for the MAC address. The IP address should be in the IP address range. NOTE: Aruba Central allows you to configure a maximum of 32 DHCP reservations. To delete a DHCP reservation, click the delete icon.
   Default Router	Enter the IP address of the default router.
   DNS Server	Enter the IP address of a DNS server.
   Domain Name	Enter the domain name.
   Lease Time	Enter a lease time for the client in minutes.
   DHCP Relay	Select the DHCP Relay check box to allow the IAPs to intercept the broadcast packets and relay DHCP requests.
   Helper Address	Enter the IP address of the DHCP server.
   Option	Specify the type and a value for the DHCP option. You can configure the organization-specific DHCP options supported by the DHCP server. To add multiple DHCP options, click the + icon.

9. Click Save Settings.