Wireless Access Controller (AC and Fit AP) V200R019C00 CLI-based Configuration Guide
Configuring Strict STA IP Address Learning Through DHCP
Prerequisites
Before configuring strict STA IP address learning through DHCPv6, enable the IPSG or ND snooping function. For details about the configuration procedure, see Configuring IPSG and Enabling ND Snooping.
Context
- If the STA obtains an IP address through DHCP, the AP will automatically report the IP address to the AC. The STA IP address can be used to maintain the mapping entries between STA IP addresses and MAC addresses.
- If the STA uses a static IP address, configure related parameters to control the association of the STA with the AP.
Procedure
- Run system-view
The system view is displayed.
- Run wlan
The WLAN view is displayed.
- Run vap-profile name profile-name
The VAP profile view is displayed.
- Run undo learn-client-address { ipv4 | ipv6 } disable
STA IP address learning is enabled.
By default, STA address learning is enabled.
- Enable strict STA IP address learning through DHCP.
- If the STA obtains an IPv4 address, run the learn-client-address dhcp-strict [ blacklist enable ] command to enable strict STA IP address learning through DHCP.
By default, strict STA IP address learning through DHCP is disabled.
- If the STA obtains an IPv6 address, run the learn-client-address { dhcpv6-strict | dhcpv6-slaac } [ blacklist enable ] command to enable strict STA IPv6 address learning.
By default, strict STA IPv6 address learning is disabled.
If the STA uses a static IP address:- If blacklist enable is specified, the STA will be added to the dynamic blacklist of the AP and cannot associate with the AP before the blacklist entry ages.
- If blacklist enable is not specified, the STA can associate with the AP and the AP does not learn the STA IP address. In this case, enable IPSG to prevent communication through bogus IP addresses.
![]()
If this function is disabled, you can manually configure a static IP address. However, if a STA obtains an IP address dynamically using DHCP, goes online, and then is assigned a static IP address, the administrator cannot detect the IP address change of this STA.
- After strict STA IP address learning through DHCP is enabled, if the AC has learned the STA IP address through DHCP or statically, the STA using a bogus IP address will not be added to the blacklist. In this case, enable IPSG to prevent services from the bogus IP address from running.
After strict STA IP address learning is enabled, it is recommended that you run the ip source check user-bind enable and arp anti-attack check user-bind enable commands to enable IPSG and DAI so that STAs can communicate with the network only after obtaining an IP address through DHCP.
- The blacklist function takes effect 2 minutes after a STA goes online.
- If the STA obtains an IPv4 address, run the learn-client-address dhcp-strict [ blacklist enable ] command to enable strict STA IP address learning through DHCP.
