Operation Manual
MP Access Point Commands
Mobility System Software Command Reference Guide
Version 7.3
12 – 296
set service-profile dhcp-restrict
Enables or disables DHCP Restrict on a service profile. DHCP Restrict filters the traffic from a
newly associated client and allows DHCP traffic only, until the client has been authenticated and
authorized. All other traffic is captured by the MX and is not forwarded. After the client is
successfully authorized, the traffic restriction is removed.
Syntax
set service-profile profile-name dhcp-restrict {enable | disable}
Defaults
DHCP Restrict is disabled by default.
Access
Enabled.
History
Introduced in MSS Version 4.2.
Usage
To further reduce the overhead of DHCP traffic, use the set service-profile
no-broadcast command to disable DHCP broadcast traffic from MP radios to clients on the
service profile’s SSID.
Examples
The following command enables DHCP Restrict on service profile sp1:
MX# set service-profile sp1 dhcp-restrict enable
success: change accepted.
See Also
● set service-profile no-broadcast on page 12-300
● set service-profile proxy-arp on page 12-300
● show service-profile on page 12-357
set service-profile dot1x-handshake-timeout
Configure the number of milliseconds before the dot1X handshake message is retransmitted.
Syntax
set service-profile profile-name dot1X-handshake-timeout timeout
Defaults
None
Access
Enable
History
Introduced in MSS Version 7.1
set service-profile idle-client-probing
Disables or reenables periodic keepalives from MP radios to clients on a service profile’s SSID.
When idle-client probing is enabled, the MP radio sends a unicast null-data frame to each client
every 10 seconds. Normally, a client that is still active sends an Ack in reply to the keepalive.
If a client does not send any data or respond to any keepalives before the user idle timeout expires,
MSS changes the client session to the Disassociated state.
profile-name Service profile name.
enable Enables DHCP Restrict.
disable Disables DHCP Restrict.
profile-name Service profile name.
timeout Enter a value from 20 to 5000 seconds. Enter 0 to use the
global dot1x value.