Extreme's response to the mobility gap that I saw is that the new features are the first iteration of their DHCP control was really aimed at thwarting the casual attempts to defeating DHCP enforcement. Better enforcement is achieved through a defense in depth strategy. I agree that their technology will thwart the casual problems of trying to by-pass DHCP NAC enforcement (think office worker who wants to get on the network but for what ever reason doesn't want to call tech support), but I don't agree that defense in depth???throwing more products at the problem???is the best strategy.
DHCP Enforcement DHCP is a way to manage IP addresses in a LAN dynamically. An IP address pool is allocated and as hosts join the network, an address is removed from the pool and given out for a period of time. If the host stops using the IP address, the address can be recycled. It's a good way to manage a scarce resource. In addition, DHCP is used to configure the host. There is really no requirement for a host to use DHCP other than ease of use. You can easily bypass DHCP NAC enforcement by configuring your computer's IP address statically, provided you know the IP address range and required parameters like subnet mask and DNS servers for the network you are connecting to.
The only way to defeat DHCP bypassing is to have something in the network that knows what leases have been passed out to hosts and enforce only the authentic leases. Extreme is taking steps towards that goal with ExtremeXOS 11.6. DHCP awareness is configured on a per port basis. The switch monitors the DHCP exchange and extracts the DHCP IP address and host MAC address and binds those items together in an access control list (ACL) on the switch port. If the host tries to change it's IP address manually or attempts to access the network without using DHCP, the packets will be blocked at the switch port. Likewise, if the DHCP lease expires and the host is no longer on that port, the ACL will be removed.
What is compelling about DHCP enforcement coupled with switch knowledge about DHCP leases, is that you can still manage your IP space using DHCP, including managing network access control, without having to make big changes to your IP address management stragegy. Plus switch based DHCP enforcement is probably as granular as 802.1X without having to roll out a whole new infrastructure just for 802.1X. In addition, DHCP awareness is independent of DHCP NAC enforcement.