Configuring the dhcp server security functions, Configuration prerequisites, Enabling unauthorized dhcp server detection – H3C Technologies H3C S12500 Series Switches User Manual
Page 60: Configuring ip address conflict detection
46
Step Command
Remarks
3.
Apply an extended
address pool on the
interface.
dhcp server apply ip-pool
pool-name
Optional.
By default, the DHCP server has no
extended address pool applied on its
interface, and assigns an IP address from
a common address pool to a requesting
client.
NOTE:
Only an extended address pool can be applied to the interface. The address pool to be applied must
already exist.
Configuring the DHCP server security functions
Configuration prerequisites
Before performing this configuration, complete the following configurations on the DHCP server:
1.
Enable DHCP.
2.
Configure the DHCP address pool.
Enabling unauthorized DHCP server detection
Unauthorized DHCP servers on networks might assign wrong IP addresses to DHCP clients.
With unauthorized DHCP server detection enabled, the DHCP server checks whether a DHCP request
contains Option 54 (Server Identifier Option). If yes, the DHCP server records the IP address in the option,
which is the IP address of the DHCP server that assigned an IP address to the DHCP client and records
the receiving interface. The administrator can use this information to check for unauthorized DHCP
servers.
To enable unauthorized DHCP server detection:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable unauthorized DHCP
server detection.
dhcp server detect
Disabled by default.
NOTE:
With unauthorized DHCP server detection enabled, the switch logs each detected DHCP server once and
logs each again if an entry is cleared. The administrator can use the log information to find unauthorized
DHCP servers.
Configuring IP address conflict detection
With IP address conflict detection enabled, the DHCP server pings each address to be assigned is in use
by using ICMP.