beautypg.com

Configuring the dhcp server security functions, Configuration prerequisites, Enabling unauthorized dhcp server detection – H3C Technologies H3C S10500 Series Switches User Manual

Page 58: Configuring ip address conflict detection

background image

47

To do…

Use the command…

Remarks

Apply an extended address
pool on the interface

dhcp server apply ip-pool
pool-name

Optional
By default, the DHCP server has no

extended address pool applied on its

interface, and assigns an IP address
from a common address pool to a

requesting client.

Configuring the DHCP server security functions

Configuration prerequisites

Before performing this configuration, complete the following configurations on the DHCP server:

Enable DHCP

Configure the DHCP address pool

Enabling unauthorized DHCP server detection

Unauthorized DHCP servers on a network may assign wrong IP addresses to DHCP clients.
With unauthorized DHCP server detection enabled, the DHCP server checks whether a DHCP request

contains Option 54 (Server Identifier Option). If yes, the DHCP server records the IP address of each
detected DHCP server that assigned an IP address to a requesting DHCP client in the option, and records

the receiving interface. The administrator can use this information to check for unauthorized DHCP

servers.
Follow these steps to enable unauthorized DHCP server detection:

To do…

Use the command…

Remarks

Enter system view

system-view

Enable unauthorized DHCP server
detection

dhcp server detect

Required
Disabled by default.

NOTE:

With the unauthorized DHCP server detection enabled, the switch logs each detected DHCP server once.
The administrator can use the log information to find unauthorized DHCP servers.

Configuring IP address conflict detection

With IP address conflict detection enabled, before assigning an IP address, the DHCP server pings that

IP address by using ICMP. If the server receives a response within the specified period, it selects and

pings another IP address. If it receives no response, the server continues to ping the IP address until the
specified number of ping packets are sent. If still no response is received, the server assigns the IP

address to the requesting client. (The DHCP client probes the IP address by sending gratuitous ARP

packets.)
Follow these steps to configure IP address conflict detection:

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: