beautypg.com

Enabling unauthorized dhcp servers detection – H3C Technologies H3C S5120 Series Switches User Manual

Page 246

background image

1-6

z

If the server returns a DHCP-ACK message or does not return any message within a specified

interval, which means the IP address is assignable now, the DHCP relay agent will age out the

client entry with this IP address.

z

If the server returns a DHCP-NAK message, which means the IP address is still in use, the relay

agent will not age it out.

Follow these steps to configure periodic refresh of dynamic client entries:

To do…

Use the command…

Remarks

Enter system view

system-view

Enable periodic refresh of
dynamic client entries

dhcp relay security
refresh enable

Optional

Enabled by default.

Configure the refresh
interval

dhcp relay security
tracker { interval | auto }

Optional

auto by default. (auto interval is
calculated by the relay agent according
to the number of client entries.)

Enabling unauthorized DHCP servers detection

There are unauthorized DHCP servers on networks, which reply DHCP clients with wrong IP

addresses.

With this feature enabled, upon receiving a DHCP request, the DHCP relay agent will record the IP

address of the DHCP server which assigned an IP address to the DHCP client and the receiving

interface. The administrator can use this information to check out any DHCP unauthorized servers.

Follow these steps to enable unauthorized DHCP server detection:

To do…

Use the command…

Remarks

Enter system view

system-view

Enable unauthorized DHCP
server detection

dhcp relay server-detect

Required

Disabled by default.

With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP

server. The administrator needs to find unauthorized DHCP servers from the log information. After the

information of recorded DHCP servers is cleared, the relay agent will re-record server information

following this mechanism.

Configuring the DHCP Relay Agent to Send a DHCP-Release Request

This task allows you to release a client’s IP address manually on the DHCP relay agent. After you

configure this task, the DHCP relay agent actively sends a DHCP-RELEASE request that contains the

client’s IP address to be released. Upon receiving the DHCP-RELEASE request, the DHCP server then

releases the IP address for the client; meanwhile, the client’s IP-to-MAC binding entry is removed from

the DHCP relay agent.

See also other documents in the category H3C Technologies Routers: