beautypg.com

Configuring dhcp server security functions, Prerequisites, Enabling unauthorized dhcp server detection – H3C Technologies H3C S3600 Series Switches User Manual

Page 663: Configuring ip address detecting

background image

2-24

Be cautious when configuring self-defined DHCP options because such configuration may affect the

DHCP operation process.

Configuring DHCP Server Security Functions

DHCP security configuration is needed to ensure the security of DHCP service.

Prerequisites

Before configuring DHCP security, you should first complete the DHCP server configuration (either

global address pool-based or interface address pool-based DHCP server configuration).

Enabling Unauthorized DHCP Server Detection

If there is an unauthorized DHCP server in the network, when a client applies for an IP address, the

unauthorized DHCP server may assign an incorrect IP address to the client.

With this feature enabled, when receiving a DHCP message with the siaddr field not being 0 from a

client, the DHCP server will record the value of the siaddr field and the receiving interface. The

administrator can use such information to check out any DHCP unauthorized servers.

Follow these steps to enable unauthorized DHCP server detection:

To do…

Use the command…

Remarks

Enter system view

system-view

Enable the unauthorized DHCP
server detecting function

dhcp server detect

Required

Disabled by default.

With the unauthorized DHCP server detection enabled, the relay agent will log all DHCP servers,

including authorized ones, and each server is recorded only once. The administrator needs to find

unauthorized DHCP servers from the system log information.

Configuring IP Address Detecting

To avoid IP address conflicts caused by assigning the same IP address to multiple DHCP clients

simultaneously, you can configure a DHCP server to detect an IP address before it assigns the address

to a DHCP client.

The DHCP server pings the IP address to be assigned using ICMP. If the server gets a response within

the specified period, the server will ping another IP address; otherwise, the server will ping the IP

addresses once again until the specified number of ping packets are sent. If still no response, the server

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: