Enabling unauthorized dhcp server detection – H3C Technologies H3C S3600 Series Switches User Manual

3-8

To do…

Use the command…

Remarks

Enable the DHCP relay agent
handshake function

dhcp relay hand enable

Optional

Enabled by default.

(Only S3600-EI series switches
among S3600 series switches
support this configuration.)

Set the interval at which the
DHCP relay agent dynamically
updates the client address
entries

dhcp-security tracker
{ interval | auto }

Optional

By default, auto is adopted,
that is, the interval is
automatically calculated.

(Only S3600-EI series switches
among S3600 series switches
support this configuration.)

Currently, the DHCP relay agent handshake function on a S3600-EI series switch can only interoperate

with a Windows 2000 DHCP server.

Enabling unauthorized DHCP server detection

If there is an unauthorized DHCP server in the network, when a client applies for an IP address, the

unauthorized DHCP server may assign an incorrect IP address to the DHCP client.

With this feature enabled, upon receiving a DHCP message with the siaddr field (IP addresses of the

servers offering IP addresses to the client) not being 0 from a client, the DHCP relay agent will record

the value of the siaddr field and the receiving interface. The administrator can use this information to

check out any DHCP unauthorized servers.

Follow these steps to enable unauthorized DHCP server detection:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable unauthorized DHCP
server detection

dhcp-server detect

Required

Disabled by default.

With the unauthorized DHCP server detection enabled, the relay agent will log all DHCP servers,

including authorized ones, and each server is recorded only once until such information is removed and

is recorded again. The administrator needs to find unauthorized DHCP servers from the system log

information.