Configuring the dhcp server security functions, Configuration prerequisites, Enabling unauthorized dhcp server detection – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 44: Configuring ip address conflict detection
33
To do…
Use the command…
Remarks
Apply an extended address
pool on the interface
dhcp server apply ip-pool
pool-name
Optional
By default, the DHCP server has no
extended address pool applied on its
interface, and assigns an IP address
from a common address pool to a
requesting client.
Configuring the DHCP server security functions
Configuration prerequisites
Before performing this configuration, complete the following configurations on the DHCP server:
1.
Enable DHCP.
2.
Configure the DHCP address pool.
Enabling unauthorized DHCP server detection
Unauthorized DHCP servers on a network may assign wrong IP addresses to DHCP clients.
With unauthorized DHCP server detection enabled, the DHCP server checks whether a DHCP request
contains Option 54 (Server Identifier Option). If yes, the DHCP server records the IP address in the option,
which is the IP address of the DHCP server that assigned an IP address to the DHCP client and records
the receiving interface. The administrator can use this information to check for unauthorized DHCP
servers.
Follow these steps to enable unauthorized DHCP server detection:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable unauthorized DHCP server
detection
dhcp server detect
Required
Disabled by default.
NOTE:
With the unauthorized DHCP server detection enabled, the device logs each detected DHCP server once.
The administrator can use the log information to find unauthorized DHCP servers.
Configuring IP address conflict detection
With IP address conflict detection enabled, the DHCP server pings each IP address to be assigned by
using ICMP. If the server receives a response within the specified period, it selects and pings another IP
address. If it receives no response, the server continues to ping the IP address until the specified number
of ping packets are sent. If still no response is received, the server assigns the IP address to the requesting
client (The DHCP client probes the IP address by sending gratuitous ARP packets).
Follow these steps to configure IP address conflict detection:
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points