Configuring the dhcp server security functions, Configuration prerequisites, Enabling unauthorized dhcp server detection – H3C Technologies H3C SecPath F1000-E User Manual
Page 52: Configuring ip address conflict detection
12
Configuring the DHCP Server Security Functions
This configuration is necessary to secure DHCP services on the DHCP server.
Configuration Prerequisites
Before performing this configuration, complete the following configurations on the DHCP server:
•
Enable DHCP
•
Configure the DHCP address pool
Enabling Unauthorized DHCP Server Detection
Unauthorized DHCP servers may exist on networks, and they reply DHCP clients with wrong IP
addresses.
With this feature enabled, upon receiving a DHCP request, the DHCP server will record the IP address of
the DHCP server which assigned an IP address to the DHCP client and the receiving interface. The
administrator can use this information to check out any unauthorized DHCP servers.
Follow these steps to enable unauthorized DHCP server detection:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable unauthorized DHCP server
detection
dhcp server detect
Required
Disabled by default.
NOTE:
With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP
server. The administrator needs to find unauthorized DHCP servers from the log information.
Configuring IP Address Conflict Detection
To avoid IP address conflicts, the DHCP server checks whether the address to be assigned is in use by
sending ping packets.
The DHCP server pings the IP address to be assigned using ICMP. If the server gets a response within the
specified period, the server will select and ping another IP address; otherwise, the server will ping the IP
addresses once again until the specified number of ping packets are sent. If still no response is received,
the server will assign the IP address to the requesting client (The DHCP client probes the IP address by
sending gratuitous ARP packets).
Follow these steps to configure IP address conflict detection:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Specify the number of ping
packets
dhcp server ping packets
number
Optional
One ping packet by default.
The value 0 indicates that no ping
operation is performed.