Configuring the dhcp server security functions, Configuration prerequisites, Enabling unauthorized dhcp server detection – H3C Technologies H3C SecPath F1000-E User Manual
Page 201: Configuring ip address conflict detection
176
To apply an extended address pool on an interface:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Apply an extended address
pool on the interface.
dhcp server apply ip-pool
pool-name
Optional.
By default, the DHCP server has no
extended address pool applied on
its interface, and assigns an IP
address from a common address
pool to a requesting client.
NOTE:
Only an extended address pool can be applied on the interface. The address pool to be referenced must
already exist.
Configuring the DHCP server security functions
Configuration prerequisites
Before performing this configuration, complete the following configurations on the DHCP server:
•
Enable DHCP
•
Configure the DHCP address pool
Enabling unauthorized DHCP server detection
Unauthorized DHCP servers on a network may assign wrong IP addresses to DHCP clients.
With unauthorized DHCP server detection enabled, the DHCP server checks whether a DHCP request
contains Option 54 (Server Identifier Option). If yes, the DHCP server records the IP address in the option,
which is the IP address of the DHCP server that assigned an IP address to the DHCP client and records
the receiving interface. The administrator can use this information to check for unauthorized DHCP
servers.
To enable unauthorized DHCP server detection:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable unauthorized DHCP
server detection.
dhcp server detect
Disabled by default.
NOTE:
With the unauthorized DHCP server detection enabled, the firewall logs each detected DHCP server once.
The administrator can use the log information to find unauthorized DHCP servers.
Configuring IP address conflict detection
With IP address conflict detection enabled, the DHCP server pings each IP address to be assigned by
using ICMP. If the server receives a response within the specified period, the server selects and pings
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer