04 Layer 3 - IP Services Configuration Guide

HomeSupportSwitchesH3C S7500E-XS Switch SeriesConfigure & DeployConfiguration GuidesH3C S7500E-XS Configuration Guides-R2418P05-6W10004 Layer 3 - IP Services Configuration Guide
03-DHCP configuration
Title Size Download
03-DHCP configuration 651.16 KB

DHCP overview·· 1

DHCP address allocation· 1

Allocation mechanisms 1

IP address allocation process 2

IP address lease extension· 2

DHCP message format 3

DHCP options 4

Common DHCP options 4

Custom DHCP options 4

Protocols and standards 6

Configuring the DHCP server 8

Overview·· 8

DHCP address pool 8

IP address allocation sequence· 10

DHCP server configuration task list 10

Configuring an address pool on the DHCP server 11

Configuration task list 11

Creating a DHCP address pool 11

Specifying IP address ranges for a DHCP address pool 11

Specifying gateways for DHCP clients 14

Specifying a domain name suffix for DHCP clients 15

Specifying DNS servers for DHCP clients 15

Specifying WINS servers and NetBIOS node type for DHCP clients 15

Specifying BIMS server for DHCP clients 16

Specifying the configuration file for DHCP client auto-configuration· 16

Specifying a server for DHCP clients 17

Configuring Option 184 parameters for DHCP clients 18

Customizing DHCP options 18

Enabling DHCP· 19

Enabling the DHCP server on an interface· 19

Applying an address pool on an interface· 20

Configuring IP address conflict detection· 20

Enabling handling of Option 82· 21

Configuring DHCP server compatibility· 21

Configuring the DHCP server to broadcast all responses 21

Configure the DHCP server to ignore BOOTP requests 21

Configuring the DHCP server to send BOOTP responses in RFC 1048 format 22

Setting the DSCP value for DHCP packets sent by the DHCP server 22

Displaying and maintaining the DHCP server 23

DHCP server configuration examples 23

Static IP address assignment configuration example· 23

Dynamic IP address assignment configuration example· 25

DHCP user class configuration example· 26

Primary and secondary subnets configuration example· 28

DHCP option customization configuration example· 29

Troubleshooting DHCP server configuration· 30

Symptom·· 30

Analysis 30

Solution· 30

Configuring the DHCP relay agent 31

Overview·· 31

Operation· 31

DHCP relay agent support for Option 82· 32

DHCP relay agent configuration task list 32

Enabling DHCP· 33

Enabling the DHCP relay agent on an interface· 33

Specifying DHCP servers on a relay agent 33

Configuring the DHCP relay agent security functions 34

Enabling the DHCP relay agent to record relay entries 34

Enabling periodic refresh of dynamic relay entries 34

Enabling DHCP starvation attack protection· 35

Configuring the DHCP relay agent to release an IP address 36

Configuring Option 82· 36

Setting the DSCP value for DHCP packets sent by the DHCP relay agent 37

Displaying and maintaining the DHCP relay agent 37

DHCP relay agent configuration examples 38

DHCP relay agent configuration example· 38

Option 82 configuration example· 39

Troubleshooting DHCP relay agent configuration· 39

Symptom·· 39

Analysis 39

Solution· 40

Configuring the DHCP client 41

Enabling the DHCP client on an interface· 41

Configuring a DHCP client ID for an interface· 41

Enabling duplicated address detection· 42

Setting the DSCP value for DHCP packets sent by the DHCP client 42

Displaying and maintaining the DHCP client 43

DHCP client configuration example· 43

Network requirements 43

Configuration procedure· 43

Verifying the configuration· 44

Configuring DHCP snooping· 46

Overview·· 46

Application of trusted and untrusted ports 46

DHCP snooping support for Option 82· 47

DHCP snooping configuration task list 48

Configuring basic DHCP snooping· 48

Configuring Option 82· 49

Configuring DHCP snooping entry auto backup· 50

Enabling DHCP starvation attack protection· 51

Enabling DHCP-REQUEST attack protection· 52

Setting the maximum number of DHCP snooping entries 52

Configuring DHCP packet rate limit 53

Configuring a DHCP packet blocking port 53

Displaying and maintaining DHCP snooping· 54

DHCP snooping configuration examples 54

Basic DHCP snooping configuration example· 54

Option 82 configuration example· 55

Configuring the BOOTP client 57

BOOTP application· 57

Obtaining an IP address dynamically· 57

Protocols and standards 57

Configuring an interface to use BOOTP for IP address acquisition· 58

Displaying and maintaining BOOTP client 58

BOOTP client configuration example· 58

Network requirements 58

Configuration procedure· 58

Verifying the configuration· 58

 


The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices.

Figure 1 shows a typical DHCP application scenario where the DHCP clients and the DHCP server reside on the same subnet. The DHCP clients can also obtain configuration parameters from a DHCP server on another subnet through a DHCP relay agent. For more information about the DHCP relay agent, see "Configuring the DHCP relay agent."

Figure 1 A typical DHCP application

 

DHCP address allocation

Allocation mechanisms

DHCP supports the following allocation mechanisms:

·     Static allocationThe network administrator assigns an IP address to a client, such as a WWW server, and DHCP conveys the assigned address to the client.

·     Automatic allocationDHCP assigns a permanent IP address to a client.

·     Dynamic allocationDHCP assigns an IP address to a client for a limited period of time, which is called a lease. Most DHCP clients obtain their addresses in this way.

IP address allocation process

Figure 2 IP address allocation process

 

1.     The client broadcasts a DHCP-DISCOVER message to locate a DHCP server.

2.     Each DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message. For related information, see "DHCP message format."

3.     If several DHCP servers send offers to the client, the client accepts the first received offer, and broadcasts it in a DHCP-REQUEST message to formally request the IP address. (IP addresses offered by other DHCP servers can be assigned to other clients.)

4.     All DHCP servers receive the DHCP-REQUEST message. However, only the server selected by the client performs the following operations:

¡     Returns a DHCP-ACK message to confirm that the IP address has been allocated to the client.

¡     Returns a DHCP-NAK message to deny the IP address allocation.

After receiving the DHCP-ACK message, the client verifies the following details before using the assigned IP address:

·     The assigned IP address is not in use. To verify this, the client broadcasts a gratuitous ARP packet. The assigned IP address is not in use if no response is received within the specified time.

·     The assigned IP address is not on the same subnet as any IP address in use on the client.

Otherwise, the client sends a DHCP-DECLINE message to the server to request an IP address again.

IP address lease extension

A dynamically assigned IP address has a lease. When the lease expires, the IP address is reclaimed by the DHCP server. To continue using the IP address, the client must extend the lease duration.

When about half of the lease duration elapses, the DHCP client unicasts a DHCP-REQUEST to the DHCP server to extend the lease. Depending on the availability of the IP address, the DHCP server returns one of the following messages:

·     A DHCP-ACK unicast confirming that the client's lease duration has been extended.

·     A DHCP-NAK unicast denying the request.

If the client receives no reply, it broadcasts another DHCP-REQUEST message for lease extension when about seven-eighths of the lease duration elapses. Again, depending on the availability of the IP address, the DHCP server returns either a DHCP-ACK unicast confirming that the client's lease duration has been extended, or a DHCP-NAK unicast denying the request.

DHCP message format

Figure 3 shows the DHCP message format. DHCP uses some of the fields in significantly different ways. The numbers in parentheses indicate the size of each field in bytes.

Figure 3 DHCP message format

 

·     opMessage type defined in options field. 1 = REQUEST, 2 = REPLY

·     htype, hlenHardware address type and length of the DHCP client.

·     hopsNumber of relay agents a request message traveled.

·     xidTransaction ID, a random number chosen by the client to identify an IP address allocation.

·     secsFilled in by the client, the number of seconds elapsed since the client began address acquisition or renewal process. This field is reserved and set to 0.

·     flagsThe leftmost bit is defined as the BROADCAST (B) flag. If this flag is set to 0, the DHCP server sends a reply back by unicast. If this flag is set to 1, the DHCP server sends a reply back by broadcast. The remaining bits of the flags field are reserved for future use.

·     ciaddrClient IP address if the client has an IP address that is valid and usable. Otherwise, set to zero. (The client does not use this field to request a specific IP address to lease.)

·     yiaddrYour IP address. It is an IP address assigned by the DHCP server to the DHCP client.

·     siaddrServer IP address, from which the client obtained configuration parameters.

·     giaddrGateway IP address. It is the IP address of the first relay agent to which a request message travels.

·     chaddrClient hardware address.

·     snameServer host name, from which the client obtained configuration parameters.

·     fileBoot file (also called system software image) name and path information, defined by the server to the client.

·     optionsOptional parameters field that is variable in length, which includes the message type, lease duration, subnet mask, domain name server IP address, and WINS IP address.

DHCP options

DHCP uses the same message format as BOOTP, but DHCP uses the options field to carry information for dynamic address allocation and provide additional configuration information for clients.

Figure 4 DHCP option format

 

Common DHCP options

The following are common DHCP options:

·     Option 3Router option. It specifies the gateway address.

·     Option 6DNS server option. It specifies the DNS server's IP address.

·     Option 33Static route option. It specifies a list of classful static routes (the destination network addresses in these static routes are classful) that a client should add into its routing table. If both Option 33 and Option 121 exist, Option 33 is ignored.

·     Option 51IP address lease option.

·     Option 53DHCP message type option. It identifies the type of the DHCP message.

·     Option 55Parameter request list option. It is used by a DHCP client to request specified configuration parameters. The option includes values that correspond to the parameters requested by the client.

·     Option 60Vendor class identifier option. It is used by a DHCP client to identify its vendor, and by a DHCP server to distinguish DHCP clients by vendor class and assign specific IP addresses to the DHCP clients.

·     Option 66TFTP server name option. It specifies a TFTP server to be assigned to the client.

·     Option 67Boot file name option. It specifies the boot file name to be assigned to the client.

·     Option 121Classless route option. It specifies a list of classless static routes (the destination network addresses in these static routes are classless) that the requesting client should add to its routing table. If both Option 33 and Option 121 exist, Option 33 is ignored.

·     Option 150TFTP server IP address option. It specifies the TFTP server IP address to be assigned to the client.

For more information about DHCP options, see RFC 2132 and RFC 3442.

Custom DHCP options

Some options, such as Option 43, Option 82, and Option 184, have no standard definitions in RFC 2132.

Vendor-specific option (Option 43)

DHCP servers and clients use Option 43 to exchange vendor-specific configuration information.

The DHCP client can obtain the following information through Option 43:

·     ACS parameters, including the ACS URL, username, and password.

·     Service provider identifier, which is acquired by the CPE from the DHCP server and sent to the ACS for selecting vender-specific configurations and parameters.

·     PXE server address, which is used to obtain the boot file or other control information from the PXE server.

1.     Format of Option 43:

Figure 5 Option 43 format

 

Network configuration parameters are carried in different sub-options of Option 43 as shown in Figure 5.

¡     Sub-option typeThe field value can be 0x01 (ACS parameter sub-option), 0x02 (service provider identifier sub-option), or 0x80 (PXE server address sub-option).

¡     Sub-option lengthExcludes the sub-option type and sub-option length fields.

¡     Sub-option value—The value format varies by sub-option.

2.     Sub-option value field formats:

¡     ACS parameter sub-option value field—Includes the ACS URL, username, and password separated by spaces (0x20) as shown in Figure 6.

Figure 6 ACS parameter sub-option value field

 

¡     Service provider identifier sub-option value field—Includes the service provider identifier.

¡     PXE server address sub-option value field—Includes the PXE server type that can only be 0, the server number that indicates the number of PXE servers contained in the sub-option and server IP addresses, as shown in Figure 7.

Figure 7 PXE server address sub-option value field

 

Relay agent option (Option 82)

Option 82 is the relay agent option. It records the location information about the DHCP client. When a DHCP relay agent or DHCP snooping device receives a client's request, it adds Option 82 to the request message and sends it to the server.

The administrator can use Option 82 to locate the DHCP client and further implement security control and accounting. The DHCP server can use Option 82 to provide individual configuration policies for the clients.

Option 82 can include up to 255 sub-options and must have one sub-option at least. Option 82 supports two sub-options: sub-option 1 (Circuit ID) and sub-option 2 (Remote ID). Option 82 has no standard definition. Its padding formats vary by vendor.

·     Circuit ID has the following padding formats:

¡     String padding format—Includes a character string specified by the user.

¡     Normal padding format—Includes the VLAN ID and interface number of the interface that receives the client's request.

¡     Verbose padding format—Includes the access node identifier specified by the user, and the VLAN ID, interface number and interface type of the interface that receives the client's request.

·     Remote ID has the following padding formats:

¡     String padding format—Includes a character string specified by the user.

¡     Normal padding format—Includes the MAC address of the DHCP relay agent interface or the MAC address of the DHCP snooping device that receives the client's request.

¡     Sysname padding formatIncludes the device name of the device. To set the device name for the device, use the sysname command in system view.

Option 184

Option 184 is a reserved option. You can define the parameters in the option as needed. The device supports Option 184 carrying voice related parameters, so a DHCP client with voice functions can get voice parameters from the DHCP server.

Option 184 has the following sub-options:

·     Sub-option 1—Specifies the IP address of the primary network calling processor. The primary processor acts as the network calling control source and provides program download services. For Option 184, you must define sub-option 1 to make other sub-options take effect.

·     Sub-option 2—Specifies the IP address of the backup network calling processor. DHCP clients contact the backup processor when the primary one is unreachable.

·     Sub-option 3—Specifies the voice VLAN ID and the result whether the DHCP client takes this VLAN as the voice VLAN.

·     Sub-option 4—Specifies the failover route that includes the IP address and the number of the target user. A SIP VoIP user uses this IP address and number to directly establish a connection to the target SIP user when both the primary and backup calling processors are unreachable.

Protocols and standards

·     RFC 2131, Dynamic Host Configuration Protocol

·     RFC 2132, DHCP Options and BOOTP Vendor Extensions

·     RFC 1542, Clarifications and Extensions for the Bootstrap Protocol

·     RFC 3046, DHCP Relay Agent Information Option

·     RFC 3442, The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version 4


Overview

The DHCP server is well suited to networks where:

·     Manual configuration and centralized management are difficult to implement.

·     IP addresses are limited. For example, an ISP limits the number of concurrent online users, and users must acquire IP addresses dynamically.

·     Most hosts do not need fixed IP addresses.

An MCE acting as the DHCP server can assign IP addresses not only to clients on public networks, but also to those clients on private networks. The IP address ranges of public and private networks or those of private networks on the DHCP server cannot overlap. For more information about MCE, see MPLS Configuration Guide.

 

 

NOTE:

The term "interface" in this section collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).

 

DHCP address pool

Each DHCP address pool has a group of assignable IP addresses and network configuration parameters. The DHCP server selects IP addresses and other parameters from the address pool and assigns them to the DHCP clients.

Address assignment mechanisms

Configure the following address assignment mechanisms as needed:

·     Static address allocation—Manually bind the MAC address or ID of a client to an IP address in a DHCP address pool. When the client requests an IP address, the DHCP server assigns the IP address in the static binding to the client.

·     Dynamic address allocation—Specify IP address ranges in a DHCP address pool. Upon receiving a DHCP request, the DHCP server dynamically selects an IP address from the matching IP address range in the address pool.

There are two methods to specify IP address ranges in an address pool:

·     Method 1—Specify a primary subnet in an address pool and divide the subnet into multiple address ranges, which include a common IP address range and IP address ranges for DHCP user classes.

Upon receiving a DHCP request, the DHCP server finds a user class matching the client and selects an IP address in the address range of the user class for the client. A user class can include multiple matching rules, and a client matches the user class as long as it matches any of the rules. In address pool view, you can specify different address ranges for different user classes.

The DHCP server selects an IP address for a client by performing the following steps:

a.     DHCP server compares the client against DHCP user classes in the order they are configured.

b.     If the client matches a user class, the DHCP server selects an IP address from the address range of the user class.

c.     If the matching user class has no assignable addresses, the DHCP server compares the client against the next user class. If all the matching user classes have no assignable addresses, the DHCP server selects an IP address from the common address range.

d.     If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command. If the address range has no assignable IP addresses or it is not configured, the address allocation fails.

 

 

NOTE:

All address ranges must belong to the primary subnet. If an address range does not reside in the primary subnet, DHCP cannot assign the addresses in the address range.

 

·     Method 2—Specify a primary subnet and multiple secondary subnets in an address pool.

The DHCP server selects an IP address from the primary subnet first. If there is no assignable IP address in the primary subnet, the DHCP server selects an IP address from secondary subnets in the order they are configured.

Principles for selecting an address pool

The DHCP server observes the following principles to select an address pool for a client:

1.     If there is an address pool where an IP address is statically bound to the MAC address or ID of the client, the DHCP server selects this address pool and assigns the statically bound IP address and other configuration parameters to the client.

2.     If the receiving interface has an address pool applied, the DHCP server selects an IP address and other configuration parameters from this address pool.

3.     If no static address pool is configured and no address pool is applied to the receiving interface, the DHCP server selects an address pool depending on the client location.

¡     Client on the same subnet as the serverThe DHCP server compares the IP address of the receiving interface with the primary subnets of all address pools.

-     If a match is found, the DHCP server selects the address pool with the longest-matching primary subnet.

-     If no match is found, the DHCP server compares the IP address with the secondary subnets of all address pools. It selects the address pool with the longest-matching secondary subnet.

¡     Client on a different subnet than the serverThe DHCP server compares the IP address in the giaddr field of the DHCP request with the primary subnets of all address pools.

-     If a match is found, the DHCP server selects the address pool with the longest-matching primary subnet.

-     If no match is found, the DHCP server compares the IP address with the secondary subnets of all address pools. It selects the address pool with the longest-matching secondary subnet.

For example, two address pools 1.1.1.0/24 and 1.1.1.0/25 are configured but not applied to any DHCP server's interfaces.

·     If the IP address of the receiving interface is 1.1.1.1/25, the DHCP server selects the address pool 1.1.1.0/25. If the address pool has no available IP addresses, the DHCP server will not select the other pool and the address allocation will fail.

·     If the IP address of the receiving interface is 1.1.1.130/25, the DHCP server selects IP addresses for clients from the address pool 1.1.1.0/24.

It is a good practice to make sure the primary subnet can be matched so the DHCP server turns to the secondary subnets only when the matching primary subnet has no assignable IP addresses. If only a secondary subnet is matched, the DHCP server does not select any IP address from other secondary subnets when the matching secondary subnet has no assignable addresses.

 

 

NOTE:

To make sure address allocation functions correctly, keep the IP addresses used for dynamic allocation in the subnet where the interface of the DHCP server or DHCP relay agent resides if possible.

 

IP address allocation sequence

The DHCP server selects an IP address for a client in the following sequence:

1.     IP address statically bound to the client's MAC address or ID.

2.     IP address that was ever assigned to the client.

3.     IP address designated by the Option 50 field in the DHCP-DISCOVER message sent by the client.

Option 50 is the Requested IP Address option. The client uses this option to specify the wanted IP address in a DHCP-DISCOVER message. The content of Option 50 is user defined.

4.     First assignable IP address found in the way discussed in "DHCP address pool."

5.     IP address that was a conflict or passed its lease duration. If no IP address is assignable, the server does not respond.

 

 

NOTE:

If a client moves to another subnet, the DHCP server selects an IP address in the address pool matching the new subnet instead of assigning the IP address that was once assigned to the client.

 

DHCP server configuration task list

Tasks at a glance

(Required.) Configuring an address pool on the DHCP server

(Required.) Enabling DHCP

(Required.) Enabling the DHCP server on an interface

(Optional.) Applying an address pool on an interface

(Optional.) Configuring IP address conflict detection

(Optional.) Enabling handling of Option 82

(Optional.) Configuring DHCP server compatibility

(Optional.) Setting the DSCP value for DHCP packets sent by the DHCP server

 

Configuring an address pool on the DHCP server

Configuration task list

Tasks at a glance

(Required.) Creating a DHCP address pool

Perform at least one of the following tasks:

·     Specifying IP address ranges for a DHCP address pool

·     Specifying gateways for DHCP clients

·     Specifying a domain name suffix for DHCP clients

·     Specifying DNS servers for DHCP clients

·     Specifying WINS servers and NetBIOS node type for DHCP clients

·     Specifying BIMS server for DHCP clients

·     Specifying the configuration file for DHCP client auto-configuration

·     Specifying a server for DHCP clients

·     Configuring Option 184 parameters for DHCP clients

·     Customizing DHCP options

 

Creating a DHCP address pool

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Create a DHCP address pool and enter its view.

dhcp server ip-pool pool-name

By default, no DHCP address pool is created.

 

Specifying IP address ranges for a DHCP address pool

You can configure both static and dynamic address allocation mechanisms in a DHCP address pool. For dynamic address allocation, you can specify either a primary subnet with multiple address ranges or a primary subnet with multiple secondary subnets for a DHCP address pool. You cannot configure both.

Specifying a primary subnet and multiple address ranges for a DHCP address pool

Some scenarios need to classify DHCP clients in the same subnet into different address groups. To meet this need, you can configure DHCP user classes and specify different address ranges for the classes. The clients matching a user class can then get the IP addresses of a specific address range. In addition, you can specify a common address range for the clients that do not match any user class. If no common address range is specified, such clients fail to obtain IP addresses.

If there is no need to classify clients, you do not need to configure DHCP user classes or their address ranges.

Follow these guidelines when you specify a primary subnet and multiple address ranges for a DHCP address pool:

·     If you use the network or address range command multiple times for the same address pool, the most recent configuration takes effect.

·     IP addresses specified by the forbidden-ip command are not assignable in the current address pool, but are assignable in other address pools. IP addresses specified by the dhcp server forbidden-ip command are not assignable in any address pool.

To specify a primary subnet and multiple address ranges for a DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Create a DHCP user class and enter DHCP user class view.

dhcp class class-name

Required for client classification.

By default, no DHCP user class exists.

3.     Configure the match rule for the DHCP user class.

if-match rule rule-number option option-code [ hex hex-string [ offset offset length length | mask mask ] ]

Required for client classification.

By default, no match rule is specified for a DHCP user class.

4.     Return to system view.

quit

N/A

5.     Enter address pool view.

dhcp server ip-pool pool-name

N/A

6.     Specify the primary subnet for the address pool.

network network-address [ mask-length | mask mask ]

By default, no primary subnet is specified.

7.     (Optional.) Specify the common address range.

address range start-ip-address end-ip-address

By default, no IP address range is specified.

8.     (Optional.) Specify an IP address range for a DHCP user class.

class class-name range start-ip-address end-ip-address

By default, no IP address range is specified for a user class.

The DHCP user class must already exist.

To specify address ranges for multiple DHCP user classes, repeat this step.

9.     (Optional.) Specify the address lease duration.

expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited }

The default setting is 1 day.

10.     (Optional.) Exclude the specified IP addresses in the address pool from dynamic allocation.

forbidden-ip ip-address&<1-8>

By default, all the IP addresses in the DHCP address pool are assignable.

To exclude multiple address ranges from dynamic allocation, repeat this step.

11.     Return to system view.

quit

N/A

12.     (Optional.) Exclude the specified IP addresses from automatic allocation globally.

dhcp server forbidden-ip start-ip-address [ end-ip-address ]

By default, except for the IP address of the DHCP server interface, all IP addresses in address pools are assignable.

To exclude multiple IP address ranges, repeat this step.

 

Specifying a primary subnet and multiple secondary subnets for a DHCP address pool

An address pool with a primary subnet and multiple secondary subnets allows the DHCP server to assign an IP address in a secondary subnet to a requesting client when no assignable IP address on the primary subnet is available.

Follow these guidelines when you specify a primary subnet and secondary subnets for a DHCP address pool:

·     You can specify only one primary subnet in each address pool. If you use the network command multiple times, the most recent configuration takes effect.

·     You can specify a maximum of 32 secondary subnets in each address pool.

·     IP addresses specified by the forbidden-ip command are not assignable in the current address pool, but are assignable in other address pools. IP addresses specified by the dhcp server forbidden-ip command are not assignable in any address pool.

To specify a primary subnet and secondary subnets for a DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter address pool view.

dhcp server ip-pool pool-name

N/A

3.     Specify the primary subnet.

network network-address [ mask-length | mask mask ]

By default, no primary subnet is specified.

4.     (Optional.) Specify a secondary subnet.

network network-address [ mask-length | mask mask ] secondary

By default, no secondary subnet is specified.

5.     (Optional.) Return to address pool view.

quit

N/A

6.     (Optional.) Specify the address lease duration.

expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited }

The default setting is 1 day.

7.     (Optional.) Exclude the specified IP addresses from dynamic allocation.

forbidden-ip ip-address&<1-8>

By default, all the IP addresses in the DHCP address pool can be dynamically allocated.

To exclude multiple address ranges from the address pool, repeat this step.

8.     Return to system view.

quit

N/A

9.     (Optional.) Exclude the specified IP addresses from dynamic allocation globally.

dhcp server forbidden-ip start-ip-address [ end-ip-address ]

Except for the IP address of the DHCP server interface, IP addresses in all address pools are assignable by default.

To exclude multiple address ranges globally, repeat this step.

 

Configuring a static binding in a DHCP address pool

Some DHCP clients, such as a WWW server, need fixed IP addresses. To provide a fixed IP address for such a client, you can statically bind the MAC address or ID of the client to an IP address in a DHCP address pool. When the client requests an IP address, the DHCP server assigns the IP address in the static binding to the client.

Follow these guidelines when you configure a static binding:

·     One IP address can be bound to only one client MAC or client ID. You cannot modify bindings that have been created. To change the binding for a DHCP client, you must delete the existing binding first.

·     The IP address of a static binding cannot be the address of the DHCP server interface. Otherwise, an IP address conflict occurs and the bound client cannot obtain an IP address correctly.

·     To configure static bindings for DHCP clients that reside on the same device and use the same MAC address, you must specify the client ID rather than the MAC address to identify a requesting interface. Otherwise, IP address allocation will fail.

To configure a static binding:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter address pool view.

dhcp server ip-pool pool-name

N/A

3.     Configure a static binding.

static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier | hardware-address hardware-address [ ethernet | token-ring ] }

By default, no static binding is configured.

To add more static bindings, repeat this step.

4.     (Optional.) Specify the lease duration for the IP address.

expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited }

The default setting is 1 day.

 

Specifying gateways for DHCP clients

DHCP clients send packets destined for other networks to a gateway. The DHCP server can assign the gateway address to the DHCP clients.

You can specify gateway addresses in each address pool on the DHCP server. A maximum of eight gateways can be specified in DHCP address pool view or secondary subnet view.

If you specify gateways in both address pool view and secondary subnet view, DHCP assigns the gateway addresses in the secondary subnet view to the clients on the secondary subnet. If you specify gateways in address pool view but not in secondary subnet view, DHCP assigns the gateway addresses in address pool view to the clients on the secondary subnet.

To configure gateways in the DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter DHCP address pool view.

dhcp server ip-pool pool-name

N/A

3.     Specify gateways.

gateway-list ip-address&<1-8>

By default, no gateway is specified.

4.     (Optional.) Enter secondary subnet view

network network-address [ mask-length | mask mask ] secondary

N/A

5.     (Optional.) Specify gateways.

gateway-list ip-address&<1-8>

By default, no gateway is specified.

 

Specifying a domain name suffix for DHCP clients

You can specify a domain name suffix in a DHCP address pool on the DHCP server. With this suffix assigned, the client only needs to input part of a domain name, and the system adds the domain name suffix for name resolution. For more information about DNS, see "Configuring DNS."

To configure a domain name suffix in the DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter DHCP address pool view.

dhcp server ip-pool pool-name

N/A

3.     Specify a domain name suffix.

domain-name domain-name

By default, no domain name is specified.

 

Specifying DNS servers for DHCP clients

To access hosts on the Internet through domain names, a DHCP client must contact a DNS server to resolve names. You can specify up to eight DNS servers in a DHCP address pool.

To specify DNS servers in a DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter DHCP address pool view.

dhcp server ip-pool pool-name

N/A

3.     Specify DNS servers.

dns-list ip-address&<1-8>

By default, no DNS server is specified.

 

Specifying WINS servers and NetBIOS node type for DHCP clients

A Microsoft DHCP client using NetBIOS protocol must contact a WINS server for name resolution. You can specify up to eight WINS servers for such clients in a DHCP address pool.

In addition, you must specify a NetBIOS node type for the clients to approach name resolution. There are four NetBIOS node types:

·     b (broadcast)-node—A b-node client sends the destination name in a broadcast message. The destination returns its IP address to the client after receiving the message.

·     p (peer-to-peer)-node—A p-node client sends the destination name in a unicast message to the WINS server and the WINS server returns the destination IP address.

·     m (mixed)-node—An m-node client broadcasts the destination name. If it receives no response, it unicasts the destination name to the WINS server to get the destination IP address.

·     h (hybrid)-node—An h-node client unicasts the destination name to the WINS server. If it receives no response, it broadcasts the destination name to get the destination IP address.

To configure WINS servers and NetBIOS node type in a DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter DHCP address pool view.

dhcp server ip-pool pool-name

N/A

3.     Specify WINS servers.

nbns-list ip-address&<1-8>

This step is optional for b-node.

By default, no WINS server is specified.

4.     Specify the NetBIOS node type.

netbios-type { b-node | h-node | m-node | p-node }

By default, no NetBIOS node type is specified.

 

Specifying BIMS server for DHCP clients

Perform this task to provide the BIMS server IP address, port number, and shared key for the clients. The DHCP clients contact the BIMS server to get configuration files and perform software upgrade and backup.

To configure the BIMS server IP address, port number, and shared key in the DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter DHCP address pool view.

dhcp server ip-pool pool-name

N/A

3.     Specify the BIMS server IP address, port number, and shared key.

bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } key

By default, no BIMS server information is specified.

 

Specifying the configuration file for DHCP client auto-configuration

Auto-configuration enables a device to obtain a set of configuration settings automatically from servers when the device starts up without a configuration file. It requires the cooperation of the DHCP server, HTTP server, DNS server, and TFTP server. For more information about auto-configuration, see Fundamentals Configuration Guide.

Follow these guidelines to specify the parameters on the DHCP server for configuration file acquisition:

·     If the configuration file is on a TFTP server, specify the IP address or name of the TFTP server, and the configuration file name.

·     If the configuration file is on an HTTP server, specify the configuration file URL.

The DHCP client uses the obtained parameters to contact the TFTP server or the HTTP server to get the configuration file.

To specify the configuration file name in a DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter DHCP address pool view.

dhcp server ip-pool pool-name

N/A

3.     Specify the IP address or the name of a TFTP server.

·     Specify the IP address of the TFTP server:
tftp-server ip-address
ip-address

·     Specify the name of the TFTP server:
tftp-server domain-name
domain-name

Use at least one of the commands

By default, no TFTP server is specified.

4.     Specify the configuration file name.

bootfile-name bootfile-name

By default, no configuration file name is specified.

 

To specify the configuration file URL in a DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter DHCP address pool view.

dhcp server ip-pool pool-name

N/A

3.     Specify the URL of the configuration file.

bootfile-name url

By default, no configuration file URL is specified.

 

Specifying a server for DHCP clients

Some DHCP clients need to obtain configuration information from a server, such as a TFTP server. You can specify the IP address of that server. The DHCP server sends the server's IP address to DHCP clients along with other configuration information.

To specify the IP address of a server:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter DHCP address pool view.

dhcp server ip-pool pool-name

N/A

3.     Specify the IP address of a server.

next-server ip-address

By default, no server is specified.

 

Configuring Option 184 parameters for DHCP clients

To assign calling parameters to DHCP clients with voice service, you must configure Option 184 on the DHCP server. For more information about Option 184, see "Option 184."

To configure option 184 parameters in a DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter DHCP address pool view.

dhcp server ip-pool pool-name

N/A

3.     Specify the IP address of the primary network calling processor.

voice-config ncp-ip ip-address

By default, no primary network calling processor is specified.

After you configure this command, the other Option 184 parameters take effect.

4.     (Optional.) Specify the IP address for the backup server.

voice-config as-ip ip-address

By default, no backup network calling processor is specified.

5.     (Optional.) Configure the voice VLAN.

voice-config voice-vlan vlan-id { disable | enable }

By default, no voice VLAN is configured.

6.     (Optional.) Specify the failover IP address and dialer string.

voice-config fail-over ip-address dialer-string

By default, no failover IP address or dialer string is specified.

 

Customizing DHCP options

IMPORTANT:

Use caution when customizing DHCP options because the configuration might affect DHCP operation.

 

You can customize options for the following purposes:

·     Add newly released options.

·     Add options for which the vendor defines the contents, for example, Option 43.

·     Add options for which the CLI does not provide a dedicated configuration command. For example, you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients.

·     Add all option values if the actual requirement exceeds the limit for a dedicated option configuration command. For example, the dns-list command can specify up to eight DNS servers. To specify more than eight DNS servers, you must use the option 6 command to define all DNS servers.

To customize a DHCP option in a DHCP address pool:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter DHCP address pool view.

dhcp server ip-pool pool-name

N/A

3.     Customize a DHCP option.

option code { ascii ascii-string | hex hex-string | ip-address ip-address&<1-8> }

By default, no DHCP option is customized.

 

Table 1 Common DHCP options

Option

Option name

Corresponding command

Recommended option command parameters

3

Router Option

gateway-list

ip-address

6

Domain Name Server Option

dns-list

ip-address

15

Domain Name

domain-name

ascii

44

NetBIOS over TCP/IP Name Server Option

nbns-list

ip-address

46

NetBIOS over TCP/IP Node Type Option

netbios-type

hex

66

TFTP server name

tftp-server

ascii

67

Boot file name

bootfile-name

ascii

43

Vendor Specific Information

N/A

hex

 

Enabling DHCP

You must enable DHCP to validate other DHCP configurations.

To enable DHCP:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable DHCP.

dhcp enable

By default, DHCP is disabled.

 

Enabling the DHCP server on an interface

Perform this task to enable the DHCP server on an interface. Upon receiving a DHCP request on the interface, the DHCP server assigns an IP address and other configuration parameters from the DHCP address pool to the DHCP client.

To enable the DHCP server on an interface:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Enable the DHCP server on the interface.

dhcp select server

By default, the DHCP server on the interface is enabled.

 

Applying an address pool on an interface

Perform this task to apply a DHCP address pool on an interface. Upon receiving a DHCP request from the interface, the DHCP server assigns the statically bound IP address and configuration parameters from the address pool that contains the static binding. If no static binding is found for the requesting client, the DHCP server selects the applied address pool for address and configuration parameter allocation.

To apply an address pool on an interface:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Apply an address pool on the interface.

dhcp server apply ip-pool pool-name

By default, no address pool is applied on an interface.

If the applied address pool does not exist, the DHCP server fails to perform dynamic address allocation.

 

Configuring IP address conflict detection

Before assigning an IP address, the DHCP server pings that IP address.

·     If the server receives a response within the specified period, it selects and pings another IP address.

·     If it receives no response, the server continues to ping the IP address until a specific number of ping packets are sent. If still no response is received, the server assigns the IP address to the requesting client. The DHCP client uses gratuitous ARP to perform IP address conflict detection.

To configure IP address conflict detection:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     (Optional.) Specify the maximum number of ping packets to be sent for conflict detection.

dhcp server ping packets number

The default setting is one.

The value 0 disables IP address conflict detection.

3.     (Optional.) Configure the ping timeout time.

dhcp server ping timeout milliseconds

The default setting is 500 ms.

The value 0 disables IP address conflict detection.

 

Enabling handling of Option 82

Perform this task to enable the DHCP server to handle Option 82. Upon receiving a DHCP request that contains Option 82, the DHCP server adds Option 82 into the DHCP response.

If you disable the DHCP to handle Option 82, it does not add Option 82 into the response message.

You must enable handling of Option 82 on both the DHCP server and the DHCP relay agent to ensure correct processing for Option 82. For information about enabling handling of Option 82 on the DHCP relay agent, see "Configuring Option 82."

To enable the DHCP server to handle Option 82:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable the server to handle Option 82.

dhcp server relay information enable

By default, handling of Option 82 is enabled.

 

Configuring DHCP server compatibility

Perform this task to enable the DHCP server to support DHCP clients that are incompliant with RFC.

Configuring the DHCP server to broadcast all responses

Typically, the DHCP server broadcasts a response only when the broadcast flag in the DHCP request is set to 1. To work with DHCP clients that set the broadcast flag to 0 but do not accept unicast responses, configure the DHCP server to ignore the broadcast flag and always broadcast a response.

If a DHCP request is from a DHCP client that has an IP address (the ciaddr field is not 0), the DHCP server always unicasts a response (the destination address is ciaddr) to the DHCP client regardless of whether this command is executed.

If a DHCP request is from a DHCP relay agent (the giaddr field is not 0), the DHCP server always unicasts a response (the destination address is giaddr) to the DHCP relay agent regardless of whether it is enabled to broadcast all responses.

To configure the DHCP server to broadcast all responses:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable the DHCP server to broadcast all responses.

dhcp server always-broadcast

By default, the DHCP server looks at the broadcast flag to decide whether to broadcast or unicast a response.

 

Configure the DHCP server to ignore BOOTP requests

The lease duration of the IP addresses obtained by the BOOTP clients is unlimited. For some scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests.

To configure the DHCP server to ignore BOOTP requests:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Configure the DHCP server to ignore BOOTP requests.

dhcp server bootp ignore

By default, the DHCP server processes BOOTP requests.

 

Configuring the DHCP server to send BOOTP responses in RFC 1048 format

Not all BOOTP clients can send requests that are compatible with RFC 1048. By default, the DHCP server does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into responses.

This function enables the DHCP server to fill in the Vend field using the RFC 1048-compliant format in DHCP responses to RFC 1048-incompliant requests sent by BOOTP clients that request statically bound addresses.

To configure the DHCP server to send BOOTP responses in RFC 1048 format:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable the DHCP server to send BOOTP responses in RFC 1048 format to the RFC 1048-incompliant BOOTP requests for statically bound addresses.

dhcp server bootp reply-rfc-1048

By default, the DHCP server directly copies the Vend field of such requests into the responses.

 

Setting the DSCP value for DHCP packets sent by the DHCP server

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.

To set the DSCP value for DHCP packets sent by the DHCP server:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

1.     Set the DSCP value for DHCP packets sent by the DHCP server.

dhcp dscp dscp-value

By default, the DSCP value in DHCP packets sent by the DHCP server is 56.

 

Displaying and maintaining the DHCP server

IMPORTANT

IMPORTANT:

A restart of the DHCP server or execution of the reset dhcp server ip-in-use command deletes all lease information. The DHCP server denies any DHCP request for lease extension, and the client must request an IP address again.

 

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display information about IP address conflicts.

display dhcp server conflict [ ip ip-address ]

Display information about lease-expired IP addresses.

display dhcp server expired [ ip ip-address | pool pool-name ]

Display information about assignable IP addresses.

display dhcp server free-ip [ pool pool-name ]

Display information about assigned IP addresses.

display dhcp server ip-in-use [ ip ip-address | pool pool-name ]

Display DHCP server statistics.

display dhcp server statistics [ pool pool-name ]

Display information about DHCP address pools.

display dhcp server pool [ pool-name ]

Clear information about IP address conflicts.

reset dhcp server conflict [ ip ip-address ]

Clear information about lease-expired IP addresses.

reset dhcp server expired [ ip ip-address | pool pool-name ]

Clear information about assigned IP addresses.

reset dhcp server ip-in-use [ ip ip-address | pool pool-name ]

Clear DHCP server statistics.

reset dhcp server statistics

 

DHCP server configuration examples

DHCP networking includes the following types:

·     The DHCP server and clients reside on the same subnet and exchange messages directly.

·     The DHCP server and clients are not on the same subnet and they communicate with each other through a DHCP relay agent.

The DHCP server configuration for the two types is identical.

Static IP address assignment configuration example

Network requirements

As shown in Figure 8, Switch B (DHCP client) and Switch C (BOOTP client) obtain the static IP address, DNS server address, and gateway address from Switch A (DHCP server).

The client ID of VLAN-interface 2 on Switch B is:

0030-3030-662e-6532-3030-2e30-3030-322d-4574-6865-726e-6574.

The MAC address of VLAN-interface 2 on Switch C is 000f-e200-01c0.

Figure 8 Network diagram

 

Configuration procedure

1.     Specify an IP address for VLAN-interface 2 on Switch A:

<SwitchA> system-view

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 10.1.1.1 25

[SwitchA-Vlan-interface2] quit

2.     Configure the DHCP server:

# Enable DHCP.

[SwitchA] dhcp enable

# Enable the DHCP server on VLAN-interface 2.

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] dhcp select server

[SwitchA-Vlan-interface2] quit

# Create DHCP address pool 0.

[SwitchA] dhcp server ip-pool 0

# Configure a static binding for DHCP client switch B.

[SwitchA-dhcp-pool-0] static-bind ip-address 10.1.1.5 25 client-identifier 0030-3030-662e-6532-3030-2e30-3030-322d-4574-6865-726e-6574

# Configure a static binding for Switch C.

[SwitchA-dhcp-pool-0] static-bind ip-address 10.1.1.6 25 hardware-address 000f-e200-01c0

# Specify the DNS server and gateway.

[SwitchA-dhcp-pool-0] dns-list 10.1.1.2

[SwitchA-dhcp-pool-0] gateway-list 10.1.1.126

[SwitchA-dhcp-pool-0] quit

[SwitchA]

Verifying the configuration

# Verify that Switch B can obtain IP address 10.1.1.5 and all other network parameters from Switch A. (Details not shown.)

# Verify that Switch C can obtain IP address 10.1.1.6 and all other network parameters from Switch A. (Details not shown.)

# On the DHCP server, display the IP addresses assigned to the clients.

[SwitchA] display dhcp server ip-in-use

                 Hardware address

10.1.1.5         0030-3030-662e-6532-  Jan 21 14:27:27 2014  Static(C)

                 3030-2e30-3030-322d-

                 4574-6865-726e-6574

10.1.1.6         000f-e200-01c0        Unlimited             Static(C)

Dynamic IP address assignment configuration example

Network requirements

As shown in Figure 9, the DHCP server (Switch A) assigns IP addresses to clients on subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25.

Configure address range 10.1.1.0/25 and configuration parameters in DHCP address pool 1 so the DHCP server assigns IP addresses in subnet 10.1.1.0/25 with the lease duration of 10 days and 12 hours and configuration parameters to clients that connect to VLAN-interface 10 of the server.

Configure address range 10.1.1.128/25 and configuration parameters in DHCP address pool 2 so the DHCP server assigns IP addresses in subnet 10.1.1.128/25 with the lease duration of five days and configuration parameters to clients that connect to VLAN-interface 20 of the server.

Figure 9 Network diagram

 

Configuration procedure

1.     Specify IP addresses for the VLAN interfaces. (Details not shown.)

2.     Configure the DHCP server:

# Enable DHCP.

<SwitchA> system-view

[SwitchA] dhcp enable

# Enable the DHCP server on VLAN-interface 10 and VLAN-interface 20.

[SwitchA] interface vlan-interface 10

[SwitchA-Vlan-interface10] dhcp select server

[SwitchA-Vlan-interface10] quit

[SwitchA] interface vlan-interface 20

[SwitchA-Vlan-interface20] dhcp select server

[SwitchA-Vlan-interface20] quit

# Exclude IP addresses (addresses of the DNS server, WINS server and gateways).

[SwitchA] dhcp server forbidden-ip 10.1.1.2

[SwitchA] dhcp server forbidden-ip 10.1.1.4

[SwitchA] dhcp server forbidden-ip 10.1.1.126

[SwitchA] dhcp server forbidden-ip 10.1.1.254

# Configure DHCP address pool 1 to assign IP addresses and other configuration parameters to clients in subnet 10.1.1.0/25.

[SwitchA] dhcp server ip-pool 1

[SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128

[SwitchA-dhcp-pool-1] expired day 10 hour 12

[SwitchA-dhcp-pool-1] domain-name aabbcc.com

[SwitchA-dhcp-pool-1] dns-list 10.1.1.2

[SwitchA-dhcp-pool-1] gateway-list 10.1.1.126

[SwitchA-dhcp-pool-1] nbns-list 10.1.1.4

[SwitchA-dhcp-pool-1] quit

# Configure DHCP address pool 2 to assign IP addresses and other configuration parameters to clients in subnet 10.1.1.128/25.

[SwitchA] dhcp server ip-pool 2

[SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128

[SwitchA-dhcp-pool-2] expired day 5

[SwitchA-dhcp-pool-2] domain-name aabbcc.com

[SwitchA-dhcp-pool-2] dns-list 10.1.1.2

[SwitchA-dhcp-pool-2] gateway-list 10.1.1.254

Verifying the configuration

# Verify that clients on subnets 10.1.1.0/25 and 10.1.1.128/25 can obtain correct IP addresses and all other network parameters from Switch A. (Details not shown.)

# On the DHCP server, display the IP addresses assigned to the clients.

[SwitchA] display dhcp server ip-in-use

DHCP user class configuration example

Network requirement

As shown in Figure 10, the DHCP relay agent (Switch A) forwards the packets from DHCP clients to the DHCP server. Enable switch A to support Option 82 so that switch A can add Option 82 in the DHCP requests sent by the DHCP clients.

The DHCP server (Switch B) assigns IP addresses and other configuration parameters to the DHCP clients. If the DHCP requests the DHCP server receives contain Option 82, the server assigns IP addresses in the range of 10.10.1.2 to 10.10.1.10 to the clients.

For clients in subnet 10.10.1.0/24, the DNS server address is 10.10.1.20/24 and the gateway address is 10.10.1.254/24.

Figure 10 Network diagram

 

Configuration procedure

1.     Specify IP addresses for interfaces on DHCP server and DHCP relay agent. (Details not shown.)

2.     Configure DHCP services:

# Enable DHCP and configure the DHCP server to handle Option 82.

<SwitchB> system-view

[SwitchB] dhcp enable

[SwitchB] dhcp server relay information enable

# Enable DHCP server on VLAN-interface10.

[SwitchB] interface vlan-interface 10

[SwitchB-Vlan-interface10] dhcp select server

[SwitchB-Vlan-interface10] quit

# Create DHCP user class tt and configure a match rule to match client requests with Option 82.

[SwitchB] dhcp class tt

[SwitchB-dhcp-class-tt] if-match option 82

[SwitchB-dhcp-class-tt] quit

# Create DHCP address pool aa.

[SwitchB] dhcp server ip-pool aa

# Specify the subnet for dynamic allocation.

[SwitchB-dhcp-pool-aa] network 10.10.1.0 mask 255.255.255.0

# Specify the address range for dynamic allocation.

[SwitchB-dhcp-pool-aa] address range 10.10.1.2 10.10.1.100

# Specify the address range for user class tt.

[SwitchB-dhcp-pool-aa] class tt range 10.10.1.2 10.10.1.10

# Specify the gateway and DNS server address.

[SwitchB-dhcp-pool-aa] gateway-list 10.10.1.254

[SwitchB-dhcp-pool-aa] dns-list 10.10.1.20

Verifying the configuration

# Verify that clients matching the user class can obtain IP addresses in the specified range and all other configuration parameters from the DHCP server. (Details not shown.)

# Display the IP address assigned by the DHCP server.

[SwitchB] display dhcp server ip-in-use

Primary and secondary subnets configuration example

Network requirements

As shown in Figure 11 , the DHCP server (Switch A) dynamically assigns IP addresses to clients in the LAN.

Configure two subnets in the address pool on the DHCP server: 10.1.1.0/24 as the primary subnet and 10.1.2.0/24 as the secondary subnet. The DHCP server selects IP addresses in the secondary subnet when the primary subnet has no assignable addresses.

Switch A assigns the following parameters:

·     The default gateway 10.1.1.254/24 to clients on subnet 10.1.1.0/24.

·     The default gateway 10.1.2.254/24 to clients on subnet 10.1.2.0/24.

Figure 11 Network diagram

 

Configuration procedure

# Enable DHCP

<SwitchA> system-view

[SwitchA] dhcp enable

# Configure the primary and secondary IP addresses of VLAN-interface 10.

[SwitchA] interface vlan-interface 10

[SwitchA-Vlan-interface10] ip address 10.1.1.1 24

[SwitchA-Vlan-interface10] ip address 10.1.2.1 24 sub

# Enable the DHCP server on VLAN-interface 10.

[SwitchA-Vlan-interface10] dhcp select server

[SwitchA-Vlan-interface10] quit

# Create DHCP address pool aa, specify the address range of the primary and secondary subnets, specify the gateway address.

[SwitchA] dhcp server ip-pool aa

[SwitchA-dhcp-pool-aa] network 10.1.1.0 mask 255.255.255.0

[SwitchA-dhcp-pool-aa] gateway-list 10.1.1.254

[SwitchA-dhcp-pool-aa] network 10.1.2.0 mask 255.255.255.0 secondary

[SwitchA-dhcp-pool-aa-secondary] gateway-list 10.1.2.254

[SwitchA-dhcp-pool-aa-secondary] quit

[SwitchA-dhcp-pool-aa]

Verifying the configuration

# Verify that the DHCP server assigns clients IP addresses and gateway address from the secondary subnet when no address is available from the primary subnet. (Details not shown.)

# Display the primary and secondary subnet IP addresses the DHCP server has assigned.

[SwitchA] display dhcp server ip-in-use

DHCP option customization configuration example

Network requirements

As shown in Figure 12, the DHCP client (Switch B) obtains an IP address and PXE server addresses from the DHCP server (Switch A). The IP address belongs to subnet 10.1.1.0/24. The PXE server addresses are 1.2.3.4 and 2.2.2.2.

The DHCP server assigns PXE server addresses to DHCP clients through Option 43, a customized option. The format of Option 43 and that of the PXE server address sub-option are shown in Figure 5 and Figure 7. The value of Option 43 configured on the DHCP server in this example is 80 0B 00 00 02 01 02 03 04 02 02 02 02.

·     The number 80 is the value of the sub-option type.

·     The number 0B is the value of the sub-option length.

·     The numbers 00 00 are the value of the PXE server type.

·     The number 02 indicates the number of servers.

·     The numbers 01 02 03 04 02 02 02 02 indicate that the PXE server addresses are 1.2.3.4 and 2.2.2.2.

Figure 12 Network diagram

 

Configuration procedure

1.     Specify IP addresses for the interfaces. (Details not shown.)

2.     Configure the DHCP server:

# Enable DHCP.

<SwitchA> system-view

[SwitchA] dhcp enable

# Enable the DHCP server on VLAN-interface 2.

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] dhcp select server

[SwitchA-Vlan-interface2] quit

# Configure DHCP address pool 0.

[SwitchA] dhcp server ip-pool 0

[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0

[SwitchA-dhcp-pool-0] option 43 hex 800B0000020102030402020202

Verifying the configuration

# Verify that Switch B can obtain an IP address on 10.1.1.0/24 and the PXE server addresses from the Switch A. (Details not shown.)

# On the DHCP server, display the IP addresses assigned to the clients.

[SwitchA] display dhcp server ip-in-use

Troubleshooting DHCP server configuration

Symptom

A client's IP address obtained from the DHCP server conflicts with another IP address.

Analysis

Another host on the subnet might have the same IP address.

Solution

1.     Disable the client's network adapter or disconnect the client's network cable. Ping the IP address of the client from another host to check whether there is a host using the same IP address.

2.     If a ping response is received, the IP address has been manually configured on a host. Execute the dhcp server forbidden-ip command on the DHCP server to exclude the IP address from dynamic allocation.

3.     Enable the network adapter or connect the network cable, release the IP address, and obtain another one on the client. For example, to release the IP address and obtain another one on a Windows XP DHCP client:

a.     In Windows environment, execute the cmd command to enter the DOS environment.

b.     Enter ipconfig /release to relinquish the IP address.

c.     Enter ipconfig /renew to obtain another IP address.


Overview

The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet to centralize management and reduce investment. Figure 13 shows a typical application of the DHCP relay agent.

Figure 13 DHCP relay agent application

 

An MCE device acting as the DHCP relay agent can forward DHCP packets between a DHCP server and clients on either a public network or a private network. For more information about MCE, see MPLS Configuration Guide.

 

 

NOTE:

The term "interface" in this section collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).

 

Operation

The DHCP server and client interact with each other in the same way regardless of whether the relay agent exists. For the interaction details, see "IP address allocation process." The following only describes steps related to the DHCP relay agent:

1.     After receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client, the DHCP relay agent fills the giaddr field of the message with its IP address and unicasts the message to the designated DHCP server.

2.     Based on the giaddr field, the DHCP server returns an IP address and other configuration parameters in a response.

3.     The relay agent conveys the response to the client.

Figure 14 DHCP relay agent operation

 

DHCP relay agent support for Option 82

Option 82 records the location information about the DHCP client. It enables the administrator to perform the following tasks:

·     Locate the DHCP client for security and accounting purposes.

·     Assign IP addresses in a specific range to clients.

For more information, see "Relay agent option (Option 82)."

If the DHCP relay agent supports Option 82, it handles DHCP requests by following the strategies described in Table 2.

If a response returned by the DHCP server contains Option 82, the DHCP relay agent removes the Option 82 before forwarding the response to the client.

Table 2 Handling strategies of the DHCP relay agent

If a DHCP request has…

Handling strategy

The DHCP relay agent…

Option 82

Drop

Drops the message.

Keep

Forwards the message without changing Option 82.

Replace

Forwards the message after replacing the original Option 82 with the Option 82 padded according to the configured padding format, padding content, and code type.

No Option 82

N/A

Forwards the message after adding Option 82 padded according to the configured padding format, padding content, and code type.

 

DHCP relay agent configuration task list

Tasks at a glance

(Required.) Enabling DHCP

(Required.)Enabling the DHCP relay agent on an interface

(Required.) Specifying DHCP servers on a relay agent

(Optional.) Configuring the DHCP relay agent security functions

(Optional.) Configuring the DHCP relay agent to release an IP address

(Optional.) Configuring Option 82

(Optional.) Setting the DSCP value for DHCP packets sent by the DHCP relay agent

 

Enabling DHCP

You must enable DHCP to validate other DHCP relay agent settings.

To enable DHCP:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable DHCP.

dhcp enable

By default, DHCP is disabled.

 

Enabling the DHCP relay agent on an interface

With the DHCP relay agent enabled, an interface forwards incoming DHCP requests to a DHCP server.

An IP address pool that contains the IP address of the DHCP relay agent interface must be configured on the DHCP server. Otherwise, the DHCP clients connected to the relay agent cannot obtain correct IP addresses.

To enable the DHCP relay agent on an interface:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Enable the DHCP relay agent.

dhcp select relay

By default, when DHCP is enabled, an interface operates in the DHCP server mode.

 

Specifying DHCP servers on a relay agent

To improve availability, you can specify several DHCP servers on the DHCP relay agent. When the interface receives request messages from clients, the relay agent forwards them to all DHCP servers.

Follow these guidelines when you specify a DHCP server address on a relay agent:

·     The IP address of any specified DHCP server must not reside on the same subnet as the IP address of the relay agent interface. Otherwise, the clients might fail to obtain IP addresses.

·     You can specify a maximum of eight DHCP servers.

To specify a DHCP server address on a relay agent:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Specify a DHCP server address on the relay agent.

dhcp relay server-address ip-address

By default, no DHCP server address is specified on the relay agent.

 

Configuring the DHCP relay agent security functions

Enabling the DHCP relay agent to record relay entries

Perform this task to enable the DHCP relay agent to automatically record clients' IP-to-MAC bindings (relay entries) after they obtain IP addresses through DHCP.

Some security functions, such as ARP address check, authorized ARP, and IP source guard, use the recorded relay entries to check incoming packets and block packets that do not match any entry. In this way, illegal hosts are not able to access external networks through the relay agent.

To enable the DHCP relay agent to record relay entries:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable the relay agent to record relay entries.

dhcp relay client-information record

By default, the relay agent does not record relay entries.

 

Enabling periodic refresh of dynamic relay entries

A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client.

With this feature, the DHCP relay agent uses the following information to periodically send a DHCP-REQUEST message to the DHCP server:

·     The IP address of a relay entry.

·     The MAC address of the DHCP relay interface.

The relay agent maintains the relay entries depending on what it receives from the DHCP server:

·     If the server returns a DHCP-ACK message or does not return any message within a specific interval, the DHCP relay agent removes the relay entry. In addition, upon receiving the DHCP-ACK message, the relay agent sends a DHCP-RELEASE message to release the IP address.

·     If the server returns a DHCP-NAK message, the relay agent keeps the relay entry.

To enable periodic refresh of dynamic relay entries:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable periodic refresh of dynamic relay entries.

dhcp relay client-information refresh enable

By default, periodic refresh of dynamic relay entries is enabled.

3.     Configure the refresh interval.

dhcp relay client-information refresh [ auto | interval interval ]

By default, the refresh interval is auto, which is calculated based on the number of total relay entries.

 

Enabling DHCP starvation attack protection

A DHCP starvation attack occurs when an attacker constantly sends forged DHCP requests using different MAC addresses in the chaddr field to a DHCP server. This exhausts the IP address resources of the DHCP server so legitimate DHCP clients cannot obtain IP addresses. The DHCP server might also fail to work because of exhaustion of system resources. The following methods are available to relieve or prevent such attacks.

·     To relieve a DHCP starvation attack that uses DHCP packets encapsulated with different source MAC addresses, you can use one of the following methods:

¡     Limit the number of ARP entries that a Layer 3 interface can learn.

¡     Limit the number of MAC addresses that a Layer 2 port can learn.

¡     Configure an interface that has learned the maximum MAC addresses to discard packets whose source MAC addresses are not in the MAC address table.

·     To prevent a DHCP starvation attack that uses DHCP requests encapsulated with the same source MAC address, you can enable MAC address check on the DHCP relay agent. The DHCP relay agent compares the chaddr field of a received DHCP request with the source MAC address in the frame header. If they are the same, the DHCP relay agent forwards the request to the DHCP server. If not, the relay agent discards the request.

Enable MAC address check only on the DHCP relay agent directly connected to the DHCP clients. A DHCP relay agent changes the source MAC address of DHCP packets before sending them. If you enable this feature on an intermediate relay agent, it might discard valid DHCP packets. Then the sending clients will not obtain IP addresses.

A MAC address check entry has an aging time. When the aging time expires, both of the following occur:

·     The entry ages out.

·     The DHCP relay agent rechecks the validity of DHCP requests sent from the MAC address in the entry.

To enable MAC address check:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Configure the aging time for MAC address check entries.

dhcp relay check mac-address aging-time time

The default aging time is 300 seconds.

This command takes effect only after you execute the dhcp relay check mac-address command.

3.     Enter the interface view.

interface interface-type interface-number

N/A

4.     Enable MAC address check.

dhcp relay check mac-address

By default, MAC address check is disabled.

 

Configuring the DHCP relay agent to release an IP address

Configure the relay agent to release the IP address for a relay entry. The relay agent sends a DHCP-RELEASE message to the server and meanwhile deletes the relay entry. Upon receiving the DHCP-RELEASE message, the DHCP server releases the IP address.

To configure the DHCP relay agent to release an IP address:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Configure the DHCP relay agent to release an IP address.

dhcp relay release ip client-ip [ vpn-instance vpn-instance-name ]

This command can release only the IP addresses in the recorded relay entries.

 

Configuring Option 82

Follow these guidelines when you configure Option 82:

·     To support Option 82, you must perform related configuration on both the DHCP server and relay agent. For DHCP server Option 82 configuration, see "Enabling handling of Option 82."

·     The device name (sysname) must not include spaces if it is configured as the padding content for sub-option 1. Otherwise, the DHCP relay agent fails to add or replace Option 82..

To configure Option 82:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Enable the relay agent to handle Option 82.

dhcp relay information enable

By default, handling of Option 82 is disabled.

4.     (Optional.) Configure the strategy for handling DHCP requests that contain Option 82.

dhcp relay information strategy { drop | keep | replace }

By default, the handling strategy is replace.

5.     (Optional.) Configure the padding mode and padding format for the Circuit ID sub-option.

dhcp relay information circuit-id { string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }

By default, the padding mode for Circuit ID sub-option is normal, and the padding format is hex.

6.     (Optional.) Configure the padding mode and padding format for the Remote ID sub-option.

dhcp relay information remote-id { normal [ format { ascii | hex } ] | string remote-id | sysname }

By default, the padding mode for the Remote ID sub-option is normal, and the padding format is hex.

 

Setting the DSCP value for DHCP packets sent by the DHCP relay agent

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.

To set the DSCP value for DHCP packets sent by the DHCP relay agent:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Set the DSCP value for DHCP packets sent by the DHCP relay agent.

dhcp dscp dscp-value

By default, the DSCP value in DHCP packets sent by the DHCP relay agent is 56.

 

Displaying and maintaining the DHCP relay agent

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display information about DHCP servers specified on an interface.

display dhcp relay server-address [ interface interface-type interface-number ]

Display Option 82 configuration information on the DHCP relay agent.

display dhcp relay information [ interface interface-type interface-number ]

Display relay entries on the DHCP relay agent.

display dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ]

Display packet statistics on the DHCP relay agent.

display dhcp relay statistics [ interface interface-type interface-number ]

Display MAC address check entries on the DHCP relay agent.

display dhcp relay check mac-address

Clear relay entries on the DHCP relay agent.

reset dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ]

Clear packet statistics on the DHCP relay agent.

reset dhcp relay statistics [ interface interface-type interface-number ]

 

DHCP relay agent configuration examples

DHCP relay agent configuration example

Network requirements

As shown in Figure 15, configure the DHCP relay agent on Switch A so that DHCP clients can obtain IP addresses and configuration parameters from the DHCP server on another subnet.

The DHCP relay agent and server are on different subnets. Configure static or dynamic routing to make them reachable to each other.

Perform the configuration on the DHCP server to guarantee the client-server communication. For DHCP server configuration information, see "DHCP server configuration examples."

Figure 15 Network diagram

 

Configuration procedure

# Specify IP addresses for the interfaces. (Details not shown.)

# Enable DHCP.

<SwitchA> system-view

[SwitchA] dhcp enable

# Enable the DHCP relay agent on VLAN-interface 10.

[SwitchA] interface vlan-interface 10

[SwitchA-Vlan-interface10] dhcp select relay

# Specify the IP address of the DHCP server on the relay agent.

[SwitchA-Vlan-interface10] dhcp relay server-address 10.1.1.1

Verifying the configuration

# Verify that DHCP clients can obtain IP addresses and all other network parameters from the DHCP server through the DHCP relay agent. (Details not shown.)

# Display the statistics of DHCP packets forwarded by the DHCP relay agent.

[SwitchA] display dhcp relay statistics

# Display relay entries if you have enabled relay entry recording on the DHCP relay agent.

[SwitchA] display dhcp relay client-information

Option 82 configuration example

Network requirements

As shown in Figure 15, the DHCP relay agent (Switch A) replaces Option 82 in DHCP requests before forwarding them to the DHCP server (Switch B).

·     The Circuit ID sub-option is company001.

·     The Remote ID sub-option is device001.

To use Option 82, you must also enable the DHCP server to handle Option 82.

Configuration procedure

# Specify IP addresses for the interfaces. (Details not shown.)

# Enable DHCP.

<SwitchA> system-view

[SwitchA] dhcp enable

# Enable the DHCP relay agent on VLAN-interface 10.

[SwitchA] interface vlan-interface 10

[SwitchA-Vlan-interface10] dhcp select relay

# Specify the IP address of the DHCP server.

[SwitchA-Vlan-interface10] dhcp relay server-address 10.1.1.1

# Configure the handling strategies and padding content of Option 82.

[SwitchA-Vlan-interface10] dhcp relay information enable

[SwitchA-Vlan-interface10] dhcp relay information strategy replace

[SwitchA-Vlan-interface10] dhcp relay information circuit-id string company001

[SwitchA-Vlan-interface10] dhcp relay information remote-id string device001

Troubleshooting DHCP relay agent configuration

Symptom

DHCP clients cannot obtain configuration parameters through the DHCP relay agent.

Analysis

Some problems might occur with the DHCP relay agent or server configuration.

Solution

To locate the problem, enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information.

Check that:

·     DHCP is enabled on the DHCP server and relay agent.

·     The DHCP server has an address pool on the same subnet as the DHCP clients.

·     The DHCP server and DHCP relay agent can reach each other.

·     The DHCP server address specified on the DHCP relay agent interface connected to the DHCP clients is correct.


With DHCP client enabled, an interface uses DHCP to obtain configuration parameters from the DHCP server, for example, an IP address.

The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), management Ethernet interfaces, VLAN interfaces, and Layer 3 aggregate interfaces.

Enabling the DHCP client on an interface

Follow these guidelines when you enable the DHCP client on an interface:

·     If the number of IP address request failures reaches the system-defined amount, the DHCP client-enabled interface uses a default IP address.

·     An interface can be configured to acquire an IP address in multiple ways. The new configuration overwrites the old.

·     Secondary IP addresses cannot be configured on an interface that is enabled with the DHCP client.

·     If the interface obtains an IP address on the same segment as another interface on the device, the interface does not use the assigned address. Instead, it requests a new IP address from the DHCP server.

To enable the DHCP client on an interface:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Configure an interface to use DHCP for IP address acquisition.

ip address dhcp-alloc

By default, an interface does not use DHCP for IP address acquisition.

 

Configuring a DHCP client ID for an interface

A DHCP client ID is added to the DHCP option 61. A DHCP server can specify IP addresses for clients based on the DHCP client ID.

Make sure the IDs for different DHCP clients are unique.

To configure a DHCP client ID for an interface:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Configure a DHCP client ID for the interface.

dhcp client identifier { ascii string | hex string | mac interface-type interface-number }

By default, an interface generates an ASCII character string as the DHCP client ID based on its MAC address and the interface name.

4.     Verify the client ID configuration.

display dhcp client [ verbose ] [ interface interface-type interface-number ]

DHCP client ID includes ID type and type value. Each ID type has a fixed type value. You can check the fields for the client ID to verify which type of client ID is used:

·     If an ASCII string is used as the client ID, the type value is 00.

·     If a hex string is used as the client ID, the type value is the first two characters in the string.

·     If the MAC address of a specific interface is used as the client ID, the type value is 01.

 

Enabling duplicated address detection

DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply, making the client unable to use the IP address assigned by the server. H3C recommends you to disable duplicate address detection when ARP attacks exist on the network.

To enable duplicated address detection:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable duplicate address detection.

dhcp client dad enable

By default, the duplicate address detection feature is enabled on an interface.

 

Setting the DSCP value for DHCP packets sent by the DHCP client

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.

To set the DSCP value for DHCP packets sent by the DHCP client:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Set the DSCP value for DHCP packets sent by the DHCP client.

dhcp client dscp dscp-value

By default, the DSCP value in DHCP packets sent by the DHCP client is 56.

 

Displaying and maintaining the DHCP client

Execute display command in any view.

 

Task

Command

Display DHCP client information.

display dhcp client [ verbose ] [ interface interface-type interface-number ]

 

DHCP client configuration example

Network requirements

As shown in Figure 17, on a LAN, Switch B contacts the DHCP server through VLAN-interface 2 to obtain an IP address, DNS server address, and static route information. The DHCP client IP address resides on network 10.1.1.0/24. The DNS server address is 20.1.1.1. The next hop of the static route to network 20.1.1.0/24 is 10.1.1.2.

The DHCP server uses Option 121 to assign static route information to DHCP clients. Figure 16 shows the Option 121 format. The destination descriptor field contains the following parts: subnet mask length and destination network address, both in hexadecimal notation. In this example, the destination descriptor is 18 14 01 01 (the subnet mask length is 24 and the network address is 20.1.1.0 in dotted decimal notation). The next hop address is 0A 01 01 02 (10.1.1.2 in dotted decimal notation).

Figure 16 Option 121 format

 

Figure 17 Network diagram

 

Configuration procedure

1.     Configure Switch A:

# Specify the IP address of VLAN-interface 2.

<SwitchA> system-view

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 10.1.1.1 24

[SwitchA-Vlan-interface2] quit

# Enable the DHCP service.

[SwitchA] dhcp enable

# Exclude an IP address from dynamic allocation.

[SwitchA] dhcp server forbidden-ip 10.1.1.2

# Configure DHCP address pool 0. Specify the subnet, lease duration, DNS server address, and a static route to subnet 20.1.1.0/24.

[SwitchA] dhcp server ip-pool 0

[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0

[SwitchA-dhcp-pool-0] expired day 10

[SwitchA-dhcp-pool-0] dns-list 20.1.1.1

[SwitchA-dhcp-pool-0] option 121 hex 18 14 01 01 0A 01 01 02

2.     Configure Switch B:

# Configure VLAN-interface 2 to use DHCP for IP address acquisition.

<SwitchB> system-view

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ip address dhcp-alloc

[SwitchB-Vlan-interface2] quit

Verifying the configuration

# Use the display dhcp client command to display the IP address and other network parameters assigned to Switch B.

[SwitchB-Vlan-interface2] display dhcp client verbose

Vlan-interface2 DHCP client information:

 Current state: BOUND

 Allocated IP: 10.1.1.3 255.255.255.0

 Allocated lease: 864000 seconds, T1: 331858 seconds, T2: 756000 seconds

 Lease from May 21 19:00:29 2012   to   May 31 19:00:29 2012

 DHCP server: 10.1.1.1

 Transaction ID: 0xcde72232

 Classless static routes:

   Destination: 20.1.1.0, Mask: 255.255.255.0, NextHop: 10.1.1.2

 DNS servers: 20.1.1.1

 Client ID type: acsii(type value=00)

 Client ID value: 000c.29d3.8659-Vlan2

 Client ID (with type) hex: 0030-3030-632e-3239-

                            6433-2e38-3635-392d-

                            4574-6830-2f30-2f32

 T1 will timeout in 3 days 19 hours 48 minutes 43 seconds

# Use the display ip routing-table command to display the route information on Switch B.  The output shows that a static route to network 20.1.1.0/24 is added to the routing table.

[SwitchB] display ip routing-table

 

Destinations : 11        Routes : 11

 

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

10.1.1.0/24         Direct 0    0            10.1.1.3        Vlan2

10.1.1.3/32         Direct 0    0            127.0.0.1       InLoop0

20.1.1.0/24         Static 70   0            10.1.1.2        Vlan2

10.1.1.255/32       Direct 0    0            10.1.1.3        Vlan2

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.0/32        Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

127.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0

224.0.0.0/4         Direct 0    0            0.0.0.0         NULL0

224.0.0.0/24        Direct 0    0            0.0.0.0         NULL0

255.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0


Overview

DHCP snooping works between the DHCP client and server, or between the DHCP client and DHCP relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security purposes.

DHCP snooping does not work between the DHCP server and DHCP relay agent.

DHCP snooping defines trusted and untrusted ports to make sure clients obtain IP addresses only from authorized DHCP servers.

·     TrustedA trusted port can forward DHCP messages correctly to make sure the clients get IP addresses from authorized DHCP servers.

·     UntrustedAn untrusted port discards received DHCP-ACK and DHCP-OFFER messages to prevent unauthorized servers from assigning IP addresses.

DHCP snooping reads DHCP-ACK messages received from trusted ports and DHCP-REQUEST messages to create DHCP snooping entries. A DHCP snooping entry includes the MAC and IP addresses of a client, the port that connects to the DHCP client, and the VLAN.

The following features need to use DHCP snooping entries:

·     ARP detection—Uses DHCP snooping entries to filter ARP packets from unauthorized clients. For more information, see Security Configuration Guide.

·     MAC-forced forwarding (MFF)—Auto-mode MFF performs the following tasks:

¡     Intercepts ARP requests from clients.

¡     Uses DHCP snooping entries to find the gateway address.

¡     Returns the gateway MAC address to the clients.

This feature forces the client to send all traffic to the gateway so that the gateway can monitor client traffic to prevent malicious attacks among clients. For more information, see Security Configuration Guide.

·     IP source guard—Uses DHCP snooping entries to filter illegal packets on a per-port basis. For more information, see Security Configuration Guide.

·     VLAN mapping—Uses DHCP snooping entries to replace service provider VLAN in packets with customer VLAN before sending the packets to clients. For more information, see Layer 2LAN Switching Configuration Guide.

Application of trusted and untrusted ports

Configure ports facing the DHCP server as trusted ports, and configure other ports as untrusted ports.

As shown in Figure 18, configure the DHCP snooping device's port that is connected to the DHCP server as a trusted port. The trusted port forwards response messages from the DHCP server to the client. The untrusted port connected to the unauthorized DHCP server discards incoming DHCP response messages.

Figure 18 Trusted and untrusted ports

 

In a cascaded network as shown in Figure 19, configure the DHCP snooping devices' ports facing the DHCP server as trusted ports. To save system resources, you can enable only the untrusted ports directly connected to the DHCP clients to record DHCP snooping entries.

Figure 19 Trusted and untrusted ports in a cascaded network

 

DHCP snooping support for Option 82

Option 82 records the location information about the DHCP client so the administrator can locate the DHCP client for security and accounting purposes. For more information about Option 82, see "Relay agent option (Option 82)."

DHCP snooping uses the same strategies as the DHCP relay agent to handle Option 82 for DHCP request messages, as shown in Table 3. If a response returned by the DHCP server contains Option 82, DHCP snooping removes Option 82 before forwarding the response to the client. If the response contains no Option 82, DHCP snooping forwards it directly.

Table 3 Handling strategies

If a DHCP request has…

Handling strategy

DHCP snooping…

Option 82

Drop

Drops the message.

Keep

Forwards the message without changing Option 82.

Replace

Forwards the message after replacing the original Option 82 with the Option 82 padded according to the configured padding format, padding content, and code type.

No Option 82

N/A

Forwards the message after adding the Option 82 padded according to the configured padding format, padding content, and code type.

 

DHCP snooping configuration task list

If you configure DHCP snooping settings on a Layer 2 Ethernet interface that has been added to an aggregation group, the settings do not take effect unless the interface is removed from the aggregation group.

 

Tasks at a glance

(Required.) Configuring basic DHCP snooping

(Optional.) Configuring Option 82

(Optional.) Configuring DHCP snooping entry auto backup

(Optional.) Enabling DHCP starvation attack protection

(Optional.) Enabling DHCP-REQUEST attack protection

(Optional.) Setting the maximum number of DHCP snooping entries

(Optional.) Configuring DHCP packet rate limit

(Optional.) Configuring a DHCP packet blocking port

 

Configuring basic DHCP snooping

Follow these guidelines when you configure basic DHCP snooping:

·     Specify the ports connected to authorized DHCP servers as trusted ports to make sure that DHCP clients can obtain valid IP addresses. The trusted ports and the ports connected to DHCP clients must be in the same VLAN.

·     Layer 2 Ethernet interfaces, Layer 2 aggregate interfaces, S-channel interfaces, and VSI interfaces can be specified as trusted ports. For more information about aggregate interfaces, see Layer 2—LAN Switching Configuration Guide. For more information about S-channel interfaces and VSI interfaces, see EVB Configuration Guide.

·     If you configure DHCP snooping settings on a Layer 2 Ethernet interface that has been added to an aggregation group, the settings do not take effect unless the interface is removed from the aggregation group.

·     DHCP snooping can work with QinQ to record VLAN tags for DHCP packets received from clients. For more information about QinQ, see Layer 2LAN Switching Configuration Guide.

To configure basic DHCP snooping:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable DHCP snooping.

dhcp snooping enable

By default, DHCP snooping is disabled.

3.     Enter interface view.

interface interface-type interface-number

This interface must connect to the DHCP server.

4.     Specify the port as a trusted port.

dhcp snooping trust

By default, all ports are untrusted ports after DHCP snooping is enabled.

5.     Return to system view.

quit

N/A

6.     Enter interface view.

interface interface-type interface-number

This interface must connect to the DHCP client.

7.     (Optional.) Enable recording of DHCP snooping entries.

dhcp snooping binding record

By default, after DHCP snooping is enabled, recording of DHCP snooping entries is disabled.

 

Configuring Option 82

Follow these guidelines when you configure Option 82:

·     If you configure Option 82 on a Layer 2 Ethernet interface that has been added to an aggregation group, the settings do not take effect unless the interface is removed from the aggregation group.

·     To support Option 82, you must configure Option 82 on both the DHCP server and the DHCP snooping device. For information about configuring Option 82 on the DHCP server, see "Enabling handling of Option 82."

·     If the handling strategy is configured as replace, you must configure a padding format for Option 82. If the handling strategy is keep or drop, there is no need to configure any padding format.

·     If Option 82 contains the device name, the device name must contain no spaces. Otherwise, DHCP snooping drops the message. You can use the sysname command to specify the device name. For more information about this command, see Fundamentals Command Reference.

·     DHCP snooping uses "outer VLAN tag.inner VLAN tag" to fill the VLAN ID field of sub-option 1 for Option 82 in verbose padding format if either of the following conditions exists:

¡     DHCP snooping and QinQ work together.

¡     DHCP snooping receives a DHCP packet with two VLAN tags.

For example, if the outer VLAN tag is 10 and the inner VLAN tag is 20, the VLAN ID field is 000a.0014. The hexadecimal digit a represents the outer VLAN tag 10, and the hexadecimal digit 14 represents the inner VLAN tag 20.

·     The device name (sysname) must not include spaces if it is configured as the padding content for sub-option 1. Otherwise, the DHCP snooping device fails to add or replace Option 82.

To configure DHCP snooping to support Option 82:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Enable DHCP snooping to support Option 82.

dhcp snooping information enable

By default, DHCP snooping does not support Option 82.

4.     (Optional.) Configure a handling strategy for DHCP requests that contain Option 82.

dhcp snooping information strategy { drop | keep | replace }

By default, the handling strategy is replace.

5.     (Optional.) Configure the padding mode and padding format for the Circuit ID sub-option.

dhcp snooping information circuit-id { [ vlan vlan-id ] string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }

By default, the padding mode is normal and the padding format is hex for the Circuit ID sub-option.

6.     (Optional.) Configure the padding mode and padding format for the Remote ID sub-option.

dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] string remote-id | sysname }

By default, the padding mode is normal and the padding format is hex for the Remote ID sub-option.

 

Configuring DHCP snooping entry auto backup

The DHCP snooping entry auto backup function saves DHCP snooping entries to a backup file. The DHCP snooping entries cannot survive a reboot. When the DHCP snooping device reboots, it automatically downloads the entries from the backup file. The auto backup helps the security features provide services if these features (such as IP source guard) must use DHCP snooping entries for user authentication.

 

 

NOTE:

If you disable DHCP snooping with the undo dhcp snooping enable command, the device deletes all DHCP snooping entries, including those stored in the backup file.

 

To configure DHCP snooping entry auto backup:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Configure the DHCP snooping device to back up DHCP snooping entries to a file.

dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } key ] ] }

By default, the DHCP snooping device does not back up DHCP snooping entries.

With this command executed, the DHCP snooping device backs up DHCP snooping entries immediately and runs auto backup.

This command automatically creates the file if you specify a non-existent file.

3.     (Optional.) Manually save DHCP snooping entries to the backup file.

dhcp snooping binding database update now

N/A

4.     (Optional.) Set the waiting time after a DHCP snooping entry change for the DHCP snooping device to update the backup file.

dhcp snooping binding database update interval seconds

The default waiting time is 300 seconds.

When a DHCP snooping entry is learned, updated, or removed, the waiting period starts. The DHCP snooping device updates the backup file when the specified waiting period is reached. All changed entries during the period will be saved to the backup file.

If no DHCP snooping entry changes, the backup file is not updated.

 

Enabling DHCP starvation attack protection

A DHCP starvation attack occurs when an attacker constantly sends forged DHCP requests that contain identical or different sender MAC addresses in the chaddr field to a DHCP server. This attack exhausts the IP address resources of the DHCP server so legitimate DHCP clients cannot obtain IP addresses. The DHCP server might also fail to work because of exhaustion of system resources. For information about the fields of DHCP packet, see "DHCP message format."

Protect against starvation attacks in the following ways:

·     To relieve a DHCP starvation attack that uses DHCP requests encapsulated with different sender MAC addresses, you can limit the number of MAC addresses that a Layer 2 port can learn by using the mac-address max-mac-count command. For more information about the command, see Layer 2—LAN Switching Command Reference.

·     To prevent a DHCP starvation attack that uses DHCP requests encapsulated with the same sender MAC address, perform this task to enable MAC address check for DHCP snooping. This function compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, the request is considered valid and forwarded to the DHCP server. If not, the request is discarded.

To enable MAC address check:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Enable MAC address check.

dhcp snooping check mac-address

By default, MAC address check is disabled.

 

Enabling DHCP-REQUEST attack protection

DHCP-REQUEST messages include DHCP lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This function prevents the unauthorized clients that forge the DHCP-REQUEST messages from attacking the DHCP server.

Attackers can forge DHCP lease renewal packets to renew leases for legitimate DHCP clients that no longer need the IP addresses. These forged messages disable the victim DHCP server from releasing the IP addresses.

Attackers can also forge DHCP-DECLINE or DHCP-RELEASE packets to terminate leases for legitimate DHCP clients that still need the IP addresses.

To prevent such attacks, you can enable DHCP-REQUEST check. This feature uses DHCP snooping entries to check incoming DHCP-REQUEST messages.

·     If a matching entry is found for a message, this feature compares the entry with the message information.

¡     If they are consistent, the message is considered as valid and forwarded to the DHCP server.

¡     If they are different, the message is considered as a forged message and is discarded.

·     If no matching entry is found, the message is considered valid and forwarded to the DHCP server.

To enable DHCP-REQUEST check:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Enable DHCP-REQUEST check.

dhcp snooping check request-message

By default, DHCP-REQUEST check is disabled.

You can enable DHCP-REQUEST check only on Layer 2 Ethernet interfaces, Layer 2 aggregate interfaces, S-channel interfaces, and VSI interfaces.

 

Setting the maximum number of DHCP snooping entries

Perform this task to prevent the system resources from being overused.

To set the maximum number of DHCP snooping entries:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Set the maximum number of DHCP snooping entries for the interface to learn.

dhcp snooping max-learning-num number

By default, the number of DHCP snooping entries for an interface to learn is not limited.

 

Configuring DHCP packet rate limit

Perform this task to configure the maximum rate at which an interface can receive DHCP packets. This feature discards exceeding DHCP packets to prevent attacks that send large numbers of DHCP packets.

To configure DHCP packet rate limit:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Configure the maximum rate at which the interface can receive DHCP packets.

dhcp snooping rate-limit rate

By default, incoming DHCP packets are not rate limited.

You can configure this command only on Layer 2 Ethernet interfaces, Layer 2 aggregate interfaces, S-channel interfaces, and VSI interfaces.

If you configure the rate on a Layer 2 Ethernet interface that is a member port of a Layer 2 aggregate interface, the Layer 2 Ethernet interface uses the DHCP packet maximum rate configured on the Layer 2 aggregate interface. If the Layer 2 Ethernet interface leaves the aggregation group, it uses its own DHCP packet maximum rate.

 

Configuring a DHCP packet blocking port

A DHCP packet blocking port drops all incoming DHCP packets. Use this feature to filter all incoming DHCP packets on the interface where DHCP snooping features are configured. These packets cannot be dropped by simply applying an ACL, because the ACL rules deployed by DHCP snooping features take precedence over the ACL application.

To configure a DHCP packet blocking port:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Configure the port to block DHCP packets.

dhcp snooping deny

By default, the port does not block DHCP packets.

 

Displaying and maintaining DHCP snooping

Task

Command

Remarks

Display DHCP snooping entries.

display dhcp snooping binding [ ip ip-address [ vlan vlan-id ] ]

Available in any view.

Display Option 82 configuration information on the DHCP snooping device.

display dhcp snooping information { all | interface interface-type interface-number }

Available in any view.

Display DHCP packet statistics on the DHCP snooping device.

display dhcp snooping packet statistics [ slot slot-number ]

Available in any view.

Display information about trusted ports.

display dhcp snooping trust

Available in any view.

Display information about the file that stores DHCP snooping entries.

display dhcp snooping binding database

Available in any view.

Clear DHCP snooping entries.

reset dhcp snooping binding { all | ip ip-address [ vlan vlan-id ] }

Available in user view.

Clear DHCP packet statistics on the DHCP snooping device.

reset dhcp snooping packet statistics [ slot slot-number ]

Available in user view.

 

DHCP snooping configuration examples

Basic DHCP snooping configuration example

Network requirements

As shown in Figure 20:

·     Configure the port FortyGigE1/1/1 connected to the DHCP server as a trusted port.

·     Configure other ports as untrusted ports.

·     Enable DHCP snooping to record clients' IP-MAC bindings by reading DHCP-ACK messages received from the trusted port and DHCP-REQUEST messages.

Figure 20 Network diagram

 

Configuration procedure

# Enable DHCP snooping.

<SwitchB> system-view

[SwitchB] dhcp snooping enable

# Configure FortyGigE 1/1/1 as a trusted port.

[SwitchB] interface FortyGigE 1/1/1

[SwitchB-FortyGigE1/1/1] dhcp snooping trust

[SwitchB-FortyGigE1/1/1] quit

# Enable DHCP snooping to record clients' IP-MAC bindings on FortyGigE 1/1/2.

[SwitchB] interface FortyGigE 1/1/2

[SwitchB-FortyGigE1/1/2] dhcp snooping binding record

[SwitchB-FortyGigE1/1/2] quit

Verifying the configuration

# Verify that the DHCP client can obtain an IP address and other configuration parameters only from the authorized DHCP server. (Details not shown.)

# Display the DHCP snooping entry recorded for the client.

[SwitchB] display dhcp snooping binding

Option 82 configuration example

Network requirements

As shown in Figure 21, enable DHCP snooping and configure Option 82 on Switch B as follows:

·     Configure the handling strategy for DHCP requests that contain Option 82 as replace.

·     On FortyGigE 1/1/2, configure the padding content for the Circuit ID sub-option as company001 and for the Remote ID sub-option as device001.

·     On FortyGigE 1/1/3, for the Circuit ID sub-option, configure the padding format as verbose, access node identifier as sysname, and code type as ascii. For the Remote ID sub-option, configure the padding content as device001.

Figure 21 Network diagram

 

Configuration procedure

# Enable DHCP snooping.

<SwitchB> system-view

[SwitchB] dhcp snooping enable

# Configure FortyGigE 1/1/1 as a trusted port.

[SwitchB] interface FortyGigE 1/1/1

[SwitchB-FortyGigE1/1/1] dhcp snooping trust

[SwitchB-FortyGigE1/1/1] quit

# Configure Option 82 on FortyGigE 1/1/2.

[SwitchB] interface FortyGigE 1/1/2

[SwitchB-FortyGigE1/1/2] dhcp snooping information enable

[SwitchB-FortyGigE1/1/2] dhcp snooping information strategy replace

[SwitchB-FortyGigE1/1/2] dhcp snooping information circuit-id string company001

[SwitchB-FortyGigE1/1/2] dhcp snooping information remote-id string device001

[SwitchB-FortyGigE1/1/2] quit

# Configure Option 82 on FortyGigE 1/1/3.

[SwitchB] interface FortyGigE 1/1/3

[SwitchB-FortyGigE1/1/3] dhcp snooping information enable

[SwitchB-FortyGigE1/1/3] dhcp snooping information strategy replace

[SwitchB-FortyGigE1/1/3] dhcp snooping information circuit-id verbose node-identifier sysname format ascii

[SwitchB-FortyGigE1/1/3] dhcp snooping information remote-id string device001

Verifying the configuration

# Display Option 82 configuration information on FortyGigE 1/1/2 and FortyGigE 1/1/3 on the DHCP snooping device.

[SwitchB] display dhcp snooping information


BOOTP client configuration only applies to Layer 3 Ethernet interfaces (including subinterfaces), management Ethernet interfaces, Layer 3 aggregate interfaces, and VLAN interfaces.

If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows Server 2000 or Windows Server 2003.

BOOTP application

An interface that acts as a BOOTP client can use BOOTP to obtain information (such as IP address) from the BOOTP server.

To use BOOTP, an administrator must configure a BOOTP parameter file for each BOOTP client on the BOOTP server. The parameter file contains information such as MAC address and IP address of a BOOTP client. When a BOOTP client sends a request to the BOOTP server, the BOOTP server searches for the BOOTP parameter file and returns the corresponding configuration information.

BOOTP is usually used in relatively stable environments. In network environments that change frequently, DHCP is more suitable.

Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an IP address for the BOOTP client, without any BOOTP server.

Obtaining an IP address dynamically

A BOOTP client dynamically obtains an IP address from a BOOTP server as follows:

1.     The BOOTP client broadcasts a BOOTP request, which contains its own MAC address.

2.     The BOOTP server receives the request and searches the configuration file for the IP address and other information according to the MAC address of the BOOTP client.

3.     The BOOTP server returns a BOOTP response to the BOOTP client.

4.     The BOOTP client obtains the IP address from the received response.

A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition.

Protocols and standards

·     RFC 951, Bootstrap Protocol (BOOTP)

·     RFC 2132, DHCP Options and BOOTP Vendor Extensions

·     RFC 1542, Clarifications and Extensions for the Bootstrap Protocol

Configuring an interface to use BOOTP for IP address acquisition

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Configure an interface to use BOOTP for IP address acquisition.

ip address bootp-alloc

By default, an interface does not use BOOTP for IP address acquisition.

 

Displaying and maintaining BOOTP client

Execute display command in any view.

 

Task

Command

Display BOOTP client information.

display bootp client [ interface interface-type interface-number ]

 

BOOTP client configuration example

Network requirements

As shown in Figure 9, Switch B's port belonging to VLAN 10 is connected to the LAN. VLAN-interface 10 obtains an IP address from the DHCP server by using BOOTP.

To make the BOOTP client obtain an IP address from the DHCP server, you must perform configurations on the DHCP server. For more information, see "DHCP server configuration examples."

Configuration procedure

The following describes the configuration on Switch B, which acts as a client.

# Configure VLAN-interface 10 to dynamically obtain an IP address from the DHCP server.

<SwitchB> system-view

[SwitchB] interface vlan-interface 10

[SwitchB-Vlan-interface10] ip address bootp-alloc

Verifying the configuration

# Display the IP address assigned to the BOOTP client.

[SwitchB] display bootp client

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become A Partner
  • Partner Policy & Program
  • Global Learning
  • Partner Sales Resources
  • Partner Business Management
  • Service Business
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网