The client offline detection feature on the DHCP server reclaims an assigned IP address and deletes the binding entry when the ARP entry ages out for the IP address.

This feature on the DHCP relay agent deletes the related relay entry and sends a RELEASE message to the DHCP server when an ARP entry ages out.

Examples

# Enable client offline detection.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp client-detect

dhcp dscp

Use dhcp dscp to set the DSCP value for DHCP packets sent by the DHCP server or the DHCP relay agent.

Use undo dhcp dscp to restore the default.

Syntax

dhcp dscp dscp-value

undo dhcp dscp

Default

The DSCP value is 56 in DHCP packets sent by the DHCP server or the DHCP relay agent.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies the DSCP value for DHCP packets, in the range of 0 to 63.

Usage guidelines

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.

Examples

# Set the DSCP value to 30 for DHCP packets sent by the DHCP server or the DHCP relay agent.

<Sysname> system-view

[Sysname] dhcp dscp 30

dhcp enable

Use dhcp enable to enable DHCP.

Use undo dhcp enable to disable DHCP.

Syntax

dhcp enable

undo dhcp enable

Default

DHCP is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

DHCP related configuration takes effect only after you enable DHCP.

Enable DHCP before you configure the DHCP server or relay agent.

Examples

# Enable DHCP.

<Sysname> system-view

[Sysname] dhcp enable

dhcp flood-protection aging-time

Use dhcp flood-protection aging-time to set the DHCP flood attack entry aging time.

Use undo dhcp flood-protection aging-time to restore the default.

Syntax

dhcp flood-protection aging-time time

undo dhcp flood-protection aging-time

Default

The DHCP flood attack entry aging time is 300 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time: Specifies the DHCP flood attack entry aging time in seconds. The value range is 30 to 600.

Usage guidelines

The device deletes a DHCP flood attack entry for a MAC address if the entry's aging time is reached. If a DHCP packet from that MAC address arrives later, the DHCP server will create a new flood attack entry and count the number of incoming DHCP packets for that MAC address again.

This command takes effect only after you execute the dhcp flood-protection enable command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the DHCP flood attack entry aging time to 90 seconds.

<Sysname> system-view

[Sysname] dhcp flood-protection aging-time 90

Related commands

dhcp flood-protection enable

dhcp flood-protection threshold

dhcp flood-protection enable

Use dhcp flood-protection enable to enable DHCP flood attack protection.

Use undo dhcp flood-protection enable to disable DHCP flood attack protection.

Syntax

dhcp flood-protection enable

undo dhcp flood-protection enable

Default

DHCP flood attack protection is disabled.

Views

Interface view

VSI view

Predefined user roles

network-admin

Usage guidelines

When the DHCP server receives a DHCP packet from a client (MAC address), it creates a DHCP flood attack entry in check state. If the number of DHCP packets from the same MAC address exceeds the upper limit in the detection duration, the server determines that the client is launching a DHCP flood attack. The DHCP flood attack entry changes to the restrain state, and the DHCP server discards the DHCP packets from that client.

Examples

# Enable DHCP flood attack protection on Layer 3 Ethernet interface Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp flood-protection enable

# Enable DHCP flood attack protection on VSI 10.

<Sysname> system-view

[Sysname] vsi 10

[Sysname-vsi-10] dhcp flood-protection enable

Related commands

dhcp flood-protection threshold

dhcp flood-protection aging-time

dhcp flood-protection threshold

Use dhcp flood-protection threshold to set the DHCP packet rate threshold for DHCP flood attack detection.

Use undo dhcp flood-protection threshold to restore the default.

Syntax

dhcp flood-protection threshold packet-number milliseconds

undo dhcp flood-protection threshold

Default

The device allows a maximum of 6 DHCP packets per 5000 milliseconds from each DHCP client.

Views

System view

Predefined user roles

network-admin

Parameters

packet-number: Specifies the maximum number of DHCP packets in the range of 2 to 200.

milliseconds: Specifies the DHCP flood attack detection duration in milliseconds. The value range is 1000 to 10000.

Usage guidelines

The DHCP flood attack protection enables the DHCP device to detect DHCP flood attacks according to the DHCP packet rate threshold on a per-MAC basis. If the number of DHCP packets from the same MAC address exceeds the upper limit in the detection duration, the client at that MAC address is launching a DHCP flood attack.

This command takes effect only after you execute the dhcp flood-protection enable command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the device to allow a maximum of 2 DHCP packets per 9000 milliseconds from each DHCP client.

<Sysname> system-view

[Sysname] dhcp flood-protection threshold 2 9000

Related commands

dhcp flood-protection aging-time

dhcp flood-protection enable

dhcp log enable

Use dhcp log enable to enable DHCP server logging.

Use undo dhcp log enable to disable DHCP server logging.

Syntax

dhcp log enable

undo dhcp log enable

Default

DHCP server logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCP server to generate DHCP logs and send them to the information center. The information helps administrators to locate and solve problems. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

As a best practice, disable this feature if the log generation affects the device performance or reduces the address allocation efficiency. For example, this situation might occur when a large number of clients frequently come online or go offline.

Examples

# Enable DHCP server logging.

<Sysname> system-view

[Sysname] dhcp log enable

dhcp select

Use dhcp select to enable the DHCP server or DHCP relay agent on an interface.

Use undo dhcp select to disable the DHCP server or DHCP relay agent on an interface. The interface will discard incoming DHCP packets.

Syntax

dhcp select { relay [ proxy ] | server }

undo dhcp select { relay | server }

Default

The interface operates in the DHCP server mode and responds to DHCP requests with configuration parameters.

Views

Interface view

Predefined user roles

network-admin

Parameters

relay: Enables the DHCP relay agent on the interface.

proxy: Enables the DHCP server proxy on the relay agent.

server: Enables the DHCP server on the interface.

Usage guidelines

Before enabling a DHCP server to operate as a DHCP relay agent, use the reset dhcp server ip-in-use command to clear address bindings and authorized ARP entries. These authorized ARP entries might conflict with ARP entries that are created after the DHCP relay agent is enabled.

When DHCP server proxy is enabled on the DHCP relay agent, the proxy forwards packets between the DHCP clients and DHCP server.

· When receiving DHCP requests from DHCP clients, the proxy forwards them to the DHCP server.

· When receiving DHCP responses from the DHCP server, the proxy modifies the DHCP server's IP address in these responses as its own IP address.

Examples

# Enable the DHCP relay agent on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp select relay

Related commands

dhcp relay server-address

dhcp relay source-address

dhcp server request-ip-address check

dhcp smart-relay enable

reset dhcp server ip-in-use

DHCP server commands

address range

Use address range to configure an IP address range in a DHCP address pool for dynamic allocation.

Use undo address range to restore the default.

Syntax

address range start-ip-address end-ip-address

undo address range

Default

No IP address range exists.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

start-ip-address: Specifies the start IP address.

end-ip-address: Specifies the end IP address.

Usage guidelines

If no IP address range is specified, all IP addresses in the subnet specified by the network command in address pool view are assignable. If an IP address range is specified, only the IP addresses in the IP address range are assignable.

The address range command is mutually exclusive with the network secondary command. You cannot use them together in the same address pool.

If you execute this command multiple times, the most recent configuration takes effect.

The address range specified by the address range command must be within the subnet specified by the network command. The addresses outside of the subnet cannot be assigned.

Examples

# Specify an address range of 192.168.8.1 through 192.168.8.150 in address pool 1.

<Sysname> system-view

[Sysname] dhcp server ip-pool 1

[Sysname-dhcp-pool-1] network 192.168.8.1 mask 255.255.255.0

[Sysname-dhcp-pool-1] address range 192.168.8.1 192.168.8.150

Related commands

class

dhcp class

display dhcp server pool

network

bims-server

Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool.

Use undo bims-server to restore the default.

Syntax

bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } string

undo bims-server

Default

No BIMS server information is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip ip-address: Specifies the IP address of the BIMS server.

port port-number: Specifies the port number of the BIMS server, in the range of 1 to 65534.

cipher: Specifies a key in encrypted form.

simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key string. Its plaintext form is a case-sensitive string of 1 to 16 characters. Its encrypted form is a case-sensitive string of 1 to 53 characters. The DHCP client uses the shared key to encrypt packets sent to the BIMS server.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify BIMS server IP address 1.1.1.1, port number 80, and shared key aabbcc in address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] bims-server ip 1.1.1.1 port 80 sharekey simple aabbcc

Related commands

display dhcp server pool

bootfile-name

Use bootfile-name to specify a configuration file name or URL.

Use undo bootfile-name to restore the default.

Syntax

bootfile-name { bootfile-name | url }

undo bootfile-name

Default

No configuration file name or URL is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

bootfile-name: Specifies the configuration file name, a case-sensitive string of 1 to 63 characters.

url: Specifies the HTTP URL of the configuration file. It is a case-sensitive string of 1 to 63 characters.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

To specify a configuration file on a TFTP server, use the bootfile-name argument.

To specify a configuration file on an HTTP server, use the url argument.

Examples

# Specify configuration file name boot.cfg in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] bootfile-name boot.cfg

# Specify configuration file URL http://10.1.1.1/boot.cfg in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] bootfile-name http://10.1.1.1/boot.cfg

Related commands

display dhcp server pool

next-server

tftp-server domain-name

tftp-server ip-address

class ip-pool

Use class ip-pool to specify a DHCP address pool for a DHCP user class.

Use undo class ip-pool to remove the DHCP address pool specified for a DHCP user class.

Syntax

class class-name ip-pool pool-name

undo class class-name ip-pool

Default

No DHCP address pool is specified for a DHCP user class.

Views

DHCP policy view

Predefined user roles

network-admin

Parameters

class-name: Specifies a DHCP user class by its name, a case-insensitive string of 1 to 63 characters.

pool-name: Specifies a DHCP address pool by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can specify only one DHCP address pool for a DHCP user class in a DHCP policy. If you execute this command multiple times for a user class, the most recent configuration takes effect.

Examples

# Specify DHCP address pool pool1 for DHCP user class test in DHCP policy 1.

<Sysname> system-view

[Sysname] dhcp policy 1

[Sysname-dhcp-policy-1] class test ip-pool pool1

Related commands

default ip-pool

dhcp policy

dhcp server ip-pool

class option-group

Use class option-group to specify a DHCP option group for a DHCP user class.

Use undo class option-group to remove the configuration.

Syntax

class class-name option-group option-group-number

undo class class-name option-group

Default

No DHCP option group is specified for a DHCP user class.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

class-name: Specifies a DHCP user class by its name, a case-insensitive string of 1 to 63 characters.

option-group-number: Specifies a DHCP option group by its number in the range of 1 to 32768.

Usage guidelines

When receiving a DHCP-DISCOVER message, the server compares the client against the user classes in the order that they are specified by this command. If a match is found, the server assigns the client the DHCP options in the option group. If multiple matches are found, the server selects option groups by using the following methods:

· If the option groups have options in common, the server selects the option group specified for the first matching user class.

· If the option groups have different options, the server selects all the matching option groups.

You can specify only one option group for a DHCP user class in a DHCP address pool. If you execute this command multiple times for a user class, the most recent configuration takes effect.

Examples

# Specify DHCP option group 1 for user class user in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] class user option-group 1

Related commands

dhcp option-group

class range

Use class range to specify an IP address range for a DHCP user class.

Use undo class range to remove the IP address range for the DHCP user class.

Syntax

class class-name range start-ip-address end-ip-address

undo class class-name range

Default

No IP address range is specified for a DHCP user class.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

class-name: Specifies a DHCP user class name, a case-insensitive string of 1 to 63 characters. If the specified user class does not exist, the DHCP server will not assign the addresses in the address range specified for the user class to any clients.

start-ip-address: Specifies the start IP address.

end-ip-address: Specifies the end IP address.

Usage guidelines

The class range command allows you to divide an address range into multiple address ranges for different DHCP user classes. The address range for a user class must be within the primary subnet specified by the network command. If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command. If the address range has no assignable IP addresses or no address range is configured, the address allocation fails.

The class range command is mutually exclusive with the network secondary command. You cannot use them together in the same address pool.

You can specify only one address range for a DHCP user class in an address pool. If you execute this command multiple times for a DHCP user class, the most recent configuration takes effect.

Examples

# Specify an IP address range of 192.168.8.1 through 192.168.8.150 for DHCP user class user in DHCP address pool 1.

<Sysname> system-view

[Sysname] dhcp server ip-pool 1

[Sysname-dhcp-pool-1] class user range 192.168.8.1 192.168.8.150

Related commands

address range

dhcp class

display dhcp server pool

default ip-pool

Use default ip-pool to specify the default DHCP address pool.

Use undo default ip-pool to restore the default.

Syntax

default ip-pool pool-name

undo default ip-pool

Default

No default DHCP address pool is specified.

Views

DHCP policy view

Predefined user roles

network-admin

Parameters

pool-name: Specifies a DHCP address pool by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

In a DHCP policy, the DHCP server uses the default DHCP address pool to assign IP addresses and other parameters to clients that do not match any user classes. If no default address pool is specified or the default address pool does not have assignable IP addresses, the address assignment fails.

You can specify only one default address pool in a DHCP policy. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify DHCP address pool pool1 as the default DHCP address pool in DHCP policy 1.

<Sysname> system-view

[Sysname] dhcp policy 1

[Sysname-dhcp-policy-1] default ip-pool pool1

Related commands

class ip-pool

dhcp policy

dhcp apply-policy

Use dhcp apply-policy to apply a DHCP policy to an interface.

Use undo dhcp apply-policy to restore the default.

Syntax

dhcp apply-policy policy-name

undo dhcp apply-policy

Default

No DHCP policy is applied to an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a DHCP policy by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can apply only one DHCP policy to an interface. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Apply DHCP policy test to VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp apply-policy test

Related commands

dhcp policy

dhcp class

Use dhcp class to create a DHCP user class and enter its view, or enter the view of an existing DHCP user class.

Use undo dhcp class to delete the specified DHCP user class.

Syntax

dhcp class class-name

undo dhcp class class-name

Default

No DHCP user classes exist.

Views

System view

Predefined user roles

network-admin

Parameters

class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters.

Usage guidelines

In the DHCP user class view, you can use the if-match command to configure match rules to group clients to the user class.

Examples

# Create DHCP user class test and enter DHCP user class view.

<Sysname> system-view

[Sysname] dhcp class test

[Sysname-dhcp-class-test]

Related commands

address range

class ip-pool

class option-group

class range

dhcp policy

if-match

dhcp option-group

Use dhcp option-group to create a DHCP option group and enter its view, or enter the view of an existing DHCP option group.

Use undo dhcp option-group to delete a DHCP option group.

Syntax

dhcp option-group option-group-number

undo dhcp option-group option-group-number

Default

No DHCP option groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

option-group-number: Assigns a number to the DHCP option group, in the range of 1 to 32768.

Examples

# Create DHCP option group 1 and enter DHCP option group view.

<Sysname> system-view

[Sysname] dhcp option-group 1

[Sysname-dhcp-option-group-1]

Related commands

class option-group

option

dhcp policy

Use dhcp policy to create a DHCP policy and enter its view, or enter the view of an existing DHCP policy.

Use undo dhcp policy to delete a DHCP policy.

Syntax

dhcp policy policy-name

undo dhcp policy policy-name

Default

No DHCP policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Assigns a name to the DHCP policy. The policy name is a case-insensitive string of 1 to 63 characters.

Usage guidelines

In DHCP policy view, you can specify address pools for different user classes. Clients matching a user class will obtain IP addresses and other parameters from the specified address pool.

For a DHCP policy to take effect, you must apply it to an interface.

Examples

# Create DHCP policy test and enter its view.

<Sysname> system-view

[Sysname] dhcp policy test

[Sysname-dhcp-policy-test]

Related commands

class ip-pool

default ip-pool

dhcp apply-policy

dhcp class

dhcp server always-broadcast

Use dhcp server always-broadcast to enable the DHCP server to broadcast all responses.

Use undo dhcp server always-broadcast to restore the default.

Syntax

dhcp server always-broadcast

undo dhcp server always-broadcast

Default

The DHCP server reads the broadcast flag in a DHCP request to decide whether to broadcast or unicast the response.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCP server to ignore the broadcast flag in DHCP requests and broadcast all responses.

The DHCP server always unicasts a response in the following situations, regardless of whether this command is executed:

· The DHCP request is from a DHCP client that has an IP address (the ciaddr field is not 0).

· The DHCP request is forwarded by a DHCP relay agent from a DHCP client (the giaddr field is not 0).

Examples

# Enable the DHCP server to broadcast all responses.

<Sysname> system-view

[Sysname] dhcp server always-broadcast

dhcp server apply ip-pool

Use dhcp server apply ip-pool to apply an address pool to an interface.

Use undo dhcp server apply ip-pool to restore the default.

Syntax

dhcp server apply ip-pool pool-name

undo dhcp server apply ip-pool

Default

No address pool is applied to an interface

Views

Interface view

Predefined user roles

network-admin

Parameters

pool-name: Specifies the name of a DHCP address pool, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Upon receiving a DHCP request from the interface, the DHCP server searches for a static binding for the client from all address pools. If no static binding is found, the server assigns configuration parameters from the address pool applied on the interface to the client. If the address pool has no assignable IP address or does not exist, the DHCP client cannot obtain an IP address.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Apply DHCP address pool 0 to VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp server apply ip-pool 0

Related commands

dhcp server ip-pool

dhcp server bootp ignore

Use dhcp server bootp ignore to configure the DHCP server to ignore BOOTP requests.

Use undo dhcp server bootp ignore to restore the default.

Syntax

dhcp server bootp ignore

undo dhcp server bootp ignore

Default

The DHCP server does not ignore BOOTP requests.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests.

Examples

# Configure the DHCP server to ignore BOOTP requests.

<Sysname> system-view

[Sysname] dhcp server bootp ignore

dhcp server bootp reply-rfc-1048

Use dhcp server bootp reply-rfc-1048 to enable the sending of BOOTP responses in RFC 1048 format.

Use undo dhcp server bootp reply-rfc-1048 to disable this feature.

Syntax

dhcp server bootp reply-rfc-1048

undo dhcp server bootp reply-rfc-1048

Default

This feature is disabled. The DHCP server does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into responses.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Not all BOOTP clients can send requests compliant with RFC 1048. This command enables the DHCP server to fill the Vend field in RFC 1048-compliant format in DHCP responses to RFC 1048-incompliant requests sent by BOOTP clients.

Examples

# Enable the sending of BOOTP responses in RFC 1048 format on the DHCP server.

<Sysname> system-view

[Sysname] dhcp server bootp reply-rfc-1048

dhcp server check mac-address

Use dhcp server check mac-address to enable MAC address check on the DHCP server.

Use undo dhcp server check mac-address to disable MAC address check on the DHCP server.

Syntax

dhcp server check mac-address

undo dhcp server check mac-address

Default

MAC address check is disabled on the DHCP server.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This feature enables the DHCP server to compare the chaddr field of a received DHCP request with the source MAC address in the frame header. If they are the same, the DHCP server verifies the packet as legal and continues processing the packet. If they are not the same, the DHCP server discards the request.

Examples

# Enable MAC address check on the DHCP server.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp server check mac-address

dhcp server database filename

Use dhcp server database filename to configure the DHCP server to back up the DHCP bindings to a file.

Use undo dhcp server database filename to restore the default.

Syntax

dhcp server database filename { filename | url url [ username username [ password { cipher | simple } string ] ] }

undo dhcp server database filename

Default

The DHCP server does not back up the DHCP bindings.

Views

System view

Predefined user roles

network-admin

Parameters

filename: Specifies the name of a local backup file. For information about the filename argument, see Fundamentals Configuration Guide.

url url: Specifies the URL of a remote backup file, a case-sensitive string of 1 to 255 characters. Do not include a username or password in the URL.

username username: Specifies the username for accessing the URL of the remote backup file, a case-sensitive string of 1 to 32 characters. Do not specify this option if a username is not required for accessing the URL of the remote backup file.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters. Do not specify this argument if a password is not required for accessing the URL of the remote backup file.

Usage guidelines

The command automatically creates the file if you specify a nonexistent file.

With this command executed, the DHCP server backs up its bindings immediately and runs auto backup. The server, by default, waits 300 seconds after a binding change to update the backup file. You can use the dhcp server database update interval command to change the waiting time. If no DHCP binding changes, the backup file is not updated.

As a best practice, back up the bindings to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCP server to malfunction.

When the backup file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password:

If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file path, where the port number is optional.

If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file path, where the port number is optional.

· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.

· If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[1::1]/database.dhcp.

· You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp.

Examples

# Configure the DHCP server to back up its bindings to file database.dhcp.

<Sysname> system-view

[Sysname] dhcp server database filename database.dhcp

# Configure the DHCP server to back up its bindings to file database.dhcp in the working directory of the FTP server at 10.1.1.1.

<Sysname> system-view

[Sysname] dhcp server database filename url ftp://10.1.1.1/database.dhcp username 1 password simple 1

Related commands

dhcp server database update interval

dhcp server database update now

dhcp server database update stop

dhcp server database update interval

Use dhcp server database update interval to set the waiting time for the DHCP server to update the backup file after a DHCP binding change.

Use undo dhcp server database update interval to restore the default.

Syntax

dhcp server database update interval interval

undo dhcp server database update interval

Default

The DHCP server waits 300 seconds to update the backup file after a DHCP binding change. If no DHCP binding changes, the backup file is not updated.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the waiting time in the range of 60 to 864000 seconds.

Usage guidelines

When a DHCP binding is created, updated, or removed, the waiting period starts. The DHCP server updates the backup file when the waiting period is reached. All bindings changed during the period will be saved to the backup file.

The waiting time takes effect only after you configure the DHCP binding auto backup by using the dhcp server database filename command.

Examples

# Set the waiting time to 10 minutes for the DHCP server to update the backup file.

<Sysname> system-view

[Sysname] dhcp server database update interval 600

Related commands

dhcp server database filename

dhcp server database update now

dhcp server database update stop

dhcp server database update now

Use dhcp server database update now to manually save the DHCP bindings to the backup file.

Syntax

dhcp server database update now

Views

System view

Predefined user roles

network-admin

Usage guidelines

Each time this command is executed, the DHCP bindings are saved to the backup file.

For this command to take effect, you must configure the DHCP auto backup by using the dhcp server database filename command.

Examples

# Manually save the DHCP bindings to the backup file.

<Sysname> system-view

[Sysname] dhcp server database update now

Related commands

dhcp server database filename

dhcp server database update interval

dhcp server database update stop

Use dhcp server database update stop to terminate the download of DHCP bindings from the backup file.

Syntax

dhcp server database update stop

Views

System view

Predefined user roles

network-admin

Usage guidelines

The DHCP server does not provide services during the binding download process. If the connection disconnects during the process, the waiting timeout timer is 60 minutes. When the timer expires, the DHCP server stops waiting and starts providing address allocation services.

To enable the DHCP server to provide services without waiting for the connection to be repaired, use this command to terminate the download immediately. The IP addresses associated with the undownloaded bindings will be assigned to clients. Address conflicts might occur.

Examples

# Terminate the download of the backup DHCP bindings.

<Sysname> system-view

[Sysname] dhcp server database update stop

Related commands

dhcp server database filename

dhcp server database update interval

dhcp server database update now

dhcp server forbidden-ip

Use dhcp server forbidden-ip to exclude IP addresses from dynamic allocation globally.

Use undo dhcp server forbidden-ip to remove the configuration.

Syntax

dhcp server forbidden-ip start-ip-address [ end-ip-address ] [ vpn-instance vpn-instance-name ]

undo dhcp server forbidden-ip start-ip-address [ end-ip-address ] [ vpn-instance vpn-instance-name ]

Default

No IP addresses are excluded from dynamic allocation globally.

Views

System view

Predefined user roles

network-admin

Parameters

start-ip-address: Specifies the start IP address.

end-ip-address: Specifies the end IP address, which cannot be lower than the start-ip-address. If you do not specify this argument, only the start-ip-address is excluded from dynamic allocation.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the excluded IP addresses belong to the public network, do not specify this option.

Usage guidelines

The IP addresses of some devices such as the gateway and FTP server cannot be assigned to clients. Use this command to exclude such addresses from dynamic allocation.

If the excluded IP address is in a static DHCP binding, the address can still be assigned to the client.

The address or address range specified in the undo dhcp server forbidden-ip command must be the same as that specified in the dhcp server forbidden-ip command. To remove an IP address from the specified address range, you must remove the entire address range.

You can execute this command multiple times to exclude multiple IP address ranges from dynamic allocation.

Examples

# Exclude the IP addresses of 10.110.1.1 through 10.110.1.63 from dynamic allocation globally.

<Sysname> system-view

[Sysname] dhcp server forbidden-ip 10.110.1.1 10.110.1.63

Related commands

forbidden-ip

static-bind

dhcp server ip-pool

Use dhcp server ip-pool to create a DHCP address pool and enter its view, or enter the view of an existing DHCP address pool.

Use undo dhcp server ip-pool to delete the specified DHCP address pool.

Syntax

dhcp server ip-pool pool-name

undo dhcp server ip-pool pool-name

Default

No DHCP address pools exist.

Views

System view

Predefined user roles

network-admin

Parameters

pool-name: Specifies a DHCP address pool name, a case-insensitive string of 1 to 63 characters. The pool name uniquely identifies an address pool.

Usage guidelines

A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients.

Examples

# Create a DHCP address pool named pool1.

<Sysname> system-view

[Sysname] dhcp server ip-pool pool1

[Sysname-dhcp-pool-pool1]

Related commands

class ip-pool

dhcp server apply ip-pool

display dhcp server pool

dhcp server ping packets

Use dhcp server ping packets to set the maximum number of ping packets.

Use undo dhcp server ping packets to restore the default.

Syntax

dhcp server ping packets number

undo dhcp server ping packets

Default

The maximum number of ping packets is 1.

Views

System view

Predefined user roles

network-admin

Parameters

number: Sets the maximum number of ping packets, in the range of 0 to 10. To disable the address conflict detection, set the value to 0.

Usage guidelines

To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client.

If a ping attempt succeeds, the server determines that the IP address is in use and picks a new IP address. If all the ping attempts fail, the server assigns the IP address to the requesting DHCP client.

Examples

# Set the maximum number of ping packets to 10.

<Sysname> system-view

[Sysname] dhcp server ping packets 10

Related commands

dhcp server ping timeout

display dhcp server conflict

reset dhcp server conflict

dhcp server ping timeout

Use dhcp server ping timeout to set the ping response timeout time on the DHCP server.

Use undo dhcp server ping timeout to restore the default.

Syntax

dhcp server ping timeout milliseconds

undo dhcp server ping timeout

Default

The ping response timeout time is 500 milliseconds.

Views

System view

Predefined user roles

network-admin

Parameters

milliseconds: Specifies the timeout time in the range of 0 to 10000 milliseconds. To disable the ping operation for address conflict detection, set the value to 0 milliseconds.

Usage guidelines

To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client.

Examples

# Set the response timeout time to 1000 milliseconds.

<Sysname> system-view

[Sysname] dhcp server ping timeout 1000

Related commands

dhcp server ping packets

display dhcp server conflict

reset dhcp server conflict

dhcp server relay information enable

Use dhcp server relay information enable to enable the DHCP server to handle Option 82.

Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82.

Syntax

dhcp server relay information enable

undo dhcp server relay information enable

Default

The DHCP server handles Option 82.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Upon receiving a DHCP request that contains Option 82, the server copies the original Option 82 into the response. If the server is configured to ignore Option 82, the response will not contain Option 82.

Examples

# Configure the DHCP server to ignore Option 82.

<Sysname> system-view

[Sysname] undo dhcp server relay information enable

dhcp server request-ip-address check

Use dhcp server request-ip-address check to enable the DHCP server to return a DHCP-NAK message if the client notions of their IP addresses are incorrect.

Use undo dhcp server request-ip-address check to restore the default.

Syntax

dhcp server request-ip-address check

undo dhcp server request-ip-address check

Default

The DHCP server does not return a DHCP-NAK message if the client notions of their IP addresses are incorrect.

Views

System view

Predefined user roles

network-admin

Usage guidelines

A DHCP client can send a DHCP-REQUEST message directly or upon receiving a DHCP-OFFER message. Upon receiving the request, the DHCP server will check if the client notion of its IP address is correct. If the requested IP address is different from the allocated one or has no matching lease record, the DHCP server remains silent by default. After the allocated IP address lease for the client expires, the DHCP server will make response to request from the client.

This feature enables the DHCP server to return DHCP-NAK messages if the client notions of their IP addresses are incorrect. After receiving the DHCP-NAK message, the DHCP client will request an IP address again.

Examples

# Enable the DHCP server to return a DHCP-NAK message if the client notions of their IP addresses are incorrect.

<Sysname> system-view

[Sysname] dhcp server request-ip-address check

Related commands

dhcp select server

display dhcp server conflict

Use display dhcp server conflict to display information about IP address conflicts.

Syntax

display dhcp server conflict [ ip ip-address ] [ vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip ip-address: Displays conflict information about the specified IP address. If you do not specify this option, this command displays information about all IP address conflicts.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays IP address conflict information for the public network.

Usage guidelines

The DHCP server generates IP address conflict information in the following situations:

· Before assigning an IP address to a DHCP client, the DHCP server pings the IP address and discovers that another host is using the address.

· The DHCP client sends a DECLINE packet to the DHCP server to inform the server of an IP address conflict.

· The DHCP server discovers that the only assignable address in the address pool is its own IP address.

Examples

# Display information about all IP address conflicts.

<Sysname> display dhcp server conflict

IP address Detect time

4.4.4.1 Apr 25 16:57:20 2019

4.4.4.2 Apr 25 17:00:10 2019

Table 1 Command output

Field	Description
IP address	Conflicted IP address.
Detect time	Time when the conflict was discovered.

Related commands

reset dhcp server conflict

display dhcp server database

Use display dhcp server database to display information about DHCP binding auto backup.

Syntax

display dhcp server database

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about DHCP binding auto backup.

<Sysname> display dhcp server database

File name : database.dhcp

Username :

Password :

Update interval : 600 seconds

Latest write time : Feb 8 16:09:53 2014

Status : Last write succeeded.

Table 2 Command output

Field	Description
File name	Name of the DHCP binding backup file.
Username	Username for accessing the URL of the remote backup file.
Password	Password for accessing the URL of the remote backup file. This field displays ****** if a password is configured.
Update interval	Waiting time in seconds after a DHCP binding change for the DHCP server to update the backup file.
Latest write time	Time of the latest update.
Status	Status of the update: · Writing—The backup file is being updated. · Last write succeeded—The backup file was successfully updated. · Last write failed—The backup file failed to be updated.

display dhcp server expired

Use display dhcp server expired to display the lease expiration information.

Syntax

display dhcp server expired [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip ip-address: Displays lease expiration information about the specified IP address. If you do not specify an IP address, this command displays lease expiration information about all IP addresses.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays lease expiration information about IP addresses for the public network.

pool pool-name: Displays lease expiration information about the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command displays lease expiration information about all address pools.

Usage guidelines

DHCP assigns these expired IP addresses to DHCP clients when all available addresses have been assigned.

Examples

# Display all lease expiration information.

<Sysname> display dhcp server expired

IP address Client-identifier/Hardware address Lease expiration

4.4.4.6 3030-3066-2e65-3230-302e-3130-3234 Apr 25 17:10:47 2019

-2d45-7468-6572-6e65-7430-2f31

Table 3 Command output

Field	Description
IP address	Expired IP address.
Client-identifier/Hardware address	Client ID or MAC address.
Lease expiration	Time when the lease expired.

Related commands

reset dhcp server expired

display dhcp server free-ip

Use display dhcp server free-ip to display information about assignable IP addresses.

Syntax

display dhcp server free-ip [ pool pool-name | vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool pool-name: Displays assignable IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command displays all assignable IP addresses for all address pools.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays assignable IP addresses in address pools for the public network.

Examples

# Display assignable IP addresses in all address pools.

<Sysname> display dhcp server free-ip

Pool name: 1

Network: 10.0.0.0 mask 255.0.0.0

IP ranges from 10.0.0.10 to 10.0.0.100

IP ranges from 10.0.0.105 to 10.0.0.255

Secondary networks:

10.1.0.0 mask 255.255.0.0

IP ranges from 10.1.0.0 to 10.1.0.255

10.2.0.0 mask 255.255.0.0

IP Ranges from 10.2.0.0 to 10.2.0.255

Pool name: 2

Network: 20.1.1.0 mask 255.255.255.0

IP ranges from 20.1.1.0 to 20.1.1.255

Table 4 Command output

Field	Description
Pool name	Name of the address pool.
Network	Assignable network.
IP ranges	Assignable IP address range.
Secondary networks	Assignable secondary networks.

Related commands

address range

dhcp server ip-pool

network

display dhcp server ip-in-use

Use display dhcp server ip-in-use to display binding information about assigned IP addresses.

Syntax

display dhcp server ip-in-use [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip ip-address: Displays binding information about the specified assigned IP address. If you do not specify an IP address, this command displays binding information about all assigned IP addresses.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays binding information about assigned IP addresses for the public network.

pool pool-name: Displays binding information about assigned IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command displays binding information about assigned IP addresses in all address pools.

Usage guidelines

The binding information can be used by other security modules only when the DHCP server is configured on the gateway of DHCP clients.

If the lease deadline exceeds the year 2100, the lease expiration time is displayed as After 2100.

Examples

# Display binding information about all assigned DHCP addresses.

<Sysname> display dhcp server ip-in-use

IP address Client-identifier/ Lease expiration Type

Hardware address

10.1.1.1 4444-4444-4444 Not used Static(F)

10.1.1.2 3030-3030-2e30-3030- May 1 14:02:49 2015 Auto(C)

662e-3030-3033-2d45-

7468-6572-6e65-74

10.1.1.3 1111-1111-1111 After 2100 Static(C)

Table 5 Command output

Field	Description
IP address	IP address assigned.
Client-identifier/Hardware address	Client ID or hardware address.
Lease expiration	Lease expiration time: · Exact time (May 1 14:02:49 2015 in this example)—Time when the lease will expire. · Not used—The IP address of the static binding has not been assigned to the specific client. · Unlimited—Infinite lease expiration time. · After 2100—The lease will expire after 2100.
Type	Binding types: · Static(F)—A free static binding whose IP address has not been assigned. · Static(O)—An offered static binding whose IP address has been selected and sent by the DHCP server in a DHCP-OFFER packet to the client. Static(C)—A committed static binding whose IP address has been assigned to the DHCP client. · Auto(O)—An offered dynamic binding whose IP address has been dynamically selected by the DHCP server and sent in a DHCP-OFFER packet to the DHCP client. · Auto(C)—A committed dynamic binding whose IP address has been dynamically assigned to the DHCP client.

Related commands

reset dhcp server ip-in-use

display dhcp server pool

Use display dhcp server pool to display information about a DHCP address pool.

Syntax

display dhcp server pool [ pool-name | vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool-name: Displays information about the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify the pool-name argument, this command displays information about all address pools.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays information about address pools for the public network.

Examples

# Display information about all DHCP address pools.

<Sysname> display dhcp server pool

Pool name: 0

Network 20.1.1.0 mask 255.255.255.0

class a range 20.1.1.50 20.1.1.60

bootfile-name abc.cfg

dns-list 20.1.1.66 20.1.1.67 20.1.1.68

domain-name www.aabbcc.com

bims-server ip 192.168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=

option 2 ip-address 1.1.1.1

expired day 1 hour 2 minute 3 second 0

remote-server algorithm master-backup

master-server switch-delay 30

dhcp-server timeout 1

verify class

IP-in-use threshold 100

Pool name: 1

Network 20.1.2.0 mask 255.255.255.0

secondary networks:

20.1.3.0 mask 255.255.255.0

20.1.4.0 mask 255.255.255.0

bims-server ip 192.168.0.51 port 50 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=

forbidden-ip 20.1.1.22 20.1.1.36 20.1.1.37

forbidden-ip 20.1.1.22 20.1.1.23 20.1.1.24

gateway-list 20.1.1.1 20.1.1.2 20.1.1.4

nbns-list 20.1.1.5 20.1.1.6 20.1.1.7

netbios-type m-node

option 2 ip-address 1.1.1.1

expired day 1 hour 0 minute 0 second 0

IP-in-use threshold 100

Pool name: 2

Network 20.1.3.0 mask 255.255.255.0

address range 20.1.3.1 to 20.1.3.15

class departmentA range 20.1.3.20 to 20.1.3.29

class departmentB range 20.1.3.30 to 20.1.3.40

next-server 20.1.3.33

tftp-server domain-name www.example.org.cn

tftp-server ip-address 192.168.0.120

voice-config ncp-ip 20.1.3.2

voice-config as-ip 20.1.3.5

voice-config voice-vlan 3 enable

voice-config fail-over 20.1.3.6 123*

option 2 ip-address 20.1.3.10

expired day 1 hour 0 minute 0 second 0

IP-in-use threshold 100

Pool name: 3

static bindings:

ip-address 10.10.1.2 mask 255.0.0.0

hardware-address 00e0-00fc-0001 ethernet

ip-address 10.10.1.3 mask 255.0.0.0

client-identifier aaaa-bbbb

expired unlimited

IP-in-use threshold 100

Table 6 Command output

Field	Description
Pool name	Name of an address pool. If the address pool is assigned by the OVSDB controller, the pool name starts with a question mark (?). For more information about OVSDB, see OVSDB VTEP configuration in VXLAN Configuration Guide.
Network	Assignable network.
secondary networks	Assignable secondary networks.
address range	Assignable address range.
class class-name range	DHCP user class and its address range.
static bindings	Static IP-to-MAC/client ID bindings.
option	Customized DHCP option.
expired	Lease duration.
remote-server algorithm master-backup	The DHCP server selecting algorithm is master-backup. If the default DHCP server selecting algorithm (poll) is used, this field is not displayed.
master-server switch-delay	Delay time (in minutes) to switch back to the master DHCP server.
dhcp-server timeout	DHCP server response timeout time for DHCP server switchover, in seconds.
verify class	The DHCP user class whitelist is enabled. If this feature is disabled, this field is not displayed.
IP-in-use threshold	IP address usage threshold for the IP address pool, in percentage.
bootfile-name	Boot file name
dns-list	DNS server IP address.
domain-name	Domain name suffix.
bims-server	BIMS server information.
forbidden-ip	IP addresses excluded from dynamic allocation.
gateway-list	Gateway addresses.
nbns-list	WINS server addresses.
netbios-type	NetBIOS node type.
next-server	Next server IP address.
tftp-server domain-name	TFTP server name.
tftp-server ip-address	TFTP server address.
voice-config ncp-ip	Primary network calling processor address.
voice-config as-ip	Backup network calling processor address.
voice-config voice-vlan	Voice VLAN.
voice-config fail-over	Failover route.

display dhcp server statistics

Use display dhcp server statistics to display the DHCP server statistics.

Syntax

display dhcp server statistics [ pool pool-name | vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, this command displays information about all address pools.

Examples

# Display the DHCP server statistics.

<Sysname> display dhcp server statistics

Pool number: 1

Pool utilization: 0.39%

Bindings:

Automatic: 1

Manual: 0

Expired: 0

Conflict: 1

Messages received: 10

DHCPDISCOVER: 5

DHCPREQUEST: 3

DHCPDECLINE: 0

DHCPRELEASE: 2

DHCPINFORM: 0

BOOTPREQUEST: 0

Messages sent: 6

DHCPOFFER: 3

DHCPACK: 3

DHCPNAK: 0

BOOTPREPLY: 0

Bad Messages: 0

Table 7 Command output

Field	Description
Pool number	Total number of address pools. This field is not displayed when you display statistics for a specific address pool.
Pool utilization	Pool usage rate: · If you display statistics for all address pools, this field displays the usage rate of all address pools. · If you display statistics for an address pool, this field displays the pool usage rate of the specified address pool.
Bindings	Bindings include the following types: · Automatic—Number of dynamic bindings. · Manual—Number of static bindings. · Expired—Number of expired bindings.
Conflict	Total number of conflict addresses. This field is not displayed if you display statistics for a specific address pool.
Messages received	DHCP packets received from clients: · DHCPDISCOVER. · DHCPREQUEST. · DHCPDECLINE. · DHCPRELEASE. · DHCPINFORM. · BOOTPREQUEST. This field is not displayed if you display statistics for a specific address pool.
Messages sent	DHCP packets sent to clients: · DHCPOFFER. · DHCPACK. · DHCPNAK. · BOOTPREPLY. This field is not displayed if statistics about a specific address pool are displayed.
Bad Messages	Number of bad messages. This field is not displayed if you display statistics for a specific address pool.

Related commands

reset dhcp server statistics

dns-list

Use dns-list to specify DNS server addresses in a DHCP address pool.

Use undo dns-list to remove DNS server addresses from a DHCP address pool.

Syntax

dns-list ip-address&<1-8>

undo dns-list [ ip-address&<1-8> ]

Default

No DNS server address is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address&<1-8>: Specifies a space-separated list of up to eight DNS servers.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

If you do not specify any parameters, the undo dns-list command deletes all DNS server addresses in the DHCP address pool.

Examples

# Specify DNS server address 10.1.1.254 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] dns-list 10.1.1.254

Related commands

display dhcp server pool

domain-name

Use domain-name to specify a domain name in a DHCP address pool.

Use undo domain-name to restore the default.

Syntax

domain-name domain-name

undo domain-name

Default

No domain name is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

domain-name: Specifies the domain name, a case-sensitive string of 1 to 50 characters.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify domain name example.com in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] domain-name example.com

Related commands

display dhcp server pool

exhaustion log enable

Use exhaustion log enable to enable IP exhaustion event l ogging.

Use undo exhaustion log enable to restore the default.

Syntax

exhaustion log enable

undo exhaustion log enable

Default

The DHCP module does not generate logs for IP exhaustion events.

Views

IP pool view

Predefined user roles

network-admin

Usage guidelines

This feature enables the DHCP module to send IP exhaustion logs to the information center. IP exhaustion events include IP exhaustion alarms and recoveries from IP exhaustion alarm conditions.

An IP exhaustion log message is generated for an IP pool when one of the following events occurs:

NOTE:

If the IP address usage threshold for the IP pool is 100%, the DHCP module generates an alarm message instead of a log message for one of the following events. To set the IP address usage threshold for an IP pool, use the ip-in-use threshold command.

‌

· The IP pool does not have assignable IP addresses.

· The IP address usage of the IP pool drops to or below 90% after IP address exhaustion. The IP address usage is calculated by using the following formula:

(Total number of IP addresses – number of assignable IP addresses)/total number of IP addresses

For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations. For more information about configuring the information center, see SNMP configuration in Network Management and Monitoring Configuration Guide.

Examples

# Enable IP exhaustion logging for IP pool pool1.

<Sysname> system-view

[Sysname] dhcp server ip-pool pool1

[Sysname-dhcp-pool-pool1] exhaustion log enable

Related commands

ip-in-use threshold

exhaustion trap enable

Use exhaustion trap enable to en able IP exhaustion n otifications for an IP pool.

Use undo exhaustion trap enable to disable IP exhaustion notifications for an IP pool.

Syntax

exhaustion trap enable

undo exhaustion trap enable

Default

IP exhaustion notifications are enabled.

Views

IP pool view

Predefined user roles

network-admin

Usage guidelines

This feature enables the device to generate an alarm notification when all assignable IP addresses in an IP pool are used up.

The IP address usage is calculated by using the following formula:

(Total number of IP addresses – number of assignable IP addresses)/total number of IP addresses

For this feature to take effect, enable SNMP notifications for the DHCP server by executing the snmp-agent trap enable dhcp server address-exhaust command first.

The DHCP server might generate too many IP exhaustion notifications for IP pools. To reduce the number of alarm notifications, disable IP exhaustion notifications for an IP pool by using the undo exhaustion trap enable command.

Examples

# Disable IP exhaustion notifications for IP pool pool1.

<Sysname> system-view

[Sysname] dhcp server ip-pool pool1

[Sysname-dhcp-pool-pool1] undo exhaustion trap enable

Related commands

display dhcp server pool

snmp-agent trap enable dhcp server

expired

Use expired to set the lease duration in a DHCP address pool.

Use undo expired to restore the default lease duration for a DHCP address pool.

Syntax

expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited }

undo expired

Default

The lease duration of a dynamic DHCP address pool is one day.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

day day: Specifies the number of days, in the range of 0 to 365.

hour hour: Specifies the number of hours, in the range of 0 to 23. The default is 0.

minute minute: Specifies the number of minutes, in the range of 0 to 59. The default is 0.

second second: Specifies the number of seconds, in the range of 0 to 59. The default is 0.

unlimited: Specifies the unlimited lease duration, which is actually 136 years.

Usage guidelines

The DHCP server assigns an IP address together with the lease duration to the DHCP client. Before the lease expires, the DHCP client must extend the lease duration.

· If the lease extension operation succeeds, the DHCP client can continue to use the IP address.

· If the lease extension operation does not succeed, both of the following events occur:

¡ The DHCP client cannot use the IP address after the lease duration expires.

¡ The DHCP server will label the IP address as an expired address.

Examples

# Set the lease duration to 1 day, 2 hours, 3 minutes, and 4 seconds in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] expired day 1 hour 2 minute 3 second 4

Related commands

display dhcp server expired

display dhcp server pool

reset dhcp server expired

forbidden-ip

Use forbidden-ip to exclude IP addresses from dynamic allocation in an address pool.

Use undo forbidden-ip to remove the configuration.

Syntax

forbidden-ip ip-address&<1-8>

undo forbidden-ip [ ip-address&<1-8> ]

Default

No IP addresses are excluded from dynamic allocation in an address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address&<1-8>: Specifies a space-separated list of up to eight excluded IP addresses.

Usage guidelines

The excluded IP addresses in an address pool are still assignable in other address pools.

You can exclude a maximum of 4096 IP addresses in an address pool by executing this command multiple times.

If you do not specify any parameters, the undo forbidden-ip command removes all excluded IP addresses.

Examples

# Exclude IP addresses 192.168.1.3 and 192.168.1.10 from dynamic allocation in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] forbidden-ip 192.168.1.3 192.168.1.10

Related commands

dhcp server forbidden-ip

display dhcp server pool

gateway-list

Use gateway-list to specify gateway addresses in a DHCP address pool or a DHCP secondary subnet.

Use undo gateway-list to remove the specified gateway addresses from a DHCP address pool or a DHCP secondary subnet.

Syntax

gateway-list ip-address&<1-64> [ export-route ]

undo gateway-list [ ip-address&<1-64> ] [ export-route ]

Default

No gateway address is configured in a DHCP address pool or a DHCP secondary subnet.

Views

DHCP address pool view

DHCP secondary subnet view

Predefined user roles

network-admin

Parameters

ip-address&<1-64>: Specifies a space-separated list of up to 64 gateway addresses. Gateway addresses must reside on the same subnet as the assignable IP addresses.

export-route: Binds the gateways to the device's MAC address in the address management module. The ARP module will use the entries to reply to ARP requests from the DHCP clients. If you do not specify this keyword, the gateways will not be bound to the device's MAC address.

Usage guidelines

The DHCP server assigns gateway addresses to clients on a secondary subnet in the following ways:

· If gateways are specified in both address pool view and secondary subnet view, DHCP assigns those specified in the secondary subnet view.

· If gateways are specified in address pool view but not in secondary subnet view, DHCP assigns those specified in address pool view.

If you do not specify any parameters, the undo gateway-list command deletes all gateway addresses.

Examples

# Specify gateway address 10.1.1.1 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] gateway-list 10.1.1.1

Related commands

display dhcp server pool

if-match

Use if-match to configure a match rule for a DHCP user class.

Use undo if-match to delete a match rule for a DHCP user class.

Syntax

if-match rule rule-number { hardware-address hardware-address mask hardware-address-mask | option option-code [ ascii ascii-string [ offset offset | partial ] | hex hex-string [ mask mask | offset offset length length | partial ] ] | relay-agent gateway-address }

undo if-match rule rule-number

Default

No match rules are configured for the DHCP user class.

Views

DHCP user class view

Predefined user roles

network-admin

Parameters

rule rule-number: Assigns the match rule an ID in the range of 1 to 16. A smaller ID represents a higher match priority.

hardware-address hardware-address: Specifies a hardware address, a string of 4 to 39 characters. The string contains hyphen-separated hexadecimal numbers. The last hexadecimal number can be a two-digit or four-digit number, and the other hexadecimal numbers must be four-digit numbers. For example, aabb-ccdd-ee is valid, and aabb-c-dddd or aabb-cc-dddd is invalid.

mask hardware-address-mask: Specifies the mask to be ANDed with the specified hardware address for the match operation. The length of the mask must be the same as that of the hardware address.

option option-code: Specifies a DHCP option by its number in the range of 1 to 254.

ascii ascii-string: Specifies an ASCII string of 1 to 128 characters.

offset offset: Specifies the offset in bytes after which the match operation starts. The value range is 0 to 254. If you do not specify an offset value, the match starts from the first byte of the option content. If you specify an ASCII string, a packet matches the rule if the option content after the offset is the same as the ASCII string. If you specify a hexadecimal number, a packet matches the rule if the option content of the specified length after the offset is the same as the hexadecimal number.

partial: Enables partial match. A packet matches a rule if the specified option in the packet contains the ASCII string or hexadecimal number specified in the rule. For example, if you specify abc in the rule, option content xabc, xyzabca, xabcyz, and abcxyz all match the rule.

hex hex-string: Specifies a hexadecimal number. The length of the hexadecimal number must be an even number in the range of 2 to 256.

mask mask: Specifies a hexadecimal mask for the match operation. The mask length must be an even number in the range of 2 to 256 and be the same as the hex-string length. The DHCP server selects option content of the mask length from the start and ANDs the selected option content and the specified hexadecimal number with the mask. The packet matches the rule if the two AND operation results are the same.

length length: Specifies the length of the option content to be matched, in the range of 1 to 128 bytes. The length must be the same as the hex-string length.

relay-agent gateway-address: Specifies a giaddr field value. The value is an IPv4 address in the dotted decimal notation. A packet matches the rule if its giaddr field value is the same as that in the rule.

Usage guidelines

If a DHCP request sent by a DHCP client matches a rule in a DHCP user class, the DHCP client matches the user class.

You can configure multiple match rules for a DHCP user class. Each match rule is uniquely identified by a rule ID within its type (hardware address, option, or relay agent address).

· If the rule that you are configuring has the same ID and type as an existing rule, the new rule overwrites the existing rule.

· If the rule that you are configuring has the same ID as an existing rule but a different type, the new rule takes effect and coexists with the existing rule. As a best practice, do not assign the same ID to rules of different types.

· Rules of different IDs cannot have the same rule content.

When you configure an if-match hardware-address rule, follow these guidelines:

· The hardware address type supports only the MAC address. A rule does not match clients with hardware addresses of other types.

· The specified hardware address must be of the same length as the client hardware addresses to be matched. To match MAC addresses, the specified hardware address must be six bytes long.

· The fs and 0s in the mask for the hardware match operation can be noncontiguous. For example, the rule if-match rule 1 hardware-address 0094-0000-1100 mask ffff-0000-ff00 matches hardware addresses in which the first two bytes are 0094 and the fifth byte is 11.

When you configure an if-match option rule, follow these guidelines:

· To match packets that contain an option, specify only the option-code argument.

· To match a hexadecimal number by AND operations, specify the option option-code hex hex-string mask mask options.

· To match a hexadecimal number directly, specify the option option-code hex hex-string [ offset offset length length | partial ] options. If you do not specify the offset, length, or partial parameter, a packet matches a rule if the option content starts with the hexadecimal number.

· To match an ASCII string, specify the option option-code ascii ascii-string [ offset offset | partial ] options. If you do not specify the offset or partial parameter, a packet matches a rule if the option content starts with the ASCII string.

Examples

# Configure match rule 1 for DHCP user class exam to match DHCP requests in which the hardware address is six bytes long and begins with 0094.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 1 hardware-address 0094-0000-0101 mask ffff-0000-0000

# Configure match rule 2 for DHCP user class exam to match DHCP requests that contain Option 82.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 2 option 82

# Configure match rule 3 for DHCP user class exam. The rule matches DHCP requests in which the highest bit of the fourth byte in Option 82 is the hexadecimal number 1.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 3 option 82 hex 00000080 mask 00000080

# Configure match rule 4 for DHCP user class exam. The rule matches DHCP requests in which the first three bytes of Option 82 are the hexadecimal number 13ae92.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 4 option 82 hex 13ae92 offset 0 length 3

# Configure match rule 5 for DHCP user class exam. The rule matches DHCP requests in which the Option 82 contains the hexadecimal number 13ae.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 5 option 82 hex 13ae partial

# Configure match rule 6 for DHCP user class exam to match DHCP requests in which the giaddr field is 10.1.1.1.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 6 relay-agent 10.1.1.1

Related commands

dhcp class

ip-in-use threshold

Use ip-in-use threshold to set the IP address usage threshold for an IP address pool.

Use undo ip-in-use threshold to restore the default.

Syntax

ip-in-use threshold threshold-value

undo ip-in-use threshold

Default

The IP address usage threshold for an IP address pool is 100%.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

threshold-value: Specifies an IP address usage threshold in percentage. The value range is 0 to 100.

Usage guidelines

If you execute this command in the same address pool view multiple times, the most recent configuration takes effect.

When the IP address usage of an address pool exceeds the threshold, the system sends notifications to the SNMP module. For DHCP notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Examples

# Set the IP address usage threshold for IP address pool p1 to 85%.

<Sysname> system-view

[Sysname] dhcp server ip-pool p1

[Sysname-dhcp-pool-p1] ip-in-use threshold 85

nbns-list

Use nbns-list to specify WINS server addresses in a DHCP address pool.

Use undo nbns-list to remove the specified WINS server addresses.

Syntax

nbns-list ip-address&<1-8>

undo nbns-list [ ip-address&<1-8> ]

Default

No WINS server address is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address&<1-8>: Specifies a space-separated list of up to eight WINS server IP addresses.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

If you do not specify any parameters, the undo nbns-list command deletes all WINS server addresses.

Examples

# Specify WINS server address 10.1.1.1 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] nbns-list 10.1.1.1

Related commands

display dhcp server pool

netbios-type

Use netbios-type to specify the NetBIOS node type in a DHCP address pool.

Use undo netbios-type to restore the default.

Syntax

netbios-type { b-node | h-node | m-node | p-node }

undo netbios-type

Default

No NetBIOS node type is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server.

h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server.

m-node: Specifies the mixed node. An m-node client broadcasts the destination name. If it does not receive a response, the m-node client unicasts the destination name to the WINS server to get the mapping.

p-node: Specifies the peer-to-peer node. A p-node client sends the destination name in a unicast message to get the mapping from the WINS server.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the NetBIOS node type as p-node in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] netbios-type p-node

Related commands

display dhcp server pool

nbns-list

network

Use network to specify the subnet for dynamic allocation in a DHCP address pool.

Use undo network to remove the specified subnet.

Syntax

network network-address [ mask-length | mask mask ] [ secondary ] [ export-route ]

undo network network-address [ mask-length | mask mask ] [ secondary ]

Default

No subnet is specified in a DHCP address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

network-address: Specifies the subnet for dynamic allocation. If no mask length or mask is specified, the natural mask will be used.

mask-length: Specifies the mask length in the range of 1 to 30.

mask mask: Specifies the mask in dotted decimal format.

secondary: Specifies the subnet as a secondary subnet. If you do not specify this keyword, this command specifies the primary subnet. If the addresses in the primary subnet are used up, the DHCP server can select addresses from a secondary subnet for clients.

export-route: Advertises the subnet assigned to DHCP clients. If you do not specify this keyword, the subnet will not be advertised.

Usage guidelines

You can use the secondary keyword to specify a secondary subnet and enter its view. In secondary subnet view, you can specify gateways by using the gateway-list command for DHCP clients in the secondary subnet.

You can specify only one primary subnet for a DHCP address pool. If you execute the network command multiple times, the most recent configuration takes effect.

You can specify up to 32 secondary subnets for a DHCP address pool.

The primary subnet and secondary subnets in a DHCP address pool must not have the same network address and mask.

The network secondary command is mutually exclusive with the address range command or the class range command. You cannot use them together in the same address pool.

Modifying or removing the network configuration deletes the assigned addresses from the current address pool.

If you execute the network export-route command multiple times, the most recent configuration takes effect.

Examples

# Specify primary subnet 192.168.8.0/24 and secondary subnet 192.168.10.0/24 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] network 192.168.8.0 mask 255.255.255.0

[Sysname-dhcp-pool-0] network 192.168.10.0 mask 255.255.255.0 secondary

[Sysname-dhcp-pool-0-secondary]

Related commands

display dhcp server pool

gateway-list

next-server

Use next-server to specify the IP address of a server in a DHCP address pool.

Use undo next-server to restore the default.

Syntax

next-server ip-address

undo next-server

Default

No server's IP address is specified in a DHCP address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address of a server.

Usage guidelines

Upon startup, the DHCP client obtains an IP address and the specified server IP address. Then it contacts the specified server, such as a TFTP server, to get other boot information.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify a server's IP address 10.1.1.254 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] next-server 10.1.1.254

Related commands

display dhcp server pool

option

Use option to customize a DHCP option.

Use undo option to remove a customized DHCP option.

Syntax

option code { ascii ascii-string | hex hex-string | ip-address ip-address&<1-8> }

undo option code

Default

No DHCP option is customized.

Views

DHCP address pool view

DHCP option group view

Predefined user roles

network-admin

Parameters

code: Specifies the number of the customized option, in the range of 2 to 254, excluding 50 through 54, 56, 58, 59, 61, and 82.

ascii ascii-string: Specifies a case-sensitive ASCII string of 1 to 255 characters as the option content.

hex hex-string: Specifies a hexadecimal number as the option content. The length of the hexadecimal number must be an even number in the range of 2 to 256.

ip-address ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses as the option content.

Usage guidelines

The DHCP server fills the customized option with the specified ASCII string, hexadecimal number, or IP addresses, and sends it in a response to the client.

You can customize options for the following purposes:

· Add newly released options.

· Add options for which the vendor defines the contents, for example, Option 43.

· Add options for which the CLI does not provide a dedicated configuration command. For example, you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients.

· Add all option values if the actual requirement exceeds the limit for a dedicated option configuration command. For example, the dns-list command can specify up to eight DNS servers. To specify more than eight DNS server, you must use the option 6 command to define all DNS servers.

DHCP options specified by dedicated commands take precedence over those specified by the option commands. For example, if a DNS server address is specified by both the dns-list command and the option 6 command, the server uses the address specified by the dns-list command.

DHCP options specified in DHCP option groups take precedence over those specified in DHCP address pools.

If you execute this command multiple times with the same code specified, the most recent configuration takes effect.

Examples

# Configure Option 7 to specify log server address 2.2.2.2 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] option 7 ip-address 2.2.2.2

Related commands

display dhcp server pool

reset dhcp server conflict

Use reset dhcp server conflict to clear IP address conflict information.

Syntax

reset dhcp server conflict [ ip ip-address ] [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

ip ip-address: Clears conflict information about the specified IP address. If you do not specify this option, this command clears all address conflict information.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears conflict information about IP addresses for the public network.

Usage guidelines

Address conflicts occur when dynamically assigned IP addresses have been statically configured for other hosts. After you modify the address pool configuration, the conflicted addresses might become assignable. To assign these addresses, use the reset dhcp server conflict command to clear the conflict information first.

Examples

# Clear all IP address conflict information.

<Sysname> reset dhcp server conflict

Related commands

display dhcp server conflict

reset dhcp server expired

Use reset dhcp server expired to clear binding information about expired IP addresses.

Syntax

reset dhcp server expired [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ]

Views

User view

Predefined user roles

network-admin

Parameters

ip ip-address: Clears binding information about the specified expired IP address. If you do not specify an IP address, this command clears binding information about all expired IP addresses.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears lease expiration information about IP addresses for the public network.

pool pool-name: Clears binding information about the expired IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command clears binding information about expired IP addresses in all address pools.

Examples

# Clear binding information about all expired IP addresses.

<Sysname> reset dhcp server expired

Related commands

display dhcp server expired

reset dhcp server ip-in-use

Use reset dhcp server ip-in-use to clear binding information about assigned IP addresses.

Syntax

reset dhcp server ip-in-use [ [ ip ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name ]

Views

User view

Predefined user roles

network-admin

Parameters

ip ip-address: Clears binding information about the specified assigned IP address. If you do not specify an IP address, this command clears binding information about all assigned IP addresses.

pool pool-name: Clears binding information about assigned IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command clears binding information about assigned IP addresses in all address pools.

Usage guidelines

If you use this command to clear information about an assigned static binding, the static binding becomes a free static binding.

Examples

# Clear binding information about IP address 10.110.1.1.

<Sysname> reset dhcp server ip-in-use ip 10.110.1.1

Related commands

display dhcp server ip-in-use

reset dhcp server statistics

Use reset dhcp server statistics to clear DHCP server statistics.

Syntax

reset dhcp server statistics [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

Examples

# Clear DHCP server statistics.

<Sysname> reset dhcp server statistics

Related commands

display dhcp server statistics

snmp-agent trap enable dhcp server

Use snmp-agent trap enable dhcp server to enable SNMP notifications for the DHCP server.

Use undo snmp-agent trap enable dhcp server to disable SNMP notifications for the DHCP server.

Syntax

snmp-agent trap enable dhcp server [ address-exhaust | ip-in-use ] *

undo snmp-agent trap enable dhcp server [ address-exhaust | ip-in-use ] *

Default

All SNMP notifications are enabled for the DHCP server.

Views

System view

Predefined user roles

network-admin

Parameters

address-exhaust: Specifies IP address exhaustion notifications. An IP address exhaustion notification is generated when the IP address usage of an IP pool has reached 100% or the IP pool has recovered from the IP exhaustion alarm condition.

ip-in-use: Specifies IP address usage alarm notifications. An IP address usage alarm notification is generated when the IP address usage of an IP pool reaches or exceeds the threshold, or an IP pool has recovered from an IP usage alarm condition. The threshold is set by using the ip-in-use threshold command.

Usage guidelines

If you do not specify any parameters, this command enables SNMP notifications for all types of DHCP server events.

The DHCP server reports critical DHCP server events in SNMP notifications to the SNMP module. For DHCP server event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Examples

# Disable SNMP notifications of all types of DHCP server events.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable dhcp server

# Disable SNMP IP exhaustion notifications.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable dhcp server address-exhaust

# Disable SNMP IP usage alarm notifications.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable dhcp server ip-in-use

Related commands

ip-in-use threshold

snmp-agent target-host (Network Management and Monitoring Command Reference)

static-bind

Use static-bind to statically bind a client ID or MAC address to an IP address.

Use undo static-bind to remove a static binding.

Syntax

static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier | hardware-address hardware-address [ ethernet | token-ring ] }

undo static-bind ip-address ip-address

Default

No static binding is specified in a DHCP address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address ip-address: Specifies the IP address of the static binding. The natural mask is used if no mask length or mask is specified.

mask-length: Specifies the mask length in the range of 1 to 30.

mask mask: Specifies the mask, in dotted decimal format.

client-identifier client-identifier: Specifies the client ID of the static binding, a string of 4 to 254 characters. The string can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…. The last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is correct, and aabb-c-dddd and aabb-cc-dddd are not correct.

hardware-address hardware-address: Specifies the client hardware address of the static binding, a string of 4 to 39 characters. The string can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…. The last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is correct, and aabb-c-dddd and aabb-cc-dddd are not correct.

ethernet: Specifies the client hardware address type as Ethernet. The default type is Ethernet.

token-ring: Specifies the client hardware address type as token ring.

Usage guidelines

The IP address of a static binding must not be an interface address of the DHCP server. Otherwise, an IP address conflict occurs, and the bound client cannot obtain the IP address.

You can specify multiple static bindings in an address pool. The total number of static bindings in all address pools cannot exceed 8192.

An IP address can be bound to only one DHCP client. To modify the binding for a DHCP client, first execute the undo form of the command to delete the existing binding and then create a new binding.

This command is not supported in IP address pools that are configured with the remote-server command and act as DHCP relay address pools.

Examples

# Bind IP address 10.1.1.1/24 to client ID 00aa-aabb in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0 client-identifier 00aa-aabb

Related commands

display dhcp server pool

tftp-server domain-name

Use tftp-server domain-name to specify a TFTP server name in a DHCP address pool.

Use undo tftp-server domain-name to restore the default.

Syntax

tftp-server domain-name domain-name

undo tftp-server domain-name

Default

No TFTP server name is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify TFTP server name aaa in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] tftp-server domain-name aaa

Related commands

display dhcp server pool

tftp-server ip-address

Use tftp-server ip-address to specify a TFTP server address in a DHCP address pool.

Use undo tftp-server ip-address to restore the default.

Syntax

tftp-server ip-address ip-address

undo tftp-server ip-address

Default

No TFTP server address is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address of a TFTP server.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify TFTP server address 10.1.1.1 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] tftp-server ip-address 10.1.1.1

Related commands

display dhcp server pool

tftp-server domain-name

valid class

Use valid class to add DHCP user classes to the whitelist.

Use undo valid class to remove DHCP user classes from the whitelist.

Syntax

valid class class-name&<1-8>

undo valid class class-name&<1-8>

Default

No DHCP user class is listed on the whitelist.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

class-name&<1-8>: Specifies a space-separated list of up to eight DHCP user classes by their names, a case-insensitive string of 1 to 63 characters.

Usage guidelines

For this command to take effect, you must enable the DHCP user class whitelist.

Examples

# Add DHCP user classes test1 and test2 to the whitelist in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] valid class test1 test2

Related commands

dhcp class

verify class

Use verify class to enable the DHCP user class whitelist.

Use undo verify class to disable the DHCP user class whitelist.

Syntax

verify class

undo verify class

Default

The DHCP user class whitelist is disabled.

Views

DHCP address pool view

Predefined user roles

network-admin

Usage guidelines

After you enable the DHCP user class whitelist, the DHCP server processes requests only from clients on the DHCP user class whitelist.

The DHCP user class whitelist does not take effect on clients that request static IP addresses, and the server always processes their requests.

Examples

# Enable the DHCP user class whitelist in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] verify class

Related commands

valid class

voice-config

Use voice-config to configure the content for Option 184 in a DHCP address pool.

Use undo voice-config to remove the Option 184 content from a DHCP address pool.

Syntax

voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } }

undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ]

Default

No Option 184 content is configured in a DHCP address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

as-ip ip-address: Specifies the IP address of the backup network calling processor.

fail-over ip-address dialer-string: Specifies the failover IP address and dialer string. The dialer-string is a string of 1 to 39 characters. Valid characters are digits and asterisk (*).

ncp-ip ip-address: Specifies the IP address of the primary network calling processor.

voice-vlan vlan-id: Specifies the voice VLAN ID in the range of 2 to 4094.

· disable: Disables the specified VLAN. DHCP clients will not take this VLAN as their voice VLAN.

· enable: Enables the specified VLAN. DHCP clients will take this VLAN as their voice VLAN.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure Option 184 in DHCP address pool 0. The primary and backup network calling processors are at 10.1.1.1 and 10.2.2.2, respectively. The voice VLAN 3 is enabled. The failover IP address is 10.3.3.3. The dialer string is 99*.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] voice-config ncp-ip 10.1.1.1

[Sysname-dhcp-pool-0] voice-config as-ip 10.2.2.2

[Sysname-dhcp-pool-0] voice-config voice-vlan 3 enable

[Sysname-dhcp-pool-0] voice-config fail-over 10.3.3.3 99*

Related commands

display dhcp server pool

vpn-instance

Use vpn-instance to apply a DHCP address pool to a VPN instance.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

The DHCP address pool is not applied to any VPN instance.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

If a DHCP address pool is applied to a VPN instance, the DHCP server assigns IP addresses in this address pool to clients in the specified VPN instance.

The DHCP server identifies the VPN instance to which a DHCP client belongs according to the following information:

· The client's VPN information stored in authentication modules.

· The VPN information of the DHCP server's interface that receives DHCP packets from the client.

The VPN information from authentication modules takes priority over the VPN information of the receiving interface.

Examples

# Apply DHCP address pool 0 to VPN instance abc.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] vpn-instance abc

DHCP relay agent commands

dhcp relay check mac-address

Use dhcp relay check mac-address to enable MAC address check on the relay agent.

Use undo dhcp relay check mac-address to disable MAC address check on the relay agent.

Syntax

dhcp relay check mac-address

undo dhcp relay check mac-address

Default

The MAC address check feature is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This feature enables the DHCP relay agent to compare the chaddr field of a received DHCP request with the source MAC address in the frame header. If they are the same, the DHCP relay agent forwards the request to the DHCP server. If they are not the same, the DHCP relay agent discards the request.

The MAC address check feature takes effect only when the dhcp select relay command has already been configured on the interface.

Enable the MAC address check feature only on the DHCP relay agent directly connected to the DHCP clients. A DHCP relay agent changes the source MAC address of DHCP packets before sending them.

Examples

# Enable MAC address check on the DHCP relay agent.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay check mac-address

Related commands

dhcp select relay

dhcp relay check mac-address aging-time

Use dhcp relay check mac-address aging-time to set the aging time for MAC address check entries on the DHCP relay agent.

Use undo dhcp relay check mac-address aging-time to restore the default.

Syntax

dhcp relay check mac-address aging-time time

undo dhcp relay check mac-address aging-time

Default

The aging time is 30 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time: Specifies the aging time for MAC address check entries, in the range of 30 to 600 seconds.

Usage guidelines

This command takes effect only after you execute the dhcp relay check mac-address command.

Examples

# Set the aging time to 60 seconds for MAC address check entries on the DHCP relay agent.

<Sysname> system-view

[Sysname] dhcp relay check mac-address aging-time 60

dhcp relay client-information record

Use dhcp relay client-information record to enable recording client information in relay entries.

Use undo dhcp relay client-information record to disable the feature.

Syntax

dhcp relay client-information record

undo dhcp relay client-information record

Default

The DHCP relay agent does not record client information in relay entries.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Client information is recorded only when the DHCP relay agent is configured on the gateway of DHCP clients. A relay entry contains information about a client such as the client's IP and MAC addresses.

Disabling the recording of client information deletes all recorded relay entries.

Examples

# Enable the recording of relay entries on the relay agent.

<Sysname> system-view

[Sysname] dhcp relay client-information record

Related commands

dhcp relay client-information refresh

dhcp relay client-information refresh enable

dhcp relay client-information refresh

Use dhcp relay client-information refresh to set the interval at which the DHCP relay agent refreshes relay entries.

Use undo dhcp relay client-information refresh to restore the default.

Syntax

dhcp relay client-information refresh { auto | interval interval } [ record-keep-time time ]

undo dhcp relay client-information refresh

Default

The refresh interval is automatically calculated based on the number of relay entries. The keep time for DHCP relay entries is 0 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

auto: Automatically calculates the refresh interval. The more the entries, the shorter the refresh interval. The shortest interval is 50 milliseconds.

interval interval: Specifies the refresh interval in the range of 1 to 120 seconds.

record-keep-time time: Specifies the keep time for DHCP relay entries in the range of 10 to 2880 minutes.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

After you enable periodical relay entry refresh for the DHCP relay agent, it uses a client's IP address and the relay interface's MAC address to periodically send a DHCP-REQUEST message to the DHCP server. If the DHCP server returns a DHCP-ACK message or does not return any message within a refresh interval, the IP address is assignable. The DHCP relay agent will then remove the relay entry for that IP address.

With such a mechanism, the DHCP relay agent might remove the relay entry for an online DHCP client by mistake when the following conditions exist:

· The DHCP server does not reply to the DHCP-REQUEST message with the client's IP address three times in a row. This event might occur when the DHCP server restarts.

· The client does not send any DHCP-RELEASE message.

To resolve this issue, use the record-keep-time time option to prolong the keep time for DHCP relay entries. When the DHCP server does not reply to a DHCP-REQUEST message three times in a row, the DHCP relay agent does not remove the corresponding relay entry. Instead, it starts the keep time counter and keeps sending the DHCP-REQUEST message to the DHCP server at refresh intervals.

· If the DHCP server returns a DHCP-ACK message or does not return any message before the keep time elapses, the DHCP relay agent removes the relay entry.

· If the DHCP server returns a DHCP-NAK message before the keep time elapses, the DHCP relay agent keeps the relay entry and resets the keep time counter.

The DHCP relay agent will start the keep time counter again if the DHCP server does not reply to another DHCP-REQUEST message three times in a row.

Examples

# Set the refresh interval to 100 seconds.

<Sysname> system-view

[Sysname] dhcp relay client-information refresh interval 100

Related commands

dhcp relay client-information record

dhcp relay client-information refresh enable

Use dhcp relay client-information refresh enable to enable the DHCP relay agent to periodically refresh dynamic relay entries.

Use undo dhcp relay client-information refresh enable to disable the DHCP relay agent to periodically refresh dynamic relay entries.

Syntax

dhcp relay client-information refresh enable

undo dhcp relay client-information refresh enable

Default

The DHCP relay agent periodically refreshes relay entries.

Views

System view

Predefined user roles

network-admin

Usage guidelines

A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client.

With this feature, the DHCP relay agent uses a client's IP address to periodically send a DHCP-REQUEST message to the DHCP server.

· If the server returns a DHCP-ACK message or does not return any message within an interval, the DHCP relay agent performs the following operations:

¡ Removes the relay entry.

¡ Sends a DHCP-RELEASE message to the DHCP server to release the IP address.

· If the server returns a DHCP-NAK message, the relay agent keeps the entry.

With this feature disabled, the DHCP relay agent does not remove relay entries automatically. After a DHCP client releases its IP address, you must use the reset dhcp relay client-information on the relay agent to remove the corresponding relay entry.

Examples

# Disable periodic refresh of relay entries.

<Sysname> system-view

[Sysname] undo dhcp relay client-information refresh enable

Related commands

dhcp relay client-information record

dhcp relay client-information refresh

reset dhcp relay client-information

dhcp relay dhcp-server timeout

Use dhcp relay dhcp-server timeout to set the DHCP server response timeout time for DHCP server switchover.

Use undo dhcp relay dhcp-server timeout to restore the default.

Syntax

dhcp relay dhcp-server timeout time

undo dhcp relay dhcp-server timeout

Default

The DHCP server response timeout time is 30 seconds.

Views

Interface view

Predefined user roles

network-admin

Parameters

time: Specifies the DHCP server response timeout time in the range of 1 to 65535 seconds.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the DHCP server response timeout time to 60 seconds for DHCP server switchover on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp relay dhcp-server timeout 60

Related commands

dhcp relay server-address algorithm

dhcp relay gateway

Use dhcp relay gateway to specify the DHCP relay agent address to be inserted in DHCP requests.

Use undo dhcp relay gateway to restore the default.

Syntax

dhcp relay gateway ip-address

undo dhcp relay gateway

Default

The primary IP address of the interface is inserted in DHCP requests as the DHCP relay agent address.

Views

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the DHCP relay agent address. It must be an IP address of the interface.

Usage guidelines

The DHCP relay agent uses the specified IP address instead of the primary IP address of the relay interface as the DHCP relay agent address.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify 10.1.1.1 as the DHCP relay agent address to be inserted in DHCP requests on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp relay gateway 10.1.1.1

Related commands

gateway-list

dhcp relay information circuit-id

Use dhcp relay information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option of Option 82.

Use undo dhcp relay information circuit-id to restore the default.

Syntax

dhcp relay information circuit-id { bas | string circuit-id | vxlan-port | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] [ interface ] } [ format { ascii | hex } ] }

undo dhcp relay information circuit-id

Default

The padding mode is normal and the padding format is hex.

Views

Interface view

Predefined user roles

network-admin

Parameters

bas: Specifies the bas mode that fills in the Circuit ID sub-option with the interface and VLAN information in the format of interface-type slot/subslot/port vxlan_id.vlan_id.subvlan_id.

string circuit-id: Specifies the string mode that uses a case-sensitive string of 3 to 63 characters as the content of the Circuit ID sub-option.

vxlan-port: Specifies the mode that uses the VXLAN ID and port number to pad the Circuit ID sub-option.

normal: Specifies the normal mode, in which the padding content consists of the VLAN ID and port number.

verbose: Specifies the verbose mode. The padding content includes the node identifier, interface information, and VLAN ID. The default node identifier is the MAC address of the access node. The default interface information consists of the Ethernet type (fixed to eth), chassis number, slot number, sub-slot number, and interface number.

node-identifier: Specifies the access node identifier.

· mac: Uses the MAC address of the access node as the node identifier.

· sysname: Uses the device name as the node identifier. You can set the device name by using the sysname command in system view. The padding format for the device name is always ASCII regardless of the specified padding format. If the sysname keyword is specified, make sure the device name does not include any spaces. Otherwise, the DHCP relay agent fails to add or replace Option 82.

· user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node identifier. The padding format for the specified character string is always ASCII regardless of the specified padding format.

interface: Uses the interface name as the interface information. The padding format for the interface name is always ASCII regardless of the specified padding format.

format: Specifies the padding format for the Circuit ID sub-option.

ascii: Specifies the ASCII padding format.

hex: Specifies the hex padding format.

Usage guidelines

The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For more information about interface splitting and subinterfaces, see Interface Configuration Guide.

If you execute this command multiple times, the most recent configuration takes effect.

The padding format for the string mode, the normal mode, or the verbose mode varies by command configuration. Table 8 shows how the padding format is determined for different modes.

Table 8 Padding format for different modes

Keyword (mode)	If no padding format is set	If the padding format is ascii	If the padding format is hex
string circuit-id	The padding format is ASCII, and is not configurable.	N/A	N/A
normal	Hex.	ASCII.	Hex.
verbose	Hex for the VLAN ID. ASCII for the node identifier, Ethernet type, chassis number, slot number, sub-slot number, and interface number.	ASCII.	ASCII for the node identifier and Ethernet type. Hex for the chassis number, slot number, sub-slot number, interface number, and VLAN ID.

Examples

# Specify the content mode as verbose, node identifier as the device name, and the padding format as ASCII for the Circuit ID sub-option.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay information enable

[Sysname-Vlan-interface10] dhcp relay information strategy replace

[Sysname-Vlan-interface10] dhcp relay information circuit-id verbose node-identifier sysname format ascii

Related commands

dhcp relay information enable

dhcp relay information strategy

display dhcp relay information

dhcp relay information enable

Use dhcp relay information enable to enable the DHCP relay agent to support Option 82.

Use undo dhcp relay information enable to disable Option 82 support.

Syntax

dhcp relay information enable

undo dhcp relay information enable

Default

The DHCP relay agent does not support Option 82.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp relay information circuit-id and dhcp relay information remote-id commands. If the DHCP requests contain Option 82, the relay agent handles the requests according to the strategy configured with the dhcp relay information strategy command.

If this feature is disabled, the relay agent forwards requests that contain or do not contain Option 82 to the DHCP server.

Examples

# Enable Option 82 support on the relay agent.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay information enable

Related commands

dhcp relay information circuit-id

dhcp relay information remote-id

dhcp relay information strategy

display dhcp relay information

dhcp relay information link-selection

Use dhcp relay information link-selection to specify the IP address to be inserted in sub-option 5 of Option 82.

Use undo dhcp relay information link-selection to restore the default.

Syntax

dhcp relay information link-selection link-selection-address

undo dhcp relay information link-selection

Default

The relay agent inserts either of the following addresses in sub-option 5 of Option 82:

· Gateway address in the AAA authorized address pool or the address pool bound to the relay interface.

· IP address of the relay interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

link-selection-address: Specifies an IP address in dotted decimal notation. The specified address will be inserted in sub-option 5 of Option 82.

Usage guidelines

When you use this command, follow these guidelines:

· To have the DHCP relay agent forward requests with Option 82 and sub-option 5, perform the following tasks first:

¡ Enable the DHCP relay agent to support Option 82 by using the dhcp relay information enable command.

¡ Specify a source IP address for relayed DHCP requests by using the dhcp relay source-address command.

· To ensure successful IP address allocation, the specified sub-option 5 address must belong to the same network segment as one of the following:

¡ Gateway address in the AAA authorized address pool or the address pool bound to the relay interface.

¡ IP address of the DHCP relay interface.

The relay agent selects the IP address to be inserted in sub-option 5 in the following order:

1. IP address specified by using the dhcp relay information link-selection command.

2. Gateway address in the authorized address pool or the address pool bound to the relay interface.

3. IP address of the relay interface.

Examples

# Insert IP address 1.1.1.1 in sub-option 5 for requests received on interface Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp relay information link-selection 1.1.1.1

Related commands

dhcp relay information enable

dhcp relay source-address

dhcp relay information remote-id

Use dhcp relay information remote-id to configure the padding mode and padding format for the Remote ID sub-option of Option 82.

Use undo dhcp relay information remote-id to restore the default.

Syntax

dhcp relay information remote-id { normal [ format { ascii | hex } ] | string remote-id | sysname }

undo dhcp relay information remote-id

Default

The padding mode is normal and the padding format is hex.

Views

Interface view

Predefined user roles

network-admin

Parameters

normal: Specifies the normal mode in which the padding content is the MAC address of the receiving interface.

format: Specifies the padding format for the Remote ID sub-option. The default padding format is hex.

ascii: Specifies the ASCII padding format.

hex: Specifies the hex padding format.

string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option.

sysname: Specifies the sysname mode that uses the device name as the content of the Remote ID sub-option. You can set the device name by using the sysname command.

Usage guidelines

The padding format for the specified character string (string) or the device name (sysname) is always ASCII. The padding format for the normal mode is determined by the command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the padding content for the Remote ID sub-option of Option 82 as device001.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay information enable

[Sysname-Vlan-interface10] dhcp relay information strategy replace

[Sysname-Vlan-interface10] dhcp relay information remote-id string device001

Related commands

dhcp relay information enable

dhcp relay information strategy

display dhcp relay information

dhcp relay information strategy

Use dhcp relay information strategy to configure the strategy for the DHCP relay agent to handle messages containing Option 82.

Use undo dhcp relay information strategy to restore the default handling strategy.

Syntax

dhcp relay information strategy { drop | keep | replace }

undo dhcp relay information strategy

Default

The handling strategy for messages that contain Option 82 is replace.

Views

Interface view

Predefined user roles

network-admin

Parameters

drop: Drops DHCP messages that contain Option 82 messages.

keep: Keeps the original Option 82 intact and forwards the DHCP messages.

replace: Replaces the original Option 82 with the configured Option 82 before forwarding the DHCP messages.

Usage guidelines

This command takes effect only on DHCP requests that contain Option 82.

For DHCP requests that do not contain Option 82, the DHCP relay agent always adds Option 82 to the requests before forwarding the requests to the DHCP server.

If the handling strategy is replace, configure a padding mode and padding format for Option 82. If the handling strategy is keep or drop, you do not need to configure any padding mode or padding format. The settings do not take effect even if you configure them.

Examples

# Specify the handling strategy for Option 82 as keep.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay information enable

[Sysname-Vlan-interface10] dhcp relay information strategy keep

Related commands

dhcp relay information enable

display dhcp relay information

dhcp relay insert option60

Use dhcp relay insert option60 to enable the DHCP relay agent to insert Option 60 into DHCP requests.

Use undo dhcp relay insert option60 to restore the default.

Syntax

dhcp relay insert option60 option-text

undo dhcp relay insert option60

Default

The DHCP relay agent does not insert Option 60 into DHCP requests.

Views

Interface view

Predefined user roles

network-admin

Parameters

option-text: Specifies the content of Option 60, a case-sensitive string of 1 to 128 characters.

Usage guidelines

Option 60 records vendor class identifier information of DHCP clients. It allows the clients to obtain IP addresses from different address ranges. After receiving a DHCP request with Option 60 encapsulated, the DHCP server follows the procedure to assign an IP address:

1. Uses Option 60 to determine a user class for the client.

2. Selects an IP address from the address range that matches the user class and assigns the address to the client.

After you enable Option 60 insertion on the DHCP relay agent, the relay agent first examines whether the received DHCP request contains Option 60.

· If the request does not contain Option 60, the relay agent inserts the option string into the request before forwarding the request to the DHCP server.

· If the request contains Option 60, the relay agent forwards the request to the DHCP server without processing this option.

The command takes effect only after you execute the dhcp select relay command.

If you execute this command multiple times on an interface, the most recent configuration takes effect.

Examples

# On VLAN-interface 10, enable the DHCP relay agent to insert Option 60 into DHCP requests.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay insert option60 sysname.com

Related commands

dhcp select relay

dhcp relay mac-forward enable

Use dhcp relay mac-forward enable to enable MAC address table lookup for DHCP replies that do not have forwarding information on the relay agent.

Use undo dhcp relay mac-forward enable to restore the default.

Syntax

dhcp relay mac-forward enable [ broadcast ]

undo dhcp relay mac-forward enable

Default

The DHCP relay agent discards a DHCP reply if the agent does not have the forwarding information for the reply.

Views

System view

Predefined user roles

network-admin

Parameters

broadcast: Broadcasts DHCP replies out of the interface in the matching MAC address entry. If you do not specify this keyword, the DHCP relay agent unicasts DHCP replies.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Enable MAC address table lookup for DHCP replies that do not have forwarding information on the relay agent.

<Sysname> system-view

[Sysname] dhcp relay mac-forward enable

dhcp relay master-server switch-delay

Use dhcp relay master-server switch-delay to enable the switchback to the master DHCP server and set the switchback delay time.

Use undo dhcp relay master-server switch-delay to restore the default.

Syntax

dhcp relay master-server switch-delay delay-time

undo dhcp relay master-server switch-delay

Default

The DHCP relay agent does not switch back to the master DHCP server.

Views

Interface view

Predefined user roles

network-admin

Parameters

delay-time: Specifies the delay time in the range of 1 to 65535 minutes.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the DHCP relay agent to switch back to the master DHCP server 3 minutes after it switches to a backup DHCP server on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp relay master-server switch-delay 3

Related commands

dhcp relay server-address algorithm

dhcp relay pool

Use dhcp relay pool to specify a DHCP relay address pool for DHCP clients.

Use undo dhcp relay pool to remove a DHCP relay address pool.

Syntax

dhcp relay pool pool-name [ option code [ option-text ] ]

undo dhcp relay pool [ pool-name [ option code [ option-text ] ] ]

Default

No DHCP relay address pool is specified for DHCP clients.

Views

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

VLAN interface view

Predefined user roles

network-admin

Parameters

pool-name: Specifies a DHCP relay address pool by its name, a case-insensitive string of 1 to 63 characters.

option code [ option-text ]: Specifies the option setting to match DHCP requests. If you do not specify this option, the DHCP relay address pool can match all DHCP requests that the interface receives.

· T he code argument represents the option code and the value range for this argument is 1 to 254.

· To match DHCP requests by the content of Option 60, specify the option-text argument. This argument is available only when the value for the code argument is 60. The value for this argument is a case-sensitive string of 1 to 128 characters.

Usage guidelines

After you configure multiple DHCP relay address pools on a DHCP relay agent, you can specify these pools on an interface. To match DHCP clients based on options, you can define option settings when you specify the relay address pools.

If you specify multiple DHCP relay address pools on an interface, the relay agent selects a DHCP relay address pool for a DHCP client as follows:

1. Compares option values in the DHCP request in descending order against option values in DHCP relay address pools.

¡ If a match (other than 60) is found, the matching process stops and the relay agent selects that matching relay address pool.

¡ If an Option 60 match is found, the relay agent continues to compare the Option 60 content in the request and the Option 60 strings in the relay address pools configured with the option-text argument:

- If the Option 60 content matches the Option 60 string in a relay address pool, the relay address pool is selected.

- If the Option 60 content does not match the Option 60 string in any relay address pool, the relay agent selects the relay address pool that is not configured with the option-text argument.

2. If still no DHCP relay address pool is matched, the relay agent selects the DHCP relay address pool with no options specified.

If you specify DHCP servers by configuring both the following methods on an interface, the DHCP relay address pool setting takes effect.

· Specify DHCP relay address pools by using the dhcp relay pool command.

· Specify DHCP servers directly on an interface by using the dhcp relay server-address command.

When you specify a DHCP relay address pool on an interface to define the DHCP servers, make sure the remote-server command is configured in the DHCP relay address pool. Otherwise, the relay agent drops DHCP requests. The DHCP requests are not forwarded to any DHCP server even if the dhcp relay server-address command is configured.

If you execute this command multiple times to specify different DHCP address pools with the same DHCP option, the most recent configuration takes effect.

If you do not specify a DHCP address pool, the undo dhcp relay pool command removes all DHCP address pools specified on the interface .

Examples

# Specify DHCP relay address pool pool1 on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp relay pool pool1

Related commands

dhcp relay server-address

dhcp relay release-agent

Use dhcp relay release-agent to enable release notification.

Use undo dhcp relay release-agent to disable release notification.

Syntax

dhcp relay release-agent

undo dhcp relay release-agent

Default

Release notification is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Users might roam among different gateways on a wireless network. When a user roams to a new gateway, the ARP entry of the user on the old gateway will age out. With DHCP client offline detection enabled, the DHCP relay agent deletes the relay entry of the user after the user's ARP entry expires. It also sends a DHCP-RELEASE message to the server to release the user address. When the DHCP server assigns that address to another user, an address conflict occurs. To avoid this situation, execute the undo dhcp relay release-agent command to disable the relay agent from sending release messages to the DHCP server when it deletes relay entries. This feature also applies when the DHCP relay entries are manually deleted by using the reset command.

Disabling release notification does not affect relaying DHCP-RELEASE messages that are sent from DHCP clients. The DHCP relay agent forwards these messages to the DHCP server after receiving them from DHCP clients.

Examples

# Disable release notification.

<Sysname> system-view

[Sysname] undo dhcp relay release-agent

dhcp relay release ip

Use dhcp relay release ip to release a client IP address.

Syntax

dhcp relay release ip ip-address [ vpn-instance vpn-instance-name ]

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address to be released.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the specified IP address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command releases the IP address on the public network.

Usage guidelines

After you execute this command, the relay agent sends a DHCP-RELEASE packet to the DHCP server and removes the relay entry of the IP address. Upon receiving the packet, the server removes binding information about the specified IP address to release the IP address.

Examples

# Release IP address 1.1.1.1.

<Sysname> system-view

[Sysname] dhcp relay release ip 1.1.1.1

dhcp relay request-from-tunnel discard

Use dhcp relay request-from-tunnel discard to configure the DHCP relay agent to discard the DHCP requests that are delivered from VXLAN tunnels.

Use undo dhcp relay request-from-tunnel discard to restore the default.

Syntax

dhcp relay request-from-tunnel discard

undo dhcp relay request-from-tunnel discard

Default

The DHCP relay agent can forward the DHCP requests that are delivered from VXLAN tunnels.

Views

VXLAN VSI interface view

VXLAN VLAN interface view

Predefined user roles

network-admin

Usage guidelines

In a VXLAN network, the DHCP relay agent feature can be configured on the VSI or VLAN interface of a VTEP.

When the DHCP relay agent receives a DHCP request on the VLAN interface or from an AC mapped to the VSI interface, the relay agent forwards this request to the DHCP servers and broadcasts this request to other VTEPs. If those VTEPs also function as the DHCP relay agents, each will forward the DHCP request to the DHCP servers they are connecting to. To prevent a DHCP server from receiving the same DHCP request from different VTEPs, you can configure this command on the VSI or VLAN interface of the VTEPs that are not directly connecting to DHCP clients.

Examples

# Configure the DHCP relay agent to discard the DHCP requests that are delivered from VXLAN tunnels.

<Sysname> system-view

[Sysname] interface vsi-interface 1

[Sysname-Vsi-interface1] dhcp relay request-from-tunnel discard

dhcp relay server-address

Use dhcp relay server-address to specify DHCP servers on the DHCP relay agent.

Use undo dhcp relay server-address to remove DHCP servers.

Syntax

dhcp relay server-address ip-address [ class class-name ] [ public | vpn-instance vpn-instance-name ]

undo dhcp relay server-address [ ip-address [ class class-name ] [ public | vpn-instance vpn-instance-name ] ]

Default

No DHCP server is specified on the DHCP relay agent.

Views

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address of a DHCP server. The DHCP relay agent forwards DHCP packets received from DHCP clients to this DHCP server.

class class-name: Specifies a DHCP user class to match DHCP request packets. The class name is a case-sensitive string of 1 to 63 characters. If you do not specify this option, no DHCP user class is used to match DHCP requests.

public: Specifies that the DHCP server is on the public network.

vpn-instance vpn-instance-name: Specifies the name of the MPLS L3VPN instance to which the DHCP server belongs. The instance name is a case-sensitive string of 1 to 31 characters.

Usage guidelines

The specified IP address of the DHCP server must not reside on the same subnet as the IP address of the DHCP relay agent interface. Otherwise, the DHCP clients might fail to obtain IP addresses.

You can specify a maximum of eight DHCP servers on an interface.

After receiving a DHCP request, the DHCP relay agent forwards the packets as follows:

· If the request matches a user class rule, the DHCP relay agent forwards the packet to DHCP servers that are configured with the user class.

· If the request does not match any user class rule, the DHCP relay agent forwards the request to DHCP servers with no user classes configured.

If you execute this command with the same user class but different values for the ip-address argument, you specify the same user class for different DHCP servers. If you execute the command with different user classes for the same ip-address, the most recent configuration takes effect.

If you specify an MPLS L3VPN instance, the DHCP relay agent forwards DHCP requests to the DHCP servers in this VPN instance. If neither the public keyword nor the vpn-instance vpn-instance-name option is specified, the DHCP server on the same network as the DHCP client is selected.

If you do not specify an IP address, the undo dhcp relay server-address command removes all DHCP servers on the interface.

If the DHCP server selecting algorithm is master-backup, make sure both the master and backup servers have the same user class configured or have no user classes configured. Otherwise, DHCP clients cannot obtain IP addresses correctly.

Examples

# Specify DHCP server address 1.1.1.1 on VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay server-address 1.1.1.1

Related commands

dhcp select relay

display dhcp relay interface

dhcp relay server-address algorithm

Use dhcp relay server-address algorithm to specify the DHCP server selecting algorithm.

Use undo dhcp relay server-address algorithm to restore the default.

Syntax

dhcp relay server-address algorithm { master-backup | polling }

undo dhcp relay server-address algorithm

Default

The polling algorithm is used. The DHCP relay agent forwards DHCP requests to all DHCP servers at the same time.

Views

Interface view

Predefined user roles

network-admin

Parameters

master-backup: Forwards DHCP requests to the master DHCP server first. If the master server is not available or does not have assignable IP addresses, the relay agent forwards DHCP requests to backup DHCP servers in the order they are specified.

polling: Forwards DHCP requests to all DHCP servers at the same time.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify master-backup as the DHCP server selecting algorithm on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp relay server-address algorithm master-backup

Related commands

dhcp relay dhcp-server timeout

dhcp relay master-server switch-delay

dhcp relay server-address

remote-server algorithm

dhcp relay source-address

Use dhcp relay source-address to specify the source IP address for relayed DHCP requests.

Use undo dhcp relay source-address to restore the default.

Syntax

dhcp relay source-address { ip-address | interface interface-type interface-number } [ default-giaddr ]

undo dhcp relay source-address

Default

The relay agent chooses the default source IP address for relayed requests depending on whether its server-side interface and the DHCP server belong to the same VPN instance:

· If they belong to the same VPN instance, the relay agent uses the IP address of the output interface for relayed requests as the source IP address.

· If they belong to different VPN instances, the relay agent uses the lowest IP address that is in the same VPN instance as the DHCP server as the source address.

Views

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the source IP address.

interface interface-type interface-number: Uses the IP address of an interface as the source IP address. The interface-type interface-number arguments specify an interface by its type and number.

default-giaddr: Retains the original IP address in the giaddr field. If you do not specify this keyword, the relay agent will replace the original IP address in the giaddr field with the specified source IP address.

Usage guidelines

This command is required if multiple relay interfaces share the same IP address or if a relay interface does not have routes to DHCP servers. You can use this command to specify the IP address of another interface, typically the loopback interface, on the DHCP relay agent as the source IP address for DHCP requests. The relay interface inserts the source IP address in the source IP address field as well as the giaddr field in DHCP requests.

If multiple relay interfaces share the same IP address, you must also configure the relay interface to support Option 82. Upon receiving a DHCP request, the relay interface inserts the subnet information in sub-option 5 in Option 82. The DHCP server assigns an IP address according to sub-option 5. The DHCP relay agent looks the output interface up in the MAC address table to forward the DHCP reply.

To change the source address for relayed DHCP requests without changing the padding mode for the giaddr field, specify the default-giaddr keyword.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify 1.1.1.1 as the source IP address for relayed DHCP requests on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp relay source-address 1.1.1.1

Related commands

dhcp select relay

dhcp smart-relay enable

Use dhcp smart-relay enable to enable the DHCP smart relay feature.

Use undo dhcp smart-relay enable to disable the DHCP smart relay feature.

Syntax

dhcp smart-relay enable

undo dhcp smart-relay enable

Default

The DHCP smart relay feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The smart relay feature allows the relay agent to use secondary IP addresses as the gateway address when the DHCP server does not reply the DHCP-OFFER message. The relay agent initially inserts its primary IP address in the giaddr field before forwarding a request to the DHCP server. If no DHCP-OFFER is returned after two retries, the relay agent switches to secondary IP addresses.

Without this feature, the relay agent always uses the primary IP address as the gateway address.

Examples

# Enable the DHCP smart relay feature.

<Sysname> system-view

[Sysname] dhcp smart-relay enable

Related commands

dhcp select

gateway-list

dhcp-server timeout

Use dhcp-server timeout to set the DHCP server response timeout time for DHCP server switchover.

Use undo dhcp-server timeout to restore the default.

Syntax

dhcp-server timeout time

undo dhcp-server timeout

Default

The DHCP server response timeout time is 30 seconds.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

time: Specifies the DHCP server response timeout time in the range of 1 to 65535 seconds.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the DHCP server response timeout time to 60 seconds for DHCP server switchover in DHCP relay address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] dhcp-server timeout 60

Related commands

remote-server algorithm

display dhcp relay check mac-address

Use display dhcp relay check mac-address to display MAC address check entries on the relay agent.

Syntax

display dhcp relay check mac-address

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display MAC address check entries on the DHCP relay agent.

<Sysname> display dhcp relay check mac-address

Source-MAC Interface Aging-time

23f3-1122-adf1 Vlan2 10

23f3-1122-2230 Vlan3 30

Table 9 Command output

Field	Description
Source MAC	Source MAC address of the attacker.
Interface	Interface where the attack comes from.
Aging-time	Aging time of the MAC address check entry, in seconds.

display dhcp relay client-information

Use display dhcp relay client-information to display relay entries on the relay agent.

Syntax

display dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Displays relay entries on the specified interface. If you do not specify an interface, this command displays relay entries on all interfaces.

ip ip-address: Displays the relay entry for the specified IP address. If you do not specify an IP address, this command displays relay entries for all IP addresses.

Usage guidelines

The DHCP relay agent records relay entries only after you configure the dhcp relay client-information record command.

Examples

# Display all relay entries on the relay agent.

<Sysname> display dhcp relay client-information

Total number of client-information items: 2

Total number of dynamic items: 1

Total number of temporary items: 1

IP address MAC address Type Interface VPN name

10.1.1.1 00e0-0000-0001 Dynamic Vlan2 N/A

10.1.1.5 00e0-0000-0000 Temporary Vlan2 N/A

Table 10 Command output

Field	Description
Total number of client-information items	Total number of relay entries.
Total number of dynamic items	Total number of dynamic relay entries.
Total number of temporary items	Total number of temporary relay entries.
IP address	IP address of the DHCP client.
MAC address	MAC address of the DHCP client.
Type	Relay entry type: · Dynamic—The relay agent creates a dynamic relay entry upon receiving an ACK response from the DHCP server. · Temporary—The relay agent creates a temporary relay entry upon receiving a REQUEST packet from a DHCP client.
Interface	Layer 3 interface connected to the DHCP client. N/A is displayed for relay entries without interface information.
VPN name	Name of the VPN instance to which the DHCP client belongs. If the DHCP client does not belong to any VPN, this field displays N/A.

Related commands

dhcp relay client-information record

reset dhcp relay client-information

display dhcp relay information

Use display dhcp relay information to display Option 82 configuration information for the DHCP relay agent.

Syntax

display dhcp relay information [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Displays Option 82 configuration information for the specified interface. If you do not specify an interface, this command displays Option 82 configuration information about all interfaces.

Examples

# Display Option 82 configuration information for all interfaces.

<Sysname> display dhcp relay information

Interface: Vlan-interface100

Status: Enable

Strategy: Replace

Circuit ID Pattern: Verbose

Remote ID Pattern: Sysname

Circuit ID format-type: Undefined

Remote ID format-type: ASCII

Node identifier: aabbcc

Interface: Vlan-interface200

Status: Enable

Strategy: Replace

Circuit ID Pattern: User Defined

Remote ID Pattern: User Defined

Circuit ID format-type: ASCII

Remote ID format-type: ASCII

User defined:

Circuit ID: vlan100

Remote ID: device001

Table 11 Command output

Field	Description
Interface	Interface name.
Status	Option 82 states: · Enable—DHCP relay agent support for Option 82 is enabled. · Disable—DHCP relay agent support for Option 82 is disabled.
Strategy	Handling strategy for request messages containing Option 82, Drop, Keep, or Replace.
Circuit ID Pattern	Padding content mode of the Circuit ID sub-option, Verbose, Normal, or User Defined.
Remote ID Pattern	Padding content mode of the Remote ID sub-option, Sysname, Normal, or User Defined.
Circuit ID format-type	Padding format of the Circuit ID sub-option, ASCII, Hex, or Undefined.
Remote ID format-type	Padding format of the Remote ID sub-option, ASCII, Hex, or Undefined.
Node identifier	Access node identifier.
User defined	Content of the user-defined sub-options.
Circuit ID	User-defined content of the Circuit ID sub-option.
Remote ID	User-defined content of the Remote ID sub-option.

display dhcp relay m-lag-status

Use display dhcp relay m-lag-status to display M-LAG status information recorded on the DHCP relay agent.

Syntax

display dhcp relay m-lag-status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display M-LAG status information recorded on the DHCP relay agent.

<Sysname> display dhcp relay m-lag-status

M-LAG role : Secondary

Peer-link/Peer-link Index : Bridge-Aggregation3/65540

Peer-link State : UP

Table 12 Command output

Field	Description
M-LAG role	M-LAG role: · Primary. · Secondary. If the device role is unknown, this field displays None.
Peer-link/Peer-link Index	Peer-link interface name or peer-link interface index.
Peer-link State	Physical status of the peer-link interface, up or down.

‌

display dhcp relay server-address

Use display dhcp relay server-address to display DHCP server addresses configured on an interface.

Syntax

display dhcp relay server-address [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Displays DHCP server addresses on the specified interface. If you do not specify an interface, this command displays DHCP server addresses on all interfaces.

Examples

# Display DHCP server addresses on all interfaces.

<Sysname> display dhcp relay server-address

Interface name Server IP address Public/VRF name Class name

Vlan2 2.2.2.2 Y/-- --

Vlan2 2.2.2.3 Y/-- abc

Table 13 Command output

Field	Description
Interface name	Interface name.
Server IP address	DHCP server IP address.
Public/VRF name	Location of the DHCP server, which is determined by the configuration of the dhcp relay server-address command. · If neither the public keyword nor the vpn-instance vpn-instance-name option is specified, this field displays --/--. · If the public keyword is specified, this field displays Y/--. · If the vpn-instance vpn-instance-name option is specified, the VPN instance name is displayed after the slash (/), for example, --/abc.
Class name	Name of a DHCP user class to match DHCP requests. This field displays hyphens (--) if the class class-name option is not specified in the dhcp relay server-address command.

Related commands

dhcp relay server-address

display dhcp relay statistics

Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent.

Syntax

display dhcp relay statistics [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Displays DHCP packet statistics on the specified interface. If you do not specify an interface, this command displays all DHCP packet statistics on the DHCP relay agent.

Examples

# Display all DHCP packet statistics on the DHCP relay agent.

<Sysname> display dhcp relay statistics

DHCP packets dropped: 0

Incorrect Message type: 0

Option Parsing failed: 0

Mac-check failed: 0

Other count: 0

DHCP packets received from clients: 0

DHCPDISCOVER: 0

DHCPREQUEST: 0

DHCPINFORM: 0

DHCPRELEASE: 0

DHCPDECLINE: 0

BOOTPREQUEST: 0

DHCP packets received from servers: 0

DHCPOFFER: 0

DHCPACK: 0

DHCPNAK: 0

BOOTPREPLY: 0

DHCP packets relayed to servers: 0

DHCPDISCOVER: 0

DHCPREQUEST: 0

DHCPINFORM: 0

DHCPRELEASE: 0

DHCPDECLINE: 0

BOOTPREQUEST: 0

DHCP packets relayed to clients: 0

DHCPOFFER: 0

DHCPACK: 0

DHCPNAK: 0

BOOTPREPLY: 0

DHCP packets sent to servers: 0

DHCPDISCOVER: 0

DHCPREQUEST: 0

DHCPINFORM: 0

DHCPRELEASE: 0

DHCPDECLINE: 0

BOOTPREQUEST: 0

DHCP packets sent to clients: 0

DHCPOFFER: 0

DHCPACK: 0

DHCPNAK: 0

BOOTPREPLY: 0

Table 14 Command output

Field	Description
DHCP packets dropped	Total number of packets dropped by the DHCP relay agent.
Incorrect Message type	Number of packets dropped by the DHCP relay agent because of incorrect message types.
Option Parsing failed	Number of packets dropped by the DHCP relay agent because of option parsing failure.
Mac-check failed	Number of packets dropped by the DHCP relay agent because of MAC address check failure.
Other count	Number of packets dropped by the DHCP relay agent because of other reasons.

‌

Related commands

reset dhcp relay statistics

gateway-list

Use gateway-list to specify gateway addresses for DHCP clients in a DHCP address pool.

Use undo gateway-list to remove gateway addresses from a DHCP address pool.

Syntax

gateway-list ip-address&<1-64> export-route

undo gateway-list [ ip-address&<1-64> ] export-route

Default

No gateway address is specified in a DHCP address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address&<1-64>: Specifies a space-separated list of up to 64 addresses.

export-route: Binds the gateways to the device's MAC address in the address management module. The ARP module will use the entries to reply to ARP requests from the DHCP clients, ensuring that replies of the DHCP server can be routed to the gateways.

Usage guidelines

DHCP clients of the same access type can be classified into different types by their locations. In this case, the relay interface typically has no IP address configured. You can use the gateway-list command to specify gateway addresses for clients matching the same DHCP address pool and bind the gateway addresses to the device's MAC address.

Upon receiving a DHCP DISCOVER or REQUEST from a client that matches a DHCP address pool, the relay agent processes the packet as follows:

1. Fills the giaddr field of the packet with the specified gateway address.

2. Forwards the packet to all DHCP servers in the matching DHCP address pool.

The DHCP servers select a DHCP address pool according to the gateway address.

Examples

# Specify gateway address 10.1.1.1 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] gateway-list 10.1.1.1 export-route

Related commands

dhcp smart-relay enable

master-server switch-delay

Use master-server switch-delay to enable the switchback to the master DHCP server and set the switchback delay time.

Use undo master-server switch-delay to restore the default.

Syntax

master-server switch-delay delay-time

undo master-server switch-delay

Default

The DHCP relay agent does not switch back to the master DHCP server.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

delay-time: Specifies the delay time in the range of 1 to 65535 minutes.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the DHCP relay agent to switch back to the master DHCP server 3 minutes after it switches to a backup DHCP server in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] master-server switch-delay 3

Related commands

remote-server algorithm

remote-server

Use remote-server to specify DHCP servers for a DHCP relay address pool.

Use undo remote-server to remove DHCP servers from a DHCP relay address pool.

Syntax

remote-server ip-address&<1-8> [ public | vpn-instance vpn-instance-name ]

undo remote-server [ ip-address&<1-8> ]

Default

No DHCP server is specified for the DHCP relay address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address&<1-8>: Specifies a space-separated list of up to eight DHCP server addresses.

public: Specifies the DHCP servers on the public network.

vpn-instance vpn-instance-name: Specifies the name of the MPLS L3VPN instance to which the DHCP servers belong. The instance name is a case-sensitive string of 1 to 31 characters.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

If you do not specify a DHCP server address, the undo remote-server command removes all DHCP servers in the DHCP address pool.

If neither the public keyword nor the vpn-instance vpn-instance-name option is specified, DHCP servers on the same network as the DHCP client are selected.

Examples

# Specify DHCP server 10.1.1.1 for DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] remote-server 10.1.1.1

remote-server algorithm

Use remote-server algorithm to specify t he DHCP server selecting algorithm.

Use undo remote-server algorithm to restore the default.

Syntax

remote-server algorithm { master-backup | polling }

undo remote-server algorithm

Default

The polling algorithm is used. The DHCP relay agent forwards DHCP requests to all DHCP servers at the same time.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

polling: Forwards DHCP requests to all DHCP servers at the same time.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify master-backup as the DHCP server selecting algorithm in DHCP relay address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] remote-server algorithm master-backup

Related commands

dhcp relay server-address algorithm

dhcp-server timeout

master-server switch-delay

remote-server

reset dhcp relay client-information

Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent.

Syntax

reset dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Clears relay entries on the specified interface. If you do not specify an interface, this command clears relay entries on all interfaces.

ip ip-address: Clears the relay entry for the specified IP address. If you do not specify an IP address, this command clears relay entries for all IP addresses.

Examples

# Clear all relay entries on the DHCP relay agent.

<Sysname> reset dhcp relay client-information

Related commands

display dhcp relay client-information

reset dhcp relay statistics

Use reset dhcp relay statistics to clear relay agent statistics.

Syntax

reset dhcp relay statistics [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears all DHCP relay agent statistics.

Examples

# Clear all DHCP relay agent statistics.

<Sysname> reset dhcp relay statistics

Related commands

display dhcp relay statistics

DHCP client commands

dhcp client dad enable

Use dhcp client dad enable to enable duplicate address detection.

Use undo dhcp client dad enable to disable duplicate address detection.

Syntax

dhcp client dad enable

undo dhcp client dad enable

Default

Duplicate address detection is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply. This makes the client unable to use the IP address assigned by the server. As a best practice, disable duplicate address detection when ARP attacks exist on the network.

Examples

# Disable the duplicate address.

<Sysname> system-view

[Sysname] undo dhcp client dad enable

dhcp client dscp

Use dhcp client dscp to set the DSCP value for DHCP packets sent by the DHCP client.

Use undo dhcp client dscp to restore the default.

Syntax

dhcp client dscp dscp-value

undo dhcp client dscp

Default

The DSCP value is 56 in DHCP packets sent by the DHCP client.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.

Usage guidelines

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.

Examples

# Set the DSCP value to 30 for DHCP packets sent by the DHCP client.

<Sysname> system-view

[Sysname] dhcp client dscp 30

dhcp client identifier

Use dhcp client identifier to configure a DHCP client ID for an interface.

Use undo dhcp client identifier to restore the default.

Syntax

dhcp client identifier { ascii ascii-string | hex hex-string | mac interface-type interface-number }

undo dhcp client identifier

Default

An interface generates the DHCP client ID based on its MAC address. If the interface does not have a MAC address, it uses the MAC address of the first Ethernet interface on the device to generate its client ID.

Views

Interface view

Predefined user roles

network-admin

Parameters

ascii ascii-string: Specifies a case-sensitive ASCII string of 1 to 63 characters as the client ID.

hex hex-string: Specifies a hexadecimal number of 4 to 64 characters as the client ID.

mac interface-type interface-number: Uses the MAC address of the specified interface as a DHCP client ID. The interface-type interface-number argument specifies an interface by its type and number.

Usage guidelines

A DHCP client ID is added to the DHCP option 61. A DHCP server can specify IP addresses for clients based on the DHCP client ID. You can specify a DHCP client ID by performing one of the following operations:

· Naming an ASCII string or hexadecimal number as the client ID.

· Using the MAC address of an interface to generate a client ID.

Whichever method you use, make sure the IDs for different DHCP clients are unique.

Examples

# Use a hexadecimal number of FFFFFFFF as the client ID for VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp client identifier hex FFFFFFFF

Related commands

display dhcp client

Use display dhcp client to display DHCP client information.

Syntax

display dhcp client [ verbose ] [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed DHCP client information. If you do not specify this keyword, the command displays brief DHCP client information.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays DHCP client information on all interfaces.

Examples

# Display brief DHCP client information on all interfaces.

<Sysname> display dhcp client

Vlan-interface10 DHCP client information:

Current state: BOUND

Allocated IP: 40.1.1.20 255.255.255.0

Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds

DHCP server: 40.1.1.2

# Display detailed DHCP client information on all interfaces.

<Sysname> display dhcp client verbose

Vlan-interface10 DHCP client information:

Current state: BOUND

Allocated IP: 40.1.1.20 255.255.255.0

Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds

Lease from May 21 19:00:29 2012 to May 31 19:00:29 2012

DHCP server: 40.1.1.2

Transaction ID: 0x1c09322d

TFTP server name: 123

TFTP server address: 192.168.56.1

Classless static routes:

Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16

Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16

DNS servers: 44.1.1.11 44.1.1.12

Domain name: example.com

Boot servers: 200.200.200.200 1.1.1.1

ACS parameter:

URL: https://192.168.1.1:7547/acs

Username: bims

Password: ******

Client ID type: acsii(type value=00)

Client ID value: 000c.29d3.8659-Vlan10

Client ID (with type) hex: 0030-3030-632e-3239-

6433-2e38-3635-392d-

4574-6830-2f30-2f32

T1 will timeout in 1 day 11 hours 58 minutes 52 seconds.

Table 15 Command output

Field	Description
DHCP client information	Information about the interface that acts as the DHCP client.
Current state	Current state of the DHCP client: · HALT—The client stops applying for an IP address. · INIT—The initialization state. · SELECTING—The client has sent out a DHCP-DISCOVER message in search for a DHCP server and is waiting for the response from DHCP servers. · REQUESTING—The client has sent out a DHCP-REQUEST message requesting for an IP address and is waiting for the response from DHCP servers. · BOUND—The client has received the DHCP-ACK message from a DHCP server and obtained an IP address successfully. · RENEWING—The T1 timer expires. · REBOUNDING—The T2 timer expires.
Allocated IP	IP address allocated by the DHCP server.
Allocated lease	Allocated lease time.
T1	1/2 lease time (in seconds) of the DHCP client IP address.
T2	7/8 lease time (in seconds) of the DHCP client IP address.
Lease from…to…	Start and end time of the lease.
DHCP server	DHCP server IP address that assigned the IP address.
Transaction ID	Transaction ID, a random number chosen by the client to identify an IP address allocation.
TFTP server name	Name of the TFTP server specified for the DHCP client.
TFTP server address	IP address of the TFTP server specified for the DHCP client.
Default router	Gateway address assigned to the client. (Option 3)
Classless static routes	Classless static routes assigned to the client. (Option 121)
Static routes	Classful static routes assigned to the client. (Option 33)
DNS servers	DNS server address assigned to the client.
Domain name	Domain name suffix assigned to the client.
Boot servers	PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43.
ACS parameter	Parameters about the ACS.
URL	URL of the ACS.
Username	Username for logging in to the ACS.
Password	Password for logging in to the ACS. If a password is configured, this field displays ******. If no password is configured, this field is not displayed.
Client ID type	DHCP client ID type: · If an ASCII string is used as the client ID value, the type value is 00. · If the MAC address of a specific interface is used as the client ID value, the type value is 01. · If a hexadecimal number is used as the client ID value, the type value is the first two characters in the string.
Client ID value	Value of the DHCP client ID.
Client ID (with type) hex	DHCP client ID with the type field, a hexadecimal number.
T1 will timeout in 1 day 11 hours 58 minutes 52 seconds.	How long the T1 (1/2 lease time) timer will timeout.

Related commands

dhcp client identifier

ip address dhcp-alloc

Use ip address dhcp-alloc to configure an interface to use DHCP for IP address acquisition.

Use undo ip address dhcp-alloc to cancel an interface from using DHCP.

Syntax

ip address dhcp-alloc

undo ip address dhcp-alloc

Default

An interface does not use DHCP for IP address acquisition.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. This situation can occur when a subinterface obtained an IP address through DHCP, and the shutdown command is executed on its primary interface. The subinterface will fail to send a DHCP-RELEASE message.

Examples

# Configure VLAN-interface 10 to use DHCP for IP address acquisition.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ip address dhcp-alloc

snmp-agent trap enable dhcp-client

Use snmp-agent trap enable dhcp-client to enable SNMP notifications for the DHCP client module.

Use undo snmp-agent trap enable dhcp-client to disable SNMP notifications for the DHCP client module.

Syntax

snmp-agent trap enable dhcp-client [ ip-apply-failed | local-conflict ]*

undo snmp-agent trap enable dhcp-client [ ip-apply-failed | local-conflict ]*

Default

All S NMP notifications are enabled for the DHCP client module.

Views

System view

Predefined user roles

network-admin

Parameters

ip-apply-failed: Specifies IP application failure notifications. An IP application failure notification is generated when the DHCP client module fails to apply for an IP address.

local-conflict: Specifies local address conflict notifications. A local address conflict notification is generated when the DHCP client module obtains an IP address that is in the same subnet as one of the local interface addresses.

Usage guidelines

After you enable SNMP notifications for the DHCP client module, this module reports critical DHCP client events in SNMP notifications to the SNMP module. For DHCP client event notifications to be sent correctly, you must also configure SNMP on the device.

For more information about SNMP configuration, see SNMP configuration in Network Management and Monitoring Configuration Guide.

Examples

# Enable local address conflict notifications for the DHCP client module.

<Sysname> system-view

[Sysname] snmp-agent trap enable dhcp-client local-conflict

DHCP snooping commands

DHCP snooping works between the DHCP client and the DHCP server or between the DHCP client and the relay agent. DHCP snooping does not work between the DHCP server and the DHCP relay agent.

dhcp snooping alarm enable

Use dhcp snooping alarm enable to enable alarm log generation for packet drop events.

Use undo dhcp snooping alarm enable to disable alarm log generation for packet drop events.

Syntax

dhcp snooping alarm { giaddr | mac-address | request-message } enable

undo dhcp snooping alarm { giaddr | mac-address | request-message } enable

Default

Alarm log generation is disabled for packet drop events.

Views

System view

Predefined user roles

network-admin

Parameters

giaddr: Specifies the giaddr field check in DHCP requests.

mac-address: Specifies MAC address check.

request-message: Specifies DHCP-REQUEST check.

Usage guidelines

After you enable this feature, the device generates an alarm log when the number of packets dropped by this feature reaches the alarm threshold. The alarm log is sent to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

To set the alarm threshold, use the dhcp snooping alarm threshold command.

For this command to take effect, you must first execute the dhcp snooping log enable command to enable DHCP snooping logging.

Examples

# Enable alarm log generation for DHCP requests dropped due to the giaddr field check.

<Sysname> system-view

[Sysname] dhcp snooping alarm giaddr enable

Related commands

dhcp snooping alarm threshold

dhcp snooping check giaddr

dhcp snooping check mac-address

dhcp snooping check request-message

dhcp snooping log enable

dhcp snooping alarm threshold

Use dhcp snooping alarm threshold to set the global threshold that triggers alarm log generation for packet drop events.

Use undo dhcp snooping alarm threshold to restore the default.

Syntax

dhcp snooping alarm { giaddr | mac-address | request-message } threshold threshold

undo dhcp snooping alarm { giaddr | mac-address | request-message } threshold

Default

The global threshold is 100.

Views

System view

Predefined user roles

network-admin

Parameters

giaddr: Specifies the giaddr field check in DHCP requests.

mac-address: Specifies MAC address check.

request-message: Specifies the DHCP-REQUEST check.

threshold: Specifies the number of dropped packets that triggers alarm log generation. The value range is 1 to 1000.

Usage guidelines

The device generates an alarm log when the number of packets dropped due to check failure reaches the threshold. Then, the device clears the current packet drop statistics and counts packet drops again. If the number of packet drops reaches the threshold again, the device generates a new alarm log.

Examples

# Set the global threshold to 2 for DHCP requests dropped due to the giaddr field check.

<Sysname> system-view

[Sysname] dhcp snooping alarm request-message threshold 2

Related commands

dhcp snooping alarm enable

dhcp snooping check giaddr

dhcp snooping check mac-address

dhcp snooping check request-message

dhcp snooping binding database filename

Use dhcp snooping binding database filename to configure the DHCP snooping device to back up DHCP snooping entries to a file.

Use undo dhcp snooping binding database filename to restore the default.

Syntax

dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } string ] ] }

undo dhcp snooping binding database filename

Default

The DHCP snooping device does not back up DHCP snooping entries.

Views

System view

Predefined user roles

network-admin

Parameters

filename: Specifies the name of a local backup file. For information about the filename argument, see Fundamentals Configuration Guide.

url url: Specifies the URL of a remote backup file, a case-sensitive string of 1 to 255 characters. Do not include a username or password in the URL. Supported path format type varies by server.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

Usage guidelines

This command automatically creates the file if you specify a nonexistent file.

With this command executed, the DHCP snooping device backs up DHCP snooping entries immediately and runs auto backup. The DHCP snooping device, by default, waits 300 seconds after a DHCP snooping entry change to update the backup file. To change the waiting period, use the dhcp snooping binding database update interval command. If no DHCP snooping entry changes, the backup file is not updated.

As a best practice, back up the DHCP snooping entries to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCP snooping device to malfunction.

When the file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password:

If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file path, where the port number is optional.

If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file path, where the port number is optional.

· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.

· If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[1::1]/database.dhcp.

· You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp.

Examples

# Configure the DHCP snooping device to back up DHCP snooping entries to file database.dhcp.

<Sysname> system-view

[Sysname] dhcp snooping binding database filename database.dhcp

# Configure the DHCP snooping device to back up DHCP snooping entries to file database.dhcp in the working directory of the FTP server at 10.1.1.1.

<Sysname> system-view

[Sysname] dhcp snooping binding database filename url ftp://10.1.1.1/database.dhcp username 1 password simple 1

# Configure the DHCP snooping device to back up DHCP snooping entries to file database.dhcp in the working directory of the TFTP server at 10.1.1.1.

<Sysname> system-view

[Sysname] dhcp snooping binding database filename url tftp://10.1.1.1/database.dhcp

Related commands

dhcp snooping binding database update interval

Use dhcp snooping binding database update interval to set the waiting time for the DHCP snooping device to update the backup file after a DHCP snooping entry change.

Use undo dhcp snooping binding database update interval to restore the default.

Syntax

dhcp snooping binding database update interval interval

undo dhcp snooping binding database update interval

Default

The DHCP snooping device waits 300 seconds to update the backup file after a DHCP snooping entry change. If no DHCP snooping entry changes, the backup file is not updated.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the waiting time in seconds, in the range of 60 to 864000.

Usage guidelines

When a DHCP snooping entry is learned, updated, or removed, the waiting period starts. The DHCP snooping device updates the backup file when the waiting period is reached. All changed entries during the period will be saved to the backup file.

The waiting time takes effect only after you configure the DHCP snooping entry auto backup by using the dhcp snooping binding database filename command.

Examples

# Set the waiting time to 600 seconds for the DHCP snooping device to update the backup file.

<Sysname> system-view

[Sysname] dhcp snooping binding database update interval 600

Related commands

dhcp snooping binding database filename

dhcp snooping binding database update now

Use dhcp snooping binding database update now to manually save DHCP snooping entries to the backup file.

Syntax

dhcp snooping binding database update now

Views

System view

Predefined user roles

network-admin

Usage guidelines

Each time this command is executed, the DHCP snooping entries are saved to the backup file.

This command takes effect only after you configure the DHCP snooping auto backup by using the dhcp snooping binding database filename command.

Examples

# Manually save DHCP snooping entries to the backup file.

<Sysname> system-view

[Sysname] dhcp snooping binding database update now

Related commands

dhcp snooping binding database filename

dhcp snooping binding record

Use dhcp snooping binding record to enable recording of client information in DHCP snooping entries.

Use undo dhcp snooping binding record to disable recording of client information in DHCP snooping entries.

Syntax

dhcp snooping binding record

undo dhcp snooping binding record

Default

DHCP snooping does not record client information.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

VSI view

VLAN view

Predefined user roles

network-admin

Usage guidelines

This command enables DHCP snooping on the port directly connecting to the clients to record client information in DHCP snooping entries.

If you configure this command in a VSI view, this command takes effect on the ACs that are mapped to the VSI and the VXLAN tunnel interfaces that are assigned to the VSI.

Examples

# Enable the recording of client information in DHCP snooping entries on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping binding record

dhcp snooping check giaddr

Use dhcp snooping check giaddr to enable the giaddr field check in DHCP requests.

Use undo dhcp snooping check giaddr to disable the giaddr field check in DHCP requests.

Syntax

dhcp snooping check giaddr

undo dhcp snooping check giaddr

Default

The device does not check the giaddr field in DHCP requests.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

A DHCP snooping device functions between DHCP clients and a DHCP server, or between DHCP clients and a DHCP relay agent. The giaddr field in a DHCP request records the address information of the first relay agent that the request passes by. If the DHCP snooping devices receives a DHCP request where the giaddr field value is not 0, it indicates that the DHCP snooping device location is not correct. In this case, the DHCP snooping device cannot work correctly.

This feature enables the DHCP snooping device to examine the giaddr field value in received DHCP packets and drop them if the giaddr field value is not 0. When the number of dropped DHCP requests reaches or exceeds the threshold, the device generates a log for administrators to adjust locations of the DHCP devices.

Examples

# Enable the giaddr field check in DHCP requests on Ten-GigabitEthernet1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping check giaddr

Related commands

dhcp snooping alarm enable

dhcp snooping alarm threshold

dhcp snooping check mac-address

Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping.

Use undo dhcp snooping check mac-address to disable MAC address check for DHCP snooping.

Syntax

dhcp snooping check mac-address

undo dhcp snooping check mac-address

Default

MAC address check for DHCP snooping is disabled.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Layer 3 Ethernet interface/Layer 3 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server. If they are not the same, DHCP snooping discards the DHCP request.

Examples

# Enable MAC address check for DHCP snooping.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping check mac-address

Related commands

dhcp snooping alarm enable

dhcp snooping alarm threshold

dhcp snooping check request-message

Use dhcp snooping check request-message to enable DHCP-REQUEST check for DHCP snooping.

Use undo dhcp snooping check request-message to disable DHCP-REQUEST check for DHCP snooping.

Syntax

dhcp snooping check request-message

undo dhcp snooping check request-message

Default

DHCP-REQUEST check for DHCP snooping is disabled.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This feature prevents unauthorized clients that forge DHCP-REQUEST packets from attacking the DHCP server.

With this feature enabled, DHCP snooping looks for a matching DHCP snooping entry for each received DHCP-REQUEST message.

· If a match is found, DHCP snooping compares the entry with the message. If they have consistent information, DHCP snooping considers the packet valid and forwards it to the DHCP server. If they have different information, DHCP snooping considers the message invalid and discards it.

· If no match is found, DHCP snooping forwards the message to the DHCP server.

Examples

# Enable DHCP-REQUEST check for DHCP snooping.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping check request-message

Related commands

dhcp snooping alarm enable

dhcp snooping alarm threshold

dhcp snooping client-detect

Use dhcp snooping client-detect to enable client offline detection.

Use undo dhcp snooping client-detect to disable client offline detection.

Syntax

dhcp snooping client-detect

undo dhcp snooping client-detect

Default

Client offline detection is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When a DHCP client goes offline abnormally, it does not send a message to the DHCP server to release the IP address. As a result, the DHCP server is not aware of the offline event and cannot release the client lease in a timely manner.

With this feature enabled, the DHCP snooping device performs the following operations when the ARP entry of a client ages out:

1. Deletes the DHCP snooping entry for the client.

2. Sends a DHCP-RELEASE message to the DHCP server to inform the server to release the address lease of the client.

Examples

# Enable client offline detection.

<Sysname> system-view

[Sysname] dhcp snooping client-detect

dhcp snooping deny

Use dhcp snooping deny to configure a port as DHCP packet blocking port.

Use undo dhcp snooping deny to restore the default.

Syntax

dhcp snooping deny

undo dhcp snooping deny

Default

A port does not block DHCP requests.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

CAUTION:

To avoid IP address acquisition failure, configure a port to block DHCP packets only if no DHCP clients are attached to it.

To enable a port on the snooping device to drop all incoming DHCP requests, configure that port as a DHCP packet blocking port.

Examples

# Configure Ten-GigabitEthernet 1/0/1 as a DHCP packet blocking port.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping deny

dhcp snooping disable

Use dhcp snooping disable to disable DHCP snooping on an interface.

Use undo dhcp snooping disable to restore the default.

Syntax

dhcp snooping disable

undo dhcp snooping disable

Default

If you enable DHCP snooping globally or for a VLAN, DHCP snooping is enabled on all interfaces on the device or on all interfaces in the VLAN.

If you do not enable DHCP snooping globally or for a VLAN, DHCP snooping is disabled on all interfaces on the device or on all interfaces in the VLAN.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command allows you to narrow down the interface range where DHCP snooping takes effect. For example, to enable DHCP snooping globally except for a specific interface, you can enable DHCP snooping globally and execute this command on the target interface.

Examples

# Disable DHCP snooping on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping disable

dhcp snooping enable

Use dhcp snooping enable to enable DHCP snooping globally.

Use undo dhcp snooping enable to disable DHCP snooping globally.

Syntax

dhcp snooping enable

undo dhcp snooping enable

Default

DHCP snooping is disabled globally.

Views

System view

Predefined user roles

network-admin

Usage guidelines

After you enable DHCP snooping globally on the device, trusted ports forward responses from DHCP servers and untrusted ports discard responses. This mechanism ensures that DHCP clients obtain IP addresses from authorized DHCP servers.

When DHCP snooping is disabled globally, all ports on the device can forward responses from DHCP servers.

Examples

# Enable DHCP snooping globally.

<Sysname> system-view

[Sysname] dhcp snooping enable

dhcp snooping enable vlan

Use dhcp snooping enable vlan to enable DHCP snooping for VLANs.

Use undo dhcp snooping enable vlan to disable DHCP snooping for VLANs.

Syntax

dhcp snooping enable vlan vlan-id-list

undo dhcp snooping enable vlan vlan-id-list

Default

DHCP snooping is disabled for all VLANs.

Views

System view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item specifies a VLAN by VLAN ID or specifies a range of VLANs in the form of vlan-id1 to vlan-id2. The value range for the VLAN IDs is 1 to 4094. If you specify a VLAN range, the value for the vlan-id2 argument must be greater than the value for the vlan-id1 argument.

Usage guidelines

After you enable DHCP snooping for a VLAN, DHCP snooping untrusted ports in the VLAN discard incoming DHCP responses. This mechanism ensures that DHCP clients obtain IP addresses from authorized DHCP servers.

After you disable DHCP snooping for a VLAN, all interfaces in the VLAN can forward DHCP responses.

Examples

# Enable DHCP snooping for VLANs 5, 10 to 20, and 32.

<Sysname> system-view

[Sysname] dhcp snooping enable vlan 5 10 to 20 32

dhcp snooping exhaustion trap enable

Use dhcp snooping exhaustion trap enable to en able alarm notifications about DHCP snooping entry resource exhaustion and recovery from the resource exhaustion condition.

Use undo dhcp snooping exhaustion trap enable to disable alarm notifications about DHCP snooping entry resource exhaustion and recovery from the resource exhaustion condition.

Syntax

dhcp snooping exhaustion trap enable

undo dhcp snooping exhaustion trap enable

Default

The DHCP snooping device does not generate alarm notifications about DHCP snooping entry resource exhaustion or recovery from the resource exhaustion condition.

Views

Layer 2 Ethernet interface view/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

After you enable this feature, the device generates an alarm notification when the number of DHCP snooping entries that an interface can learn has reached or dropped below the upper limit. In this situation, the interface stops learning DHCP snooping entries.

Enabling this feature might cause too many alarm notifications. To reduce the number of alarm notifications, you can disable this feature on some interfaces by using the undo dhcp snooping exhaustion trap enable command.

This command takes effect only after you execute the snmp-agent trap enable dhcp snooping binding-exhaust command on the device. The snmp-agent trap enable dhcp snooping binding-exhaust command enables global alarm notifications about DHCP snooping entry resource exhaustion and recovery from the resource exhaustion condition.

Examples

# On Ten-GigabitEthernet 1/0/1, enable alarm notifications about DHCP snooping entry resource exhaustion and recovery from the resource exhaustion condition.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sys-Ten-GigabitEthernet1/0/1] undo dhcp snooping exhaustion trap enable

Related commands

snmp-agent trap enable dhcp snooping

dhcp snooping information circuit-id

Use dhcp snooping information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option.

Use undo dhcp snooping information circuit-id to restore the default.

Syntax

dhcp snooping information circuit-id { normal-extended | [ vlan vlan-id ] string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }

undo dhcp snooping information circuit-id [ vlan vlan-id ]

Default

The padding mode is normal and the padding format is hex.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

VLAN view

Predefined user roles

network-admin

Parameters

vlan vlan-id: Pads the Circuit ID sub-option for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the Circuit ID sub-option for packets received from VLAN1, the default VLAN for the system. This option is not supported in VLAN view.

string circuit-id: Specifies the string mode, in which the padding content for the Circuit ID sub-option is a case-sensitive string of 3 to 63 characters.

normal: Specifies the normal mode. The padding content includes the VLAN ID and interface number.

normal-extended: Specifies the normal-extended mode. The padding content includes the VLAN ID, slot number, and sequence number of the interface that received the DHCP packet. For example, for interface GE1/0/3, the sequence number is 3.

node-identifier: Specifies the access node identifier.

· mac: Uses the MAC address of the access node as the node identifier.

· sysname: Uses the device name as the node identifier. You can set the device name by using the sysname command in system view. The padding format for the device name is always ASCII regardless of the specified padding format. If this keyword is specified, make sure the device name does not include any spaces. Otherwise, the DHCP snooping device fails to add or replace Option 82.

format: Specifies the padding format for the Circuit ID sub-option.

ascii: Specifies the ASCII padding format.

hex: Specifies the hex padding format.

Usage guidelines

The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For more information about interface splitting and subinterfaces, see Interface Configuration Guide.

If you execute this command multiple times, the most recent configuration takes effect.

The padding format for the string mode, the normal mode, or the verbose mode varies by command configuration. Table 16 shows how the padding format is determined for different modes.

Table 16 Padding format for different modes

Keyword (mode)	If no padding format is set	If the padding format is ascii	If the padding format is hex
string circuit-id	The padding format is always ASCII, and is not configurable.	N/A	N/A
normal	Hex.	ASCII.	Hex.
verbose	Hex for the VLAN ID. ASCII for the node identifier, Ethernet type, chassis number, slot number, sub-slot number, and interface sequence number.	ASCII.	ASCII for the node identifier and Ethernet type. Hex for the chassis number, slot number, sub-slot number, interface number, and VLAN ID.

Examples

# Configure verbose as the padding mode, device name as the node identifier, and ASCII as the padding format for the Circuit ID sub-option.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information enable

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information strategy replace

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information circuit-id verbose node-identifier sysname format ascii

Related commands

dhcp snooping information enable

dhcp snooping information strategy

display dhcp snooping information

dhcp snooping information enable

Use dhcp snooping information enable to enable DHCP snooping to support Option 82.

Use undo dhcp snooping information enable to disable this feature.

Syntax

dhcp snooping information enable

undo dhcp snooping information enable

Default

DHCP snooping does not support Option 82.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

VLAN view

Predefined user roles

network-admin

Usage guidelines

This command enables DHCP snooping to add Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp snooping information circuit-id and dhcp snooping information remote-id commands. If the received DHCP request packets contain Option 82, DHCP snooping handles the packets according to the strategy configured by the dhcp snooping information strategy command.

Examples

# Enable DHCP snooping to support Option 82.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information enable

Related commands

dhcp snooping information circuit-id

dhcp snooping information remote-id

dhcp snooping information strategy

dhcp snooping information remote-id

Use dhcp snooping information remote-id to configure the padding mode and padding format for the Remote ID sub-option.

Use undo dhcp snooping information remote-id to restore the default.

Syntax

dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { hex remote-id | string remote-id | sysname } }

undo dhcp snooping information remote-id [ vlan vlan-id ]

Default

The padding mode is normal and the padding format is hex.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

VLAN view

Predefined user roles

network-admin

Parameters

normal: Specifies the normal mode. The padding content is the bridge MAC address of the device. For more information about bridge MAC addresses, see IRF configuration in Virtual Technologies Configuration Guide.

format: Specifies the padding format for the Remote ID sub-option. The default padding format is hex.

ascii: Specifies the ASCII padding format.

hex: Specifies the hex padding format.

vlan vlan-id: Pads the Remote ID sub-option for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the Remote ID sub-option for packets received from VLAN1, the default VLAN for the system. This option is not supported in VLAN view.

hex remote-id: Specifies the hexadecimal mode that uses a case-insensitive string of 2 to 256 characters as the content of the Remote ID sub-option.

string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option.

sysname: Specifies the sysname mode that uses the device name as the Remote ID sub-option. You can configure the device name by using the sysname command in system view.

Usage guidelines

DHCP snooping uses ASCII to pad the specified string or device name for the Remote ID sub-option. The padding format for the normal padding mode is determined by the command configuration.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Pad the Remote ID sub-option with a character string of device001.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information enable

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information strategy replace

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information remote-id string device001

Related commands

dhcp snooping information enable

dhcp snooping information strategy

display dhcp snooping information

dhcp snooping information strategy

Use dhcp snooping information strategy to configure the handling strategy for Option 82 in request messages.

Use undo dhcp snooping information strategy to restore the default.

Syntax

dhcp snooping information strategy { append | drop | keep | replace }

undo dhcp snooping information strategy

Default

The handling strategy for Option 82 in request messages is replace.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

VLAN view

Predefined user roles

network-admin

Parameters

append: Processes a DHCP message as follows:

· If the DHCP message does not carry Option 82, the device forwards the message after adding the Option 82 according to the padding configuration.

· If the DHCP message carries Option 82, the device processes the message as follows:

¡ Forwards the message after padding the Vendor-Specific sub-option with the content specified in the dhcp snooping information vendor-specific command.

¡ Forwards the message without changing Option 82 if the dhcp snooping information vendor-specific command is not configured.

drop: Drops DHCP messages that contain Option 82.

keep: Keeps the original Option 82 intact and forwards the DHCP messages.

replace: Replaces the Option 82 with the configured Option 82 before forwarding the DHCP messages. If the DHCP messages do not carry Option 82, the device adds Option 82 according to the padding configuration before forwarding the DHCP messages.

Usage guidelines

This command takes effect only on DHCP requests that contain Option 82. For DHCP requests that do not contain Option 82, the DHCP snooping device always adds Option 82 into the requests before forwarding them to the DHCP server.

If the handling strategy is append or replace, configure a padding mode and a padding format for Option 82. If the handling strategy is keep or drop, you do not need to configure a padding mode or padding format for Option 82.

Examples

# Specify the handling strategy for Option 82 in request messages as keep.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information enable

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information strategy keep

Related commands

dhcp snooping information circuit-id

dhcp snooping information remote-id

dhcp snooping information vendor-specific

Use dhcp snooping information vendor-specific to configure the padding mode for the Vendor-Specific sub-option.

Use undo dhcp snooping information vendor-specific to restore the default.

Syntax

dhcp snooping information vendor-specific [ vlan vlan-id ] bas [ node-identifier { mac | sysname | user-defined string } ]

undo dhcp snooping information vendor-specific [ vlan vlan-id ]

Default

The device does not insert any content into the Vendor-Specific sub-option.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

VLAN view

Predefined user roles

network-admin

Parameters

vlan vlan-id: Pads the Vendor-Specific sub-option for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the Vendor-Specific sub-option for all packets received on the interface. This option is not supported in VLAN view.

bas: Specifies the bas mode to pad the Vendor-Specific sub-option.

node-identifier: Specifies the access node identifier. If you do not specify this keyword, the device pads the Vendor-Specific sub-option with the bridge MAC address of the access node as the node identifier. The padding format for the Vendor-Specific sub-option is ASCII.

· mac: Uses the bridge MAC address of the access node as the node identifier.

· sysname: Uses the device name as the node identifier. You can set the device name by using the sysname command in system view. If the sysname keyword is specified, make sure the device name does not include any spaces. Otherwise, the DHCP snooping device fails to add the Vendor-Specific sub-option. If the device name contains more than 50 characters, only the first 50 characters are padded.

· user-defined string: Uses a case-sensitive string of 1 to 50 characters as the node identifier. Do not include any spaces in the string.

Usage guidelines

After you configure this command, the DHCP snooping device pads the Vendor-Specific sub-option after receiving a DHCP request. The device forwards the DHCP request without padding the Vendor-Specific sub-option if the following conditions exist:

· The dhcp snooping information strategy append command is configured.

· The length of Option 82 in the request reaches the upper limit.

Examples

# Pad the Vendor-Specific sub-option in bas mode with the device name as the node identifier.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information enable

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information vendor-specific bas node-identifier sysname

Related commands

dhcp snooping information enable

dhcp snooping information strategy

dhcp snooping learning-num-threshold

Use dhcp snooping learning-num-threshold to s et t he alarm threshold on the usage of DHCP snooping entry resources.

Use undo dhcp snooping learning-num-threshold to restore the default.

Syntax

dhcp snooping learning-num-threshold threshold-value

undo dhcp snooping learning-num-threshold

Default

T he alarm threshold on the usage of DHCP snooping entry resources is 100%.

Views

Layer 2 Ethernet interface view/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

threshold-value: Specifies the alarm threshold on t he usage of DHCP snooping entry resources, in percentage. The value range is 1 to 100.

Usage guidelines

The usage of DHCP snooping entry resources on an interface equals the ratio of Count A to Count B. Count A represents the number of DHCP snooping entries learned on the interface and Count B represents the maximum number of DHCP snooping entries that the interface can learn. To configure the value for Count B on an interface, use the dhcp snooping max-learning-num command.

When the usage of DHCP snooping entry resources on an interface reaches or exceeds the specified alarm threshold, the DHCP snooping device generates an alarm notification for the threshold violation event. This event does not interrupt the DHCP snooping feature. However, the device stops generating DHCP snooping entries for users that come online through the interface. When the usage of DHCP snooping entry resources on the interface drops below the specified alarm threshold, the DHCP snooping device also generates an alarm notification for the event.

If you repeat this command on the same interface, the most recent configuration takes effect.

Examples

# On Ten-GigabitEthernet 1/0/1, set the alarm threshold to 75% on the usage of DHCP snooping entry resources.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping learning-num-threshold 75

Related commands

dhcp snooping max-learning-num

snmp-agent trap enable dhcp snooping

dhcp snooping log enable

Use dhcp snooping log enable to enable DHCP snooping logging.

Use undo dhcp snooping log enable to disable DHCP snooping logging.

Syntax

dhcp snooping log enable

undo dhcp snooping log enable

Default

DHCP snooping logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCP snooping device to generate DHCP snooping log messages and send them to the information center. For example, the DHCP snooping device can generate a log message and send it to the information center after discarding a packet. The information helps administrators locate and solve problems. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

As a best practice, disable this feature if the log generation affects the device performance.

Examples

# Enable DHCP snooping logging.

<Sysname> system-view

[Sysname] dhcp snooping log enable

Related commands

dhcp snooping alarm enable

dhcp snooping max-learning-num

Use dhcp snooping max-learning-num to set the maximum number of DHCP snooping entries that an interface can learn.

Use undo dhcp snooping max-learning-num to restore the default.

Syntax

dhcp snooping max-learning-num max-number

undo dhcp snooping max-learning-num

Default

The maximum number of DHCP snooping entries for an interface to learn is unlimited.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Layer 3 Ethernet interface/Layer 3 aggregate interface view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of DHCP snooping entries for an interface to learn. The value range is 1 to 4294967295.

Usage guidelines

When an interface learns the maximum number of DHCP snooping entries, the interface stops learning DHCP snooping entries. This does not affect the operating of the DHCP snooping feature.

Examples

# Allow Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1 to learn a maximum of 10 DHCP snooping entries.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping max-learning-num 10

dhcp snooping rate-limit

Use dhcp snooping rate-limit to enable DHCP snooping packet rate limit on an interface and set the limit value.

Use undo dhcp snooping rate-limit to disable DHCP snooping packet rate limit.

Syntax

dhcp snooping rate-limit rate

undo dhcp snooping rate-limit

Default

The DHCP snooping packet rate limit is disabled on an interface.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

rate: Specifies the maximum rate in Kbps. The value range is 64 to 512.

Usage guidelines

This command takes effect only when DHCP snooping is enabled.

With the rate limit feature, the interface discards DHCP packets that exceed the maximum rate.

The rate configured on a Layer 2 aggregate interface applies to all members of the aggregate interface. If a member interface leaves the aggregation group, it uses the rate configured in its Ethernet interface view.

The device-supported maximum rate must be an integer multiple of eight. If you set the maximum rate to 67, the value 64 or 72 takes effect.

Examples

# Set the maximum rate to 64 Kbps at which Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1 can receive DHCP packets.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping rate-limit 64

dhcp snooping trap enable (interface view)

Use dhcp snooping trap enable to enable the packet drop alarm on an interface.

Use undo dhcp snooping trap enable to disable the packet drop alarm on an interface.

Syntax

dhcp snooping trap { binding-mismatch | chaddr-mismatch | rate-limit | untrust-reply software } enable

undo dhcp snooping trap { binding-mismatch | chaddr-mismatch | rate-limit | untrust-reply software } enable

Default

A ll types of packet drop alarms are disabled on an interface.

Views

Layer 2 Ethernet interface view/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

binding-mismatch: Specifies the binding-mismatch alarm. This alarm notification is generated when the number of DHCP requests dropped due to DHCP snooping entry mismatch has reached the alarm threshold.

chaddr-mismatch: Specifies the chaddr-mismatch alarm. This alarm notification is generated when the number of DHCP requests dropped due to MAC address mismatch has reached the alarm threshold.

rate-limit: Specifies the rate-limit alarm. This alarm notification is generated when the number of DHCP requests dropped due to reception rate limit exceeding has reached the alarm threshold.

untrust-reply software: Specifies the untrust-reply alarm. This alarm notification is generated when the number of DHCP server replies dropped by software on untrusted interfaces has reached the alarm threshold.

Usage guidelines

After you enable the packet drop alarm, the device generates an alarm notification when the number of packets dropped by this feature reaches the alarm threshold. You can specify the alarm threshold by using the dhcp snooping trap threshold command.

When you enable this feature for a packet drop type, the configuration takes effect only after you enable DHCP snooping SNMP notifications for that packet drop type in system view. To enable DHCP snooping notifications in system view, use the snmp-agent trap enable dhcp snooping command.

Enabling the packet drop alarm might cause too many alarm notifications. To reduce the number of alarm notifications, you can disable this feature on some interfaces by using the undo dhcp snooping trap enable command.

Examples

# Enable the binding-mismatch alarm on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping trap binding-mismatch enable

Related commands

dhcp snooping trap threshold (interface view)

dhcp snooping trap enable (system view)

dhcp snooping trap threshold (system view)

snmp-agent trap enable dhcp snooping

dhcp snooping trap enable (system view)

Use dhcp snooping trap enable to enable the packet drop alarm globally.

Use undo dhcp snooping trap enable to disable the packet drop alarm globally.

Syntax

dhcp snooping trap { rate-limit | untrust-reply { software | hardware } } enable

undo dhcp snooping trap { rate-limit | untrust-reply { software | hardware } } enable

Default

All types of packet drop alarms are disabled globally.

Views

System view

Predefined user roles

network-admin

Parameters

rate-limit: Specifies the rate-limit alarm. This alarm notification is generated when the number of DHCP requests dropped due to reception rate limit exceeding has reached the alarm threshold.

untrust-reply: Specifies the untrust-reply alarm. This alarm notification is generated when the number of DHCP server replies dropped on untrusted interfaces has reached the alarm threshold.

· software: Generates an alarm notification when the number of DHCP server replies dropped by software has reached the alarm threshold.

· hardware: Generates an alarm notification when the number of DHCP server replies dropped by hardware has reached the alarm threshold.

Usage guidelines

Operating mechanism

After you enable the rate-limit alarm, the device generates an alarm notification when the number of dropped DHCP requests reaches the threshold specified by the dhcp snooping trap threshold rate-limit command.

The packets dropped by software and those dropped by hardware do not overlap. Therefore, the device collects packet drop statistics for the two packet drop types separately. After you enable the untrust-reply alarm, the device also generates alarm notifications for these packet drop types separately based on their packet drop statistics.

· If you specify the software keyword, the software side collects statistics about the DHCP server replies dropped on each untrusted interface. When the number of DHCP server replies dropped on an interface reaches the alarm threshold, the device generates an alarm notification.

· If you specify the hardware keyword, the hardware side collects statistics about the DHCP server replies dropped on all untrusted interfaces of cards. When the total number of dropped DHCP server replies reaches the alarm threshold, the device generates an alarm notification.

After the device generates an alarm notification for a packet drop type, the device retains the current packet drop statistics and continues collecting packet drop statistics for that type. However, the device no longer generates any alarm notification for the packet drop type. To resolve this issue, use the reset dhcp snooping packet statistics command to clear packet statistics for the device. After this operation, the device generates an alarm notification when the packet drop statistics for the packet drop type reaches the alarm threshold again.

Prerequisites

When you enable this feature for a packet drop type, the configuration takes effect only after you enable DHCP snooping SNMP notifications for that packet drop type. To enable DHCP snooping notifications, use the snmp-agent trap enable dhcp snooping command.

Restrictions and guidelines

You can configure the packet drop alarm globally or on a per-interface basis. The global configuration takes effect on all interfaces on the device.

· When you enable the packet drop alarm globally and execute the undo dhcp snooping trap enable command on an interface, the packet drop alarm is disabled only on that interface.

· When you disable the packet drop alarm globally and execute the dhcp snooping trap enable command on an interface, the packet drop alarm is enabled only on that interface.

Examples

# Enable the rate-limit alarm globally.

<Sysname> system-view

[Sysname] dhcp snooping trap rate-limit enable

Related commands

dhcp snooping trap threshold (system view)

snmp-agent trap enable dhcp snooping

dhcp snooping trap threshold (interface view)

Use dhcp snooping trap threshold to set the packet drop alarm threshold on an interface.

Use undo dhcp snooping trap threshold to restore the default.

Syntax

dhcp snooping trap { binding-mismatch | chaddr-mismatch | rate-limit | untrust-reply software } threshold threshold

undo dhcp snooping trap { binding-mismatch | chaddr-mismatch | rate-limit | untrust-reply software } threshold

Default

The packet drop alarm threshold configured in system view takes effect on the interface.

Views

Layer 2 Ethernet interface view/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

binding-mismatch: Specifies t he alarm threshold on the number of DHCP requests dropped due to DHCP snooping entry mismatch.

chaddr-mismatch: Specifies the alarm threshold on the number of DHCP requests dropped due to MAC address mismatch.

rate-limit: Specifies the alarm threshold on the number of DHCP requests dropped due to reception rate limit exceeding.

untrust-reply software: Specifies the alarm threshold on the number of DHCP server replies dropped on untrusted interfaces. This configuration takes effect only on the DHCP server replies dropped by software.

threshold: Specifies the number of dropped packets that triggers packet drop alarm generation. The value range is 1 to 1000.

Usage guidelines

This command works in conjunction with th e snmp-agent trap enable dhcp snooping command. After enabling the DHCP snooping alarm for a packet drop type by using the snmp-agent trap enable dhcp snooping command, you can use this command to set the alarm threshold for the packet drop type. When the number of dropped packets reaches the specified alarm threshold, the device generates an alarm notification.

When you configure the packet drop alarm threshold for a packet drop type on an interface, follow these restrictions and guidelines:

· To specify the alarm threshold on the number of DHCP requests dropped due to DHCP snooping entry mismatch, use either of the following commands:

¡ dhcp snooping alarm request-message threshold in system view.

¡ dhcp snooping trap binding-mismatch threshold in interface view.

· To specify the alarm threshold on the number of DHCP requests dropped due to MAC address mismatch, use either of the following commands:

¡ dhcp snooping alarm mac-address threshold in system view.

¡ dhcp snooping trap chaddr-mismatch threshold in interface view.

· To specify the alarm threshold on the number of DHCP requests dropped due to reception rate limit exceeding, use either of the following commands:

¡ dhcp snooping trap rate-limit threshold in system view.

¡ dhcp snooping trap rate-limit threshold in interface view.

· To specify the alarm threshold on the number of DHCP server replies dropped on untrusted interfaces, use either of the following commands:

¡ dhcp snooping trap untrust-reply threshold in system view.

¡ dhcp snooping trap untrust-reply threshold in interface view.

After you specify a packet drop alarm threshold in system view, the threshold takes effect on all interfaces on the device. For the same interface, the alarm threshold specified in interface view takes precedence over that specified in system view.

Examples

# On Ten-GigabitEthernet 1/0/1, set the alarm threshold to 75 on the number of DHCP requests discarded due to DHCP snooping entry mismatch.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping trap binding-mismatch threshold 75

Related commands

dhcp snooping alarm threshold

dhcp snooping alarm enable (interface view)

dhcp snooping trap enable (system view)

dhcp snooping trap threshold (system view)

Use dhcp snooping trap threshold to set t he packet drop alarm threshold globally.

Use undo dhcp snooping trap threshold to restore the configuration.

Syntax

dhcp snooping trap { rate-limit | untrust-reply { software | hardware } } threshold threshold

undo dhcp snooping trap { rate-limit | untrust-reply { software | hardware } } threshold

Default

The packet drop alarm threshold is 100 for all packet drop types.

Views

System view

Predefined user roles

network-admin

Parameters

rate-limit: Specifies the alarm threshold on the number of DHCP requests dropped due to reception rate limit exceeding.

untrust-reply: Specifies the alarm threshold on the number of DHCP server replies dropped on untrusted interfaces.

· software: Specifies the alarm threshold on the number of DHCP server replies dropped by software.

· hardware: Specifies the alarm threshold on the number of DHCP server replies dropped by hardware.

threshold: Specifies the number of dropped packets that triggers packet drop alarm generation. The value range is 1 to 1000.

Usage guidelines

After you specify a global packet drop alarm threshold for a device, this threshold takes effect on all interfaces of the device. For the same interface, the interface-level packet drop alarm threshold takes precedence over the global one.

Examples

# Set the alarm threshold to 200 on the number of DHCP requests dropped due to reception rate limit exceeding.

<Sysname> system-view

[Sysname] dhcp snooping trap rate-limit threshold 200

Related commands

dhcp snooping trap enable

dhcp snooping trap threshold (interface view)

dhcp snooping trust

Use dhcp snooping trust to configure a port as a trusted port.

Use undo dhcp snooping trust to restore the default state of a port.

Syntax

dhcp snooping trust

undo dhcp snooping trust

Default

After you enable DHCP snooping, all ports are untrusted.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Layer 3 Ethernet interface/Layer 3 aggregate interface view

Ethernet service instance view

Predefined user roles

network-admin

Usage guidelines

Specify the ports facing the DHCP server as trusted ports and specify the other ports as untrusted ports so DHCP clients can obtain valid IP addresses.

Examples

# Specify Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1 as a trusted port.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping trust

Related commands

display dhcp snooping trust

dhcp snooping trust interface

Use dhcp snooping trust interface to configure an interface in a VLAN as a DHCP snooping trusted port.

Use undo dhcp snooping trust interface to configure an interface in a VLAN as a DHCP snooping untrusted port.

Syntax

dhcp snooping trust interface interface-type interface-number

undo dhcp snooping trust interface interface-type interface-number

Default

After you enable DHCP snooping for a VLAN, all interfaces in the VLAN are DHCP snooping untrusted ports.

Views

VLAN view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

In a VLAN, configure interfaces facing the DHCP server as trusted ports, and configure other interfaces as untrusted ports. The trusted ports forward response messages from the DHCP server to the clients. The untrusted ports connected to unauthorized DHCP servers discard incoming DHCP response messages.

You can execute this command multiple times in a VLAN to configure multiple trusted ports in the VLAN.

Make sure the specified interface is in the VLAN for which the dhcp snooping enable vlan command is configured.

Examples

# Configure Ten-GigabitEthernet 1/0/1 as a trusted port in VLAN 1.

<Sysname> system-view

[Sysname] vlan 1

[Sysname-vlan 1] dhcp snooping trust interface ten-gigabitethernet 1/0/1

Related commands

display dhcp snooping trust

dhcp snooping trust tunnel

Use dhcp snooping trust tunnel to configure VXLAN tunnel interfaces assigned to a VSI as trusted interfaces.

Use undo dhcp snooping trust tunnel to restore the default.

Syntax

dhcp snooping trust tunnel

undo dhcp snooping trust tunnel

Default

After you enable DHCP snooping, all tunnel interfaces are untrusted.

Views

VSI view

Predefined user roles

network-admin

Examples

# Configure the tunnel interfaces as trusted in the VSI a.

<Sysname> system-view

[Sysname] vsi a

[Sysname-vsi-a] dhcp snooping trust tunnel

dhcp snooping untrusted-server-record enable

Use dhcp snooping untrusted-server-record enable to enable recording untrusted DHCP servers.

Use undo dhcp snooping untrusted-server-record enable to disable recording untrusted DHCP servers.

Syntax

dhcp snooping untrusted-server-record enable

undo dhcp snooping untrusted-server-record enable

Default

Recording untrusted DHCP servers is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Typically, a DHCP snooping device identifies the DHCP servers that are connected to the untrusted ports as untrusted. The snooping device drops incoming DHCP replies through these ports. With feature enabled, the snooping device will record the DHCP servers for dropped DHCP replies, and generate and send log messages to the information center. With the information center, you can set log message filtering and output rules, including output destinations.

This command takes effect after DHCP snooping is enabled in a VLAN. If DHCP snooping is enabled globally or in a VXLAN, this command does not take effect.

If a log message is generated for an untrusted DHCP server, no more log messages will be generated for this server within 10 minutes. When the 10-minute interval expires, the DHCP snooping device will generate a log message for this server upon receiving a reply from this server.

Examples

# Enable the DHCP snooping device to record untrusted DHCP servers

<Sysname> system-view

[Sysname] dhcp snooping untrusted-server-record enable

display dhcp snooping alarm packet statistics

Use display dhcp snooping alarm packet statistics to display the packet drop statistics on an interface enabled with the packet drop alarm.

Syntax

display dhcp snooping alarm packet statistics interface interface-type interface-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

After you enable the packet drop alarm on an interface, you can use this command to view the packet drop statistics on the interface. This command displays statistics about the following dropped DHCP requests:

· DHCP requests dropped by the MAC address check feature due to MAC address mismatch. To enable the MAC address check feature, use the dhcp snooping check mac-address command.

· DHCP requests dropped by the DHCP-REQUEST check feature due to DHCP snooping entry mismatch. To enable the DHCP-REQUEST check feature, use the dhcp snooping check request-message command.

By default, the device keeps collecting packet drop statistics and does not clear the statistics. If the number of dropped DHCP requests has exceeded the alarm threshold on an interface, the device will immediately generate an alarm notification after you enable the packet drop alarm. In this situation, the alarm notification cannot reflect the packet drop condition of the interface. To resolve this issue, before enabling the packet drop alarm on an interface, clear the packet drop statistics on the interface by using the reset dhcp snooping alarm packet statistics command.

Examples

# Display the packet drop statistics on Ten-GigabitEthernet 1/0/1.

<Sysname> display dhcp snooping alarm packet statistics interface ten-gigabitethernet 1/0/1

Interface: Ten-GigabitEthernet1/0/1

DHCP packets received : 5

Binding-mismatch packets dropped : 0

Chaddr-mismatch packets dropped : 5

Table 17 Command output

Field	Description
Interface	Interface enabled with the packet drop alarm.
DHCP packets received	Number of DHCP packets received on the interface.
Binding-mismatch packets dropped	N umber of DHCP packets discarded due to DHCP snooping entry mismatch.
Chaddr-mismatch packets dropped	Number of DHCP packets discarded due to MAC address mismatch.

‌

Related commands

reset dhcp snooping alarm packet statistics

display dhcp snooping binding

Use display dhcp snooping binding to display DHCP snooping entries.

Syntax

display dhcp snooping binding [ interface interface-type interface-number | ip ip-address [ vlan vlan-id ] ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays DHCP snooping entry information for all interfaces.

ip ip-address: Displays the DHCP snooping entry for the specified IP address. If you do not specify an IP address, this command displays DHCP snooping entry information for all IP addresses.

vlan vlan-id: Specifies the VLAN ID where the IP address resides. If you do not specify a VLAN ID, this command displays DHCP snooping entry information for all VLAN IDs.

verbose: Displays detailed DHCP snooping entry information. If you do not specify this keyword, the command displays brief DHCP snooping entry information.

Usage guidelines

If you specify neither of the interface and ip keywords, this command displays all DHCP snooping entries.

Examples

# Display summary information about all DHCP snooping entries.

<Sysname> display dhcp snooping binding

2 DHCP snooping entries found

IP address MAC address Lease SVLAN CVLAN Interface

=============== ============== ============ ===== ===== =================

1.1.1.7 0000-0101-0107 16907533 2 3 XGE1/0/1

1.1.1.11 0000-0101-010b 16907537 2 3 XGE1/0/3

# Display detailed information about all DHCP snooping entries.

<Sysname> display dhcp snooping binding verbose

IP address: 1.1.1.7

MAC address: 0000-0101-0107

Lease: 16907553 seconds

SVLAN: 2

CVLAN: 3

Interface: Ten-GigabitEthernet1/0/1

Parameter request list: 03 06 21

Client Identifier: aabb-aabb-aab1

Authorized Client Identifier: ccdd-eeff-aabb

IP address: 1.1.1.104

MAC address: 0000-0101-010b

Lease: 16907537 seconds

SVLAN: 2

CVLAN: 3

Interface: Ten-GigabitEthernet1/0/3

Parameter request list: 37 0B 01 0F 03 06 2C 2E 2F 1F 21 F9 2B

Client Identifier: aabb-aabb-aab2

Authorized Client Identifier: aabb-ccdd-eeff

Table 18 Command output

Field	Description
DHCP snooping entries found	Number of DHCP snooping entries.
IP address	IP address assigned to the DHCP client.
MAC address	MAC address of the DHCP client.
Lease	Remaining lease duration in seconds.
SVLAN	When both DHCP snooping and QinQ are enabled or the DHCP packet contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCP client resides.
CVLAN	When both DHCP snooping and QinQ are enabled or the DHCP packet contains two VLAN tags, this field identifies the inner VLAN tag. Otherwise, it displays N/A.
Interface	Port connected to the DHCP client.
Parameter request list	Parameters that the DHCP client requests, in hexadecimal notation.
Client Identifier	Client ID.
Authorized Client Identifier	Authorized client ID.

Related commands

dhcp snooping enable

reset dhcp snooping binding

display dhcp snooping binding database

Use display dhcp snooping binding database to display information about DHCP snooping entry auto backup.

Syntax

display dhcp snooping binding database

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about DHCP snooping entry auto backup.

<Sysname> display dhcp snooping binding database

File name : database.dhcp

Username :

Password :

Update interval : 600 seconds

Latest write time : Feb 27 18:48:04 2012

Status : Last write succeeded.

Table 19 Command output

Field	Description
File name	Name of the DHCP snooping entry backup file.
Username	Username for accessing the URL of the remote backup file.
Password	Password for accessing the URL of the remote backup file. This field displays ****** if a password is configured.
Update interval	Waiting time in seconds after a DHCP snooping entry change for the DHCP snooping device to update the backup file.
Latest write time	Time of the latest update.
Status	Status of the update: · Writing—The backup file is being updated. · Last write succeeded—The backup file was successfully updated. · Last write failed—The backup file failed to be updated.

display dhcp snooping m-lag-statistics

Use display dhcp snooping m-lag-statistics to display statistics about the packets exchanged between M-LAG member devices for DHCP snooping entry synchronization.

Syntax

display dhcp snooping m-lag-statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

This command displays statistics about the packets exchanged between M-LAG primary and secondary devices for DHCP snooping entry synchronization, including synchronization times and the number of synchronized DHCP snooping entries.

Bringing up an M-LAG peer-link interface triggers entry synchronization from the primary device to the secondary device.

Examples

# On the primary device, display statistics about the packets exchanged between M-LAG member devices for DHCP snooping entry synchronization.

<Sysname> display dhcp snooping m-lag-statistics

Send Statistics:

Sync start number : 1

Binding valid records addr : 2

Sync end abnormal : NO

Sync end number : 1

Sync start number : 2

Binding valid records addr : 2

Sync end abnormal : NO

Sync end number : 2

Sync start number : 3

Binding valid records addr : 1

Sync end abnormal : NO

Sync end number : 3

# On the secondary device, display statistics about the packets exchanged between M-LAG member devices for DHCP snooping entry synchronization.

<Sysname> display dhcp snooping m-lag-statistics

Recv Statistics:

Sync start number : 1

Binding valid records addr : 2

Sync end abnormal : NO

Sync end number : 1

Sync start number : 2

Binding valid records addr : 2

Sync end abnormal : NO

Sync end number : 2

Sync start number : 3

Binding valid records addr : 1

Sync end abnormal : NO

Sync end number : 3

Table 20 Command output

Field	Description
Send Statistics	Statistics about sent packets.
Recv Statistics	Statistics about received packets.
Sync start number	Synchronization start number.
Binding valid records addr	Number of valid DHCP snooping entries that have been synchronized.
Sync end abnormal	Whether bulk backup ended abnormally: · NO—Bulk backup ended normally. · YES—Bulk backup ended abnormally.
Sync end number	Synchronization end number.

Related commands

reset dhcp snooping m-lag-statistics

display dhcp snooping m-lag-status

Use display dhcp snooping m-lag-status to display M-LAG status information.

Syntax

display dhcp snooping m-lag-status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display M-LAG status information.

<Sysname> display dhcp snooping m-lag-status

M-LAG role : Secondary

Peer-link/Peer-link Index : Bridge-Aggregation3/1297

Peer-link State : UP

M-LAG interface/M-LAG group ID : Bridge-Aggregation4/4

Local M-LAG interface state : UP

Peer M-LAG interface state : UP

M-LAG interface/M-LAG group ID : Bridge-Aggregation5/5

Local M-LAG interface state : UP

Peer M-LAG interface state : UP

Table 21 Command output

Field	Description
M-LAG role	M-LAG role: · Primary. · Secondary. If the device role is unknown, this field displays None.
Peer-link/Peer-link Index	Peer-link interface name or peer-link interface index.
Peer-link State	Physical status of the peer-link interface, up or down.
M-LAG interface/M-LAG group ID	M-LAG interface name/M-LAG group ID.
Local M-LAG interface state	Status of the local M-LAG interface: · UP—The M-LAG interface is up if it has Selected ports in its aggregation group. · DOWN—The M-LAG interface is down if it does not have Selected ports in its aggregation group.
Peer M-LAG interface state	Status of the peer M-LAG interface: · UP—The M-LAG interface is up if it has Selected ports in its aggregation group. · DOWN—The M-LAG interface is down if it does not have Selected ports in its aggregation group. · UNKNOWN—The M-LAG interface is in unknown state if the peer-link interface is down.

display dhcp snooping information

Use display dhcp snooping information to display Option 82 configuration on the DHCP snooping device.

Syntax

display dhcp snooping information { all | interface interface-type interface-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays Option 82 configuration on all Layer 2 Ethernet interfaces.

interface interface-type interface-number: Specifies an interface by its type and number.

Examples

# Display Option 82 configuration on all interfaces.

<Sysname> display dhcp snooping information all

Interface: Bridge-Aggregation1

Status: Disable

Strategy: Drop

Circuit ID:

Padding format: User Defined

User defined: abcd

Format: ASCII

Remote ID:

Padding format: Normal

Format: ASCII

Vendor-specific:

Padding format: BAS

Node identifier: MAC

VLAN 10:

Circuit ID: abcd

Remote ID: company

Vendor-specific:

Padding format: BAS

Node identifier: User defined(abcd)

Table 22 Command output

Field	Description
Interface	Interface name.
Status	Option 82 status, Enable or Disable.
Strategy	Handling strategy for DHCP requests that contain Option 82, Drop, Keep, or Replace.
Circuit ID	Content of the Circuit ID sub-option.
Padding format	Padding format of Option 82: · For Circuit ID sub-option, the padding format can be Normal, User Defined, Verbose (sysname), Verbose (MAC), or Verbose (user defined). · For Remote ID sub-option, the padding format can be Normal, Sysname, or User Defined. · For Vendor-Specific sub-option, the padding format is BAS.
Node identifier	Access node identifier. · For the Circuit ID sub-option, this field displays the user-defined node identifier string. · For the Remote ID sub-option, this field displays the user-defined string. · For the Vendor-Specific sub-option, the node identifier can be MAC, Sysname, or User Defined(string), where string in the brackets indicates the user-defined node identifier.
User defined	Content of the user-defined sub-option.
Format	Code type of Option 82 sub-option: · For Circuit ID sub-option, the code type can be ASCII, Default, or Hex. · For Remote ID sub-option, the code type can be ASCII or Hex.
Remote ID	Content of the Remote ID sub-option.
Vendor-specific	Content of the Vendor-Specific sub-option. This field is displayed only when the Vendor-Specific sub-option is configured.
VLAN	Pads Circuit ID, Remote ID, and Vendor-Specific sub-options in the DHCP packets received in the specified VLAN.

display dhcp snooping packet statistics

Use display dhcp snooping packet statistics to display DHCP packet statistics for DHCP snooping.

Syntax

display dhcp snooping packet statistics [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays DHCP packet statistics for the master device.

Examples

# Display DHCP packet statistics for DHCP snooping.

<Sysname> display dhcp snooping packet statistics

DHCP packets received : 100

DHCP packets sent : 200

Invalid DHCP packets dropped : 0

Related commands

reset dhcp snooping packet statistics

display dhcp snooping trust

Use display dhcp snooping trust to display information about trusted ports.

Syntax

display dhcp snooping trust

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about trusted ports.

<Sysname> display dhcp snooping trust

DHCP snooping is enabled.

Interface Trusted VLAN

============================ ======= ================

XGE1/0/1Ten-GigabitEthernet1/0/1 Trusted -

XGE1/0/2 - 100

VSI name Tunnel trusted

============================ ==============

a Trusted

AC Trusted

============================ ============

XGE1/0/1 srv 1 Trusted

Table 23 Command output

Field	Description
Interface	Interface name.
Trusted	For a DHCP snooping trusted port specified in the global DHCP snooping configuration, this field displays Trusted. For a trusted port specified in VLAN-based DHCP snooping configuration, this field displays a hyphen (-).
VLAN	VLAN to which the trusted port belongs. If the trusted port is specified in global DHCP snooping configuration, this field displays a hyphen (-).
VSI name	VSI name of the VXLAN tunnel interface. This field is available when you configure the tunnel interface assigned to the VSI as a DHCP snooping trusted interface by using the dhcp snooping trust tunnel command.
Tunnel trusted	Trusted tunnel interface specified in VXLAN-based DHCP snooping configuration.
AC	AC name, which is indicated by the interface name and Ethernet service instance name. This field is available when you configure the AC as the DHCP snooping trusted interface by using the dhcp snooping trust command in Ethernet service instance view.
Trusted	Trusted AC specified in VXLAN-based DHCP snooping configuration.

Related commands

dhcp snooping trust

dhcp snooping trust interface

reset dhcp snooping alarm packet statistics

Use reset dhcp snooping alarm packet statistics to clear the packet drop statistics on an interface.

Syntax

reset dhcp snooping alarm packet statistics interface interface-type interface-number

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

Examples

# Clear the packet drop statistics on Ten-GigabitEthernet 1/0/1.

<Sysname> reset dhcp snooping alarm packet statistics interface ten-gigabitethernet 1/0/1

Related commands

display dhcp snooping alarm packet statistics

reset dhcp snooping binding

Use reset dhcp snooping binding to clear DHCP snooping entries.

Syntax

reset dhcp snooping binding { all | ip ip-address [ vlan vlan-id ] }

Views

User view

Predefined user roles

network-admin

Parameters

all: Clears all DHCP snooping entries.

ip ip-address: Clears the DHCP snooping entry for the specified IP address.

vlan vlan-id: Clears DHCP snooping entries for the specified VLAN. If you do not specify a VLAN, this command clears DHCP snooping entries for the default VLAN.

Examples

# Clear all DHCP snooping entries.

<Sysname> reset dhcp snooping binding all

Related commands

display dhcp snooping binding

reset dhcp snooping m-lag-statistics

Use reset dhcp snooping m-lag-statistics to clear statistics about the packets exchanged between M-LAG member devices for DHCP snooping entry synchronization.

Syntax

reset dhcp snooping m-lag-statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear statistics about the packets exchanged between M-LAG member devices for DHCP snooping entry synchronization.

<Sysname> reset dhcp snooping m-lag-statistics

Related commands

display dhcp snooping m-lag-statistics

reset dhcp snooping packet statistics

Use reset dhcp snooping packet statistics to clear DHCP packet statistics for DHCP snooping.

Syntax

reset dhcp snooping packet statistics [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears DHCP packet statistics for the master device.

Examples

# Clear DHCP packet statistics for DHCP snooping.

<Sysname> reset dhcp snooping packet statistics

Related commands

display dhcp snooping packet statistics

snmp-agent trap enable dhcp snooping

Use snmp-agent trap enable dhcp snooping to enable DHCP snooping SNMP notifications.

Use undo snmp-agent trap enable dhcp snooping to disable DHCP snooping SNMP notifications.

Syntax

Default

All DHCP snooping SNMP notifications are disabled.

Views

System view

Predefined user roles

network-admin

Parameters

binding-exhaust: Specifies the binding-exhaust alarm. The DHCP snooping device generates this type of alarm notifications when the DHCP snooping entry resource is exhausted or recovers from the exhaustion condition.

binding-mismatch: Specifies the binding-mismatch alarm. The DHCP snooping device generates this type of alarm notifications when the number of DHCP requests dropped due to DHCP snooping entry mismatch has reached the alarm threshold.

binding-threshold: Specifies the binding-threshold alarm. The DHCP snooping device generates this type of alarm notifications when the usage of DHCP snooping entry resources has reached or dropped below the alarm threshold.

chaddr-mismatch: Specifies the chaddr-mismatch alarm. The DHCP snooping device generates this type of alarm notifications when the number of DHCP requests dropped due to MAC address mismatch has reached the threshold.

rate-limit: Specifies the rate-limit alarm. The DHCP snooping device generates this type of alarm notifications when the number of DHCP requests dropped due to reception rate limit exceeding has reached the alarm threshold.

untrust-reply: Specifies the untrust-reply alarm. The DHCP snooping device generates this type of alarm notifications when the number of DHCP server replies dropped on untrusted interfaces has reached the alarm threshold.

Usage guidelines

If you do not specify any parameters, this command enables all types of DHCP snooping SNMP notifications.

After you enable DHCP snooping SNMP notifications, the DHCP snooping module reports critical DHCP snooping events in alarm notifications to the SNMP module. For DHCP snooping event notifications to be sent correctly, you must configure SNMP on the device. For more information about SNMP configuration, see SNMP configuration in Network Management and Monitoring Configuration Guide.

When you enable a packet drop alarm, follow these restrictions and guidelines:

· Before enabling the chaddr-mismatch packet drop alarm, enable the MAC address check feature by using the dhcp snooping check mac-address command.

· Before enabling the binding-mismatch packet drop alarm, enable the DHCP-REQUEST check feature by using the dhcp snooping check request-message command.

· When t he number of DHCP requests dropped on an interface has reached the packet drop alarm threshold, the device generates an alarm notification. In this situation, the device will continue to collect the packet drop statistics, but will no longer generate an alarm notification for the same packet drop event. The device generates an alarm notification for the same packet drop event again only when the following conditions exist:

a. You use the reset dhcp snooping alarm packet statistics command to clear the packet drop statistics on the interface.

b. The number of DHCP requests dropped on the interface reaches the packet drop alarm threshold again.

To change the the packet drop alarm threshold, use the dhcp snooping trap threshold command.

Examples

# Disable the binding-exhaust alarm.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable dhcp snooping binding-exhaust

Related commands

dhcp snooping trap threshold

dhcp snooping check mac-address

dhcp snooping check request-message

dhcp snooping learning-num-threshold

snmp-agent target-host (Network Management and Monitoring Command Reference)

BOOTP client commands

display bootp client

Use display bootp client to display information about a BOOTP client.

Syntax

display bootp client [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays BOOTP client information on all interfaces.

Examples

# Display BOOTP client information on VLAN-interface 10.

<Sysname> display bootp client interface vlan-interface 10

Vlan-interface10 BOOTP client information:

Allocated IP: 169.254.0.2 255.255.0.0

Transaction ID: 0x3d8a7431

MAC Address: 00e0-fc0a-c3ef

Table 24 Command output

Field	Description
BOOTP client information	Information about the interface that acts as a BOOTP client.
Allocated IP	BOOTP client's IP address allocated by the BOOTP server.
Transaction ID	Value of the XID field in a BOOTP message. The BOOTP client chooses a random number for the XID field when sending a BOOTP request to the BOOTP server. It is used to match a response message from the BOOTP server. If the values of the XID field are different in the BOOTP response and request, the BOOTP client drops the BOOTP response.
Mac Address	MAC address of a BOOTP client.

Related commands

ip address bootp-alloc

Use ip address bootp-alloc to configure an interface to use BOOTP for IP address acquisition.

Use undo ip address bootp-alloc to cancel an interface from using BOOTP.

Syntax

ip address bootp-alloc

undo ip address bootp-alloc

Default

An interface does not use BOOTP for IP address acquisition.

Views

Interface view

Predefined user roles

network-admin

Examples

# Configure VLAN-interface 10 to use BOOTP for IP address acquisition.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ip address bootp-alloc

Related commands

display bootp client

05-Layer 3—IP Services Command Reference

DHCP commands

class range

dhcp server apply ip-pool

dhcp server forbidden-ip

dhcp server ping packets

DHCP relay agent commands

dhcp relay check mac-address

dhcp relay check mac-address aging-time

dhcp relay client-information refresh enable

dhcp relay information strategy

dhcp relay request-from-tunnel discard

display dhcp relay client-information

display dhcp relay m-lag-status

display dhcp relay statistics

gateway-list

reset dhcp relay client-information

dhcp snooping binding database update interval

Operating mechanism

Prerequisites

Restrictions and guidelines