Configuration guidelines, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

47

If the server receives a response within the specified period, the server selects and pings another IP

address. If it receives no response, the server continues to ping the IP addresses until the specified number
of ping packets are sent. If still no response is received, the server assigns the IP address to the requesting

client (The DHCP client probes the IP address by sending gratuitous ARP packets).
To configure IP address conflict detection:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Specify the number of ping

packets.

dhcp server ping packets
number

Optional.
One ping packet by default.
The value 0 indicates that no ping
operation is performed.

3.

Configure a timeout waiting

for ping responses.

dhcp server ping timeout
milliseconds

Optional.
500 ms by default.
The value 0 indicates that no ping
operation is performed.

Configuring the DHCP server to support authorized ARP

A DHCP server can work in cooperation with authorized ARP to block unauthorized clients, avoid

learning incorrect ARP entries, and guard against attacks such as MAC address spoofing. Only the

clients that have valid leases on the DHCP server are considered legal clients.
When authorized ARP is enabled, the ARP automatic learning function is disabled. ARP entries can be

added by the DHCP server which notifies authorized ARP to add/delete/change authorized ARP entries

when adding/deleting/changing IP address leases. Only the clients that have obtained IP addresses

from the DHCP server can access the network correctly, but other clients are considered unauthorized

clients and are unable to access the network.

Configuration guidelines

Follow these guidelines when you configure the DHCP server to support authorized ARP:

•

Authorized ARP can only be configured on Ethernet interfaces that operate in Layer 3 mode. For
more information about the working mode of Ethernet interfaces, see Interface Configuration

Guide.

•

When the working mode of the interface is changed from DHCP server to DHCP relay agent,
neither the IP address leases nor the authorized ARP entries will be deleted. However, these ARP
entries might conflict with new ARP entries generated on the DHCP relay agent. Therefore, H3C

recommends that you delete the existing IP address leases when changing the interface working

mode to DHCP relay agent.

•

Disabling the DHCP server to support authorized ARP will not delete the IP address leases, but will
delete the corresponding authorized ARP entries.

•

For more information about authorized ARP, see Security Configuration Guide. For more
information about the arp authorized enable command, see Security Command Reference.

Configuration procedure

To configure the DHCP server to support authorized ARP: