Configuration guidelines – H3C Technologies H3C S12500 Series Switches User Manual
Page 75
61
Step Command
Remarks
3.
Enter interface view.
interface interface-type interface-number
N/A
4.
Configure address check. dhcp relay address-check enable Disabled
by
default.
Configuring periodic refresh of dynamic client entries
A DHCP client unicasts a DHCP-RELEASE message to the DHCP server when releasing its dynamically
obtained IP address. The DHCP relay agent simply conveys the message to the DHCP server and does
not remove the IP-to-MAC binding. To solve this problem, the periodic refresh of dynamic client entries
feature is introduced.
With this feature, the DHCP relay agent uses the IP address of a client and the MAC address of the DHCP
relay interface to periodically send a DHCP-REQUEST message to the DHCP server.
•
If the server returns a DHCP-ACK message or does not return any message within a specific interval,
the DHCP relay agent ages out the client entry.
•
If the server returns a DHCP-NAK message, the relay agent keeps the client entry.
To configure dynamic binding update interval:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable periodic refresh
of dynamic client entries. dhcp relay security refresh enable
Optional.
Enabled by default.
3.
Configure binding
update interval.
dhcp relay security tracker
{ interval | auto }
Optional.
auto by default. (auto interval is
calculated by the relay agent according
to the number of bindings.)
Configuring the DHCP relay agent to support authorized ARP
A DHCP relay agent can work in cooperation with authorized ARP to block illegal clients.
With this feature enabled, when a client obtains an IP address from the DHCP server through a DHCP
relay agent, the DHCP relay agent can automatically record the client's IP-to-MAC binding and use this
client entry to update the corresponding ARP entry.
When authorized ARP is enabled on the DHCP relay agent, the ARP automatic learning function is
disabled. Then dynamic client entries are used to update ARP entries and avoid learning incorrect ARP
entries.
This feature makes sure that:
•
The clients that obtain IP addresses through DHCP have ARP entries on the DHCP relay agent, and
can access the network.
•
The clients that do not obtain IP addresses through DHCP have no ARP entries on the DHCP relay
agent, and are considered illegal clients and unable to access the network.
Configuration guidelines
Follow these guidelines when you configure the DHCP relay agent to support authorized ARP: