Configuring the dhcp server security functions, Configuration prerequisites, Enabling unauthorized dhcp server detection – H3C Technologies H3C S7500E Series Switches User Manual

5-15

Only an extended address pool can be applied on the interface. The address pool to be referenced

must already exist.

Configuring the DHCP Server Security Functions

This configuration is necessary to secure DHCP services on the DHCP server.

Configuration Prerequisites

Before performing this configuration, complete the following configurations on the DHCP server:

z

Enable DHCP

z

Configure the DHCP address pool

Enabling Unauthorized DHCP Server Detection

Unauthorized DHCP servers may exist on networks, and they reply DHCP clients with wrong IP

addresses.

With this feature enabled, upon receiving a DHCP request, the DHCP server will record the IP address

of the DHCP server which assigned an IP address to the DHCP client and the receiving interface. The

administrator can use this information to check out any unauthorized DHCP servers.

Follow these steps to enable unauthorized DHCP server detection:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable unauthorized DHCP server

detection

dhcp server detect

Required

Disabled by default.

With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP

server. The administrator needs to find unauthorized DHCP servers from the log information.

Configuring IP Address Conflict Detection

To avoid IP address conflicts, the DHCP server checks whether the address to be assigned is in use by

sending ping packets.

The DHCP server pings the IP address to be assigned using ICMP. If the server gets a response within

the specified period, the server will select and ping another IP address; otherwise, the server will ping