Configuring dhcp server security functions, Prerequisites, Enabling unauthorized dhcp server detection – H3C Technologies H3C S3100 Series Switches User Manual
Page 523
2-22
z
Define new DHCP options. New configuration options will come out with DHCP development. To
support new options, you can add them into the attribute list of the DHCP server.
z
Extend existing DHCP options. When the current DHCP options cannot meet customers’
requirements (for example, you cannot use the dns-list command to configure more than eight
DNS server addresses), you can configure a self defined option for extension.
Follow these steps to customize the DHCP service:
To do…
Use the command…
Remarks
Enter system view
system-view
—
interface interface-type interface-number
dhcp server option code { ascii
ascii-string | hex hex-string&<1-10> |
ip-address ip-address&<1-8> }
Configure the
current interface
quit
Configure
customized
options
Configure
multiple
interfaces in
system view
dhcp server option code { ascii
ascii-string | hex hex-string&<1-10> |
ip-address ip-address&<1-8> } { interface
interface-type interface-number [ to
interface-type interface-number ] | all }
Required
By default, no
customized
option is
configured.
Be cautious when configuring self-defined DHCP options because such configuration may affect the
DHCP operation process.
Configuring DHCP Server Security Functions
DHCP security configuration is needed to ensure the security of DHCP service.
Prerequisites
Before configuring DHCP security, you should first complete the DHCP server configuration (either
global address pool-based or interface address pool-based DHCP server configuration).
Enabling Unauthorized DHCP Server Detection
If there is an unauthorized DHCP server in the network, when a client applies for an IP address, the
unauthorized DHCP server may assign an incorrect IP address to the client.
With this feature enabled, when receiving a DHCP message with the siaddr field not being 0 from a
client, the DHCP server will record the value of the siaddr field and the receiving interface. The
administrator can use such information to check out any DHCP unauthorized servers.
Follow these steps to enable unauthorized DHCP server detection:
To do…
Use the command…
Remarks
Enter system view
system-view
—