Configuring dynamic binding update interval, Enabling unauthorized dhcp servers detection – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 386

Advertising
background image

36-6

To do…

Use the command…

Remarks

Enter interface view

interface

interface-type

interface-number

Enable invalid IP address
check

dhcp relay address-check

{ disable |

enable

}

Required
Disabled by default.

z

The dhcp relay address-check enable command is independent of other commands of the
DHCP relay agent. That is, the invalid address check takes effect when this command is executed,
regardless of whether other commands are used.

z

You are recommended to configure IP address check on the interface enabled with the DHCP relay
agent; otherwise, the valid DHCP clients may not be capable of accessing networks.

z

When using the dhcp relay security static command to bind a VLAN interface to a static binding
entry, make sure that the VLAN interface is configured as a DHCP relay agent; otherwise, address
entry conflicts may occur.

Configuring dynamic binding update interval

Via the DHCP relay agent, a DHCP client sends a DHCP-RELEASE unicast message to the DHCP
server to relinquish its IP address. In this case the DHCP relay agent simply conveys the message to
the DHCP server, thus it does not remove the IP address from its bindings. To solve this, the DHCP
relay agent can update dynamic bindings at a specified interval.

The DHCP relay agent uses the IP address of a client and the MAC address of the DHCP relay interface
to regularly send a DHCP-REQUEST message to the DHCP server.

z

If the server returns a DHCP-ACK message or does not return any message within a specified
interval, which means the IP address is assignable now, the DHCP relay agent will update its
bindings by aging out the binding entry of the IP address.

z

If the server returns a DHCP-NAK message, which means the IP address is still in use, the relay
agent will not age it out.

Follow these steps to configure dynamic binding update interval:

To do…

Use the command…

Remarks

Enter system view

system-view

Configure binding update
interval

dhcp relay security tracker

{ interval | auto }

Optional

auto

by default. (auto interval is calculated

by the relay agent according to the number
of bindings.)

Enabling unauthorized DHCP servers detection

There are unauthorized DHCP servers on networks, which reply DHCP clients with wrong IP
addresses.

Advertising
Popular Brands
Popular manuals