H3C Technologies H3C WX3000 Series Unified Switches User Manual

31-7

To do…

Use the command…

Remarks

Set the interval at which the DHCP
relay agent dynamically updates
the client address entries

dhcp-security tracker

{ interval

| auto }

Optional
By default, auto is adopted, that is,
the interval is automatically
calculated.

Enabling unauthorized DHCP server detection

If there is an unauthorized DHCP server in the network, when a client applies for an IP address, the
unauthorized DHCP server may assign an incorrect IP address to the DHCP client.

With this feature enabled, upon receiving a DHCP message with the siaddr field (IP addresses of the
servers offering IP addresses to the client) not being 0 from a client, the DHCP relay agent will record
the value of the siaddr field and the receiving interface. The administrator can use this information to
check out any DHCP unauthorized servers.

Follow these steps to enable unauthorized DHCP server detection:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable unauthorized DHCP server
detection

dhcp-server detect

Required
Disabled by default.

With the unauthorized DHCP server detection enabled, the relay agent will log all DHCP servers,
including authorized ones, and each server is recorded only once until such information is removed and
is recorded again. The administrator needs to find unauthorized DHCP servers from the system log
information.

Configuring the DHCP Relay Agent to Support Option 82

Prerequisites

Before configuring Option 82 support on a DHCP relay agent, you need to:

z

Configure network parameters and relay function of the DHCP relay device.

z

Perform assignment strategy-related configurations, such as network parameters of the DHCP
server, address pool, and lease time.

z

The routes between the DHCP relay agent and the DHCP server are reachable.