06-Layer 3 - IP Services

HomeSupportResource CenterH3C Access Controllers Command References(E5208P03 E5215P01 R5215P01)-6W10206-Layer 3 - IP Services
03-DHCP commands
Title Size Download
03-DHCP commands 357.14 KB

Contents

DHCP commands· 1

Common DHCP commands· 1

dhcp client-detect 1

dhcp dscp· 1

dhcp enable· 2

dhcp log enable· 2

dhcp select 3

DHCP server commands· 4

address range· 4

bims-server 5

bootfile-name· 6

class ip-pool 6

class option-group· 7

class range· 8

default ip-pool 9

dhcp apply-policy· 10

dhcp class· 10

dhcp option-group· 11

dhcp policy· 12

dhcp server always-broadcast 13

dhcp server apply ip-pool 13

dhcp server bootp ignore· 14

dhcp server bootp reply-rfc-1048· 15

dhcp server database filename· 15

dhcp server database update interval 17

dhcp server database update now·· 17

dhcp server database update stop· 18

dhcp server forbidden-ip· 18

dhcp server ip-pool 19

dhcp server ping packets· 20

dhcp server ping timeout 21

dhcp server relay information enable· 21

dhcp server reply-exclude-option60· 22

display dhcp server conflict 23

display dhcp server database· 23

display dhcp server expired· 24

display dhcp server free-ip· 25

display dhcp server ip-in-use· 26

display dhcp server pool 27

display dhcp server statistics· 29

dns-list 31

domain-name· 32

expired· 32

forbidden-ip· 33

gateway-list 34

if-match· 35

ip-in-use threshold· 37

nbns-list 38

netbios-type· 39

network· 39

next-server 41

option· 41

reset dhcp server conflict 42

reset dhcp server expired· 43

reset dhcp server ip-in-use· 43

reset dhcp server statistics· 44

static-bind· 44

tftp-server domain-name· 45

tftp-server ip-address· 46

valid class· 47

verify class· 47

voice-config· 48

DHCP relay agent commands· 49

dhcp relay check mac-address· 49

dhcp relay check mac-address aging time· 50

dhcp relay client-information record· 50

dhcp relay client-information refresh· 51

dhcp relay client-information refresh enable· 52

dhcp relay gateway· 52

dhcp relay information circuit-id· 53

dhcp relay information enable· 55

dhcp relay information remote-id· 56

dhcp relay information strategy· 57

dhcp relay release ip· 58

dhcp relay server-address· 58

dhcp smart-relay enable· 59

display dhcp relay check mac-address· 60

display dhcp relay client-information· 60

display dhcp relay information· 61

display dhcp relay server-address· 63

display dhcp relay statistics· 63

gateway-list 65

remote-server 65

reset dhcp relay client-information· 66

reset dhcp relay statistics· 67

DHCP client commands· 67

dhcp client dad enable· 67

dhcp client dscp· 68

dhcp client identifier 68

display dhcp client 69

ip address dhcp-alloc· 71

DHCP snooping commands· 72

dhcp snooping binding database filename· 72

dhcp snooping binding database update interval 74

dhcp snooping binding database update now·· 74

dhcp snooping binding record· 75

dhcp snooping check mac-address· 75

dhcp snooping check request-message· 76

dhcp snooping deny· 77

dhcp snooping enable· 77

dhcp snooping information circuit-id· 78

dhcp snooping information enable· 80

dhcp snooping information remote-id· 80

dhcp snooping information strategy· 81

dhcp snooping log enable· 82

dhcp snooping max-learning-num·· 83

dhcp snooping rate-limit 83

dhcp snooping trust 84

display dhcp snooping binding· 85

display dhcp snooping binding database· 86

display dhcp snooping information· 86

display dhcp snooping packet statistics· 88

display dhcp snooping trust 88

reset dhcp snooping binding· 89

reset dhcp snooping packet statistics· 89

BOOTP client commands· 90

display bootp client 90

ip address bootp-alloc· 90


DHCP commands

The WX1800H series, WX2500H series, and WX3000H series access controllers do not support the slot keyword or the slot-number argument.

Common DHCP commands

dhcp client-detect

Use dhcp client-detect to enable client offline detection on the DHCP server or DHCP relay agent.

Use undo dhcp client-detect to disable client offline detection.

Syntax

dhcp client-detect

undo dhcp client-detect

Default

Client offline detection is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

The client offline detection feature on the DHCP server reclaims an assigned IP address and deletes the binding entry when the ARP entry ages out for the IP address.

This feature on the DHCP relay agent deletes the related relay entry and sends a RELEASE message to the DHCP server when an ARP entry ages out.

This feature does not function if an ARP entry is manually deleted.

Examples

# Enable client offline detection.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp client-detect

dhcp dscp

Use dhcp dscp to set the DSCP value for DHCP packets sent by the DHCP server or the DHCP relay agent.

Use undo dhcp dscp to restore the default.

Syntax

dhcp dscp dscp-value

undo dhcp dscp

Default

The DSCP value in DHCP packets is 56.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.

Usage guidelines

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.

Examples

# Set the DSCP value for DHCP packets to 30.

<Sysname> system-view

[Sysname] dhcp dscp 30

dhcp enable

Use dhcp enable to enable DHCP.

Use undo dhcp enable to disable DHCP.

Syntax

dhcp enable

undo dhcp enable

Default

DHCP is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Enable DHCP before you configure the DHCP server or relay agent.

Examples

# Enable DHCP.

<Sysname> system-view

[Sysname] dhcp enable

dhcp log enable

Use dhcp log enable to enable DHCP logging.

Use undo dhcp log enable to restore the default.

Syntax

dhcp log enable

undo dhcp log enable

Default

DHCP logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCP server to generate DHCP logs and send them to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

Disable this feature when the log generation affects the device performance or reduces the address allocation efficiency. For example, this situation might occur when a large number of clients frequently come online or go offline.

Examples

# Enable DHCP logging.

<Sysname> system-view

[Sysname] dhcp log enable

dhcp select

Use dhcp select to enable the DHCP server or DHCP relay agent on an interface.

Use undo dhcp select to disable the DHCP server or DHCP relay agent on an interface. The interface discards DHCP packets.

Syntax

dhcp select { relay [ proxy ] | server }

undo dhcp select { relay | server }

Default

The interface operates in DHCP server mode and responds to DHCP requests with configuration parameters.

Views

Interface view

Predefined user roles

network-admin

Parameters

relay: Enables the DHCP relay agent on the interface.

proxy: Enables DHCP server proxy on the relay agent.

server: Enables the DHCP server on the interface.

Usage guidelines

Before enabling the DHCP relay agent on an interface, use the reset dhcp server ip-in-use command to remove address bindings and authorized ARP entries. These authorized ARP entries might conflict with ARP entries that are created after the DHCP relay agent is enabled.

When DHCP server proxy is enabled on the relay agent, the proxy forwards packets between the DHCP clients and DHCP server.

·     When receiving DHCP packets from DHCP clients, the proxy forwards them to the DHCP server.

·     When receiving DHCP responses from the DHCP server, the proxy modified the server's IP address in these responses as its own IP address.

Examples

# Enable the DHCP relay agent on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp select relay

Related commands

·     dhcp smart-relay enable

·     reset dhcp server ip-in-use

DHCP server commands

address range

Use address range to configure an IP address range in a DHCP address pool for dynamic allocation.

Use undo address range to remove the IP address range in the address pool.

Syntax

address range start-ip-address end-ip-address

undo address range

Default

No IP address range is configured.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

start-ip-address: Specifies the start IP address.

end-ip-address: Specifies the end IP address.

Usage guidelines

If no IP address range is specified, all IP addresses in the subnet specified by the network command in address pool view are assignable. If an IP address range is specified, only the IP addresses in the IP address range are assignable.

After you use the address range command, you cannot use the network secondary command to specify a secondary subnet in the address pool.

If you use the command multiple times, the most recent configuration takes effect.

The address range specified by the address range command must be within the subnet specified by the network command. The addresses out of the address range cannot be assigned.

Examples

# Specify an address range of 192.168.8.1 through 192.168.8.150 in address pool 1.

<Sysname> system-view

[Sysname] dhcp server ip-pool 1

[Sysname-dhcp-pool-1] address range 192.168.8.1 192.168.8.150

Related commands

·     class

·     dhcp class

·     display dhcp server pool

·     network

bims-server

Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool.

Use undo bims-server to remove the specified BIMS server information.

Syntax

bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } key

undo bims-server

Default

No BIMS server information is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip ip-address: Specifies the IP address of the BIMS server.

port port-number: Specifies the port number of the BIMS server, in the range of 1 to 65534.

cipher: Sets a ciphertext key.

simple: Sets a plaintext key.

key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters. The DHCP client uses the shared key to encrypt packets sent to the BIMS server.

Usage guidelines

If you use this command multiple times, the most recent configuration takes effect.

For security purposes, all passwords, including those configured in plain text, are saved in cipher text.

Examples

# Specify the BIMS server IP address 1.1.1.1, port number 80, and shared key aabbcc in address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] bims-server ip 1.1.1.1 port 80 sharekey simple aabbcc

Related commands

display dhcp server pool

bootfile-name

Use bootfile-name to specify a configuration file name.

Use undo bootfile-name to remove the configuration file name.

Syntax

bootfile-name bootfile-name

undo bootfile-name

Default

No configuration file name is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

bootfile-name: Specifies the configuration file name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

If you use the bootfile-name command multiple times, the most recent configuration takes effect.

If the configuration file is on a TFTP server, specify the configuration file name, and the IP address or name of the TFTP server.

Examples

# Specify the configuration file name boot.cfg in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] bootfile-name boot.cfg

Related commands

·     display dhcp server pool

·     next-server

·     tftp-server domain-name

·     tftp-server ip-address

class ip-pool

Use class ip-pool to specify a DHCP address pool for a DHCP user class.

Use undo class ip-pool to restore the default.

Syntax

class class-name ip-pool pool-name

undo class class-name ip-pool

Default

No DHCP address pool is specified for a DHCP user class.

Views

DHCP policy view

Predefined user roles

network-admin

Parameters

class-name: Specifies a DHCP user class by its name, a case-insensitive string of 1 to 63 characters.

pool-name: Specifies a DHCP address pool by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can specify only one DHCP address pool for a DHCP user class in a DHCP policy. If you use this command multiple times for a user class, the most recent configuration takes effect.

Examples

# Specify DHCP address pool pool1 for DHCP user class test in DHCP policy 1.

<Sysname> system-view

[Sysname] dhcp policy 1

[Sysname-dhcp-policy-1] class test ip-pool pool1

Related commands

·     default ip-pool

·     dhcp policy

·     dhcp server ip-pool

class option-group

Use class option-group to specify a DHCP option group for a DHCP user class.

Use undo class option-group to remove the configuration.

Syntax

class class-name option-group option-group-number

undo class class-name option-group

Default

No DHCP option group is specified for a DHCP user class.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

class-name: Specifies a DHCP user class by its name, a case-insensitive string of 1 to 63 characters.

option-group-number: Specifies a DHCP option group by its number in the range of 1 to 32768.

Usage guidelines

When receiving a DHCP-DISCOVER message, the server compares the client against the user classes in the order that they are specified by this command. If a match is found, the server assigns the client the DHCP options in the option group. If multiple matches are found, the server selects option groups by using the following methods:

·     If the option groups have options in common, the server selects the option group specified for the first matching user class.

·     If the option groups have different options, the server selects all the matching option groups.

You can specify only one option group for a DHCP user class in a DHCP address pool. If you use this command multiple times for a user class, the most recent configuration takes effect.

Examples

# Specify DHCP option group 1 for user class user in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] class user option-group 1

Related commands

dhcp option group

class range

Use class range to specify an IP address range for a DHCP user class.

Use undo class range to remove the IP address range for the DHCP user class.

Syntax

class class-name range start-ip-address end-ip-address

undo class class-name range

Default

No IP address range is specified for a DHCP user class.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

class-name: Specifies a DHCP user class by its name, a case-insensitive string of 1 to 63 characters. If the specified user class does not exist, the DHCP server will not assign the addresses in the address range specified for the user class to any client.

start-ip-address: Specifies the start IP address.

end-ip-address: Specifies the end IP address.

Usage guidelines

The class range command allows you to divide an address range into multiple address ranges for different DHCP user classes. The address range for a user class must be within the primary subnet specified by the network command. If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command. If the address range has no assignable IP addresses or no address range is configured, the address allocation fails.

You can specify only one address range for a DHCP user class in an address pool. If you use the class range command multiple times for a DHCP user class, the most recent configuration takes effect.

After you specify an address range for a user class, you cannot use the network secondary command to specify a secondary subnet in the address pool.

Examples

# Specify an IP address range of 192.168.8.1 through 192.168.8.150 for the DHCP user class user in DHCP address pool 1.

<Sysname> system-view

[Sysname] dhcp server ip-pool 1

[Sysname-dhcp-pool-1] class user range 192.168.8.1 192.168.8.150

Related commands

·     address range

·     dhcp class

·     display dhcp server pool

default ip-pool

Use default ip-pool to specify the default DHCP address pool.

Use undo default ip-pool to restore the default.

Syntax

default ip-pool pool-name

undo default ip-pool

Default

No default DHCP address pool is specified.

Views

DHCP policy view

Predefined user roles

network-admin

Parameters

pool-name: Specifies a DHCP address pool by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

In a DHCP policy, the DHCP server uses the default DHCP address pool to assign IP addresses and other parameters to clients that do not match any user class.

You can specify only one default address pool in a DHCP policy.

If you use this command multiple times, the most recent configuration takes effect.

Examples

# Specify DHCP address pool pool1 as the default DHCP address pool in DHCP policy 1.

<Sysname> system-view

[Sysname] dhcp policy 1

[Sysname-dhcp-policy-1] default ip-pool pool1

Related commands

·     class ip-pool

·     dhcp policy

dhcp apply-policy

Use dhcp apply-policy to apply a DHCP policy to an interface.

Use undo dhcp apply-policy to restore the default.

Syntax

dhcp apply-policy policy-name

undo dhcp apply-policy

Default

No DHCP policy is applied to an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a DHCP policy by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can apply only one DHCP policy to an interface.

If you use this command multiple times, the most recent configuration takes effect.

Examples

# Apply DHCP policy test to interface GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp apply-policy test

Related commands

dhcp policy

dhcp class

Use dhcp class to create a DHCP user class and enter the DHCP user class view.

Use undo dhcp class to remove the specified DHCP user class.

Syntax

dhcp class class-name

undo dhcp class class-name

Default

No DHCP user class exists.

Views

System view

Predefined user roles

network-admin

Parameters

class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can also use this command to enter the view of an existing DHCP user class.

In the DHCP user class view, you can use the if-match command to configure match rules to group clients to the user class.

Examples

# Create a DHCP user class test and enter DHCP user class view.

<Sysname> system-view

[Sysname] dhcp class test

[Sysname-dhcp-class-test]

Related commands

·     address range

·     class ip-pool

·     class option-group

·     class range

·     dhcp policy

·     if-match

dhcp option-group

Use dhcp option-group to create a DHCP option group and enter DHCP option group view.

Use undo dhcp option-group to delete a DHCP option group.

Syntax

dhcp option-group option-group-number

undo dhcp option-group option-group-number

Default

No DHCP option group exists.

Views

System view

Predefined user roles

network-admin

Parameters

option-group-number: Assigns a number to the DHCP option group, in the range of 1 to 32768.

Usage guidelines

You can use this command to enter the view of an existing DHCP option group.

Examples

# Create DHCP option group 1 and enter DHCP option group view.

<Sysname> system-view

[Sysname] dhcp option-group 1

[Sysname-dhcp-option-group-1]

Related commands

·     class option-group

·     option

dhcp policy

Use dhcp policy to create a DHCP policy and enter DHCP policy view.

Use undo dhcp policy to delete a DHCP policy.

Syntax

dhcp policy policy-name

undo dhcp policy policy-name

Default

No DHCP policy exists.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Assigns a name to the DHCP policy. The policy name is a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can also use this command to enter the view of an existing DHCP policy.

In DHCP policy view, you can specify address pools for different user classes. Clients matching a user class will obtain IP addresses and other parameters from the specified address pool.

For a DHCP policy to take effect, you must apply it to an interface.

Examples

# Create DHCP policy test and enter its view.

<Sysname> system-view

[Sysname] dhcp policy test

[Sysname-dhcp-policy-test]

Related commands

·     class ip-pool

·     default ip-pool

·     dhcp apply-policy

·     dhcp class

dhcp server always-broadcast

Use dhcp server always-broadcast to enable the DHCP server to broadcast all responses.

Use undo dhcp server always-broadcast to restore the default.

Syntax

dhcp server always-broadcast

undo dhcp server always-broadcast

Default

The DHCP server reads the broadcast flag in a DHCP request to decide whether to broadcast or unicast the response.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCP server to ignore the broadcast flag in DHCP requests and broadcast all responses.

The DHCP server always unicasts a response in the following situations, regardless of whether this command is executed:

·     The DHCP request is from a DHCP client that has an IP address (the ciaddr field is not 0).

·     The DHCP request is forwarded by a DHCP relay agent from a DHCP client (the giaddr field is not 0).

Examples

# Enable the DHCP server to broadcast all responses.

<Sysname> system-view

[Sysname] dhcp server always-broadcast

dhcp server apply ip-pool

Use dhcp server apply ip-pool to apply an address pool on an interface.

Use undo dhcp server apply ip-pool to remove the configuration.

Syntax

dhcp server apply ip-pool pool-name

undo dhcp server apply ip-pool

Default

No address pool is applied on an interface

Views

Interface view

Predefined user roles

network-admin

Parameters

pool-name: Specifies the name of a DHCP address pool, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Upon receiving a DHCP request from the interface, the DHCP server searches for a static binding for the client from all address pools. If no static binding is found, the server assigns configuration parameters from the address pool applied on the interface to the client. If the address pool has no assignable IP address or does not exist, the DHCP client cannot obtain an IP address.

If you use the command multiple times, the most recent configuration takes effect.

Examples

# Apply DHCP address pool 0 on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp server apply ip-pool 0

Related commands

dhcp server ip-pool

dhcp server bootp ignore

Use dhcp server bootp ignore to configure the DHCP server to ignore BOOTP requests.

Use undo dhcp server bootp ignore to restore the default.

Syntax

dhcp server bootp ignore

undo dhcp server bootp ignore

Default

The DHCP server does not ignore BOOTP requests.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests.

Examples

# Configure the DHCP server to ignore BOOTP requests.

<Sysname> system-view

[Sysname] dhcp server bootp ignore

dhcp server bootp reply-rfc-1048

Use dhcp server bootp reply-rfc-1048 to enable the sending of BOOTP responses in RFC 1048 format.

Use undo dhcp server bootp reply-rfc-1048 to disable this feature.

Syntax

dhcp server bootp reply-rfc-1048

undo dhcp server bootp reply-rfc-1048

Default

This feature is disabled. The DHCP server does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into responses.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Not all BOOTP clients can send requests compliant with RFC 1048. This command enables the DHCP server to fill the Vend field in RFC 1048-compliant format in DHCP responses to RFC 1048-incompliant requests sent by BOOTP clients.

This command takes effect only when the BOOTP clients request statically bound addresses.

Examples

# Enable the sending of BOOTP responses in RFC 1048 format on the DHCP server.

<Sysname> system-view

[Sysname] dhcp server bootp reply-rfc-1048

dhcp server database filename

Use dhcp server database filename to configure the DHCP server to back up the bindings to a file.

Use undo dhcp server database filename to disable the auto backup and remove the backup file.

Syntax

dhcp server database filename { filename | url url [ username username [ password { cipher | simple } key ] ] }

undo dhcp server database filename

Default

The DHCP server does not back up the DHCP bindings.

Views

System view

Predefined user roles

network-admin

Parameters

filename: Specifies the name of a local backup file. For information about the filename argument, see Fundamentals Configuration Guide.

url url: Specifies the URL of a remote backup file. Do not include a username or password in the URL.

username username: Specifies the username for logging in to the remote device.

cipher: Sets a ciphertext password.

simple: Sets a plaintext password.

key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 32 characters. If cipher is specified, it must be a string of 1 to 73 characters.

Usage guidelines

For security purposes, all passwords, including those configured in plain text, are saved in cipher text.

The command automatically creates the file if you specify a non-existent file.

With this command executed, the DHCP server backs up its bindings immediately and runs auto backup. The server, by default, waits 300 seconds after a binding change to update the backup file. You can use the dhcp server database update interval command to change the waiting time. If no DHCP binding changes, the backup file is not updated.

H3C recommends that you back up the bindings to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCP server malfunction.

When the backup file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password:

·     If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file path, where the port number is optional.

·     If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file path, where the port number is optional.

·     The username and password must be the same as those configured on the FTP or TFTP server. If the server authenticates only the username, the password can be omitted. For example, enter URL ftp://1.1.1.1/database.dhcp username admin to specify the URL and username options at the CLI.

·     If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[1::1]/database.dhcp.

·     You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp.

Examples

# Configure the DHCP server to back up its bindings to the file database.dhcp.

<Sysname> system-view

[Sysname] dhcp server database filename database.dhcp

# Configure the DHCP server to back up its bindings to the file database.dhcp in the working directory of the FTP server at 10.1.1.1.

<Sysname> system-view

[Sysname] dhcp server database filename url ftp://10.1.1.1/database.dhcp username 1 password simple 1

Related commands

·     dhcp server database update interval

·     dhcp server database update now

·     dhcp server database update stop

dhcp server database update interval

Use dhcp server database update interval to set the waiting time after a DHCP binding change for the DHCP server to update the backup file.

Use undo dhcp server database update interval to restore the default.

Syntax

dhcp server database update interval seconds

undo dhcp server database update interval

Default

The DHCP server waits 300 seconds after a DHCP binding change to update the backup file. If no DHCP binding changes, the backup file is not updated.

Views

System view

Predefined user roles

network-admin

Parameters

seconds: Sets the waiting time in seconds in the range of 60 to 864000.

Usage guidelines

The waiting time takes effect only after you configure the DHCP binding auto backup by using the dhcp server database filename command.

When a DHCP binding is created, updated, or removed, the waiting period starts. The DHCP server updates the backup file when the waiting period is reached. All bindings changed during the period will be saved to the backup file.

Examples

# Set the waiting time to 10 minutes for the DHCP server to update the backup file.

<Sysname> system-view

[Sysname] dhcp server database update interval 600

Related commands

·     dhcp server database filename

·     dhcp server database update now

·     dhcp server database update stop

dhcp server database update now

Use dhcp server database update now to manually save the DHCP bindings to the backup file.

Syntax

dhcp server database update now

Views

System view

Predefined user roles

network-admin

Usage guidelines

For this command to take effect, you must configure the DHCP auto backup by using the dhcp server database filename command.

Examples

# Manually save the DHCP bindings to the backup file.

<Sysname> system-view

[Sysname] dhcp server database update now

Related commands

·     dhcp server database filename

·     dhcp server database update interval

·     dhcp server database update stop

dhcp server database update stop

Use dhcp server database update stop to terminate the download of DHCP bindings from the backup file.

Syntax

dhcp server database update stop

Views

System view

Predefined user roles

network-admin

Usage guidelines

The DHCP server does not provide services during the binding download process. If the connection disconnects during the process, the waiting timeout timer is 60 minutes. When the timer expires, the DHCP server stops waiting and starts providing address allocation services.

To enable the DHCP server to provide services without waiting for the connection to be repaired, use this command to terminate the download immediately. The IP addresses associated with the undownloaded bindings will be assigned to clients. Address conflicts might occur.

Examples

# Terminate the download of the backup DHCP bindings.

<Sysname> system-view

[Sysname] dhcp server database update stop

Related commands

·     dhcp server database filename

·     dhcp server database update interval

·     dhcp server database update now

dhcp server forbidden-ip

Use dhcp server forbidden-ip to exclude specific IP addresses from dynamic allocation.

Use undo dhcp server forbidden-ip to remove the configuration.

Syntax

dhcp server forbidden-ip start-ip-address [ end-ip-address ]

undo dhcp server forbidden-ip start-ip-address [ end-ip-address ]

Default

No IP addresses are excluded from dynamic allocation.

Views

System view

Predefined user roles

network-admin

Parameters

start-ip-address: Specifies the start IP address.

end-ip-address: Specifies the end IP address, which cannot be lower than the start-ip-address. If you do not specify this argument, only the start-ip-address is excluded from dynamic allocation.

Usage guidelines

The IP addresses of some devices such as the gateway and FTP server cannot be assigned to clients. Use this command to exclude such addresses from dynamic allocation.

You can use this command multiple times to exclude multiple IP address ranges from dynamic allocation.

If the excluded IP address is in a static binding, the address can be still assigned to the client.

The address or address range specified in the undo dhcp server forbidden-ip command must be the same as that specified in the dhcp server forbidden-ip command. To remove an IP address from the specified address range, you must remove the entire address range.

Examples

# Exclude the IP addresses of 10.110.1.1 through 10.110.1.63 from dynamic allocation.

<Sysname> system-view

[Sysname] dhcp server forbidden-ip 10.110.1.1 10.110.1.63

Related commands

·     forbidden-ip

·     static-bind

dhcp server ip-pool

Use dhcp server ip-pool to create a DHCP address pool and enter its view.

Use undo dhcp server ip-pool to remove the specified DHCP address pool.

Syntax

dhcp server ip-pool pool-name

undo dhcp server ip-pool pool-name

Default

No DHCP address pool is created.

Views

System view

Predefined user roles

network-admin

Parameters

pool-name: Specifies the name for the DHCP address pool, a case-insensitive string of 1 to 63 characters used to uniquely identify this pool.

Usage guidelines

You can also use this command to enter the view of an existing DHCP address pool.

A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients.

Examples

# Create a DHCP address pool named pool1.

<Sysname> system-view

[Sysname] dhcp server ip-pool pool1

[Sysname-dhcp-pool-pool1]

Related commands

·     class ip-pool

·     dhcp server apply ip-pool

·     display dhcp server pool

dhcp server ping packets

Use dhcp server ping packets to set the maximum number of ping packets.

Use undo dhcp server ping packets to restore the default.

Syntax

dhcp server ping packets number

undo dhcp server ping packets

Default

The maximum number of ping packets is 1.

Views

System view

Predefined user roles

network-admin

Parameters

number: Sets the maximum number of ping packets, in the range of 0 to 10. To disable the address conflict detection, set the value to 0.

Usage guidelines

To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client.

If a ping attempt succeeds, the server considers that the IP address is in use and picks a new IP address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP client.

Examples

# Set the maximum number of ping packets to 10.

<Sysname> system-view

[Sysname] dhcp server ping packets 10

Related commands

·     dhcp server ping timeout

·     display dhcp server conflict

·     reset dhcp server conflict

dhcp server ping timeout

Use dhcp server ping timeout to set the ping response timeout time on the DHCP server.

Use undo dhcp server ping timeout to restore the default.

Syntax

dhcp server ping timeout milliseconds

undo dhcp server ping timeout

Default

The ping response timeout time is 500 milliseconds.

Views

System view

Predefined user roles

network-admin

Parameters

milliseconds: Sets the timeout time in the range of 0 to 10000 milliseconds. To disable the ping operation for address conflict detection, set the value to 0 milliseconds.

Usage guidelines

To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client.

If a ping attempt succeeds, the server considers that the IP address is in use and picks a new IP address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP client.

Examples

# Set the response timeout time to 1000 milliseconds.

<Sysname> system-view

[Sysname] dhcp server ping timeout 1000

Related commands

·     dhcp server ping packets

·     display dhcp server conflict

·     reset dhcp server conflict

dhcp server relay information enable

Use dhcp server relay information enable to enable the DHCP server to handle Option 82.

Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82.

Syntax

dhcp server relay information enable

undo dhcp server relay information enable

Default

The DHCP server handles Option 82.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Upon receiving a DHCP request that contains Option 82, the server copies the original Option 82 into the response. If the server is configured to ignore Option 82, the response will not contain Option 82.

Examples

# Configure the DHCP server to ignore Option 82.

<Sysname> system-view

[Sysname] undo dhcp server relay information enable

dhcp server reply-exclude-option60

Use dhcp server reply-exclude-option60 to disable the DHCP server from encapsulating Option 60 in DHCP replies.

Use undo dhcp server reply-exclude-option60 to restore the default.

Syntax

dhcp server reply-exclude-option60

undo dhcp server reply-exclude-option60

Default

The DHCP server can encapsulate Option 60 in DHCP replies.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If you do not disable the capability, the DHCP server encapsulates Option 60 in a DHCP reply in the following situations:

·     The received DHCP packet contains Option 60.

·     Option 60 is configured for the address pool.

If you disable the capability, the DHCP server does not encapsulate Option 60 in DHCP replies.

Examples

# Disable the DHCP server from encapsulating Option 60 in DHCP replies.

<Sysname> system-view

[Sysname] dhcp server reply-exclude-option60

display dhcp server conflict

Use display dhcp server conflict to display information about IP address conflicts.

Syntax

display dhcp server conflict [ ip ip-address ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip ip-address: Displays conflict information about the specified IP address. If you do not specify this option, this command displays information about all IP address conflicts.

Usage guidelines

The DHCP server generates IP address conflict information in the following situations:

·     Before assigning an IP address to a DHCP client, the DHCP server pings the IP address and discovers that another host is using the address.

·     The DHCP client sends a DECLINE packet to the DHCP server to inform the server of an IP address conflict.

·     The DHCP server discovers that the only assignable address in the address pool is its own IP address.

Examples

# Display information about all IP address conflicts.

<Sysname> display dhcp server conflict

IP address          Detect time

4.4.4.1             Apr 25 16:57:20 2007

4.4.4.2             Apr 25 17:00:10 2007

Table 1 Command output

Field

Description

 

IP address

Conflicted IP address.

Detect time

Time when the conflict was discovered.

 

Related commands

reset dhcp server conflict

display dhcp server database

Use display dhcp server database to display information about DHCP binding auto backup.

Syntax

display dhcp server database

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about DHCP binding auto backup.

<Sysname> display dhcp server database

 File name               :   database.dhcp

 Username                :  

 Password                :  

 Update interval         :   600 seconds

 Latest write time       :   Feb  8 16:09:53 2014

 Status                  :   Last write succeeded.

Table 2 Command output

Field

Description

 

File name

Name of the DHCP binding backup file.

Username

Username for logging in to the remote device.

Password

Password for logging in to the remote device. This field displays ****** if a password is configured.

Update interval

Waiting time in seconds after a DHCP binding change for the DHCP server to update the backup file.

Latest write time

Time of the latest update.

Status

Status of the update:

·     Writing—The backup file is being updated.

·     Last write succeeded—The backup file was successfully updated.

·     Last write failed—The backup file failed to be updated.

 

display dhcp server expired

Use display dhcp server expired to display the lease expiration information.

Syntax

display dhcp server expired [ ip ip-address | pool pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip ip-address: Displays lease expiration information about the specified IP address.

pool pool-name: Displays lease expiration information about the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you do not specify any parameters, this command displays lease expiration information about all address pools.

DHCP assigns these expired IP addresses to DHCP clients when all available addresses have been assigned.

Examples

# Display all lease expiration information.

<Sysname> display dhcp server expired

IP address       Client-identifier/Hardware address    Lease expiration

4.4.4.6          3030-3066-2e65-3230-302e-3130-3234    Apr 25 17:10:47 2007

                 -2d45-7468-6572-6e65-7430-2f31

Table 3 Command output

Field

Description

IP address

Expired IP address.

Client-identifier/Hardware address

Client ID or MAC address.

Lease expiration

Time when the lease expired.

 

Related commands

reset dhcp server expired

display dhcp server free-ip

Use display dhcp server free-ip to display information about assignable IP addresses.

Syntax

display dhcp server free-ip [ pool pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool pool-name: Displays assignable IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command displays all assignable IP addresses for all address pools.

Examples

# Display assignable IP addresses in all address pools.

<Sysname> display dhcp server free-ip

Pool name: 1

  Network: 10.0.0.0 mask 255.0.0.0

    IP ranges from 10.0.0.10 to 10.0.0.100

    IP ranges from 10.0.0.105 to 10.0.0.255

  Secondary networks:

    10.1.0.0 mask 255.255.0.0

      IP ranges from 10.1.0.0 to 10.1.0.255

    10.2.0.0 mask 255.255.0.0

      IP Ranges from 10.2.0.0 to 10.2.0.255

 

Pool name: 2

  Network: 20.1.1.0 mask 255.255.255.0

    IP ranges from 20.1.1.0 to 20.1.1.255

Table 4 Command output

Field

Description

Pool name

Name of the address pool.

Network

Assignable network.

IP ranges

Assignable IP address range.

Secondary networks

Assignable secondary networks.

 

Related commands

·     address range

·     dhcp server ip-pool

·     network

display dhcp server ip-in-use

Use display dhcp server ip-in-use to display binding information about assigned IP addresses.

Syntax

display dhcp server ip-in-use [ ip ip-address | pool pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip ip-address: Displays binding information about the specified IP address.

pool pool-name: Displays binding information about the specified IP address pool. The pool name is a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you do not specify any parameters, this command displays binding information about all assigned DHCP addresses.

If the lease deadline exceeds the year 2100, the lease expiration time is displayed as After 2100.

The binding information can be used by other security modules such as IP source guard only when the DHCP server is configured on the gateway of DHCP clients.

Examples

# Display binding information about all assigned DHCP addresses.

<Sysname> display dhcp server ip-in-use

IP address       Client identifier/    Lease expiration      Type

                 Hardware address

10.1.1.1         652e-3030-2e34        Not used              Static(F)

10.1.1.2         3030-3030-2e30        May 1 14:02:49 2015   Auto(C)

10.1.1.3         652e-3030-2e54        After 2100            Static(C)

Table 5 Command output

Field

Description

IP address

IP address assigned.

 

Client identifier/Hardware address

Client ID or hardware address.

 

Lease expiration

Lease expiration time:

·     Exact time (May 1 14:02:49 2015 in this example)Time when the lease will expire.

·     Not usedThe IP address of the static binding has not been assigned to the specific client.

·     UnlimitedInfinite lease expiration time.

·     After 2100—The lease will expire after 2100.

 

Type

Binding types:

·     Static(F)—A free static binding whose IP address has not been assigned.

·     Static(O)—An offered  static binding whose IP address has been selected and sent by the DHCP server in a DHCP-OFFER packet to the client. Static(C)—A committed static binding whose IP address has been assigned to the DHCP client.

·     Auto(O)—An offered temporary dynamic binding whose IP address has been dynamically selected by the DHCP server and sent in a DHCP-OFFER packet to the DHCP client.

·     Auto(C)—A committed dynamic binding whose IP address has been dynamically assigned to the DHCP client.

 

 

Related commands

reset dhcp server ip-in-use

display dhcp server pool

Use display dhcp server pool to display information about a DHCP address pool.

Syntax

display dhcp server pool [ pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool-name: Displays information about the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify the pool-name argument, this command displays information about all address pools.

Examples

# Display information about all DHCP address pools.

<Sysname> display dhcp server pool

Pool name: 0

  Network 20.1.1.0 mask 255.255.255.0

  class a range 20.1.1.50 20.1.1.60

  bootfile-name abc.cfg

  dns-list 20.1.1.66 20.1.1.67 20.1.1.68

  domain-name www.aabbcc.com

  bims-server ip 192.168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=

  option 2 ip-address 1.1.1.1

  expired 1 2 3 0

 

Pool name: 1

  Network 20.1.1.0 mask 255.255.255.0

  secondary networks:

    20.1.2.0 mask 255.255.255.0

    20.1.3.0 mask 255.255.255.0

  bims-server ip 192.168.0.51 port 50 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=

  forbidden-ip 20.1.1.22 20.1.1.36 20.1.1.37

  forbidden-ip 20.1.1.22 20.1.1.23 20.1.1.24

  gateway-list 10.1.1.3 11.2.2.2 12.4.4.4

  nbns-list 11.5.5.5 12.6.6.4 13.7.7.7

  netbios-type m-node

  option 2 ip-address 10.1.1.3

  expired 1 0 0 0

 

Pool name: 2

  Network 20.1.1.0 mask 255.255.255.0

  address range 20.1.1.1 to 20.1.1.15

  class departmentA range 20.1.1.20 to 20.1.1.29

  class departmentB range 20.1.1.30 to 20.1.1.40

  next-server 20.1.1.33

  tftp-server domain-name www.dian.org.cn

  tftp-server ip-address 192.168.0.120

  voice-config ncp-ip 10.1.1.2

  voice-config as-ip 10.1.1.5

  voice-config voice-vlan 3 enable

  voice-config fail-over 10.1.1.1 123*

  option 2 ip-address 1.1.1.3

  expired 1 0 0 0

 

Pool name: 3

  static bindings:

    ip-address 10.10.1.2 mask 255.0.0.0

      hardware-address 00e0-00fc-0001 ethernet

    ip-address 10.10.1.3 mask 255.0.0.0

      client-identifier aaaa-bbbb

  expired unlimited

Table 6 Command output

Field

Description

Pool name

Name of an address pool.

Network

Assignable network.

secondary networks

Assignable secondary networks.

address range

Assignable address range.

class class-name range

DHCP user class and its address range.

static bindings

Static IP-to-MAC/client ID bindings.

option

Customized DHCP option.

expired

Lease duration: 1 2 3 4 in this example refers to 1 day 2 hours 3 minutes 4 seconds.

bootfile-name

Boot file name

dns-list

DNS server IP address.

domain-name

Domain name suffix.

bims-server

BIMS server information.

forbidden-ip

IP addresses excluded from dynamic allocation.

gateway-list

Gateway addresses.

nbns-list

WINS server addresses.

netbios-type

NetBIOS node type.

next-server

Next server IP address.

tftp-server domain-name

TFTP server name.

tftp-server ip-address

TFTP server address.

voice-config ncp-ip

Primary network calling processor address.

voice-config as-ip

Backup network calling processor address.

voice-config voice-vlan

Voice VLAN.

voice-config fail-over

Failover route.

 

display dhcp server statistics

Use display dhcp server statistics to display the DHCP server statistics.

Syntax

display dhcp server statistics [ pool pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, this command displays information about all address pools.

Examples

# Display the DHCP server statistics.

<Sysname> display dhcp server statistics

    Pool number:                       1

    Pool utilization:                  0.39%

    Bindings:

      Automatic:                       1

      Manual:                          0

      Expired:                         0

    Conflict:                          1

    Messages received:                10

      DHCPDISCOVER:                    5

      DHCPREQUEST:                     3

      DHCPDECLINE:                     0

      DHCPRELEASE:                     2

      DHCPINFORM:                      0

      BOOTPREQUEST:                    0

    Messages sent:                     6

      DHCPOFFER:                       3

      DHCPACK:                         3

      DHCPNAK:                         0

      BOOTPREPLY:                      0

    Bad Messages:                      0

Table 7 Command output

Field

Description

 

Pool number

Total number of address pools. This field is not displayed when you display statistics for a specific address pool.

Pool utilization

Pool usage rate:

·     If you display statistics for all address pools, this field displays the usage rate of all address pools.

·     If you display statistics for an address pool, this field displays the pool usage rate of the specified address pool.

Bindings

Bindings include the following types:

·     Automatic—Number of dynamic bindings.

·     Manual—Number of static bindings.

·     Expired—Number of expired bindings.

Conflict

Total number of conflict addresses. This field is not displayed if you display statistics for a specific address pool.

Messages received

DHCP packets received from clients:

·     DHCPDISCOVER.

·     DHCPREQUEST.

·     DHCPDECLINE.

·     DHCPRELEASE.

·     DHCPINFORM.

·     BOOTPREQUEST.

This field is not displayed if you display statistics for a specific address pool.

Messages sent

DHCP packets sent to clients:

·     DHCPOFFER.

·     DHCPACK.

·     DHCPNAK.

·     BOOTPREPLY.

This field is not displayed if statistics about a specific address pool are displayed.

Bad Messages

Number of bad messages. This field is not displayed if you display statistics for a specific address pool.

 

Related commands

reset dhcp server statistics

dns-list

Use dns-list to specify DNS server addresses in a DHCP address pool.

Use undo dns-list to remove DNS server addresses from a DHCP address pool.

Syntax

dns-list ip-address&<1-8>

undo dns-list [ ip-address&<1-8> ]

Default

No DNS server address is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address&<1-8>: Specifies a space-separated list of up to eight DNS servers.

Usage guidelines

If you use the dns-list command multiple times, the most recent configuration takes effect.

If you do not specify any parameters, the undo dns-list command deletes all DNS server addresses in the DHCP address pool.

Examples

# Specify the DNS server address 10.1.1.254 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] dns-list 10.1.1.254

Related commands

display dhcp server pool

domain-name

Use domain-name to specify a domain name in a DHCP address pool.

Use undo domain-name to remove the specified domain name.

Syntax

domain-name domain-name

undo domain-name

Default

No domain name suffix is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

domain-name: Specifies the domain name, a case-sensitive string of 1 to 50 characters.

Usage guidelines

If you use the command multiple times, the most recent configuration takes effect.

Examples

# Specify the domain name company.com in address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] domain-name company.com

Related commands

display dhcp server pool

expired

Use expired to set the lease duration in a DHCP address pool.

Use undo expired to restore the default lease duration for a DHCP address pool.

Syntax

expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited }

undo expired

Default

The lease duration of a dynamic address pool is one day.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

day day: Sets the number of days, in the range of 0 to 365.

hour hour: Sets the number of hours, in the range of 0 to 23.

minute minute: Sets the number of minutes, in the range of 0 to 59.

second second: Sets the number of seconds, in the range of 0 to 59.

unlimited: Specifies the unlimited lease duration, which is actually 136 years.

Usage guidelines

The DHCP server assigns an IP address together with the lease duration to the DHCP client. Before the lease expires, the DHCP client must extend the lease duration.

·     If the lease extension operation succeeds, the DHCP client can continue to use the IP address.

·     If the lease extension operation does not succeed, both of the following events occur:

¡     The DHCP client cannot use the IP address after the lease duration expires.

¡     The DHCP server will label the IP address as an expired address.

Examples

# Set the lease duration to 1 day, 2 hours, 3 minutes, and 4 seconds in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] expired day 1 hour 2 minute 3 second 4

Related commands

·     display dhcp server expired

·     display dhcp server pool

·     reset dhcp server expired

forbidden-ip

Use forbidden-ip to exclude IP addresses from dynamic allocation in an address pool.

Use undo forbidden-ip to cancel the configuration.

Syntax

forbidden-ip ip-address&<1-8>

undo forbidden-ip [ ip-address&<1-8> ]

Default

No IP addresses are excluded from dynamic allocation in an address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address&<1-8>: Specifies a space-separated list of up to eight excluded IP addresses.

Usage guidelines

The excluded IP addresses in an address pool are still assignable in other address pools.

You can exclude a maximum of 4096 IP addresses in an address pool.

If you do not specify any parameters, the undo forbidden-ip command deletes all excluded IP addresses.

Examples

# Exclude IP addresses 192.168.1.3 and 192.168.1.10 from dynamic allocation in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] forbidden-ip 192.168.1.3 192.168.1.10

Related commands

·     dhcp server forbidden-ip

·     display dhcp server pool

gateway-list

Use gateway-list to specify gateway addresses in a DHCP address pool or a DHCP secondary subnet.

Use undo gateway-list to remove the specified gateway addresses from a DHCP address pool or a DHCP secondary subnet.

Syntax

gateway-list ip-address&<1-64> [ export-route ]

undo gateway-list [ ip-address&<1-64> ] [ export-route ]

Default

No gateway address is configured in a DHCP address pool or a DHCP secondary subnet.

Views

DHCP address pool view

DHCP secondary subnet view

Predefined user roles

network-admin

Parameters

ip-address&<1-64>: Specifies a space-separated list of up to 64 gateway addresses. Gateway addresses must reside on the same subnet as the assignable IP addresses.

export-route: Binds the gateways to the device's MAC address in the address management module. The ARP module will use the entries to reply to ARP requests from the DHCP clients. This feature ensures the clients to obtain different gateway IP addresses but the same MAC address.

Usage guidelines

If you do not specify any parameters, the undo gateway-list command deletes all gateway addresses.

The DHCP server assigns gateway addresses to clients on a secondary subnet in the following ways:

·     If gateways are specified in both address pool view and secondary subnet view, DHCP assigns those specified in the secondary subnet view.

·     If gateways are specified in address pool view but not in secondary subnet view, DHCP assigns those specified in address pool view.

Examples

# Specify the gateway address 10.1.1.1 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] gateway-list 10.1.1.1

Related commands

display dhcp server pool

if-match

Use if-match to configure a match rule for a DHCP user class.

Use undo if-match to delete a match rule for a DHCP user class.

Syntax

if-match rule rule-number { hardware-address hardware-address mask hardware-address-mask | option option-code [ ascii ascii-string [ offset offset | partial ] | hex hex-string [ mask mask | offset offset length length | partial ] ] | relay-agent gateway-address }

undo if-match rule rule-number

Default

No match rule is configured for the DHCP user class.

Views

DHCP user class view

Predefined user roles

network-admin

Parameters

rule rule-number: Assigns the match rule an ID in the range of 1 to 16. A smaller ID represents a higher match priority.

hardware-address hardware-address: Specifies a hardware address, a string of 4 to 39 characters. The string contains hyphen-separated hexadecimal numbers. The last hexadecimal number can be a two-digit or four-digit number, and the other hexadecimal numbers must be four-digit numbers. For example, aabb-ccdd-ee is valid, and aabb-c-dddd or aabb-cc-dddd is invalid.

mask hardware-address-mask: Specifies the mask for the match operation. The length of the mask must be the same as that of the hardware address.

option option-code: Specifies a DHCP option by its number in the range of 1 to 254.

ascii ascii-string: Specifies an ASCII string of 1 to 128 characters.

offset offset: Specifies the offset in bytes after which the match operation starts. The value range is 0 to 254. If you specify an ASCII string, a packet matches the rule if the option content after the offset is the same as the ASCII string. If you specify a hexadecimal string, a packet matches the rule if the option content of the specified length after the offset is the same as the hexadecimal string.

partial: Enables partial match. A packet matches a rule if the specified option in the packet contains the ASCII or hexadecimal string specified in the rule. For example, if the specified string is abc, option content xabc, xyzabca, xabcyz, and abcxyz all match the rule.

hex hex-string: Specifies a hexadecimal string. The length of the hexadecimal string must be an even number in the range of 2 to 256.

mask mask: Specifies the mask for the match operation. The mask is a hexadecimal string whose length is an even number in the range of 2 to 256 and must be the same as the hex-string length. The DHCP server selects a string of the mask length from the start of the option, and ANDs the selected string and the specified hexadecimal string with the mask. The packet matches the rule if the two AND operation results are the same.

length length: Specifies the length of the option content to be matched, in the range of 1 to 128 bytes. The length must be the same as the hex-string length.

relay-agent gateway-address: Specifies a giaddr field value. The value is an IPv4 address in the dotted decimal notation. A packet match the rule if its giaddr field value is the same as that in the rule.

Usage guidelines

You can configure multiple match rules for a DHCP user class. Each match rule is uniquely identified by a rule ID within its type (hardware address, option, or relay agent address). The DHCP server compares the hardware address, option content, or relay agent address in the DHCP requests against the match rules. If a match is found, the DHCP client matches the DHCP user class.

H3C recommends you not configure rules of different types to use the same ID. Two rules cannot have the same content.

·     If the rule that you are configuring has the same ID and type as an existing rule, the new rule overwrites the existing rule.

·     If the rule that you are configuring has the same ID as an existing rule but a different type, the new rule takes effect and coexists with the existing rule.

When you configure an if-match hardware-address rule, follow these guidelines:

·     A rule applies only to clients with MAC addresses. It does not match clients with hardware addresses of other types.

·     The specified hardware address must be of the same length as the client hardware addresses to be matched. To match MAC addresses, the specified hardware address must be six bytes long.

·     The fs and 0s in the mask for the hardware match operation can be noncontiguous. For example, the rule if-match rule 1 hardware-address 0094-0000-1100 mask ffff-0000-ff00 matches hardware addresses in which the first two bytes are 0094 and the fifth byte is 11.

When you configure an if-match option rule, follow these guidelines:

·     To match packets that contain an option, specify only the option code.

·     To match a hexadecimal string by AND operations, specify the option option-code hex hex-string mask mask options.

·     To match a hexadecimal string directly, specify the option option-code hex hex-string [ offset offset length length | partial ] options.

If you do not specify the optional parameters, a packet matches a rule if the option content starts with the hexadecimal string.

·     To match an ASCII string, specify the option option-code ascii ascii-string [ offset offset | partial ] options.

If you do not specify the optional parameters, a packet matches a rule if the option content starts with the ASCII string.

Examples

# Configure match rule 1 for the DHCP user class exam to match DHCP requests in which the hardware address is six bytes long and begins with 0094.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 1 hardware-address 0094-0000-0101 mask ffff-0000-0000

# Configure match rule 2 for the DHCP user class exam to match DHCP requests that contain Option 82.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 2 option 82

# Configure match rule 3 for the DHCP user class exam to match DHCP requests in which the highest bit of the fourth byte in Option 82 is 1.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 3 option 82 hex 00000080 mask 00000080

# Configure match rule 4 for the DHCP user class exam to match DHCP requests in which the first three bytes of Option 82 are 0x13ae92.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 4 option 82 hex 13ae92 offset 0 length 3

# Configure match rule 5 for the DHCP user class exam to match DHCP requests in which the Option 82 contains the string 0x13ae.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 5 option 82 hex 13ae partial

# Configure match rule 6 for the DHCP user class exam to match DHCP requests in which the giaddr field is 10.1.1.1.

<Sysname> system-view

[Sysname] dhcp class exam

[Sysname-dhcp-class-exam] if-match rule 6 relay-agent 10.1.1.1

Related commands

dhcp class

ip-in-use threshold

Use ip-in-use threshold to set a threshold for the address pool usage alarming.

Use undo ip-in-use threshold to restore the default.

Syntax

ip-in-use threshold threshold-value

undo ip-in-use threshold

Default

The address pool usage threshold is 100%.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

threshold-value: Sets the threshold for the address pool usage percentage. The value range is 1 to 100.

Usage guidelines

If you use this command in the same address pool view multiple times, the most recent configuration takes effect.

When the address pool usage exceeds the threshold, the system sends log messages to the information center. According to the log information, you can optimize the address pool configuration. For more information about the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Set the address pool usage threshold to 85%.

<Sysname> system-view

[Sysname] dhcp server ip-pool p1

[Sysname-dhcp-pool-p1] ip-in-use threshold 85

nbns-list

Use nbns-list to specify WINS server addresses in a DHCP address pool.

Use undo nbns-list to remove the specified WINS server addresses.

Syntax

nbns-list ip-address&<1-8>

undo nbns-list [ ip-address&<1-8> ]

Default

No WINS server address is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address&<1-8>: Specifies a space-separated list of up to eight WINS server IP addresses.

Usage guidelines

If you use this command multiple times, the most recent configuration takes effect.

If you do not specify any parameters, the undo nbns-list command deletes all WINS server addresses.

Examples

# Specify the WINS server IP address 10.1.1.1 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] nbns-list 10.1.1.1

Related commands

·     display dhcp server pool

·     netbios-type

netbios-type

Use netbios-type to specify the NetBIOS node type in a DHCP address pool.

Use undo netbios-type to remove the specified NetBIOS node type.

Syntax

netbios-type { b-node | h-node | m-node | p-node }

undo netbios-type

Default

No NetBIOS node type is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server.

h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server.

m-node: Specifies the mixed node. An m-node client broadcasts the destination name. If it does not receive a response, the m-node client unicasts the destination name to the WINS server to get the mapping.

p-node: Specifies the peer-to-peer node. A p-node client sends the destination name in a unicast message to get the mapping from the WINS server.

Usage guidelines

If you use the command multiple times, the most recent configuration takes effect.

Examples

# Specify the NetBIOS node type as p-node in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] netbios-type p-node

Related commands

·     display dhcp server pool

·     nbns-list

network

Use network to specify the subnet for dynamic allocation in a DHCP address pool.

Use undo network to remove the specified subnet.

Syntax

network network-address [ mask-length | mask mask ] [ export-route ] [ secondary ]

undo network network-address [ mask-length | mask mask ] [ secondary ]

Default

No subnet is specified in a DHCP address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

network-address: Specifies the subnet for dynamic allocation. If no mask length or mask is specified, the natural mask will be used.

mask-length: Specifies the mask length in the range of 1 to 30.

mask mask: Specifies the mask in dotted decimal format.

export-route: Advertises the subnet assigned to DHCP clients. This feature ensures symmetric routing for traffic of the same client.

secondary: Specifies the subnet as a secondary subnet. If you do not specify this keyword, this command specifies the primary subnet. If the addresses in the primary subnet are used up, the DHCP server can select addresses from a secondary subnet for clients.

Usage guidelines

You can use the secondary keyword to specify a secondary subnet and enter its view. In secondary subnet view, you can specify gateways by using the gateway-list command for DHCP clients in the secondary subnet.

You can specify only one primary subnet for a DHCP address pool. If you use the network command multiple times, the most recent configuration takes effect.

You can specify up to 32 secondary subnets for a DHCP address pool.

The primary subnet and secondary subnets in a DHCP address pool must not have the same network address and mask.

If you have used the address range or class command in an address pool, you cannot specify a secondary subnet in the same address pool.

Modifying or removing the network configuration deletes the assigned addresses from the current address pool.

If you use the network export-route command multiple times, the most recent configuration takes effect.

Examples

# Specify primary subnet 192.168.8.0/24 and secondary subnet 192.168.10.0/24 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] network 192.168.8.0 mask 255.255.255.0

[Sysname-dhcp-pool-0] network 192.168.10.0 mask 255.255.255.0 secondary

[Sysname-dhcp-pool-0-secondary]

Related commands

·     display dhcp server pool

·     gateway-list

next-server

Use next-server to specify the IP address of a server in a DHCP address pool.

Use undo next-server to remove the server's IP address from the DHCP address pool.

Syntax

next-server ip-address

undo next-server

Default

No server's IP address is specified in a DHCP address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address of a server.

Usage guidelines

Upon startup, the DHCP client obtains an IP address and the specified server IP address. Then it contacts the specified server, such as a TFTP server, to get other boot information.

If you use the next-server command multiple times, the most recent configuration takes effect.

Examples

# Specify a server's IP address 10.1.1.254 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] next-server 10.1.1.254

Related commands

display dhcp server pool

option

Use option to customize a DHCP option.

Use undo option to remove a customized DHCP option.

Syntax

option code { ascii ascii-string | hex hex-string | ip-address ip-address&<1-8> }

undo option code

Default

No DHCP option is customized.

Views

DHCP address pool view

DHCP option group view

Predefined user roles

network-admin

Parameters

code: Specifies the number of the customized option, in the range of 2 to 254.

ascii ascii-string: Specifies an ASCII string of 1 to 255 characters as the option content.

hex hex-string: Specifies a hexadecimal string as the option content. The string length must be an even number in the range of 2 to 256.

ip-address ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses as the option content.

Usage guidelines

The DHCP server fills the customized option with the specified ASCII string, hexadecimal string, or IP addresses, and sends it in a response to the client.

If you use the option command with the same code specified, the most recent configuration takes effect.

You can customize options for the following purposes:

·     Add newly released options.

·     Add options for which the vendor defines the contents, for example, Option 43.

·     Add options for which the CLI does not provide a dedicated configuration command. For example, you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients.

·     Add all option values if the actual requirement exceeds the limit for a dedicated option configuration command. For example, the dns-list command can specify up to eight DNS servers. To specify more than eight DNS server, you must use the option 6 command to define all DNS servers.

DHCP options specified by dedicated commands take precedence over those specified by the option commands. For example, if a DNS server address is specified by both the dns-list command and the option 6 command, the server uses the address specified by the dns-list command.

DHCP options specified in DHCP option groups take precedence over those specified in DHCP address pools.

Examples

# Configure Option 7 to specify the log server address 2.2.2.2 in address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] option 7 ip-address 2.2.2.2

Related commands

display dhcp server pool

reset dhcp server conflict

Use reset dhcp server conflict to clear IP address conflict information.

Syntax

reset dhcp server conflict [ ip ip-address ]

Views

User view

Predefined user roles

network-admin

Parameters

ip ip-address: Clears conflict information about the specified IP address. If you do not specify this option, this command clears all address conflict information.

Usage guidelines

Address conflicts occur when dynamically assigned IP addresses have been statically configured for other hosts. After you modify the address pool configuration, the conflicted addresses might become assignable. To assign these addresses, use the reset dhcp server conflict command to clear the conflict information first.

Examples

# Clear all IP address conflict information.

<Sysname> reset dhcp server conflict

Related commands

display dhcp server conflict

reset dhcp server expired

Use reset dhcp server expired to clear binding information about expired IP addresses.

Syntax

reset dhcp server expired [ ip ip-address | pool pool-name ]

Views

User view

Predefined user roles

network-admin

Parameters

ip ip-address: Clears binding information about the specified expired IP address.

pool pool-name: Clears binding information about the expired IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you do not specify any parameters, this command clears binding information about all expired IP addresses.

Examples

# Clear binding information about all expired IP addresses.

<Sysname> reset dhcp server expired

Related commands

display dhcp server expired

reset dhcp server ip-in-use

Use reset dhcp server ip-in-use to clear binding information about assigned IP addresses.

Syntax

reset dhcp server ip-in-use [ ip ip-address | pool pool-name ]

Views

User view

Predefined user roles

network-admin

Parameters

ip ip-address: Clears binding information about the specified assigned IP address.

pool pool-name: Clears binding information about the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you do not specify any parameters, this command clears binding information about all assigned IP addresses.

If you use this command to clear information about an assigned static binding, the static binding becomes an unassigned static binding.

Examples

# Clear binding information about the IP address 10.110.1.1.

<Sysname> reset dhcp server ip-in-use ip 10.110.1.1

Related commands

display dhcp server ip-in-use

reset dhcp server statistics

Use reset dhcp server statistics to clear DHCP server statistics.

Syntax

reset dhcp server statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear DHCP server statistics.

<Sysname> reset dhcp server statistics

Related commands

display dhcp server statistics

static-bind

Use static-bind to statically bind a client ID or MAC address to an IP address.

Use undo static-bind to remove a static binding.

Syntax

static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier | hardware-address hardware-address [ ethernet | token-ring ] }

undo static-bind ip-address ip-address

Default

No static binding is specified in a DHCP address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address ip-address: Specifies the IP address of the static binding. The natural mask is used if no mask length or mask is specified.

mask-length: Specifies the mask length in the range of 1 to 30.

mask mask: Specifies the mask, in dotted decimal format.

client-identifier client-identifier: Specifies the client ID of the static binding, a string of 4 to 254 characters. The string can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…. The last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is correct, and aabb-c-dddd and aabb-cc-dddd are not correct.

hardware-address hardware-address: Specifies the client hardware address of the static binding, a string of 4 to 39 characters. The string can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…. The last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is correct, and aabb-c-dddd and aabb-cc-dddd are not correct.

ethernet: Specifies the client hardware address type as Ethernet. The default type is Ethernet.

token-ring: Specifies the client hardware address type as token ring.

Usage guidelines

The IP address of a static binding must not be an interface address of the DHCP server. Otherwise, an IP address conflict occurs, and the bound client cannot obtain the IP address.

You can specify multiple static bindings in an address pool. The total number of static bindings in all address pools cannot exceed 8192.

You cannot modify bindings. To change the binding for a DHCP client, you must delete the existing binding first and create a new binding.

Examples

# Bind the IP address 10.1.1.1/24 to the client ID 00aa-aabb in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0 client-identifier 00aa-aabb

Related commands

display dhcp server pool

tftp-server domain-name

Use tftp-server domain-name to specify a TFTP server name in a DHCP address pool.

Use undo tftp-server domain-name to remove the TFTP server name from a DHCP address pool.

Syntax

tftp-server domain-name domain-name

undo tftp-server domain-name

Default

No TFTP server name is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

If you use this command multiple times, the most recent configuration takes effect.

Examples

# Specify the TFTP server name aaa in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] tftp-server domain-name aaa

Related commands

·     display dhcp server pool

·     tftp-server ip-address

tftp-server ip-address

Use tftp-server ip-address to specify a TFTP server address in a DHCP address pool.

Use undo tftp-server ip-address to remove the TFTP server address from a DHCP address pool.

Syntax

tftp-server ip-address ip-address

undo tftp-server ip-address

Default

No TFTP server address is specified.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address of a TFTP server.

Usage guidelines

If you use this command multiple times, the most recent configuration takes effect.

Examples

# Specify the TFTP server address 10.1.1.1 in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] tftp-server ip-address 10.1.1.1

Related commands

·     display dhcp server pool

·     tftp-server domain-name

valid class

Use valid class to add DHCP user classes to the whitelist.

Use undo valid class to remove DHCP user classes from the whitelist.

Syntax

valid class class-name&<1-8>

undo valid class class-name&<1-8>

Default

No DHCP user class is listed on the whitelist.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

class-name&<1-8>: Specifies a space-separated list of up to eight DHCP user classes by their names, a case-insensitive string of 1 to 63 characters.

Usage guidelines

For this command to take effect, you must enable the DHCP user class whitelist.

Examples

# Add DHCP user classes test1 and test2 to the whitelist in DHCP address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] valid class test1 test2

Related commands

·     dhcp class

·     verify class

verify class

Use verify class to enable the DHCP user class whitelist.

Use undo verify class to disable the DHCP user class whitelist.

Syntax

verify class

undo verify class

Default

The DHCP user class whitelist is disabled.

Views

DHCP address pool view

Predefined user roles

network-admin

Usage guidelines

After you enable the DHCP user class whitelist, the DHCP user classes on the whitelist take effect. The DHCP server processes requests only from clients on the DHCP user class whitelist.

The DHCP user class whitelist does not take effect on clients that request static IP addresses, and the server always processes their requests.

Examples

# Enable the DHCP user class whitelist in DHCP address pool 0.

[Sysname] system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] verify class

Related commands

valid class

voice-config

Use voice-config to configure the content for Option 184 in a DHCP address pool.

Use undo voice-config to remove the Option 184 content from a DHCP address pool.

Syntax

voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } }

undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ]

Default

No Option 184 content is configured in a DHCP address pool.

Views

DHCP address pool view

Predefined user roles

network-admin

Parameters

as-ip ip-address: Specifies the IP address of the backup network calling processor.

fail-over ip-address dialer-string: Specifies the failover IP address and dialer string. The dialer-string is a string of 1 to 39 characters, which can include numbers 0 through 9 and asterisk (*).

ncp-ip ip-address: Specifies the IP address of the primary network calling processor.

voice-vlan vlan-id: Specifies the voice VLAN ID in the range of 2 to 4094.

·     disable: Disables the specified VLAN. DHCP clients will not take this VLAN as their voice VLAN.

·     enable: Enables the specified VLAN. DHCP clients will take this VLAN as their voice VLAN.

Usage guidelines

If you use the command multiple times, the most recent configuration takes effect.

Examples

# Configure Option 184 in DHCP address pool 0. The primary and backup network calling processors are at 10.1.1.1 and 10.2.2.2, respectively. The voice VLAN 3 is enabled. The failover IP address is 10.3.3.3. The dialer string is 99*.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] voice-config ncp-ip 10.1.1.1

[Sysname-dhcp-pool-0] voice-config as-ip 10.2.2.2

[Sysname-dhcp-pool-0] voice-config voice-vlan 3 enable

[Sysname-dhcp-pool-0] voice-config fail-over 10.3.3.3 99*

Related commands

display dhcp server pool

DHCP relay agent commands

dhcp relay check mac-address

Use dhcp relay check mac-address to enable MAC address check on the relay agent.

Use undo dhcp relay check mac-address to disable MAC address check on the relay agent.

Syntax

dhcp relay check mac-address

undo dhcp relay check mac-address

Default

The MAC address check feature is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This feature enables the DHCP relay agent to compare the chaddr field of a received DHCP request with the source MAC address in the frame header. If they are the same, the DHCP relay agent forwards the request to the DHCP server. If they are not the same, the DHCP relay agent discards the request.

The MAC address check feature takes effect only when the dhcp select relay command has already been configured on the interface.

Enable the MAC address check feature only on the DHCP relay agent directly connected to the DHCP clients. A DHCP relay agent changes the source MAC address of DHCP packets before sending them.

Examples

# Enable MAC address check on the relay agent.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay check mac-address

Related commands

dhcp select relay

dhcp relay check mac-address aging time

Use dhcp relay check mac-address aging time to set the aging time for MAC address check entries on the DHCP relay agent.

Use undo dhcp relay check mac-address aging time to restore the default.

Syntax

dhcp relay check mac-address aging-time time

undo dhcp relay check mac-address aging-time

Default

The aging time is 30 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time: Sets the aging time for MAC address check entries in seconds, in the range of 30 to 600.

Usage guidelines

This command takes effect only after you execute the dhcp relay check mac-address command.

Examples

# Set the aging time to 60 seconds for MAC address check entries on the DHCP relay agent.

<Sysname> system-view

[Sysname] dhcp relay check mac-address aging-time 60

dhcp relay client-information record

Use dhcp relay client-information record to enable recording client information in relay entries. A relay entry contains information about a client such as the client's IP and MAC addresses.

Use undo dhcp relay client-information record to disable the feature.

Syntax

dhcp relay client-information record

undo dhcp relay client-information record

Default

The DHCP relay agent does not record client information in relay entries.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Disabling recording of client information deletes all recorded relay entries.

Client information is recorded only when the DHCP relay agent is configured on the gateway of DHCP clients.

Examples

# Enable recording of relay entries on the relay agent.

<Sysname> system-view

[Sysname] dhcp relay client-information record

Related commands

·     dhcp relay client-information refresh

·     dhcp relay client-information refresh enable

dhcp relay client-information refresh

Use dhcp relay client-information refresh to set the interval at which the DHCP relay agent periodically refreshes relay entries.

Use undo dhcp relay client-information refresh to restore the default.

Syntax

dhcp relay client-information refresh [ auto | interval interval ]

undo dhcp relay client-information refresh

Default

The refresh interval is automatically calculated based on the number of relay entries.

Views

System view

Predefined user roles

network-admin

Parameters

auto: Automatically calculates the refresh interval. The more the entries, the shorter the refresh interval. The shortest interval is 50 ms.

interval interval: Sets the refresh interval in the range of 1 to 120 seconds.

Usage guidelines

If you use this command multiple times, the most recent configuration takes effect.

Examples

# Set the refresh interval to 100 seconds.

<Sysname> system-view

[Sysname] dhcp relay client-information refresh interval 100

Related commands

·     dhcp relay client-information record

·     dhcp relay client-information refresh enable

dhcp relay client-information refresh enable

Use dhcp relay client-information refresh enable to enable the DHCP relay agent to periodically refresh dynamic relay entries.

Use undo dhcp relay client-information refresh enable to disable the DHCP relay agent to periodically refresh dynamic relay entries.

Syntax

dhcp relay client-information refresh enable

undo dhcp relay client-information refresh enable

Default

The DHCP relay agent periodically refreshes relay entries.

Views

System view

Predefined user roles

network-admin

Usage guidelines

A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client.

With this feature, the DHCP relay agent uses a client's IP address and the relay interface's MAC address to periodically send a DHCP-REQUEST message to the DHCP server.

·     If the server returns a DHCP-ACK message or does not return any message within an interval, the DHCP relay agent performs the following operations:

¡     Removes the relay entry.

¡     Sends a DHCP-RELEASE message to the DHCP server to release the IP address.

·     If the server returns a DHCP-NAK message, the relay agent keeps the entry.

With this feature disabled, the DHCP relay agent does not remove relay entries automatically. After a DHCP client releases its IP address, you must use the reset dhcp relay client-information on the relay agent to remove the corresponding relay entry.

Examples

# Disable periodic refresh of relay entries.

<Sysname> system-view

[Sysname] undo dhcp relay client-information refresh enable

Related commands

·     dhcp relay client-information record

·     dhcp relay client-information refresh

·     reset dhcp relay client-information

dhcp relay gateway

Use dhcp relay gateway to specify a gateway address for DHCP clients on the DHCP relay interface.

Use undo dhcp relay gateway to restore the default.

Syntax

dhcp relay gateway ip-address

undo dhcp relay gateway

Default

The primary IP address of the DHCP relay interface is used as the gateway address for DHCP clients.

Views

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies a gateway address. The IP address must be the primary or secondary IP address of the relay interface.

Usage guidelines

The DHCP relay agent uses the specified IP address instead of the primary IP address of the relay interface as the gateway address for DHCP clients.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify 10.1.1.1 as the gateway address for DHCP clients on VLAN-interface 2.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] dhcp relay gateway 10.1.1.1

Related commands

gateway-list

dhcp relay information circuit-id

Use dhcp relay information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option of Option 82.

Use undo dhcp relay information circuit-id to restore the default.

Syntax

dhcp relay information circuit-id { bas | string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] [ interface ] } [ format { ascii | hex } ] }

undo dhcp relay information circuit-id

Default

The padding mode is normal and the padding format is hex.

Views

Interface view

Predefined user roles

network-admin

Parameters

bas: Specifies the bas mode for padding the Circuit ID sub-option.

string circuit-id: Specifies the string mode that uses a case-sensitive string of 3 to 63 characters as the content of the Circuit ID sub-option.

normal: Specifies the normal mode, in which the padding content consists of the VLAN ID and port number.

verbose: Specifies the verbose mode. The padding content includes the node identifier, interface information, and VLAN ID.

node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier.

·     mac: Uses the MAC address of the access node as the node identifier. It is the default node identifier.

·     sysname: Uses the device name as the node identifier. You can set the device name by using the sysname command in system view. The padding format for the device name is always ASCII regardless of the specified padding format.

 

 

NOTE:

If sysname is used as the node identifier, do not include any spaces when you set the device name. Otherwise, the DHCP relay agent fails to add or replace Option 82.

 

·     user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node identifier. The padding format for the specified character string is always ASCII regardless of the specified padding format.

interface: Uses the interface name as the interface information. The padding format for the interface name is always ASCII regardless of the specified padding format. The default interface information consists of the Ethernet type (fixed to eth), chassis number, slot number, sub-slot number, and interface number.

format: Sets the padding format for the Circuit ID sub-option.

ascii: Sets the padding format to ASCII.

hex: Sets the padding format to hex.

Usage guidelines

The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For more information about interface splitting and subinterfaces, see Interface Configuration Guide.

If you use this command multiple times, the most recent configuration takes effect.

The padding format for the user-defined string, the normal mode, or the verbose mode varies by command configuration. Table 8 shows how the padding format is determined for different modes.

Table 8 Padding format for different modes

Keyword (mode)

If no padding format is set

If the padding format is ascii

If the padding format is hex

string circuit-id

You cannot set a padding format, and the padding format is always ASCII.

N/A

N/A

normal

Hex.

ASCII.

Hex.

verbose

Hex for the VLAN ID.

ASCII for the node identifier, Ethernet type, chassis number, slot number, sub-slot number, and interface number.

ASCII.

ASCII for the node identifier and Ethernet type.

Hex for the chassis number, slot number, sub-slot number, interface number, and VLAN ID.

 

Examples

# Specify the content mode as verbose, node identifier as the device name, and the padding format as ASCII for the Circuit ID sub-option.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay information enable

[Sysname-Vlan-interface10] dhcp relay information strategy replace

[Sysname-Vlan-interface10] dhcp relay information circuit-id verbose node-identifier sysname format ascii

Related commands

·     dhcp relay information enable

·     dhcp relay information strategy

·     display dhcp relay information

dhcp relay information enable

Use dhcp relay information enable to enable the DHCP relay agent to support Option 82.

Use undo dhcp relay information enable to disable Option 82 support.

Syntax

dhcp relay information enable

undo dhcp relay information enable

Default

The DHCP relay agent does not support Option 82.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp relay information circuit-id and dhcp relay information remote-id commands. If the DHCP requests contain Option 82, the relay agent handles the requests according to the strategy configured with the dhcp relay information strategy command.

If this feature is disabled, the relay agent forwards requests that contain or do not contain Option 82 to the DHCP server.

Examples

# Enable Option 82 support on the relay agent.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay information enable

Related commands

·     dhcp relay information circuit-id

·     dhcp relay information remote-id

·     dhcp relay information strategy

·     display dhcp relay information

dhcp relay information remote-id

Use dhcp relay information remote-id to configure the padding mode and padding format for the Remote ID sub-option of Option 82.

Use undo dhcp relay information remote-id to restore the default.

Syntax

dhcp relay information remote-id { { ap-mac | ap-mac-ssid | normal } [ format { ascii | hex } ] | ap-name | ap-name-ssid | string remote-id | sysname }

undo dhcp relay information remote-id

Default

The padding mode is normal and the padding format is hex.

Views

Interface view

Predefined user roles

network-admin

Parameters

ap-mac: Specifies to pad the Remote ID sub-option with the MAC address of an AP.

ap-mac-ssid: Specifies to pad the Remote ID sub-option with the MAC address and SSID of an AP, which are separated by the colon (:). For more information about the SSID, see WLAN access configuration in WLAN Configuration Guide.

normal: Specifies the normal mode in which the padding content is the MAC address of the receiving interface.

format: Sets the padding format for the Remote ID sub-option. The default padding format is hex.

ascii: Sets the padding format to ASCII.

hex: Sets the padding format to Hex.

ap-name: Specifies to pad the Remote ID sub-option with the name of an AP. For more information about AP names, see AP management in WLAN Configuration Guide.

ap-name-ssid: Specifies to pad the Remote ID sub-option with the name and SSID of an AP, which are separated by the colon (:).

string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option.

sysname: Specifies the sysname mode that uses the device name as the content of the Remote ID sub-option. You can set the device name by using the sysname command.

Usage guidelines

The padding format is always ASCII for the AP name (ap-name), AP name and SSID (ap-name-ssid), the specified character string (string), and the device name (sysname).

The padding format for the AP MAC address (ap-mac), AP MAC address and SSID (ap-mac-ssid), and the normal mode is determined by the command.

If you use the command multiple times, the most recent configuration takes effect.

Examples

# Specify the padding content for the Remote ID sub-option of Option 82 as device001.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay information enable

[Sysname-Vlan-interface10] dhcp relay information strategy replace

[Sysname-Vlan-interface10] dhcp relay information remote-id string device001

Related commands

·     dhcp relay information enable

·     dhcp relay information strategy

·     display dhcp relay information

dhcp relay information strategy

Use dhcp relay information strategy to configure the strategy for the DHCP relay agent to handle messages containing Option 82.

Use undo dhcp relay information strategy to restore the default handling strategy.

Syntax

dhcp relay information strategy { drop | keep | replace }

undo dhcp relay information strategy

Default

The handling strategy for messages that contain Option 82 is replace.

Views

Interface view

Predefined user roles

network-admin

Parameters

drop: Drops DHCP messages that contain Option 82 messages.

keep: Keeps the original Option 82 intact.

replace: Replaces the original Option 82 with the configured Option 82.

Usage guidelines

This command takes effect only on DHCP requests that contain Option 82.

For DHCP requests that do not contain Option 82, the DHCP relay agent always adds Option 82 to the requests before forwarding the requests to the DHCP server.

If the handling strategy is replace, configure a padding mode and padding format for Option 82. If the handling strategy is keep or drop, you do not need to configure any padding mode or padding format. The settings do not take effect even if you configure them.

Examples

# Specify the handling strategy for Option 82 as keep.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay information enable

[Sysname-Vlan-interface10] dhcp relay information strategy keep

Related commands

·     dhcp relay information enable

·     display dhcp relay information

dhcp relay release ip

Use dhcp relay release ip to release a specific client IP address.

Syntax

dhcp relay release ip client-ip

Views

System view

Predefined user roles

network-admin

Parameters

client-ip: Specifies the IP address to be released.

Usage guidelines

After you execute this command, the relay agent sends a DHCP-RELEASE packet to the DHCP server and removes the relay entry of the IP address. Upon receiving the packet, the server removes binding information about the specified IP address to release the IP address.

Examples

# Release the IP address 1.1.1.1.

<Sysname> system-view

[Sysname] dhcp relay release ip 1.1.1.1

dhcp relay server-address

Use dhcp relay server-address to specify DHCP servers on the DHCP relay agent.

Use undo dhcp relay server-address to remove DHCP servers.

Syntax

dhcp relay server-address ip-address

undo dhcp relay server-address [ ip-address ]

Default

No DHCP server is specified on the relay agent.

Views

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address of a DHCP server. The DHCP relay agent forwards DHCP packets received from DHCP clients to this DHCP server.

Usage guidelines

The specified IP address of the DHCP server must not reside on the same subnet as the IP address of the DHCP relay agent interface. Otherwise, the DHCP clients might fail to obtain IP addresses.

You can specify a maximum of eight DHCP servers on an interface. The DHCP relay agent forwards the packets from the clients to all the specified DHCP servers.

If you do not specify an IP address, the undo dhcp relay server-address command removes all DHCP servers on the interface.

Examples

# Specify the DHCP server 1.1.1.1 on the relay agent interface VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp relay server-address 1.1.1.1

Related commands

·     dhcp select relay

·     display dhcp relay interface

dhcp smart-relay enable

Use dhcp smart-relay enable to enable the DHCP smart relay feature.

Use undo dhcp smart-relay enable to restore the default.

Syntax

dhcp smart-relay enable

undo dhcp smart-relay enable

Default

The DHCP smart relay feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the smart relay feature on interfaces that are configured as the relay agent on the device.

The smart relay feature allows the relay agent to use secondary IP addresses as the gateway address when the DHCP server does not reply the DHCP-OFFER message. Without this feature, the relay agent always uses the primary IP address as the gateway address.

Examples

# Enable the DHCP smart relay feature.

<Sysname> system-view

[Sysname] dhcp smart-relay enable

Related commands

·     dhcp select

·     gateway-list

display dhcp relay check mac-address

Use display dhcp relay check mac-address to display MAC address check entries on the relay agent.

Syntax

display dhcp relay check mac-address

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display MAC address check entries on the DHCP relay agent.

<Sysname> display dhcp relay check mac-address

Source-MAC        Interface                 Aging-time

00f3-1122-adf1    GE1/0/1                   10

00f3-1122-2230    GE1/0/2                   30

Table 9 Command output

Field

Description

Source MAC

Source MAC address of the attacker.

Interface

Interface where the attack comes from.

Aging-time

Aging time of the MAC address check entry, in seconds.

 

display dhcp relay client-information

Use display dhcp relay client-information to display relay entries on the relay agent.

Syntax

display dhcp relay client-information [ interface interface-type interface-number | ip ip-address ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Displays relay entries on the specified interface.

ip ip-address: Displays the relay entry for the specified IP address.

Usage guidelines

The DHCP relay agent records relay entries only when the dhcp relay client-information record command has been issued.

If you do not specify any parameters, the display dhcp relay client-information command displays all relay entries on the relay agent.

Examples

# Display all relay entries on the relay agent.

<Sysname> display dhcp relay client-information

Total number of client-information items: 2

Total number of dynamic items: 1

Total number of temporary items: 1

IP address       MAC address      Type        Interface            VPN name

10.1.1.1         00e0-0000-0001   Dynamic     GE1/0/1              N/A

10.1.1.5         00e0-0000-0000   Temporary   Vlan2                N/A

Table 10 Command output

Field

Description

Total number of client-information items

Total number of relay entries.

Total number of dynamic items

Total number of dynamic relay entries.

Total number of temporary items

Total number of temporary relay entries.

IP address

IP address of the DHCP client.

MAC address

MAC address of the DHCP client.

Type

Relay entry type:

·     Dynamic—The relay agent creates a dynamic relay entry upon receiving an ACK response from the DHCP server.

·     Temporary—The relay agent creates a temporary relay entry upon receiving a REQUEST packet from a DHCP client.

Interface

Layer 3 interface connected to the DHCP client. N/A is displayed for relay entries without interface information.

VPN name

Name of the VPN instance to which the DHCP client belongs. If the DHCP client does not belong to any VPN, this field displays N/A.

The device does not support this field in the current software version.

 

Related commands

·     dhcp relay client-information record

·     reset dhcp relay client-information

display dhcp relay information

Use display dhcp relay information to display Option 82 configuration information for the DHCP relay agent.

Syntax

display dhcp relay information [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Displays Option 82 configuration information for the specified interface. If you do not specify an interface, this command displays Option 82 configuration information about all interfaces.

Examples

# Display Option 82 configuration information for all interfaces.

<Sysname> display dhcp relay information

Interface: Vlan-interface100

   Status: Enable

   Strategy: Replace

   Circuit ID Pattern: Verbose

   Remote ID Pattern: Sysname

   Circuit ID format-type: Undefined

   Remote ID format-type: ASCII

   Node identifier: aabbcc

Interface: Vlan-interface200

   Status: Enable

   Strategy: Replace

   Circuit ID Pattern: User Defined

   Remote ID Pattern: User Defined

   Circuit ID format-type: ASCII

   Remote ID format-type: ASCII

   User defined:

   Circuit ID: vlan100

   Remote ID: device001

Table 11 Command output

Field

Description

 

Interface

Interface name.

 

Status

Option 82 states:

·     EnableDHCP relay agent support for Option 82 is enabled.

·     DisableDHCP relay agent support for Option 82 is disabled.

Strategy

Handling strategy for request messages containing Option 82, Drop, Keep, or Replace.

Circuit ID Pattern

Padding content mode of the Circuit ID sub-option, Verbose, Normal, or User Defined.

Remote ID Pattern

Padding content mode of the Remote ID sub-option, Sysname, Normal, or User Defined.

Circuit ID format-type

Padding format of the Circuit ID sub-option, ASCII, Hex, or Undefined.

Remote ID format-type

Padding format of the Remote ID sub-option, ASCII, Hex, or Undefined.

Node identifier

Access node identifier.

User defined

Content of the user-defined sub-options.

Circuit ID

User-defined content of the Circuit ID sub-option.

Remote ID

User-defined content of the Remote ID sub-option.

 

display dhcp relay server-address

Use display dhcp relay server-address to display DHCP server addresses configured on an interface.

Syntax

display dhcp relay server-address [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Displays DHCP server addresses on the specified interface. If you do not specify an interface, this command displays DHCP server addresses on all interfaces.

Examples

# Display DHCP server addresses on all interfaces.

<Sysname> display dhcp relay server-address

Interface name                 Server IP address

GE1/0/1                        2.2.2.2

Table 12 Command output

Field

Description

Interface name

Interface name.

Server IP address

DHCP server IP address.

 

Related commands

dhcp relay server-address

display dhcp relay statistics

Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent.

Syntax

display dhcp relay statistics [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Displays DHCP packet statistics on the specified interface. If you do not specify an interface, this command displays all DHCP packet statistics on the DHCP relay agent.

Examples

# Display all DHCP packet statistics on the DHCP relay agent.

<Sysname> display dhcp relay statistics

DHCP packets dropped:                  0

DHCP packets received from clients:    0

   DHCPDISCOVER:                       0

   DHCPREQUEST:                        0

   DHCPINFORM:                         0

   DHCPRELEASE:                        0

   DHCPDECLINE:                        0

   BOOTPREQUEST:                       0

DHCP packets received from servers:    0

   DHCPOFFER:                          0

   DHCPACK:                            0

   DHCPNAK:                            0

   BOOTPREPLY:                         0

DHCP packets relayed to servers:       0

   DHCPDISCOVER:                       0

   DHCPREQUEST:                        0

   DHCPINFORM:                         0

   DHCPRELEASE:                        0

   DHCPDECLINE:                        0

   BOOTPREQUEST:                       0

DHCP packets relayed to clients:       0

   DHCPOFFER:                          0

   DHCPACK:                            0

   DHCPNAK:                            0

   BOOTPREPLY:                         0

DHCP packets sent to servers:          0

   DHCPDISCOVER:                       0

   DHCPREQUEST:                        0

   DHCPINFORM:                         0

   DHCPRELEASE:                        0

   DHCPDECLINE:                        0

   BOOTPREQUEST:                       0

DHCP packets sent to clients:          0

   DHCPOFFER:                          0

   DHCPACK:                            0

   DHCPNAK:                            0

   BOOTPREPLY:                         0

Related commands

reset dhcp relay statistics

gateway-list

Use gateway-list to specify a list of gateways for DHCP clients in the relay address pool.

Use undo gateway-list to remove the specified gateway addresses from a DHCP relay address pool.

Syntax

gateway-list ip-address&<1-64> [ export-route ]

undo gateway-list [ ip-address&<1-64> ] [ export-route ]

Default

No gateway address is specified in a DHCP relay address pool.

Views

DHCP relay address pool view

Predefined user roles

network-admin

Parameters

ip-address&<1-64>: Specifies a space-separated list of up to 64 addresses. Gateway IP addresses must reside on the same subnet as the IP addresses assigned to the DHCP clients.

export-route: Binds the gateway to the device's MAC address in the address management module. The ARP module will use the entry to reply to ARP requests from the DHCP clients.

Usage guidelines

DHCP clients of the same access type can be classified into different types by their locations. In this case, the relay interface typically has no IP address configured. You can use the gateway-list command to specify the gateway for clients matching the same relay address pool and bind the gateway address to the device's MAC address.

Upon receiving a DHCP DISCOVER or REQUEST from a client that matches a relay address pool, the relay agent processes the packet as follows:

·     Fills the giaddr field of the packet with the specified gateway address.

·     Forwards the packet to all DHCP servers in the matching relay address pool.

The DHCP servers select an address pool according to the gateway address.

Examples

# Specify the gateway address 10.1.1.1 in DHCP relay address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] gateway-list 10.1.1.1

Related commands

dhcp smart-relay enable

remote-server

Use remote-server to specify a list of DHCP servers for a DHCP relay address pool.

Use undo remote-server to remove the configuration.

Syntax

remote-server ip-address&<1-8>

undo remote-server [ ip-address&<1-8> ]

Default

No DHCP server is specified for the DHCP relay address pool.

Views

DHCP relay address pool view

Predefined user roles

network-admin

Parameters

ip-address&<1-8>: Specifies a space-separated list of up to eight DHCP server addresses.

Usage guidelines

If you use this command multiple times, the most recent configuration takes effect.

If you do not specify a DHCP server address, the undo remote-server command removes all DHCP servers in the relay address pool.

Examples

# Specify DHCP server 10.1.1.1 for DHCP relay address pool 0.

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] remote-server 10.1.1.1

reset dhcp relay client-information

Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent.

Syntax

reset dhcp relay client-information [ interface interface-type interface-number | ip ip-address ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Clears relay entries on the specified interface.

ip ip-address: Clears the relay entry for the specified IP address.

Usage guidelines

If you do not specify any parameters, this command clears all relay entries on the DHCP relay agent.

Examples

# Clear all relay entries on the DHCP relay agent.

<Sysname> reset dhcp relay client-information

Related commands

display dhcp relay client-information

reset dhcp relay statistics

Use reset dhcp relay statistics to clear relay agent statistics.

Syntax

reset dhcp relay statistics [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Clears DHCP relay agent statistics on the specified interface. If you do not specify an interface, this command clears all DHCP relay agent statistics.

Examples

# Clear all DHCP relay agent statistics.

<Sysname> reset dhcp relay statistics

Related commands

display dhcp relay statistics

DHCP client commands

dhcp client dad enable

Use dhcp client dad enable to enable duplicate address detection.

Use undo dhcp client dad enable to disable duplicate address detection.

Syntax

dhcp client dad enable

undo dhcp client dad enable

Default

The duplicate address detection feature is enabled on an interface.

Views

System view

Predefined user roles

network-admin

Usage guidelines

DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply. This makes the client unable to use the IP address assigned by the server. H3C recommends that you disable duplicate address detection when ARP attacks exist on the network.

Examples

# Disable the duplicate address.

<Sysname> system-view

[Sysname] undo dhcp client dad enable

dhcp client dscp

Use dhcp client dscp to set the DSCP value for DHCP packets sent by the DHCP client.

Use undo dhcp client dscp to restore the default.

Syntax

dhcp client dscp dscp-value

undo dhcp client dscp

Default

The DSCP value in DHCP packets is 56.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.

Usage guidelines

The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.

Examples

# Set the DSCP value to 30 for DHCP packets sent by the DHCP client.

<Sysname> system-view

[Sysname] dhcp client dscp 30

dhcp client identifier

Use dhcp client identifier to configure a DHCP client ID for an interface.

Use undo dhcp client identifier to restore the default.

Syntax

dhcp client identifier { ascii string | hex string | mac interface-type interface-number }

undo dhcp client identifier

Default

An interface generates the DHCP client ID based on its MAC address. If the interface has no MAC address, it uses the MAC address of the first Ethernet interface to generate its client ID.

Views

Interface view

Predefined user roles

network-admin

Parameters

ascii string: Specifies a case-sensitive ASCII string of 1 to 63 characters as the client ID.

hex string: Specifies a hexadecimal string of 4 to 64 characters as the client ID.

mac interface-type interface-number: Uses the MAC address of the specified interface as a DHCP client ID. The interface-type interface-number argument specifies an interface by its type and number.

Usage guidelines

A DHCP client ID is added to the DHCP option 61. A DHCP server can specify IP addresses for clients based on the DHCP client ID. You can specify a DHCP client ID by performing one of the following operations:

·     Naming an ASCII string or hexadecimal string as the client ID.

·     Using the MAC address of an interface to generate a client ID.

Whichever method you use, make sure the IDs for different DHCP clients are unique.

Examples

# Specify the hexadecimal string of FFFFFFF as the client ID for VLAN-interface 10.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] dhcp client identifier hex FFFFFFFF

Related commands

display dhcp client

display dhcp client

Use display dhcp client to display DHCP client information.

Syntax

display dhcp client [ verbose ] [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays verbose DHCP client information.

interface interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If you do not specify an interface, this command displays DHCP client information about all interfaces.

Examples

# Display DHCP client information about all interfaces.

<Sysname> display dhcp client

Vlan-interface10 DHCP client information:

 Current state: BOUND

 Allocated IP: 40.1.1.20 255.255.255.0

 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds

 DHCP server: 40.1.1.2

# Display verbose DHCP client information.

<Sysname> display dhcp client verbose

Vlan-interface10 DHCP client information:

 Current state: BOUND

 Allocated IP: 40.1.1.20 255.255.255.0

 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds

 Lease from May 21 19:00:29 2012   to   May 24 19:00:29 2012

 DHCP server: 40.1.1.2

 Transaction ID: 0x1c09322d

 Default router: 40.1.1.2

 Classless static routes:

   Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16

   Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16

 DNS servers: 44.1.1.11 44.1.1.12

 Domain name: ddd.com

 Boot servers: 200.200.200.200  1.1.1.1

 ACS parameter:

   URL: http://192.168.1.1:7547/acs

   Username: bims

   Password: ******

 Client ID type: acsii(type value=00)

 Client ID value: 000c.29d3.8659-GE1/0/1

 Client ID (with type) hex: 0030-3030-632e-3239-

                            6433-2e38-3635-392d-

                            4574-6830-2f30-2f32

 T1 will timeout in 1 day 11 hours 58 minutes 52 seconds.

Table 13 Command output

Field

Description

Vlan-interface10 DHCP client information

Information about the interface that acts as the DHCP client.

Current state

Current state of the DHCP client:

·     HALT—The client stops applying for an IP address.

·     INIT—The initialization state.

·     SELECTING—The client has sent out a DHCP-DISCOVER message in search for a DHCP server and is waiting for the response from DHCP servers.

·     REQUESTING—The client has sent out a DHCP-REQUEST message requesting for an IP address and is waiting for the response from DHCP servers.

·     BOUND—The client has received the DHCP-ACK message from a DHCP server and obtained an IP address successfully.

·     RENEWING—The T1 timer expires.

·     REBOUNDING—The T2 timer expires.

Allocated IP

IP address allocated by the DHCP server.

Allocated lease

Allocated lease time.

T1

1/2 lease time (in seconds) of the DHCP client IP address.

T2

7/8 lease time (in seconds) of the DHCP client IP address.

Lease from….to….

Start and end time of the lease.

DHCP server

DHCP server IP address that assigned the IP address.

Transaction ID

Transaction ID, a random number chosen by the client to identify an IP address allocation.

Default router

Gateway address assigned to the client.

Classless static routes

Classless static routes assigned to the client.

Static routes

Classful static routes assigned to the client.

DNS servers

DNS server address assigned to the client.

Domain name

Domain name suffix assigned to the client.

Boot servers

PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43.

ACS parameter

Parameters about the ACS.

URL

URL of the ACS.

Username

Username for logging in to the ACS.

Password

Password for logging in to the ACS. If a password is configured, this field displays ******. If no password is configured, this field is not displayed.

Client ID type

DHCP client ID type:

·     If an ASCII string is used as the client ID value, the type value is 00.

·     If the MAC address of a specific interface is used as the client ID value, the type value is 01.

·     If a hexadecimal string is used as the client ID value, the type value is the first two characters in the string.

Client ID value

Value of the DHCP client ID.

Client ID (with type) hex

DHCP client ID with the type field, a hexadecimal string.

T1 will timeout in 1 day 11 hours 58 minutes 52 seconds.

How long the T1 (1/2 lease time) timer will timeout.

 

Related commands

·     dhcp client identifier

·     ip address dhcp-alloc

ip address dhcp-alloc

Use ip address dhcp-alloc to configure an interface to use DHCP for IP address acquisition.

Use undo ip address dhcp-alloc to cancel an interface from using DHCP.

Syntax

ip address dhcp-alloc

undo ip address dhcp-alloc

Default

An interface does not use DHCP for IP address acquisition.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. This situation can occur when a subinterface obtained an IP address through DHCP, and the shutdown command is executed on its primary interface. The subinterface will fail to send a DHCP-RELEASE message.

Examples

# Configure VLAN-interface 10 to use DHCP for IP address acquisition.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ip address dhcp-alloc

Related commands

display dhcp client

DHCP snooping commands

DHCP snooping works between the DHCP client and the DHCP server or between the DHCP client and the relay agent. DHCP snooping does not work between the DHCP server and the DHCP relay agent.

dhcp snooping binding database filename

Use dhcp snooping binding database filename to configure the DHCP snooping device to back up DHCP snooping entries to a file.

Use undo dhcp snooping binding database filename to restore the default.

Syntax

dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } string ] ] }

undo dhcp snooping binding database filename

Default

The DHCP snooping device does not back up DHCP snooping entries.

Views

System view

Predefined user roles

network-admin

Parameters

filename: Specifies the name of a local backup file. For information about the filename argument, see Fundamentals Configuration Guide.

url url: Specifies the URL of a remote backup file, a case-sensitive string of 1 to 255 characters. Do not include a username or password in the URL. Case sensitivity and the supported path format type vary by server.

username username: Specifies the username for accessing the URL of the remote backup file, a case-sensitive string of 1 to 32 characters. Do not specify this option if a username is not required for accessing the URL.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters. Do not specify this argument if a password is not required for accessing the URL of the remote backup file.

Usage guidelines

This command automatically creates the file if you specify a nonexistent file.

With this command executed, the DHCP snooping device backs up DHCP snooping entries immediately and runs auto backup. The DHCP snooping device, by default, waits 300 seconds after a DHCP snooping entry change to update the backup file. To change the waiting period, use the dhcp snooping binding database update interval command. If no DHCP snooping entry changes, the backup file is not updated.

As a best practice, back up the DHCP snooping entries to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCP snooping device to malfunction.

When the file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password:

·     If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file path, where the port number is optional.

·     If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file path, where the port number is optional.

·     The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.

·     If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[1::1]/database.dhcp.

·     You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp.

Examples

# Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp.

<Sysname> system-view

[Sysname] dhcp snooping binding database filename database.dhcp

# Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp in the working directory of the FTP server at 10.1.1.1.

<Sysname> system-view

[Sysname] dhcp snooping binding database filename url ftp://10.1.1.1/database.dhcp username 1 password simple 1

# Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp in the working directory of the TFTP server at 10.1.1.1.

<Sysname> system-view

[Sysname] dhcp snooping binding database filename tftp://10.1.1.1/database.dhcp

Related commands

dhcp snooping binding database update interval

dhcp snooping binding database update interval

Use dhcp snooping binding database update interval to set the waiting time for the DHCP snooping device to update the backup file after a DHCP snooping entry change.

Use undo dhcp snooping binding database update interval to restore the default.

Syntax

dhcp snooping binding database update interval interval

undo dhcp snooping binding database update interval

Default

The DHCP snooping device waits 300 seconds to update the backup file after a DHCP snooping entry change. If no DHCP snooping entry changes, the backup file is not updated.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the waiting time in seconds, in the range of 60 to 864000.

Usage guidelines

When a DHCP snooping entry is learned, updated, or removed, the waiting period starts. The DHCP snooping device updates the backup file when the waiting period is reached. All changed entries during the period will be saved to the backup file.

The waiting time takes effect only after you configure the DHCP snooping entry auto backup by using the dhcp snooping binding database filename command.

Examples

# Set the waiting time to 600 seconds for the DHCP snooping device to update the backup file.

<Sysname> system-view

[Sysname] dhcp snooping binding database update interval 600

Related commands

dhcp snooping binding database filename

dhcp snooping binding database update now

Use dhcp snooping binding database update now to manually save DHCP snooping entries to the backup file.

Syntax

dhcp snooping binding database update now

Views

System view

Predefined user roles

network-admin

Usage guidelines

Each time this command is executed, the DHCP snooping entries are saved to the backup file.

This command takes effect only after you configure the DHCP snooping auto backup by using the dhcp snooping binding database filename command.

Examples

# Manually save DHCP snooping entries to the backup file.

<Sysname> system-view

[Sysname] dhcp snooping binding database update now

Related commands

dhcp snooping binding database filename

dhcp snooping binding record

Use dhcp snooping binding record to enable recording of client information in DHCP snooping entries.

Use undo dhcp snooping binding record to disable recording of client information in DHCP snooping entries.

Syntax

dhcp snooping binding record

undo dhcp snooping binding record

Default

DHCP snooping does not record client information.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

This command enables DHCP snooping on the port directly connecting to the clients to record client information in DHCP snooping entries.

Examples

# Enable recording of client information in DHCP snooping entries on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp snooping binding record

dhcp snooping check mac-address

Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping.

Use undo dhcp snooping check mac-address to disable MAC address check for DHCP snooping.

Syntax

dhcp snooping check mac-address

undo dhcp snooping check mac-address

Default

MAC address check for DHCP snooping is disabled.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server. If they are not the same, DHCP snooping discards the DHCP request.

Examples

# Enable MAC address check for DHCP snooping.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp snooping check mac-address

dhcp snooping check request-message

Use dhcp snooping check request-message to enable DHCP-REQUEST check for DHCP snooping.

Use undo dhcp snooping check request-message to disable DHCP-REQUEST check for DHCP snooping.

Syntax

dhcp snooping check request-message

undo dhcp snooping check request-message

Default

DHCP-REQUEST check for DHCP snooping is disabled.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This feature prevents unauthorized clients that forge DHCP-REQUEST packets from attacking the DHCP server.

With this feature enabled, DHCP snooping looks for a matching DHCP snooping entry for each received DHCP-REQUEST message.

·     If a match is found, DHCP snooping compares the entry with the message. If they have consistent information, DHCP snooping considers the packet valid and forwards it to the DHCP server. If they have different information, DHCP snooping considers the message invalid and discards it.

·     If no match is found, DHCP snooping forwards the message to the DHCP server.

Examples

# Enable DHCP-REQUEST check for DHCP snooping.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp snooping check request-message

dhcp snooping deny

Use dhcp snooping deny to configure a port as DHCP packet blocking port.

Use undo dhcp snooping deny to restore the default.

Syntax

dhcp snooping deny

undo dhcp snooping deny

Default

A port does not block DHCP requests.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

A DHCP packet blocking port drops all incoming DHCP requests.

Examples

# Configure GigabitEthernet 1/0/1 as a DHCP packet blocking port.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-gigabitethernet 1/0/1] dhcp snooping deny

dhcp snooping enable

Use dhcp snooping enable to enable DHCP snooping.

Use undo dhcp snooping enable to disable DHCP snooping.

Syntax

dhcp snooping enable

undo dhcp snooping enable

Default

DHCP snooping is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use the DHCP snooping feature together with trusted port configuration. Before trusted ports are configured, all ports on the DHCP snooping device are untrusted and the device discards all responses sent from DHCP servers.

When DHCP snooping is disabled, the device forwards all responses from DHCP servers.

Examples

# Enable DHCP snooping.

<Sysname> system-view

[Sysname] dhcp snooping enable

dhcp snooping information circuit-id

Use dhcp snooping information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option.

Use undo dhcp snooping information circuit-id to restore the default.

Syntax

dhcp snooping information circuit-id { [ vlan vlan-id ] string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }

undo dhcp snooping information circuit-id [ vlan vlan-id ]

Default

The padding mode is normal and the padding format is hex.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

vlan vlan-id: Pads the Circuit ID sub-option for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the Circuit ID sub-option for packets received from the default VLAN.

string circuit-id: Specifies the string mode, in which the padding content for the Circuit ID sub-option is a case-sensitive string of 3 to 63 characters.

normal: Specifies the normal mode. The padding content includes the VLAN ID and interface number.

verbose: Specifies the verbose mode.

node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier. The padding content includes the node identifier, Ethernet type (fixed to eth), chassis number, slot number, sub-slot number, interface number, and VLAN ID. The node identifier varies by keyword mac, sysname, and user-defined.

·     mac: Uses the MAC address of the access node as the node identifier. It is the default node identifier.

·     sysname: Uses the device name as the node identifier. You can set the device name by using the sysname command in system view. The padding format for the device name is always ASCII regardless of the specified padding format.

 

 

NOTE:

If sysname is used as the node identifier, do not include any spaces when you set the device name. Otherwise, the DHCP snooping device fails to add or replace the Option 82.

 

·     user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node identifier. The padding format for the specified character string is always ASCII regardless of the specified padding format.

format: Specifies the padding format for the Circuit ID sub-option.

ascii: Specifies the ASCII padding format.

hex: Specifies the hex padding format.

Usage guidelines

The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For more information about interface splitting and subinterfaces, see Interface Configuration Guide.

If you execute this command multiple times, the most recent configuration takes effect.

The padding format for the user-defined string, the normal mode, or the verbose mode varies by command configuration. Table 14 shows how the padding format is determined for different modes.

Table 14 Padding format for different modes

Keyword (mode)

If no padding format is set

If the padding format is ascii

If the padding format is hex

string circuit-id

You cannot set a padding format, and the padding format is always ASCII.

N/A

N/A

normal

Hex.

ASCII.

Hex.

verbose

Hex for the VLAN ID.

ASCII for the node identifier, Ethernet type, chassis number, slot number, sub-slot number, and interface number.

ASCII.

ASCII for the node identifier and Ethernet type.

Hex for the chassis number, slot number, sub-slot number, interface number, and VLAN ID.

 

Examples

# Configure verbose as the padding mode, device name as the node identifier, and ASCII as the padding format for the Circuit ID sub-option.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp snooping information enable

[Sysname-GigabitEthernet1/0/1] dhcp snooping information strategy replace

[Sysname-GigabitEthernet1/0/1] dhcp snooping information circuit-id verbose node-identifier sysname format ascii

Related commands

dhcp snooping information enable

dhcp snooping information strategy

display dhcp snooping information

dhcp snooping information enable

Use dhcp snooping information enable to enable DHCP snooping to support Option 82.

Use undo dhcp snooping information enable to disable this feature.

Syntax

dhcp snooping information enable

undo dhcp snooping information enable

Default

DHCP snooping does not support Option 82.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

This command enables DHCP snooping to add Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp snooping information circuit-id and dhcp snooping information remote-id commands. If the received DHCP request packets contain Option 82, DHCP snooping handles the packets according to the strategy configured with the dhcp snooping information strategy command.

If this feature is disabled, DHCP snooping forwards requests that contain or do not contain Option 82 to the DHCP server.

Examples

# Enable DHCP snooping to support Option 82.

<Sysname> system-view

[Sysname] interface gigabitethernet1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp snooping information enable

Related commands

dhcp snooping information circuit-id

dhcp snooping information remote-id

dhcp snooping information strategy

dhcp snooping information remote-id

Use dhcp snooping information remote-id to configure the padding mode and padding format for the Remote ID sub-option.

Use undo dhcp snooping information remote-id to restore the default.

Syntax

dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { string remote-id | sysname } }

undo dhcp snooping information remote-id [ vlan vlan-id ]

Default

The padding mode is normal and the padding format is hex.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

vlan vlan-id: Pads the Remote ID sub-option for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the Remote ID sub-option for packets received from the default VLAN.

string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option.

sysname: Specifies the sysname mode that uses the device name as the Remote ID sub-option. You can configure the device name by using the sysname command in system view.

normal: Specifies the normal mode. The padding content is the MAC address of the receiving interface.

format: Specifies the padding format for the Remote ID sub-option. The default padding format is hex.

ascii: Specifies the ASCII padding format.

hex: Specifies the hex padding format.

Usage guidelines

DHCP snooping uses ASCII to pad the specified string or device name for the Remote ID sub-option. The padding format for the normal padding mode is determined by the command configuration.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Pad the Remote ID sub-option with the character string device001.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp snooping information enable

[Sysname-GigabitEthernet1/0/1] dhcp snooping information strategy replace

[Sysname-GigabitEthernet1/0/1] dhcp snooping information remote-id string device001

Related commands

dhcp snooping information enable

dhcp snooping information strategy

display dhcp snooping information

dhcp snooping information strategy

Use dhcp snooping information strategy to configure the handling strategy for Option 82 in request messages.

Use undo dhcp snooping information strategy to restore the default.

Syntax

dhcp snooping information strategy { drop | keep | replace }

undo dhcp snooping information strategy

Default

The handling strategy for Option 82 in request messages is replace.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

drop: Drops DHCP messages that contain Option 82.

keep: Keeps the original Option 82 intact and forwards the DHCP messages.

replace: Replaces the original Option 82 with the configured Option 82 before forwarding the DHCP messages.

Usage guidelines

This command takes effect only on DHCP requests that contain Option 82. For DHCP requests that do not contain Option 82, the DHCP snooping device always adds Option 82 into the requests before forwarding them to the DHCP server.

If the handling strategy is replace, configure a padding mode and padding format for Option 82. If the handling strategy is keep or drop, you do not need to configure any padding mode or padding format for Option 82. The settings do not take effect even if you configure them.

Examples

# Specify the handling strategy for Option 82 in request messages as keep.

<Sysname> system-view

[Sysname] interface gigabitethernet1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp snooping information enable

[Sysname-GigabitEthernet1/0/1] dhcp snooping information strategy keep

Related commands

dhcp snooping information circuit-id

dhcp snooping information remote-id

dhcp snooping log enable

Use dhcp snooping log enable to enable DHCP snooping logging.

Use undo dhcp snooping log enable to disable DHCP snooping logging.

Syntax

dhcp snooping log enable

undo dhcp snooping log enable

Default

DHCP snooping logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the DHCP snooping device to generate DHCP snooping logs and send them to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

As a best practice, disable this feature if the log generation affects the device performance.

Examples

# Enable DHCP snooping logging.

<Sysname> system-view

[Sysname] dhcp snooping log enable

dhcp snooping max-learning-num

Use dhcp snooping max-learning-num to set the maximum number of DHCP snooping entries that an interface can learn.

Use undo dhcp snooping max-learning-num to restore the default.

Syntax

dhcp snooping max-learning-num max-number

undo dhcp snooping max-learning-num

Default

The maximum number of DHCP snooping entries for an interface to learn is unlimited.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of DHCP snooping entries for an interface to learn. The value range is 1 to 4294967295.

Examples

# Allow the Layer 2 Ethernet interface GigabitEthernet 1/0/1 to learn a maximum of 10 DHCP snooping entries.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp snooping max-learning-num 10

dhcp snooping rate-limit

Use dhcp snooping rate-limit to enable DHCP snooping packet rate limit on an interface and set the limit value.

Use undo dhcp snooping rate-limit to disable DHCP snooping packet rate limit.

Syntax

dhcp snooping rate-limit rate

undo dhcp snooping rate-limit

Default

The DHCP snooping packet rate limit is disabled on an interface.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

rate: Specifies the maximum rate in Kbps. The value range is 64 to 512.

Usage guidelines

This command takes effect only when DHCP snooping is enabled.

With the rate limit feature, the interface discards DHCP packets that exceed the maximum rate.

The rate configured on a Layer 2 aggregate interface applies to all members of the aggregate interface. If a member interface leaves the aggregation group, it uses the rate configured on its Ethernet interface view.

Due to the chip capability, the maximum rate that takes effect can only be an integer multiple of a certain value. For example, if the chip-supported rate is an integer multiple of 8, and you set the rate to 67, the value 64 or 72 takes effect.

Examples

# Set the maximum rate to 64 Kbps at which the Layer 2 Ethernet interface GigabitEthernet 1/0/1 can receive DHCP packet.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp snooping rate-limit 64

dhcp snooping trust

Use dhcp snooping trust to configure a port as a trusted port.

Use undo dhcp snooping trust to restore the default state of a port.

Syntax

dhcp snooping trust

undo dhcp snooping trust

Default

After you enable DHCP snooping, all ports are untrusted.

Views

Layer 2 Ethernet interface/Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

Specify the ports facing the DHCP server as trusted ports and specify the other ports as untrusted ports so DHCP clients can obtain valid IP addresses.

Examples

# Specify the Layer 2 Ethernet interface GigabitEthernet 1/0/1 as a trusted port.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp snooping trust

Related commands

display dhcp snooping trust

display dhcp snooping binding

Use display dhcp snooping binding to display DHCP snooping entries.

Syntax

display dhcp snooping binding [ ip ip-address [ vlan vlan-id ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip ip-address: Displays the DHCP snooping entry for the specified IP address. If you do not specify an IP address, this command displays DHCP snooping entries for all IP addresses.

vlan vlan-id: Specifies the VLAN ID where the IP address resides. If you do not specify a VLAN, this command displays DHCP snooping entries for the IP address in all VLANs.

Examples

# Display all DHCP snooping entries.

<Sysname> display dhcp snooping binding

 2 DHCP snooping entries found

 IP address      MAC address    Lease        VLAN  SVLAN Interface

 =============== ============== ============ ===== ===== =================

 1.1.1.7         0000-0101-0107 16907533     2     N/A   GE1/0/1

 1.1.1.11        0000-0101-010b 16907537     2     N/A   GE1/0/3

Table 15 Command output

Field

Description

DHCP snooping entries found

Number of DHCP snooping entries.

IP address

IP address assigned to the DHCP client.

MAC address

MAC address of the DHCP client.

Lease

Remaining lease duration in seconds.

VLAN

VLAN where the port connecting the DHCP client resides.

SVLAN

This field displays N/A.

Interface

Port connected to the DHCP client.

 

Related commands

dhcp snooping enable

reset dhcp snooping binding

display dhcp snooping binding database

Use display dhcp snooping binding database to display information about DHCP snooping entry auto backup.

Syntax

display dhcp snooping binding database

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about DHCP snooping entry auto backup.

<Sysname> display dhcp snooping binding database

File name               :   database.dhcp

Username                :  

Password                :  

Update interval         :   600 seconds

Latest write time       :   Feb 27 18:48:04 2012

Status                  :   Last write succeeded.

Table 16 Command output

Field

Description

File name

Name of the DHCP snooping entry backup file.

Username

Username for accessing the URL of the remote backup file.

Password

Password for accessing the URL of the remote backup file. This field displays ****** if a password is configured.

Update interval

Waiting time in seconds after a DHCP snooping entry change for the DHCP snooping device to update the backup file.

Latest write time

Time of the latest update.

Status

Status of the update:

·     Writing—The backup file is being updated.

·     Last write succeeded—The backup file was successfully updated.

·     Last write failed—The backup file failed to be updated.

 

display dhcp snooping information

Use display dhcp snooping information to display Option 82 configuration on the DHCP snooping device.

Syntax

display dhcp snooping information { all | interface interface-type interface-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays Option 82 configuration on all Layer 2 Ethernet interfaces.

interface interface-type interface-number: Specifies an interface by its type and number.

Examples

# Display Option 82 configuration on all interfaces.

<Sysname> display dhcp snooping information all

Interface: Bridge-Aggregation1

   Status: Disable

   Strategy: Drop

   Circuit ID:

     Padding format: User Defined

       User defined: abcd

     Format: ASCII

   Remote ID:

     Padding format: Normal

     Format: ASCII

   VLAN 10:

     Circuit ID: abcd

     Remote ID: company

Table 17 Command output

Field

Description

Interface

Interface name.

Status

Option 82 status, Enable or Disable.

Strategy

Handling strategy for DHCP requests that contain Option 82, Drop, Keep, or Replace.

Circuit ID

Content of the Circuit ID sub-option.

Padding format

Padding format of Option 82:

·     For Circuit ID sub-option, the padding format can be Normal, User Defined, Verbose (sysname), Verbose (MAC), or Verbose (user defined).

·     For Remote ID sub-option, the padding format can be Normal, Sysname, or User Defined.

Node identifier

Access node identifier.

User defined

Content of the user-defined sub-option.

Format

Code type of Option 82 sub-option:

·     For Circuit ID sub-option, the code type can be ASCII, Default, or Hex.

·     For Remote ID sub-option, the code type can be ASCII or Hex.

Remote ID

Content of the Remote ID sub-option.

VLAN

Pads Circuit ID sub-option and Remote ID sub-option in the DHCP packets received in the specified VLAN.

 

display dhcp snooping packet statistics

Use display dhcp snooping packet statistics to display DHCP packet statistics for DHCP snooping.

Syntax

display dhcp snooping packet statistics [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays DHCP packet statistics for the master device.

Examples

# Display DHCP packet statistics for DHCP snooping.

<Sysname> display dhcp snooping packet statistics

 DHCP packets received                  : 100

 DHCP packets sent                      : 200

 Invalid DHCP packets dropped           : 0

Related commands

reset dhcp snooping packet statistics

display dhcp snooping trust

Use display dhcp snooping trust to display information about trusted ports.

Syntax

display dhcp snooping trust

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about trusted ports.

<Sysname> display dhcp snooping trust

 DHCP snooping is enabled.

 Interface                                       Trusted

 =========================                       ============

 GigabitEthernet1/0/1                            Trusted

Related commands

dhcp snooping trust

reset dhcp snooping binding

Use reset dhcp snooping binding to clear DHCP snooping entries.

Syntax

reset dhcp snooping binding { all | ip ip-address [ vlan vlan-id ] }

Views

User view

Predefined user roles

network-admin

Parameters

all: Clears all DHCP snooping entries.

ip ip-address: Clears the DHCP snooping entry for the specified IP address.

vlan vlan-id: Clears DHCP snooping entries for the specified VLAN. If you do not specify a VLAN, this command clears DHCP snooping entries for the default VLAN.

Examples

# Clear all DHCP snooping entries.

<Sysname> reset dhcp snooping binding all

Related commands

display dhcp snooping binding

reset dhcp snooping packet statistics

Use reset dhcp snooping packet statistics to clear DHCP packet statistics for DHCP snooping.

Syntax

reset dhcp snooping packet statistics [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears DHCP packet statistics for the master device.

Examples

# Clear DHCP packet statistics for DHCP snooping.

<Sysname> reset dhcp snooping packet statistics

Related commands

display dhcp snooping packet statistics

BOOTP client commands

display bootp client

Use display bootp client to display information about a BOOTP client.

Syntax

display bootp client [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If you do not specify an interface, this command displays BOOTP client information about all interfaces.

Examples

# Display BOOTP client information about VLAN-interface 10.

<Sysname> display bootp client interface vlan-interface 10

Vlan-interface10 BOOTP client information:

Allocated IP: 169.254.0.2 255.255.0.0

Transaction ID: 0x3d8a7431

MAC Address: 00e0-fc0a-c3ef

Table 18 Command output

Field

Description

Vlan-interface10 BOOTP client information

Information about the interface that acts as a BOOTP client.

Allocated IP

BOOTP client's IP address allocated by the BOOTP server.

Transaction ID

Value of the XID field in a BOOTP message. The BOOTP client chooses a random number for the XID field when sending a BOOTP request to the BOOTP server. It is used to match a response message from the BOOTP server. If the values of the XID field are different in the BOOTP response and request, the BOOTP client drops the BOOTP response.

Mac Address

MAC address of a BOOTP client.

 

Related commands

ip address bootp-alloc

ip address bootp-alloc

Use ip address bootp-alloc to configure an interface to use BOOTP for IP address acquisition.

Use undo ip address bootp-alloc to cancel an interface from using BOOTP.

Syntax

ip address bootp-alloc

undo ip address bootp-alloc

Default

An interface does not use BOOTP for IP address acquisition.

Views

Interface view

Predefined user roles

network-admin

Examples

# Configure VLAN-interface 10 to use BOOTP for IP address acquisition.

<Sysname> system-view

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ip address bootp-alloc

Related commands

display bootp client