Login
- Table of Contents
-
- H3C S5500-SI Series Ethernet Switches Operation Manual-Release 1205-(V1.03)
- 00-1Cover
- 00-2Overview
- 01-Login Operation
- 02-Basic System Configuration and Maintenance Operation
- 03-File System Management Operation
- 04-VLAN Operation
- 05-QinQ-BPDU TUNNEL Operation
- 06-Port Correlation Configuration Operation
- 07-MAC Address Table Management Operation
- 08-MSTP Operation
- 09-IP Address and Performance Operation
- 10-IPv6 Configuration Operation
- 11-Routing Overview Operation
- 12-IPV4 Routing Operation
- 13-IPv6 Routing Operation
- 14-802.1x-HABP-MAC Authentication Operation
- 15-AAA-RADIUS-HWTACACS Operation
- 16-Multicast Protocol Operation
- 17-ARP Operation
- 18-DHCP Operation
- 19-ACL Operation
- 20-QoS Operation
- 21-Port Mirroring Operation
- 22-Cluster Operation
- 23-SNMP-RMON Operation
- 24-NTP Operation
- 25-DNS Operation
- 26-Information Center Operation
- 27-NQA Operation
- 28-SSH Terminal Service Operation
- 29-UDP Helper Operation
- 30-SSL-HTTPS Operation
- 31-PKI Operation
- 32-PoE-PoE Profile Operation
- 33-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 18-DHCP Operation | 431 KB |
Table of Contents
1.2.2 Dynamic IP Address Allocation Procedure
1.2.3 IP Address Lease Extension
Chapter 2 DHCP Relay Agent Configuration
2.1 Introduction to DHCP Relay Agent
2.2 Configuring the DHCP Relay Agent
2.2.3 Enabling the DHCP Relay Agent on Interfaces
2.2.4 Correlating a DHCP Server Group with Relay Agent Interfaces
2.2.5 Configuring the Relay Agent to Forward a DHCP-Release Request
2.2.6 Configuring the DHCP Relay Agent Security Functions
2.2.7 Configuring the DHCP Relay Agent to Support Option 82
2.3 Displaying and Maintaining the DHCP Relay Agent Configuration
2.4 DHCP Relay Agent Configuration Example
2.5 Troubleshooting DHCP Relay Agent Configuration
Chapter 3 DHCP Snooping Configuration
3.1.1 Function of DHCP Snooping
3.1.2 How Does DHCP Snooping Work
3.4 DHCP Snooping Configuration Example
Chapter 4 DHCP Client Configuration
4.1 Introduction to DHCP Client
4.2 Enabling the DHCP Client on an Interface
4.3 Displaying the DHCP Client
4.4 DHCP Client Configuration Example
Chapter 5 BOOTP Client Configuration
5.1 Introduction to BOOTP Client
5.1.2 Obtaining an IP Address Dynamically
5.2 Configuring an Interface to Dynamically Obtain an IP Address through BOOTP
5.3 Displaying BOOTP Client Configuration
Chapter 1 DHCP Overview
1.1 Introduction to DHCP
The fast expansion and growing complexity of networks result in scarce IP addresses assignable to hosts. Meanwhile, with the wide application of the wireless network, the frequent movement of laptops across the network requires that the IP addresses be changed accordingly. Therefore, related configurations on hosts become more complex. Dynamic host configuration protocol (DHCP) was introduced to ease network configuration by providing a framework for passing configuration information to hosts on a TCP/IP network.
DHCP is built on a client-server model, in which the client sends a configuration request and then the server returns a reply to send configuration parameters such as an IP address to the client.
A typical DHCP application, as shown in Figure 1-1, includes a DHCP server and multiple clients (PCs and laptops).
Figure 1-1 A typical DHCP application
1.2 DHCP Address Allocation
1.2.1 Allocation Mechanisms
DHCP supports three mechanisms for IP address allocation.
l Manual allocation: The network administrator assigns an IP address to a client like a WWW server, and DHCP conveys the assigned address to the client.
l Automatic allocation: DHCP assigns a permanent IP address to a client.
l Dynamic allocation: DHCP assigns an IP address to a client for a limited period of time, which is called a lease. Most clients obtain their addresses in this way.
1.2.2 Dynamic IP Address Allocation Procedure
For dynamic allocation, a DHCP client obtains an IP address from a DHCP server via four steps:
1) The client broadcasts a DHCP-DISCOVER message to locate a DHCP server.
2) A DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message.
3) If several DHCP servers send offers to the client, the client accepts the first received offer, and broadcasts it in a DHCP-REQUEST message to formally request the IP address.
4) All DHCP servers receive the DHCP-REQUEST message, but only the server to which the client sent a formal request for the offered IP address returns a DHCP-ACK message to the client confirming that the IP address has been allocated to the client, or returns a DHCP-NAK unicast message denying the IP address allocation.
& Note:
l If the client receives the DHCP-ACK message, it will probe the IP address using gratuitous ARP with destination address as the IP address assigned by the server to check whether the IP address is in use. If the client receives no response within specified time, the client can use this IP address.
l f there are multiple DHCP servers in the network, the IP addresses offered by other DHCP servers are still assignable to other clients.
1.2.3 IP Address Lease Extension
The IP address dynamically allocated by a DHCP server to a client has a lease. After the lease duration elapses, the IP address will be reclaimed by the DHCP server. If the client wants to use the IP address again, it has to extend the lease duration.
After the half lease duration elapses, the DHCP client will send the DHCP server a DHCP-REQUEST unicast message to extend the lease duration. Upon availability of the IP address, the DHCP server returns a DHCP-ACK unicast confirming that the client’s lease duration has been extended, or a DHCP-NAK unicast denying the request.
If the client receives the DHCP-NAK message, it will broadcast another DHCP-REQUEST message for lease extension after 7/8 lease duration elapses. The DHCP server will handle the request as above mentioned.
1.3 DHCP Message Format
The figure below gives the DHCP message format, which is based on the BOOTP message format and involves eight types. These types of messages have the same format except that some fields have different values. The numbers in parentheses indicate the size of each field in octets.
l op: Message type defined in option field. 1 = REQUEST, 2 = REPLY
l htype,hlen: Hardware address type and length of a DHCP client.
l hops: Number of relay agents a request message traveled.
l xid: Transaction ID, a 32 bit random number chosen by the client to identify an IP address allocation.
l secs: Filled in by the client, the number of seconds elapsed since the client began address acquisition or renewal process. Currently this field is reserved and set to 0.
l flags: The leftmost bit is defined as the BROADCAST (B) flag. If this flag is set to 1, the DHCP server sent a reply back by broadcast. The remaining bits of the flags field are reserved for future use. Currently, the BROADCAST flag is always set to 1.
l ciaddr: Client IP address.
l yiaddr: 'your' (client) IP address, assigned by the server.
l siaddr: Server IP address, from which the clients obtained configuration parameters.
l giaddr: The first relay agent IP address a request message traveled.
l chaddr: Client hardware address.
l sname: The server host name, from which the client obtained configuration parameters.
l file: Bootfile name and routing information, defined by the server to the client.
l options: Optional parameters field that is variable in length; parameters include the message type, lease, DNS IP address, WINS IP address and so forth.
1.4 Protocols and Standards
l RFC2131:Dynamic Host Configuration Protocol
l RFC2132:DHCP Options and BOOTP Vendor Extensions
l RFC1542:Clarifications and Extensions for the Bootstrap Protocol
l RFC 3046: DHCP Relay Agent Information Option
Chapter 2 DHCP Relay Agent Configuration
When configuring the DHCP relay agent, go to these sections for information you are interested in:
l Introduction to DHCP Relay Agent
l Configuring the DHCP Relay Agent
l Displaying and Maintaining the DHCP Relay Agent Configuration
l DHCP Relay Agent Configuration Example
l Troubleshooting DHCP Relay Agent Configuration
l The DHCP relay agent configuration is supported only on VLAN interfaces.
l DHCP Snooping must be disabled on the DHCP relay agent.
2.1 Introduction to DHCP Relay Agent
2.1.1 Application Environment
Since DHCP clients request IP addresses via broadcast messages, the DHCP sever and clients must be on the same subnet. Therefore, a DHCP server must be available on each subnet. It is not practical.
DHCP relay agent solves the problem. Via a relay agent, DHCP clients communicate with a DHCP server on another subnet to obtain configuration parameters. Thus, DHCP clients on different subnets can contact the same DHCP server for ease of centralized management and cost reduction.
2.1.2 Fundamentals
A typical application of the DHCP relay agent is shown below.
Figure 2-1 DHCP relay agent application
No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see 1.2.2 Dynamic IP Address Allocation Procedure). The following describes the forwarding process on the DHCP relay agent.
l The DHCP client broadcasts the DHCP-DISCOVER or DHCP-REQUEST packet. After receiving the packet, the DHCP relay-enabled network device unicasts the packet to a specified DHCP server based on the configuration.
l The DHCP server returns an IP address to the relay agent, which conveys it to the client via broadcast.
2.2 Configuring the DHCP Relay Agent
2.2.1 Configuration Task List
Complete the following tasks to configure the DHCP relay agent:
|
Task |
Remarks |
|
Required |
|
|
Required |
|
|
Required |
|
|
Configuring the Relay Agent to Forward a DHCP-Release Request |
Optional |
|
Optional |
|
|
Optional |
2.2.2 Enabling DHCP
Enable DHCP before performing other DHCP-related configurations.
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable DHCP |
dhcp enable |
Required Disabled by default |
2.2.3 Enabling the DHCP Relay Agent on Interfaces
With this task completed, upon receiving a DHCP request from an enabled interface, the relay agent will forward the request to an outside DHCP server for address allocation.
To enable the DHCP relay agent on interfaces, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable the DHCP relay agent on the current interface |
dhcp select relay |
Required Disabled by default. |
& Note:
When a DHCP client obtains an IP address from a DHCP server through the DHCP relay, an IP address pool with the same network segment (network number and mask) as that of the IP address of the DHCP relay interface connecting the client must has already been configured on the DHCP server. Otherwise, the DHCP client cannot obtain a correct IP address.
2.2.4 Correlating a DHCP Server Group with Relay Agent Interfaces
To improve reliability, you can specify several DHCP servers as a group on the DHCP relay agent and correlate a relay agent interface with the server group. When the interface receives requesting messages from clients, the relay agent will forward them to all the DHCP servers of the group.
To correlate a DHCP server group with relay agent interfaces, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Specify a DHCP server group number and servers in the group |
dhcp relay server-group group-id ip ip-address |
Required Not specified by default |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Correlate the DHCP server group with the Current interface |
dhcp relay server-select group-id |
Required Not correlated by default |
& Note:
l You can specify up to twenty DHCP server groups on the relay agent.
l You can configure up to eight DHCP servers for a server group.
l The IP address of any DHCP server in a DHCP server group cannot be on the same network segment with that of a DHCP relay interface connecting with DHCP clients; otherwise, the DHCP clients may not be able to obtain IP addresses.
l A DHCP server group can correlate with one or multiple DHCP relay agent interfaces, while a relay agent interface can only correlate with one DHCP server group. Using the dhcp relay server-select command repeatedly overwrites the previous configuration. However, if the specified DHCP server group does not exist, the interface still uses the previous correlation.
l The group-id in the dhcp relay server-select command was specified by the dhcp relay server-group command.
2.2.5 Configuring the Relay Agent to Forward a DHCP-Release Request
Sometimes, you need to release a client’s IP address manually on the DHCP relay agent. With this task completed, the DHCP relay agent can actively send a DHCP-RELEASE request that contains the client’s IP address to the DHCP server. The DHCP server then releases the IP address for the client.
I. Configure to release a client’s IP address through the DHCP relay (in system view)
In system view, when you configure to release a client’s IP address through DHCP relay, if you do not specify the IP address of the DHCP server, the DHCP relay will send a DHCP-RELEASE request to the DHCP servers of DHCP server groups that correspond to all interfaces working in the DHCP relay mode.
Table 2-1 Configure to release a client’s IP address through the DHCP relay (in system view)
|
To do… |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Request DHCP server to release the IP address applied and used by a client |
dhcp relay release client-ip client-mac [ server-ip ] |
Required |
II. Configure to release a client’s IP address through the DHCP relay (in interface view)
In interface view, when you configure to release a client’s IP address through DHCP relay, if you do not specify a DHCP server, the DHCP relay will send a DHCP-RELEASE request to all the DHCP servers of DHCP server group that correspond to the interface. If you specify a DHCP server, the DHCP relay will send the DHCP-RELEASE request to the specified DHCP server only.
Table 2-2 Configure to release a client’s IP address through the DHCP relay (in interface view)
|
To do… |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Request DHCP server to release the IP address applied and used by a client |
dhcp relay release client-ip client-mac [ server-ip ] |
Required |
2.2.6 Configuring the DHCP Relay Agent Security Functions
I. Creating static bindings and enabling invalid IP addresses check
The DHCP relay agent can dynamically record IP-to-MAC bindings after clients got IP addresses. You can also create static bindings on the DHCP relay agent.
For avoidance of invalid IP address configuration, you can configure the DHCP relay agent to check whether a requesting client’s IP and MAC addresses match a binding on it (both dynamic and static bindings). If not, the client cannot access outside networks via the DHCP relay agent.
To create a static binding and enable invalid IP address check, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create a static binding |
dhcp relay security static ip-address mac-address |
Optional Not created by default |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable invalid IP address check |
dhcp relay address-check { disable | enable } |
Required Disabled by default |
& Note:
l The dhcp relay address-check command is independent of other commands of the DHCP relay agent. That is, the invalid address check takes effect when this command is executed, regardless of whether other commands are used.
l Before executing the dhcp relay address-check enable command on the DHCP relay interface connected to the DHCP server, you need to configure the static binding between the IP address and MAC address of the DHCP server. Otherwise, the DHCP client will fail to obtain an IP address.
II. Configuring dynamic binding update interval
Via the DHCP relay agent, a DHCP client sends a DHCP-RELEASE unicast message to the DHCP server to relinquish its IP address. In this case the DHCP relay agent simply conveys the message to the DHCP server, thus it does not remove the IP address from its bindings. To solve this, the system provides the function of updating relay agent binding entries at a specified interval.
The DHCP relay agent regularly sends a DHCP-REQUEST message using its own MAC address and a client’s IP address to the DHCP server. If the server returns a DHCP-ACK message, which means the client’s IP address is assignable now, the DHCP relay agent will update its bindings by aging out the binding entry of the client’s IP address. If the server returns a DHCP-NAK message, which means the IP address is still in use, the relay agent will not age it out.
To configure dynamic binding update interval, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure binding update interval |
dhcp relay security tracker { interval | auto } |
Optional auto by default (auto interval is calculated by the relay agent according to the number of bindings) |
III. Enabling pseudo DHCP servers detection
There are invalid DHCP servers on networks, which reply DHCP clients with wrong IP addresses. These invalid DHCP servers are pseudo DHCP servers.
With this task completed, upon receiving a DHCP-REQUEST message from a client, the DHCP relay agent will record from the message the IP address that the server has ever offered to the client and the receiving interface address. The administrator can use this information to check out any DHCP pseudo servers.
To enable pseudo DHCP server detection, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable pseudo DHCP server detection |
dhcp relay server-detect |
Required Disabled by default |
& Note:
With pseudo DHCP server detection enabled, the device puts a record once for each DHCP server. The administrator needs to find pseudo DHCP servers from the records.
2.2.7 Configuring the DHCP Relay Agent to Support Option 82
I. Introduction to option 82
Option 82 is the relay agent option in the Options field of the DHCP message. It involves 255 sub-options. At least one sub-option must be defined. Now the DHCP relay agent supports two sub-options: sub-option 1 and sub-option 2.
Option 82 has no unified definition. Its padding formats vary with venders. Currently the device supports two padding formats: normal and verbose.
The padding contents for sub-options in the normal padding format are:
sub-option 1: padded with the number of the port that receives the DHCP client’s request, and the number of the VLAN that the port belongs to. sub-option 2: padded with the MAC address of the interface that received the client’s request.
The padding contents for sub-options in the verbose padding format are:
sub-option 1: padded with specified access node identifier, the type and number of the port that receives the DHCP client’s request, and the number of the VLAN that the port belongs to. sub-option 2: padded with the MAC address of the interface that received the client’s request.
II. Handling strategies for option 82 on the relay agent
If the DHCP relay agent supports option 82, it will handle a client’s requesting message according to the contents defined in option 82, if any. The handling strategies are described in the table below.
If a reply returned by the DHCP server contains option 82, the DHCP relay agent will remove the option 82 before forwarding the reply to the client.
|
If a client’s requesting message has… |
Handling strategy |
Padding format |
The DHCP relay agent will… |
|
Option 82 |
Drop |
— |
Drop the message. |
|
Keep |
— |
Forward the message without changing Option 82. |
|
|
Replace |
Normal |
Forward the message after replacing the original Option 82 with the Option 82 padded in normal format. |
|
|
Verbose |
Forward the message after replacing the original Option 82 with the Option 82 padded in verbose format. |
||
|
no option 82 |
— |
Normal |
Forward the message after adding the Option 82 padded in normal format. |
|
— |
Verbose |
Forward the message after adding the Option 82 padded in verbose format. |
III. Prerequisites
You need to complete the following tasks before configuring the DHCP relay agent to support option 82
Enabling DHCP
Enabling the DHCP relay agent on the specified interface
IV. Configuring the DHCP relay agent to support option 82
Use the following commands for this configuration:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable the relay agent to support option 82 |
dhcp relay information enable |
Required Disabled by default |
|
Configure the handling strategy for requesting messages containing option 82 |
dhcp relay information strategy { drop | keep | replace } |
Optional replace by default |
|
Configure the padding format for option 82 |
dhcp relay information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } |
Optional normal by default |
& Note:
l To support option 82, it is required to perform related configuration on both the DHCP server and relay agent. Since the DHCP server configuration varies with devices, it is not mentioned here.
l If the handling strategy of the DHCP relay agent is configured as replace, you need to configure a padding format for option 82. If the handling strategy is keep or drop, you need not configure any padding format.
2.3 Displaying and Maintaining the DHCP Relay Agent Configuration
|
To do… |
Use the command… |
Remarks |
|
Display information about DHCP server groups correlated to a specified or all interfaces |
display dhcp relay { all | interface interface-type interface-number } |
Available in any view |
|
Display information about bindings of DHCP relay agents |
display dhcp relay security [ ip-address | dynamic | static ] |
Available in any view |
|
Display statistics information about bindings of DHCP relay agents |
display dhcp relay security statistics |
Available in any view |
|
Display information about the refreshing interval for entries of dynamic IP-to-MAC bindings |
display dhcp relay security tracker |
Available in any view |
|
Display information about the configuration of a specified or all DHCP server groups |
display dhcp relay server-group { group-id | all } |
Available in any view |
|
Display packet statistics on relay agent |
display dhcp relay statistics [ server-group { group-id | all } ] |
Available in user view |
|
Clear packet statistics from relay agent |
reset dhcp relay statistics [ server-group group-id ] |
Available in user view |
2.4 DHCP Relay Agent Configuration Example
I. Network requirements
Vlan-interface1 on the DHCP relay agent (a switch) connects to the network where DHCP clients reside. The IP address of Vlan-interface1 is 10.10.1.1/24 and IP address of Vlan-interface2 is 10.1.1.2/24 that communicates with the DHCP server 10.1.1.1/24. As shown in the figure below, the DHCP relay agent forwards messages between DHCP clients and the DHCP server.
II. Network diagram
Figure 2-2 Network diagram for DHCP relay agent
III. Configuration procedure
# Enable DHCP.
<Sysname> system-view
[Sysname] dhcp enable
# Enable the DHCP relay agent on Vlan-interface1.
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] dhcp select relay
[Sysname-Vlan-interface1] quit
# Configure DHCP server group 1 with the DHCP server 10.1.1.1, and correlate the DHCP server group 1 with Vlan-interface1.
[Sysname] dhcp relay server-group 1 ip 10.1.1.1
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] dhcp relay server-select 1
& Note:
l Performing the configuration on the DHCP server is also required to guarantee the client-to-server communication via the relay agent. Since the DHCP server configuration varies with devices, it is not mentioned here.
l In this example, the DHCP relay agent and server are on the same subnet. If they are on different subnets, the routes in between must be reachable.
2.5 Troubleshooting DHCP Relay Agent Configuration
I. Symptom
DHCP clients cannot obtain any configuration parameters via the DHCP relay agent.
II. Analysis
Some problems may occur with the DHCP relay agent or server configuration. Enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information for locating the problem.
III. Solution
Check that:
l The DHCP is enabled on the DHCP server and relay agent.
l The address pool on the same subnet where DHCP clients reside is available on the DHCP server.
l The routes between the DHCP server and DHCP relay agent are reachable.
l The relay agent interface connected to DHCP clients is correlated with correct DHCP server group and IP addresses for the group members are correct.
Chapter 3 DHCP Snooping Configuration
When configuring DHCP snooping, go to these sections for information you are interested in:
l DHCP Snooping Configuration Example
l The DHCP snooping is supported no link aggregation. If an Ethernet port is added into an aggregation group, DHCP Snooping configuration on it will not take effect. When the port is removed from the group, DHCP Snooping can take effect.
l The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
l The DHCP Snooping enabled device cannot be a DHCP server, DHCP relay agent, DHCP client, or BOOTP client. Therefore, DHCP Snooping must be disabled on a DHCP server, DHCP relay agent, DHCP client, and BOOTP client.
3.1 DHCP Snooping Overview
3.1.1 Function of DHCP Snooping
DHCP snooping is a DHCP security feature for preventing DHCP clients from receiving IP addresses provided by untrusted DHCP servers. It allows a device to:
l Drop DHCP responses received on untrusted ports, preventing DHCP clients from receiving IP addresses provided by untrusted DHCP servers.
l Listen to DHCP-REQUEST and DHCP-ACK messages, record and maintain binding information about MAC addresses of DHCP clients and the obtained IP addresses, so that network administrators can easily see which IP addresses are assigned to the DHCP clients.
3.1.2 How Does DHCP Snooping Work
On a network, DHCP servers fall into two categories: valid and invalid. With DHCP snooping, the ports of a device can be differentiated by whether they are trusted or untrusted:
l Trusted: A trusted port is connected to a valid DHCP server directly or indirectly. It forwards DHCP messages normally, guaranteeing that DHCP clients can obtain valid IP addresses.
l Untrusted: An untrusted port is connected to an invalid DHCP server. The DHCP-ACK or DHCP-OFFER packets received from the port are discarded, preventing DHCP clients from receiving invalid IP addresses.
3.2 Configuring DHCP Snooping
Follow these steps to configure DHCP snooping:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable DHCP snooping |
dhcp-snooping |
Required Disabled by default |
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
Specify the port as trusted |
dhcp-snooping trust |
Required Untrusted by default. |
& Note:
You must specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN.
3.3 Displaying DHCP Snooping
|
To do… |
Use the command… |
Remarks |
|
Display DHCP snooping address binding information |
display dhcp-snooping |
Available in any view |
|
Display information about trusted ports |
display dhcp-snooping trust |
3.4 DHCP Snooping Configuration Example
I. Network requirements
l A device is connected to a DHCP server through GigabitEthernet1/0/1, and to two DHCP clients through GigabitEthernet1/0/2 and GigabitEthernet1/0/3.
l GigabitEthernet1/0/1 forwards DHCP server responses while the other two do not.
II. Network diagram
Figure 3-1 Network diagram for DHCP snooping configuration
III. Configuration procedure
# Enable DHCP snooping.
<Sysname> system-view
[Sysname] dhcp-snooping
# Specify GigabitEthernet1/0/1 as trusted.
[Sysname] interface GigabitEthernet1/0/ 1
[Sysname-GigabitEthernet1/0/1] dhcp-snooping trust
Chapter 4 DHCP Client Configuration
When configuring the DHCP client, go to these sections for information you are interested in:
l Enabling the DHCP Client on an Interface
l DHCP Client Configuration Example
l The DHCP client configuration is supported only on VLAN interfaces.
l When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be a Windows 2000 Server or Windows 2003 Server.
l DHCP Snooping must be disabled on the DHCP client.
4.1 Introduction to DHCP Client
With the DHCP client enabled on an interface, the interface will use DHCP to obtain configuration parameters such as an IP address from the DHCP server.
4.2 Enabling the DHCP Client on an Interface
Follow these steps to enable the DHCP client on an interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable the DHCP client on the interface |
ip address dhcp-alloc [ client-identifier mac interface-type interface-number ] |
Required Disabled by default |
& Note:
l An interface can be configured to acquire an IP address in multiple ways, but these ways are exclusive. The IP address obtained in a new way overwrites the IP address obtained in the previous way.
l After the DHCP client is enabled on an interface, no secondary IP address is configurable for the interface.
4.3 Displaying the DHCP Client
|
To do… |
Use the command… |
Remarks |
|
Display specified configuration information |
display dhcp client [ verbose ] [ interface interface-type interface-number ] |
Available in any view |
4.4 DHCP Client Configuration Example
I. Network requirements
On a LAN, the DHCP client (S5500-SI) contacts the DHCP server via Vlan-interface1 to obtain an IP address.
II. Network diagram
Figure 4-1 A DHCP network( S5500-SI as the DHCP client)
III. Configuration procedure
The following is the configuration on the client switch shown in Figure 4-1.
# Enable the DHCP client on Vlan-interface1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ip address dhcp-alloc
& Note:
To implement the DHCP client-server model, you need to perform related configuration on the DHCP server. Since the DHCP server configuration varies with devices, it is not mentioned here.
Chapter 5 BOOTP Client Configuration
While configuring a bootstrap protocol (BOOTP) client, go to these sections for information you are interested in:
l Introduction to BOOTP Client
l Configuring an Interface to Dynamically Obtain an IP Address through BOOTP
l Displaying BOOTP Client Configuration
& Note:
l BOOTP client configuration only applies to VLAN interfaces.
l If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server.
l DHCP Snooping must be disabled on the BOOTP client.
5.1 Introduction to BOOTP Client
This section covers these topics:
l Obtaining an IP Address Dynamically
5.1.1 BOOTP Application
After you specify an interface of the device as a BOOTP client, the interface can use BOOTP to get information (such as IP address) from the BOOTP server, which simplifies your configuration.
Before using BOOTP, an administrator needs to configure a BOOTP parameter file for each BOOTP client on the BOOTP server. The parameter file contains information such as MAC address and IP address of a BOOTP client. When a BOOTP client originates a request to the BOOTP server, the BOOTP server will search for the BOOTP parameter file and return the corresponding configuration information.
Because you need to configure a parameter file for each client on the BOOTP server, BOOTP usually runs under a relatively stable environment. If the network changes frequently, dynamic host configuration protocol (DHCP) can be applied. For an introduction to DHCP, refer to Chapter 1 DHCP Overview
& Note:
Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an IP address for the BOOTP client, without any BOOTP server.
5.1.2 Obtaining an IP Address Dynamically
& Note:
A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition.
A BOOTP client dynamically obtains an IP address from a BOOTP server in the following way:
1) The BOOTP client broadcasts a BOOTP request, which contains its own MAC address.
2) The BOOTP server receives the request and searches the configuration file for the corresponding IP address according to the MAC address of the BOOTP client. The BOOTP server then returns a BOOTP response to the BOOTP client.
3) The BOOTP client obtains the IP address from the received the response.
5.1.3 Protocols and Standards
Some protocols and standards related to BOOTP include:
l RFC 951: Bootstrap Protocol (BOOTP)
l RFC 2132: DHCP Options and BOOTP Vendor Extensions
l RFC 1542: Clarifications and Extensions for the Bootstrap Protocol
5.2 Configuring an Interface to Dynamically Obtain an IP Address through BOOTP
Follow these steps to configure an interface to dynamically obtain an IP address:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Configure an interface to dynamically obtain IP address through BOOTP |
ip address bootp-alloc |
Required By default, an interface does not use BOOTP to obtain an IP address. |
5.3 Displaying BOOTP Client Configuration
|
To do… |
Use the command… |
Remarks |
|
Display related information on a BOOTP client |
display bootp client [ interface interface-type interface-number ] |
Available in any view |
