Login
- Table of Contents
-
- H3C S3610[5510] Series Ethernet Switches Operation Manual-Release 0001-(V1.02)
- 00-1Cover
- 00-2Product Overview
- 01-Login Operation
- 02-VLAN Operation
- 03-IP Address and Performance Operation
- 04-QinQ-BPDU Tunnel Operation
- 05-Port Correlation Configuration Operation
- 06-MAC Address Table Management Operation
- 07-MAC-IP-Port Binding Operation
- 08-MSTP Operation
- 09-Routing Overview Operation
- 10-IPv4 Routing Operation
- 11-IPv6 Routing Operation
- 12-IPv6 Configuration Operation
- 13-Multicast Protocol Operation
- 14-802.1x-HABP-MAC Authentication Operation
- 15-AAA-RADIUS-HWTACACS Operation
- 16-ARP Operation
- 17-DHCP Operation
- 18-ACL Operation
- 19-QoS Operation
- 20-Port Mirroring Operation
- 21-Cluster Management Operation
- 22-UDP Helper Operation
- 23-SNMP-RMON Operation
- 24-NTP Operation
- 25-DNS Operation
- 26-File System Management Operation
- 27-Information Center Operation
- 28-System Maintenance and Debugging Operation
- 29-NQA Operation
- 30-VRRP Operation
- 31-SSH Operation
- 32-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 17-DHCP Operation | 1 MB |
Table of Contents
1.2.2 Dynamic IP Address Allocation Procedure
1.2.3 IP Address Lease Extension
Chapter 2 DHCP Server Configuration
2.1 Introduction to DHCP Server
2.1.3 IP Address Allocation Sequence
2.2 DHCP Server Configuration Task List
2.4 Enabling the DHCP Server on an Interface
2.5 Configuring an Address Pool for the DHCP Server
2.5.2 Creating a DHCP Address Pool
2.5.3 Configuring an Address Allocation Mechanism
2.5.4 Configuring a Domain Name for the Client
2.5.5 Configuring DNS Servers for DHCP Clients
2.5.6 Configuring WINS Servers and NetBIOS Node Type for the Client
2.5.7 Configuring the BIMS Server Information for the Client
2.5.8 Configuring Gateways for the Client
2.5.9 Configuring Option 184 Parameters for the Client with Voice Service
2.5.10 Configuring the TFTP Server and Bootfile Name for the Client
2.5.11 Configuring Self-Defined DHCP Options
2.6 Configuring the DHCP Server Security Functions
2.6.1 Configuration Prerequisites
2.6.2 Enabling Pseudo DHCP Server Detection
2.6.3 Configuring IP Address Conflict Detection
2.7 Enabling the DHCP Server to Support Option 82
2.8 Displaying and Maintaining the DHCP Server
2.9 DHCP Server Configuration Example
2.10 Troubleshooting DHCP Server Configuration
Chapter 3 DHCP Relay Agent Configuration
3.1 Introduction to DHCP Relay Agent
3.2 DHCP Relay Agent Configuration
3.3 Configuring DHCP Relay Agent
3.3.2 Enabling the DHCP Relay Agent on Interfaces
3.3.3 Correlating a DHCP Server Group with Relay Agent Interfaces
3.3.4 Configuring the DHCP Relay Agent to Send a DHCP-Release Request
3.3.5 Configuring the DHCP Relay Agent Security Functions
3.3.6 Configuring the DHCP Relay Agent to Support Option 82
3.4 Displaying and Maintaining the DHCP Relay Agent Configuration
3.5 DHCP Relay Agent Configuration Example
3.6 Troubleshooting DHCP Relay Agent Configuration
Chapter 4 DHCP Snooping Configuration
4.1.1 Function of DHCP Snooping
4.1.2 How Does DHCP Snooping Work
4.4 DHCP Snooping Configuration Example
Chapter 5 DHCP Client Configuration
5.1 Introduction to DHCP Client
5.2 Enabling the DHCP Client on an Interface
5.3 Displaying the DHCP Client
5.4 DHCP Client Configuration Example
Chapter 6 BOOTP Client Configuration
6.1 Introduction to BOOTP Client
6.1.2 Obtaining an IP Address Dynamically
6.2 Configuring an Interface to Dynamically Obtain an IP Address through BOOTP
6.3 Displaying BOOTP Client Configuration
6.4 BOOTP Client Configuration Example
Chapter 1 DHCP Overview
1.1 Introduction to DHCP
The fast expansion and growing complexity of networks result in scarce IP addresses assignable to hosts. Meanwhile, with the wide application of the wireless network, the frequent movement of laptops across the network requires that the IP addresses be changed accordingly. Therefore, related configurations on hosts become more complex. Dynamic host configuration protocol (DHCP) was introduced to ease network configuration by providing a framework for passing configuration information to hosts on a TCP/IP network.
DHCP is built on a client-server model, in which the client sends a configuration request and then the server returns a reply to send configuration parameters such as an IP address to the client.
A typical DHCP application, as shown in Figure 1-1, includes a DHCP server and multiple clients (PCs and laptops).
Figure 1-1 A typical DHCP application
1.2 DHCP Address Allocation
1.2.1 Allocation Mechanisms
DHCP supports three mechanisms for IP address allocation.
l Manual allocation: The network administrator assigns an IP address to a client like a WWW server, and DHCP conveys the assigned address to the client.
l Automatic allocation: DHCP assigns a permanent IP address to a client.
l Dynamic allocation: DHCP assigns an IP address to a client for a limited period of time, which is called a lease. Most clients obtain their addresses in this way.
1.2.2 Dynamic IP Address Allocation Procedure
For dynamic allocation, a DHCP client obtains an IP address from a DHCP server via four steps:
1) The client broadcasts a DHCP-DISCOVER message to locate a DHCP server.
2) A DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message.
3) If several DHCP servers send offers to the client, the client accepts the first received offer, and broadcasts it in a DHCP-REQUEST message to formally request the IP address.
4) All DHCP servers receive the DHCP-REQUEST message, but only the server to which the client sent a formal request for the offered IP address returns a DHCP-ACK message to the client, confirming that the IP address has been allocated to the client, or returns a DHCP-NAK unicast message, denying the IP address allocation.
& Note:
l After the client receives the DHCP-ACK message, it will probe if the IP address assigned by the server is in use by another host through broadcasting gratuitous ARP. If the client receives no response within specified time, the client can use this IP address. Otherwise, the client sends a DHCP-DECLINE message to the server, and then apply for IP address.
l If there are multiple DHCP servers in the network, IP addresses offered by other DHCP servers are assignable to other clients.
1.2.3 IP Address Lease Extension
The IP address dynamically allocated by a DHCP server to a client has a lease. After the lease duration elapses, the IP address will be reclaimed by the DHCP server. If the client wants to use the IP address again, it has to extend the lease duration.
After the half lease duration elapses, the DHCP client will send the DHCP server a DHCP-REQUEST unicast message to extend the lease duration. Upon availability of the IP address, the DHCP server returns a DHCP-ACK unicast confirming that the client’s lease duration has been extended, or a DHCP-NAK unicast denying the request.
If the client receives the DHCP-NAK message, it will broadcast another DHCP-REQUEST message for lease extension after 7/8 lease duration elapses. The DHCP server will handle the request as above mentioned.
1.3 DHCP Message Format
Figure 1-2 gives the DHCP message format, which is based on the BOOTP message format and involves eight types. These types of messages have the same format except that some fields have different values. The numbers in parentheses indicate the size of each field in octets.
Figure 1-2 DHCP message format
l op: Message type defined in option field. 1 = REQUEST, 2 = REPLY
l htype,hlen: Hardware address type and length of a DHCP client.
l hops: Number of relay agents a request message traveled.
l xid: Transaction ID, a random 32-bit number chosen by the client to identify an IP address allocation.
l secs: Filled in by the client, the number of seconds elapsed since the client began address acquisition or renewal process. Currently this field is reserved and set to 0.
l flags: The leftmost bit is defined as the BROADCAST (B) flag, which indicates whether the DHCP server replies by broadcast or unicast. The remaining bits of the flags field are reserved for future use. Currently, the leftmost bit in the flags field is always set to 1, which indicates that the DHCP server replies by broadcast.
l ciaddr: Client IP address.
l yiaddr: 'your' (client) IP address, assigned by the server.
l siaddr: Server IP address, from which the clients obtained configuration parameters.
l giaddr: The first relay agent IP address a request message traveled.
l chaddr: Client hardware address.
l sname: The server host name, from which the client obtained configuration parameters.
l file: Bootfile name and routing information, defined by the server to the client.
l options: Optional parameters field that is variable in length; parameters include the message type, lease, DNS IP address, WINS IP address and so forth.
1.4 Protocols and Standards
l RFC2131:Dynamic Host Configuration Protocol
l RFC2132:DHCP Options and BOOTP Vendor Extensions
l RFC1542:Clarifications and Extensions for the Bootstrap Protocol
l RFC 3046: DHCP Relay Agent Information Option
Chapter 2 DHCP Server Configuration
& Note:
l Currently, the interface-related DHCP server configurations can only be made on VLAN interfaces.
l DHCP Snooping must be disabled on the DHCP server.
2.1 Introduction to DHCP Server
2.1.1 Application Environment
The DHCP server is well suited to the network where:
l It is hard to implement manual configuration and centralized management.
l The hosts are more than the assignable IP addresses and it is impossible to assign a fixed IP address to each host. For example, an ISP limits the number of hosts to access the Internet at a time, so lots of hosts need to acquire IP addresses dynamically.
l A few hosts need fixed IP addresses.
2.1.2 DHCP Address Pool
In response to a client’s request, the DHCP server selects an idle IP address from an address pool and sends it together with other parameters such as lease and DNS server address to the client.
The address pool database is organized as a tree. The root of the tree is the address pool for natural networks, branches are address pools for subnets, and leaves are addresses statically bound to clients. For the same level address pools, a previously configured pool has a higher selection priority than a new one.
At the very beginning, subnetworks inherit network parameters and clients inherit subnetwork parameters. Therefore, common parameters, for example the domain name, should be configured at the highest (network or subnetwork) level of the tree.
After establishment of the inheritance relationship, the new configuration at the higher level of the tree will be:
l Inherited if the lower level has no such configuration, or
l Overridden if the lower level has such configuration.
& Note:
The IP address lease does not have inheritance.
2.1.3 IP Address Allocation Sequence
A DHCP server assigns an IP address to a client according to the following sequence:
1) The IP address manually bound to the client’s MAC address or ID
2) The IP address that was ever assigned to the client
3) The IP address designated by the Option 50 field in a DHCP-DISCOVER message
4) The first IP address found in the DHCP address pool
5) The IP address that was a conflict or passed its lease duration
If no IP address is assignable, the server will not respond.
2.2 DHCP Server Configuration Task List
To configure the DHCP server feature, perform the tasks described in the following sections:
|
Remarks |
|
|
Required |
|
|
Optional |
|
|
Optional |
|
|
Optional |
|
|
Optional |
2.3 Enabling DHCP
Enable DHCP before performing other configurations.
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable DHCP |
dhcp enable |
Required Disabled by default |
2.4 Enabling the DHCP Server on an Interface
With the DHCP server enabled on an interface, when the interface receives a client’s request, the DHCP server will assign an IP address from its address pool to the DHCP client.
Follow these steps to enable the DHCP server on an interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable the DHCP server on an interface |
dhcp select server global-pool [ subaddress ] |
Optional Enabled by default. |
& Note:
The subaddress keyword is valid only when the server and client are on the same subnet. If a DHCP relay agent exists in between, regardless of subaddress, the DHCP server will select an IP address from an address pool of the subnet which contains the primary IP address of the DHCP relay agent’s interface (connected to the client).
When the DHCP server and client are on the same subnet, the server will:
l With subaddress specified, assign an IP address from an address pool of the subnet which contains the secondary IP address of the server’s interface connected to the client. If the interface has multiple secondary IP addresses, the server tries to assign an IP address based on the first secondary IP address, the second one, and so on until it does it. If no secondary IP address is configured for the interface, the server is unable to assign an IP address to the client.
l With subaddress not specified, assign an IP address from the address pool of the subnet which contains the primary IP address of the server’s interface (connected to the client).
2.5 Configuring an Address Pool for the DHCP Server
2.5.1 Configuration Task List
To configure an address pool, perform the tasks described in the following sections:
|
Task |
Remarks |
|
|
Required |
||
|
Required to configure either of the two |
||
|
Optional |
||
|
Configuring WINS Servers and NetBIOS Node Type for the Client |
||
|
Configuring Option 184 Parameters for the Client with Voice Service |
||
|
Configuring the TFTP Server and Bootfile Name for the Client |
||
2.5.2 Creating a DHCP Address Pool
To create a DHCP address pool, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create a DHCP address pool and enter its view |
dhcp server ip-pool pool-name |
Required No DHCP address pool is created by default. |
2.5.3 Configuring an Address Allocation Mechanism
Caution:
You can configure either the static binding or dynamic address allocation for an address pool as needed,
It is required to specify an address range for the dynamic address allocation. A static binding is a special address pool containing only one IP address.
I. Configuring manual address allocation
Some DHCP clients such as a WWW server need fixed IP addresses. You can create a static binding of a client’s MAC or ID to IP address in the DHCP address pool.
When the client with the MAC address or ID requests an IP address, the DHCP server will find the IP address from the binding for the client.
A DHCP address pool now supports only one static binding, which can be a MAC-to-IP or ID-to-IP binding.
To configure the static binding in a DHCP address pool, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter DHCP addres pool view |
dhcp server ip-pool pool-name |
— |
|
|
Bind an IP address statically |
static-bind ip-address ip-address [ mask-length | mask mask ] |
Required No IP addresseses are statically bound by default. |
|
|
Bind MAC addresses or IDs statically |
Specify the MAC address |
static-bind mac-address mac-address |
Required to configure either of the two Neither is bound statically by default |
|
Specify the ID |
static-bind client-identifier client-identifier |
||
& Note:
l Use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier command to accomplish a static binding configuration.
l In a DHCP address pool, if you execute the static-bind mac-address command before the static-bind client-identifier command, the latter will overwrite the former and vice versa.
l If you use the static-bind ip-address, static-bind mac-address, or static-bind client-identifier command repeatedly in the DHCP address pool, the new configuration will overwrite the previous one.
l A statically bound IP address cannot be an interface address of the DHCP server. Otherwise, an IP address conflict will occur and the bound client cannot obtain an IP address correctly.
l The ID of the static binding must be identical to the ID displayed by using the display dhcp client verbose command on the client. Otherwise, the client cannot obtain an IP address.
II. Configuring dynamic address allocation
You need to specify one and only one address range using a mask for the dynamic address allocation.
To avoid address conflicts, the DHCP server excludes IP addresses used by the GW, FTP server and so forth from dynamic allocation.
You can specify the lease duration in the DHCP address pool different from others, and a DHCP address pool can only have the same lease duration. A lease does not enjoy the inheritance attribute.
To configure the dynamic address allocation, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify an IP address range |
network network-address [ mask-length | mask mask ] |
Required Not specified by default, meaning no assignable address |
|
Specify the address lease duration |
expired { day day [ hour hour [ minute minute ] ] | unlimited } |
Optional One day by default |
|
Return to system view |
quit |
— |
|
Exclude IP addresses from automatic allocation |
dhcp server forbidden-ip low-ip-address [ high-ip-address ] |
Optional All addresses in the DHCP address pool assignable by default. |
& Note:
l In DHCP address pool view, using the network command repeatedly overwrites the previous configuration.
l Using the dhcp server forbidden-ip command repeatedly can specify multiple IP address ranges not assignable.
2.5.4 Configuring a Domain Name for the Client
You can specify a domain name in each DHCP address pool on the DHCP server. To configure the domain name for a DHCP address pool, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter the DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify the domain name for the client |
domain-name domain-name |
Required Not specified by default |
2.5.5 Configuring DNS Servers for DHCP Clients
When a DHCP client uses a domain name to access a host on the Internet, it needs a domain name system (DNS) server to resolve the domain name to the host IP address. So, the DHCP server needs to assign a DNS server address as well as an IP address to the client. You can specify up to eight DNS servers for each DHCP address pool.
To configure DNS servers for a DHCP address pool, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify the DNS servers to be assigned to DHCP clients |
dns-list ip-address&<1-8> |
Required Not specified by default |
2.5.6 Configuring WINS Servers and NetBIOS Node Type for the Client
A Microsoft DHCP client using NetBIOS protocol contacts a Windows Internet Naming Service (WINS) server for name resolution. Therefore, the DHCP server should assign a WINS server address when assigning an IP address to the client.
You can specify up to eight WINS servers in a DHCP address pool.
You need to specify in a DHCP address pool a NetBIOS node type for the client to approach name resolution. There are four NetBIOS node types:
l b (broadcast)-node: The b-node client sends the destination name in a broadcast message. The destination returns its IP address to the client after receiving the message.
l p (peer-to-peer)-node: The p-node client sends the destination name in a unicast message to the WINS server, and the WINS server returns the destination IP address.
l m (mixed)-node: A combination of broadcast first and peer-to-peer second. The m-node client broadcasts the destination name, if no response, then unicasts the destination name to the WINS server to get the destination IP address.
l h (hybrid)-node: A combination of peer-to-peer first and broadcast second. The h-node client unicasts the destination name to the WINS server, if no response, then broadcasts it to get the destination IP address.
To configure WINS servers and NetBIOS node type for a DHCP address pool, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify WINS server IP addresses for the client |
nbns-list ip-address&<1-8> |
Required (optional for b-node) No address is specified by default |
|
Specify the NetBIOS node type |
netbios-type { b-node | h-node | m-node | p-node } |
Required Not specified by default |
& Note:
If b-node is specified for the client, you need to specify no WINS server address.
2.5.7 Configuring the BIMS Server Information for the Client
A DHCP client performs regular software update and backup using configuration files obtained from a Branch Intelligent Management System (BIMS) server. Therefore, the DHCP server needs to offer DHCP clients the BIMS server IP address, port number, shared key from the DHCP address pool.
To configure the BIMS server IP address, port number and shared key for a DHCP address pool, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify the BIMS server IP address, port number, and shared key |
bims-server ip ip-address [ port port-number ] sharekey key |
Required Not specified by default |
2.5.8 Configuring Gateways for the Client
DHCP clients wanting to access hosts outside the local subnet request gateways to forward data. You can specify gateways in each address pool for clients. Up to eight gateways can be specified in a DHCP address pool.
To configure gateways for a DHCP address pool, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify gateways |
gateway-list ip-address&<1-8> |
Required No gateway is specified by default. |
2.5.9 Configuring Option 184 Parameters for the Client with Voice Service
This task is to configure voice related parameters in the DHCP address pool for DHCP clients with voice services.
The voice related parameters are carried in option 184 of the DHCP message. Option 184 contains the following sub-options:
l Sub-option 1: The IP address of the primary network calling processor, which is a server.
l Sub-option 2: The IP address of the backup network calling processor that DHCP clients contact when the primary one is unreachable.
l Sub-option 3: The voice VLAN ID and the result whether DHCP clients take this ID as the voice VLAN or not.
l Sub-option 4: The failover IP address that DHCP clients contact when both the primary and backup calling processors are unreachable.
If option 55 in the message from a DHCP client contains option 184, the DHCP server will return parameters specified in option 184 to the client. The client then can initiate a call using parameters in Option 184.
To configure option 184 parameters for a DHCP address pool, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify the IP address of the primary network calling processor |
voice-config ncp-ip ip-address |
Required Not specified by default |
|
Specify the IP address of the backup network calling processor |
voice-config as-ip ip-address |
Optional Not specified by default |
|
Configure the voice VLAN |
voice-config voice-vlan vlan-id { disable | enable } |
Optional Not configured by default |
|
Specify the failover IP address |
voice-config fail-over ip-address dialer-string |
Optional No failover IP address is specified by default |
& Note:
Specify an IP address for the network calling processor before performing other configuration.
2.5.10 Configuring the TFTP Server and Bootfile Name for the Client
This task is to specify the IP address and name of a TFTP server and the bootfile name for a DHCP address pool. A switch acting as DHCP client uses these parameters to contact the TFTP server to get the configuration file used for system initialization when the device starts up with null configuration. This process is called autoconfiguration and is described below:
When a switch starts up with null configuration, the system sets a specific interface (VLAN interface 1) as the DHCP client to request from the DHCP server parameters such as the IP address and name of a TFTP server, and bootfile name.
After getting related parameters, the DHCP client will send a TFTP request to obtain the configuration file from the specified TFTP server for system initialization.
Note that if the client cannot get related parameters, it will use the empty configuration file for system initialization.
When option 55 in the requesting client message contains parameters of option 66, option 67, or option 150, the DHCP server will return the IP address and name of the specified TFTP server, and bootfile name to the client.
To configure the IP address and name of the TFTP server and the bootfile name for a DHCP address pool, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify the TFTP server |
tftp-server ip-address ip-address |
Optional Not specified by default |
|
Specify the name of the TFTP server |
tftp-server domain-name domain-name |
Optional Not specified by default |
|
Specify the bootfile name |
bootfile-name bootfile-name |
Optional Not specified by default |
2.5.11 Configuring Self-Defined DHCP Options
By configuring self-defined DHCP options, you can
l Define new DHCP options. New configuration options will come out with DHCP development. To support these new options, you can add them into the attribute list of the DHCP server.
l Expand existing DHCP options. When the current DHCP options cannot meet the customer’s requirements (for example, you cannot use the dns-list command to configure more than eight DNS server addresses), you can expand these options.
To configure a self-defined DHCP option for a DHCP address pool, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Configure a self-defined DHCP option |
option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } |
Required No DHCP option is configured by default |
Caution:
Be careful when configuring self-defined DHCP options because the configuration of these options may affect the DHCP operation process.
2.6 Configuring the DHCP Server Security Functions
This configuration is necessary to secure DHCP services on the DHCP server.
2.6.1 Configuration Prerequisites
Before performing this configuration, you have finished the configuration tasks of the DHCP server with DHCP address pool.
2.6.2 Enabling Pseudo DHCP Server Detection
There are invalid DHCP servers on networks, which reply DHCP clients with wrong IP addresses. These invalid DHCP servers are pseudo DHCP servers.
With this feature enabled, when receiving a DHCP message with the siaddr field not being 0 from a client, the DHCP server will record the value of the siaddr field in the message and the information on the interface receiving the message. The administrator can use this information to check out any DHCP pseudo servers.
To enable pseudo DHCP server detection, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable pseudo DHCP server detection |
dhcp server detect |
Required Disabled by default |
& Note:
With the pseudo DHCP server detection enabled, the device puts a record once for each DHCP server. The administrator needs to find pseudo DHCP servers from the records.
2.6.3 Configuring IP Address Conflict Detection
To avoid IP address conflict, the DHCP server checks whether the address to be assigned is in use via sending ping packets.
The DHCP server pings the IP address to be assigned using ICMP. If the server gets a response within the specified period, the server will ping another IP address; otherwise, the server will ping the IP addresses once again until the specified number of ping packets are sent. If still no response, the server will assign the IP address to the requesting client (The DHCP server uses ping operation while the DHCP client sends gratuitous ARP to detect IP address conflict).
To configure IP address conflict detection, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Specify the number of ping packets |
dhcp server ping packets number |
Optional One ping packet by default |
|
Configure the timeout value for ping packets |
dhcp server ping timeout milliseconds |
Optional 500 ms by default |
2.7 Enabling the DHCP Server to Support Option 82
When the DHCP server receives a message with Option 82 from a relay agent, if the server supports Option 82, it will assign an IP address to the requesting client, and if the server does not support Option 82, it will ignore the message.
I. Configuration prerequisites
Before performing this configuration, you have finished the configuration tasks of the DHCP server.
II. Enabling the DHCP server to support Option 82
To enable the DHCP server to support Option 82, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the server to support Option 82 |
dhcp server relay information enable |
Optional Enabled by default |
& Note:
To support Option 82, it is required to perform configuration on both the DHCP server and relay agent. Refer to section 3.3.6 “Configuring the DHCP Relay Agent to Support Option 82” for relay agent configuration of this kind.
2.8 Displaying and Maintaining the DHCP Server
|
To do… |
Use the command… |
Remarks |
|
Display information about IP address conflicts |
display dhcp server conflict { all | ip ip-address } |
Available in any view |
|
Display information about lease expiration |
display dhcp server expired { all | ip ip-address | pool [ pool-name ] } |
|
|
Display information about assignable IP addresses |
display dhcp server free-ip |
|
|
Display information about bindings |
display dhcp server ip-in-use { all | ip ip-address | pool [ pool-name ] } |
|
|
Display information about DHCP server statistics |
display dhcp server statistics |
|
|
Display information about the address pool tree organization |
display dhcp server tree { all | pool [ pool-name ] } |
|
|
Clear information about IP address conflicts |
reset dhcp server conflict { all | ip ip-address } |
Available in user view |
|
Clear information about dynamic bindings |
reset dhcp server ip-in-use { all | ip ip-address | pool [ pool-name ] } |
|
|
Clear information about DHCP server statistics |
reset dhcp server statistics |
& Note:
Using the save command does not save DHCP server lease information into the flash. Therefore, when the system boots up or the reset dhcp server ip-in-use command is executed, no lease information will be available in the configuration file. In this case, the server will deny the request for lease extension from a client and the client needs to request an IP address again.
2.9 DHCP Server Configuration Example
DHCP networking involves two types:
l The DHCP server and client are on the same subnet and exchange messages directly.
l The DHCP server and client are not on the same subnet and they communicate with each other via a DHCP relay agent.
The DHCP server configuration for the two types is the same.
I. Network requirements
l The DHCP server assigns IP address to clients in subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25. The IP addresses of VLAN interfaces 1 and 2 on the DHCP server (a switch) are 10.1.1.1/25 and 10.1.1.129/25 respectively.
l In the address pool 10.1.1.0/25, the address lease duration is ten days and twelve hours, domain name aabbcc.com, DNS server address 10.1.1.2, gateway 10.1.1.126, and WINS server 10.1.1.4.
l In the address pool 10.1.1.128/25, the address lease duration is five days, domain name aabbcc.com, DNS server address 10.1.1.2, and gateway address 10.1.1.254, and there is no WINS server address.
& Note:
When configuring a lower-level address pool following the inheritance attribute, make sure the connected clients are fewer than addresses assignable in the lower-level address pool. Otherwise, when no address is assignable, DHCP will select an IP address from a higher-level address pool along with other parameters such as the gateway address in accordance with the attribute of the higher-level pool.
In this example, the DHCP server allocates IP addresses along with other parameters to clients connected to Vlan-interface1 from the lower-level address pool 10.1.1.0/25 first, and when no address is assignable, allocates from the higher-level address pool 10.1.1.0/24. Therefore, the number of requesting clients connected to Vlan-interface1 should be less than 122, and that of clients connected to VLAN interface 2 less than 124.
II. Network diagram
III. Configuration procedure
Specify IP addresses for VLAN interfaces (omitted).
Configure the DHCP server
# Enable DHCP
<Sysname> system-view
[Sysname] dhcp enable
# Exclude IP addresses (addresses of the DNS server, WINS server and gateways).
[Sysname] dhcp server forbidden-ip 10.1.1.2
[Sysname] dhcp server forbidden-ip 10.1.1.4
[Sysname] dhcp server forbidden-ip 10.1.1.126
[Sysname] dhcp server forbidden-ip 10.1.1.254
# Configure DHCP address pool 0 (address range, client domain name, and DNS server address).
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
[Sysname-dhcp-pool-0] domain-name aabbcc.com
[Sysname-dhcp-pool-0] dns-list 10.1.1.2
[Sysname-dhcp-pool-0] quit
# Configure DHCP address pool 1 (address range, gateway, lease duration, and WINS server).
[Sysname] dhcp server ip-pool 1
[Sysname-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128
[Sysname-dhcp-pool-1] gateway-list 10.1.1.126
[Sysname-dhcp-pool-1] expired day 10 hour 12
[Sysname-dhcp-pool-2] nbns-list 10.1.1.4
[Sysname-dhcp-pool-1] quit
# Configure DHCP address pool 2 (address range, gateway, and lease duration).
[Sysname] dhcp server ip-pool 2
[Sysname-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128
[Sysname-dhcp-pool-2] expired day 5
[Sysname-dhcp-pool-2] gateway-list 10.1.1.254
2.10 Troubleshooting DHCP Server Configuration
I. Symptom
A client’s IP address obtained from the DHCP server conflicts with another IP address.
II. Analysis
A host on the subnet may have the same IP address.
III. Solution
1) Disconnect the client’s network cable and ping the client’s IP address on another host with a long timeout time to check whether there is a host using the same IP address.
2) If a ping response is received, the IP address has been manually configured on the host. Execute the dhcp server forbidden-ip command on the DHCP server to exclude the IP address from dynamic allocation.
3) Connect the client’s network cable. Release the IP address and obtain another one on the client. Take WINDOW XP as an example, run cmd to enter into DOS window. Type ipconfig/release to relinquish the IP address and then IPconfig/renew to obtain another IP address.
Chapter 3 DHCP Relay Agent Configuration
l Currently, the interface-related DHCP relay agent configurations can only be made on VLAN interfaces.
l DHCP Snooping must be disabled on the DHCP relay agent.
3.1 Introduction to DHCP Relay Agent
3.1.1 Application Environment
Since DHCP clients request IP addresses via broadcast messages, the DHCP sever and clients must be on the same subnet. Therefore, a DHCP server must be available on each subnet. It is not practical.
DHCP relay agent solves the problem. Via a relay agent, DHCP clients communicate with a DHCP server on another subnet to obtain configuration parameters. Thus, DHCP clients on different subnets can contact the same DHCP server for ease of centralized management and cost reduction.
3.1.2 Fundamentals
Figure 3-1 shows a typical application of the DHCP relay agent.
Figure 3-1 DHCP relay agent application
No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section 1.2.2 “Dynamic IP Address Allocation Procedure”). The following describes the forwarding process on the DHCP relay agent.
1) After receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client, the DHCP relay agent forwards the message to the designated DHCP server in unicast mode.
2) The DHCP server returns an IP address to the relay agent, which conveys it to the client via broadcast.
3.2 DHCP Relay Agent Configuration
Complete the following tasks to configure the DHCP relay agent:
|
Task |
Remarks |
|
Required |
|
|
Required |
|
|
Required |
|
|
Configuring the DHCP Relay Agent to Send a DHCP-Release Request |
Optional |
|
Optional |
|
|
Optional |
3.3 Configuring DHCP Relay Agent
3.3.1 Enabling DHCP
Enable DHCP before performing other DHCP-related configurations.
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable DHCP |
dhcp enable |
Required Disabled by default |
3.3.2 Enabling the DHCP Relay Agent on Interfaces
With DHCP relay agent enabled on an interface, upon receiving a DHCP request from the interface, the relay agent will forward the request to a DHCP server for address allocation.
To enable the DHCP relay agent on an interface, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
Interface interface-type interface-number |
— |
|
Enable the DHCP relay agent on the current interface |
dhcp select relay |
Required With DHCP enabled, interfaces work in the DHCP server mode. |
& Note:
For a DHCP client to obtain an IP address through the DHCP relay agent, the address pool of the subnet which the IP address of the DHCP relay agent belongs to must be configured on the DHCP server. Otherwise, the DHCP client cannot obtain a correct IP address.
3.3.3 Correlating a DHCP Server Group with Relay Agent Interfaces
To improve reliability, you can specify several DHCP servers as a group on the DHCP relay agent and correlate a relay agent interface with the server group. When the interface receives requesting messages from clients, the relay agent will forward them to all the DHCP servers of the group.
To correlate a DHCP server group with relay agent interfaces, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Specify a DHCP server group number and servers in the group |
dhcp relay server-group group-id ip ip-address |
Required Not specified by default |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Correlate the DHCP server group with the current interface |
dhcp relay server-select group-id |
Required By default, no interface is correlated with any DHCP server group. |
& Note:
l You can specify at most twenty DHCP server groups on the relay agent and at most eight DHCP server addresses for each DHCP server group.
l The IP addresses of servers in the DHCP server group cannot be on the same subnets as those of relay agent’s interfaces connected to clients. Otherwise, the clients cannot obtain IP addresses.
l A DHCP server group can correlate with one or multiple DHCP relay agent interfaces, while a relay agent interface can only correlate with one DHCP server group. Using the dhcp relay server-select command repeatedly overwrites the previous configuration. However, if the specified DHCP server group does not exist, the interface still uses the previous correlation.
l The group-id in the dhcp relay server-select command was specified by the dhcp relay server-group command.
3.3.4 Configuring the DHCP Relay Agent to Send a DHCP-Release Request
Sometimes, you need to release a client’s IP address manually on the DHCP relay agent. With this task completed, the DHCP relay agent can actively send a DHCP-RELEASE request that contains the client’s IP address to be released. Upon receiving the DHCP-RELEASE request, the DHCP server then releases the IP address for the client.
I. In system view
With this feature enabled in system view, if no DHCP server IP address is specified, the DHCP-RELEASE request will be sent to all DHCP servers in the DHCP server groups correlated with the DHCP relay agent interfaces; if a DHCP server IP address is specified, the DHCP-RELEASE request will be sent to only the specified DHCP server.
To configure the DHCP relay agent in system view to send a DHCP-RELEASE request, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the DHCP relay agent in system view to send a DHCP-RELEASE request |
dhcp relay release client-ip client-mac [server-ip ] |
Required |
II. In interface view
With this feature enabled in interface view, if no DHCP server IP address is specified, the DHCP-RELEASE request will be sent to all DHCP servers in the DHCP server group correlated with the interface; if a DHCP server IP address is specified, the DHCP-RELEASE request will be sent to only the specified DHCP server.
To configure the DHCP relay agent in interface view to send a DHCP-RELEASE request, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Configure the DHCP relay agent to send a DHCP-RELEASE request |
dhcp relay release client-ip client-mac [server-ip ] |
Required |
3.3.5 Configuring the DHCP Relay Agent Security Functions
I. Creating static bindings and enabling invalid IP address check
The DHCP relay agent can dynamically record clients’ IP-to-MAC bindings to generate a dynamic binding after clients got IP addresses. You can also create static bindings on the DHCP relay agent.
For avoidance of invalid IP address configuration, you can configure the DHCP relay agent to check whether a requesting client’s IP and MAC addresses match a binding on it (both dynamic and static bindings). If not, the client cannot access outside networks via the DHCP relay agent.
To create a static binding and enable invalid IP address check, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create a static binding |
dhcp relay security static ip-address mac-address |
Optional No static binding is created by default |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable invalid IP address check |
dhcp relay address-check { enable | disable } |
Required Disabled by default |
& Note:
l The dhcp relay address-check command is independent of other commands of the DHCP relay agent. That is, the invalid address check takes effect when this command is executed, regardless of whether other commands are used.
l Before executing the dhcp relay address-check enable command on the DHCP relay interface connected to the DHCP server, you need to configure the static binding between the IP address and MAC address of the DHCP server. Otherwise, the DHCP client will fail to obtain an IP address.
II. Configuring dynamic binding update interval
Via the DHCP relay agent, a DHCP client sends a DHCP-RELEASE unicast message to the DHCP server to relinquish its IP address. In this case the DHCP relay agent simply conveys the message to the DHCP server, thus it does not remove the IP address from its bindings. To solve this, the DHCP relay agent can update dynamic bindings at a specified interval.
The DHCP relay agent use its own MAC address and the IP address to be assigned to a client to regularly send a DHCP-REQUEST message to the DHCP server. If the server returns a DHCP-ACK message, which means IP address to be assigned to the client is assignable now, the DHCP relay agent will update its bindings by aging out the binding entry of the client’s IP address. If the server returns a DHCP-NAK message, which means the IP address is still in use, the relay agent will not age it out.
To configure dynamic binding update interval, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure binding update interval |
dhcp relay security tracker { interval | auto } |
Optional auto by default (auto interval is calculated by the relay agent according to the number of bindings) |
III. Enabling pseudo DHCP servers detection
There are invalid DHCP servers on networks, which reply DHCP clients with wrong IP addresses. These invalid DHCP servers are pseudo DHCP servers.
With this feature enabled, upon receiving a DHCP message with the siaddr field (IP address of the server assigning IP addresses to clients) not being 0 from a client, the DHCP relay agent will record the value of the siaddr field and the information on the interface receiving the DHCP message. The administrator can use this information to check out any DHCP pseudo servers.
To enable pseudo DHCP server detection, use the following commands:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable pseudo DHCP server detection |
dhcp relay server-detect |
Required Disabled by default |
& Note:
With the pseudo DHCP server detection enabled, the device puts a record once for each DHCP server. The administrator needs to find pseudo DHCP servers from the records. After the recorded information of a DHCP server is cleared, a new record will be put for the DHCP server.
3.3.6 Configuring the DHCP Relay Agent to Support Option 82
I. Introduction to Option 82
Option 82 is the relay agent option in the Options field of the DHCP message. It involves 255 sub-options. At least one sub-option must be defined. Now the DHCP relay agent supports two sub-options: sub-option 1 and sub-option 2.
Option 82 has no unified definition. Its padding formats vary with venders. Currently the device supports two padding formats: normal and verbose.
The padding contents for sub-options in the normal padding format are:
sub-option 1: padded with the number of the port that received the client’s request and the VLAN ID of the port.
sub-option 2: padded with the MAC address of the interface that received the client’s request.
The padding contents for sub-options in the verbose padding format are:
sub-option 1: padded with specified access node identifier, type and number of the port that received the client’s request, and VLAN ID of the port.
sub-option 2: padded with the MAC address of the interface that received the client’s request.
II. Handling strategies for Option 82 on the relay agent
If the DHCP relay agent supports Option 82, it will handle a client’s requesting message according to the contents defined in Option 82, if any. The handling strategies are described in the table below.
If a reply returned by the DHCP server contains Option 82, the DHCP relay agent will remove the Option 82 before forwarding the reply to the client.
|
If a client’s requesting message has… |
Handling strategy |
Padding format |
The DHCP relay agent will… |
|
Option 82 |
Drop |
— |
Drop the message. |
|
Keep |
— |
Forward the message without changing Option 82. |
|
|
Replace |
Normal |
Forward the message after replacing the original Option 82 with the Option 82 padded in normal format. |
|
|
Verbose |
Forward the message after replacing the original Option 82 with the Option 82 padded in verbose format. |
||
|
no Option 82 |
— |
Normal |
Forward the message after adding the Option 82 padded in normal format. |
|
— |
Verbose |
Forward the message after adding the Option 82 padded in verbose format. |
III. Prerequisites
You need to complete the following tasks before configuring the DHCP relay agent to support Option 82
l Enabling DHCP
l Enabling the DHCP relay agent on the specified interface
l Configuring network parameters for the DHCP relay agent and ensuring that a route exists between the DHCP relay agent and the server
IV. Configuring the DHCP relay agent to support Option 82
Use the following commands for this configuration:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable the relay agent to support Option 82 |
dhcp relay information enable |
Required Disabled by default |
|
Configure the handling strategy for requesting messages containing Option 82 |
dhcp relay information strategy { drop | keep | replace } |
Optional replace by default |
|
Configure the padding format for Option 82 |
dhcp relay information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } |
Optional normal by default |
& Note:
l To support Option 82, it is required to perform related configuration on both the DHCP server and relay agent. Refer to 2.7 “Enabling the DHCP Server to Support Option 82” for DHCP server configuration of this kind.
l If the handling strategy of the DHCP relay agent is configured as replace, you need to configure a padding format for Option 82. If the handling strategy is keep or drop, you need not configure any padding format.
3.4 Displaying and Maintaining the DHCP Relay Agent Configuration
|
To do… |
Use the command… |
Remarks |
|
Display information about DHCP server groups correlated to a specified or all interfaces |
display dhcp relay { all | interface interface-type interface-number } |
Available in any view |
|
Display information about bindings of DHCP relay agents |
display dhcp relay security [ ip-address | dynamic | static ] |
Available in any view |
|
Display statistics information about bindings of DHCP relay agents |
display dhcp relay security statistics |
Available in any view |
|
Display information about the refreshing interval for entries of dynamic IP-to-MAC bindings |
display dhcp relay security tracker |
Available in any view |
|
Display information about the configuration of a specified or all DHCP server groups |
display dhcp relay server-group { group-id | all } |
Available in any view |
|
Display packet statistics on relay agent |
display dhcp relay statistics [ server-group { group-id | all } ] |
Available in user view |
|
Clear packet statistics from relay agent |
reset dhcp relay statistics [ server-group group-id ] |
Available in user view |
3.5 DHCP Relay Agent Configuration Example
I. Network requirements
Vlan-interface1 on the DHCP relay agent (a switch) connects to the network where DHCP clients reside. The IP address of Vlan-interface1 is 10.10.1.1/24 and IP address of Vlan-interface2 is 10.1.1.2/24 that communicates with the DHCP server 10.1.1.1/24. As shown in the figure below, the DHCP relay agent forwards messages between DHCP clients and the DHCP server.
II. Network diagram
Figure 3-2 Network diagram for DHCP relay agent
III. Configuration procedure
# Enable DHCP.
<Sysname> system-view
[Sysname] dhcp enable
# Enable the DHCP relay agent on VLAN-interface 1, which is connected with the network where the DHCP clients resides.
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] dhcp select relay
[Sysname-Vlan-interface1] quit
# Configure DHCP server group 1 with the DHCP server 10.1.1.1, and correlate the DHCP server group 1 with Vlan-interface1.
[Sysname] dhcp relay server-group 1 ip 10.1.1.1
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] dhcp relay server-select 1
& Note:
l Performing the configuration on the DHCP server is also required to guarantee the client-to-server communication via the relay agent. Since the DHCP server configuration varies with devices, it is not mentioned here.
l In this example, the DHCP relay agent and server are on the same subnet. If they are on different subnets, the routes in between must be reachable.
3.6 Troubleshooting DHCP Relay Agent Configuration
I. Symptom
DHCP clients cannot obtain any configuration parameters via the DHCP relay agent.
II. Analysis
Some problems may occur with the DHCP relay agent or server configuration. Enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information for locating the problem.
III. Solution
Check that:
l The DHCP is enabled on the DHCP server and relay agent.
l The address pool on the same subnet where DHCP clients reside is available on the DHCP server.
l The routes between the DHCP server and DHCP relay agent are reachable.
l The relay agent interface connected to DHCP clients is correlated with correct DHCP server group and IP addresses for the group members are correct.
Chapter 4 DHCP Snooping Configuration
l DHCP Snooping does not support link aggregation. If an Ethernet port is added into an aggregation group, the DHCP Snooping configuration on the port will not take effect. After the port is removed from the group, the DHCP Snooping configuration on it will take effect.
l The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
l The DHCP Snooping enabled device cannot be a DHCP server, DHCP relay agent.
l You are not recommended to enable DHCP/BOOTP client and DHCP Snooping on the same device. Otherwise, DHCP Snooping entries may fail to be generated, and the DHCP/BOOTP client may fail to obtain an IP address.
4.1 DHCP Snooping Overview
4.1.1 Function of DHCP Snooping
DHCP snooping is a DHCP security feature for preventing DHCP clients from receiving IP addresses provided by untrusted DHCP servers. It allows a device to:
l Drop DHCP responses received on untrusted ports, preventing DHCP clients from receiving IP addresses provided by untrusted DHCP servers.
l Listen to DHCP-REQUEST and DHCP-ACK messages, record and maintain binding information about MAC addresses of DHCP clients and the obtained IP addresses, so that network administrators can easily see which IP addresses are assigned to the DHCP clients.
4.1.2 How Does DHCP Snooping Work
On a network, DHCP servers fall into two categories: valid and invalid. With DHCP snooping, the ports of a device can be differentiated by whether they are trusted or untrusted:
l Trusted: A trusted port is connected to a valid DHCP server directly or indirectly. It forwards DHCP messages normally, guaranteeing that DHCP clients can obtain valid IP addresses.
l Untrusted: An untrusted port is connected to an invalid DHCP server. The DHCP-ACK or DHCP-OFFER packets received from the port are discarded, preventing DHCP clients from receiving invalid IP addresses.
4.2 Configuring DHCP Snooping
Follow these steps to configure DHCP snooping:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable DHCP snooping |
dhcp-snooping |
Required Disabled by default |
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
Specify the port as trusted |
dhcp-snooping trust |
Required Untrusted by default. |
& Note:
To ensure that a DHCP client can obtain valid IP addresses, you must specify the port connected to a valid DHCP server as trusted, and make sure the trusted port and the port connected to the DHCP client is in the same VLAN.
4.3 Displaying DHCP Snooping
|
To do… |
Use the command… |
Remarks |
|
Display DHCP snooping address binding information |
display dhcp-snooping |
Available in any view |
|
Display information about trusted ports |
display dhcp-snooping trust |
4.4 DHCP Snooping Configuration Example
I. Network requirements
l A device is connected to a DHCP server through Ethernet1/0/1, and to two DHCP clients through Ethernet1/0/2 and Ethernet1/0/3.
l Ethernet1/1 forwards DHCP server responses while the other two do not.
II. Network diagram
Figure 4-1 Network diagram for DHCP snooping configuration
III. Configuration procedure
# Enable DHCP snooping.
<Sysname> system-view
[Sysname] dhcp-snooping
# Specify Ethernet1/0/1 as trusted.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1]dhcp-snooping trust
Chapter 5 DHCP Client Configuration
l The DHCP client configuration is supported only on VLAN interfaces.
l You are not recommended to enable both the DHCP client and the DHCP Snooping on the same device. Otherwise, DHCP Snooping entries may fail to be generated, or the DHCP client may fail to obtain an IP address.
5.1 Introduction to DHCP Client
With the DHCP client enabled on an interface, the interface will use DHCP to obtain configuration parameters such as an IP address from the DHCP server.
5.2 Enabling the DHCP Client on an Interface
Follow these steps to enable the DHCP client on an interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable the DHCP client on the interface |
ip address dhcp-alloc [ client-identifier mac interface-type interface-number ] |
Required Disabled by default |
& Note:
l An interface can be configured to acquire an IP address in multiple ways, but these ways are exclusive. The latest configuration will overwrite the previous configuration.
l After the DHCP client is enabled on an interface, no secondary IP address can be configured for the interface.
5.3 Displaying the DHCP Client
|
To do… |
Use the command… |
Remarks |
|
Display specified configuration information |
display dhcp client [ verbose ] [ interface interface-type interface-number ] |
Available in any view |
5.4 DHCP Client Configuration Example
I. Network requirements
On a LAN, the DHCP client (a switch) contacts the DHCP server via Vlan-interface1 to obtain an IP address.
II. Network diagram
See Figure 2-1.
III. Configuration procedure
The following is the configuration on the client switch shown in Figure 2-1.
# Enable the DHCP client on Vlan-interface1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ip address dhcp-alloc
& Note:
To implement the DHCP client-server model, you need to perform related configuration on the DHCP server. For details, refer to section 2.9 “DHCP Server Configuration Example”.
Chapter 6 BOOTP Client Configuration
& Note:
l BOOTP client configuration only applies to VLAN interfaces.
l You are not recommended to enable both the DHCP client and the DHCP Snooping on the same device. Otherwise, DHCP Snooping entries may fail to be generated, or the BOOTP client may fail to obtain an IP address.
6.1 Introduction to BOOTP Client
6.1.1 BOOTP Application
After you specify an interface of the device as a BOOTP client, the interface can use BOOTP to get information (such as IP address) from the BOOTP server, which simplifies your configuration.
Before using BOOTP, an administrator needs to configure a BOOTP parameter file for each BOOTP client on the BOOTP server. The parameter file contains information such as MAC address and IP address of a BOOTP client. When a BOOTP client originates a request to the BOOTP server, the BOOTP server will search for the BOOTP parameter file and return the corresponding configuration information.
Because you need to configure a parameter file for each client on the BOOTP server, BOOTP usually runs under a relatively stable environment. If the network changes frequently, dynamic host configuration protocol (DHCP) can be applied. For an introduction to DHCP, refer to Chapter 1 “DHCP Overview”
& Note:
Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an IP address for the BOOTP client, without any BOOTP server.
6.1.2 Obtaining an IP Address Dynamically
A BOOTP client dynamically obtains an IP address from a BOOTP server in the following way:
1) The BOOTP client broadcasts a BOOTP request, which contains its own MAC address.
2) The BOOTP server receives the request and searches the configuration file for the corresponding IP address according to the MAC address of the BOOTP client. The BOOTP server then returns a BOOTP response to the BOOTP client.
3) The BOOTP client obtains the IP address from the received the response.
6.1.3 Protocols and Standards
Some protocols and standards related to BOOTP include:
l RFC 951: Bootstrap Protocol (BOOTP)
l RFC 2132: DHCP Options and BOOTP Vendor Extensions
l RFC 1542: Clarifications and Extensions for the Bootstrap Protocol
6.2 Configuring an Interface to Dynamically Obtain an IP Address through BOOTP
Follow these steps to configure an interface to dynamically obtain an IP address:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Configure an interface to dynamically obtain IP address through BOOTP |
ip address bootp-alloc |
Required By default, an interface does not use BOOTP to obtain an IP address. |
6.3 Displaying BOOTP Client Configuration
|
To do… |
Use the command… |
Remarks |
|
Display related information on a BOOTP client |
display bootp client [ interface interface-type interface-number ] |
Available in any view |
6.4 BOOTP Client Configuration Example
I. Network requirement
A switch port belonging to VLAN1) is connected to the LAN. VLAN-interface1 obtains an IP address from the DHCP server by using BOOTP.
II. Network diagram
See Figure 2-1.
III. Configuration procedure
The following describes only the configuration on the switch serving as a client.
# Configure VLAN-interface1 to dynamically obtain an IP address from the DHCP server.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ip address bootp-alloc
& Note:
To make the BOOTP client to obtain an IP address from the DHCP server, you need to perform additional configurations on the DHCP server. For details, refer to section 2.9 “DHCP Server Configuration Example”.
