- Table of Contents
-
- H3C Low-End Ethernet Switches Configuration Guide(V1.01)
- 01-Login Configuration Guide
- 02-VLAN Configuration Guide
- 03-IP Address Configuration Guide
- 04-Voice VLAN Configuration Guide
- 05-GVRP Configuration Guide
- 06-Ethernet Interface Basic Configuration Guide
- 07-Link Aggregation Configuration Guide
- 08-Port Isolation Configuration Guide
- 09-Port Security Configuration Guide
- 10-Port Binding Configuration Guide
- 11-MAC Address Table Management Configuration Guide
- 12-DLDP Configuration Guide
- 13-Auto Detect Configuration Guide
- 14-MSTP Configuration Guide
- 15-Routing Configuration Guide
- 16-Multicast Configuration Guide
- 17-802.1x Configuration Guide
- 18-AAA Configuration Guide
- 19-MAC Authentication Configuration Guide
- 20-VRRP Configuration Guide
- 21-ARP Configuration Guide
- 22-DHCP Configuration Guide
- 23-ACL Configuration Guide
- 24-QoS-QoS Profile Configuration Guide
- 25-Web Cache Redirection Configuration Guide
- 26-Mirroring Configuration Guide
- 27-IRF Configuration Guide
- 28-Cluster Configuration Guide
- 29-PoE-PoE Profile Configuration Guide
- 30-UDP Helper Configuration Guide
- 31-SNMP-RMON Configuration Guide
- 32-NTP Configuration Guide
- 33-SSH Configuration Guide
- 34-FTP and TFTP Configuration Guide
- 35-Information Center Configuration Guide
- 36-VLAN-VPN Configuration Guide
- 37-HWPing Configuration Guide
- 38-DNS Configuration Guide
- 39-Access Management Configuration Guide
- 40-Web Authentication Configuration Guide
- 41-IPv6 Management Configuration Guide
- 42-Smart link - Monitor Link Configuration Guide
- 43-VLAN Mapping Configuration Guide
- Related Documents
-
Title | Size | Download |
---|---|---|
22-DHCP Configuration Guide | 207.34 KB |
DHCP Server Global Address Pool Configuration Guide
Networking and Configuration Requirements
DHCP Server Interface Address Pool Configuration Guide
Networking and Configuration Requirements
DHCP Relay Agent Configuration Guide·
Networking and Configuration Requirements
DHCP Snooping Configuration Guide·
Networking and Configuration Requirements
DHCP Snooping Option 82 Configuration Guide
Networking and Configuration Requirements
DHCP Accounting Configuration Guide·
Networking and Configuration Requirements
DHCP Client Configuration Guide·
Networking and Configuration Requirements
DHCP Server Global Address Pool Configuration Guide
In general, there are two typical DHCP network topologies. One is to deploy the DHCP server and DHCP clients in the same network segment. This enables the clients to communicate with the server directly. The other is to deploy the DHCP server and DHCP clients in different network segments. In this case, IP address assignment is carried out through a DHCP relay agent. Note that the DHCP server configuration is the same in both scenarios.
Network Diagram
Figure 1-1 Network diagram for DHCP server global address pool configuration
Networking and Configuration Requirements
l The DHCP server (Switch A) assigns IP addresses to clients in subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25.
l The IP addresses of VLAN-interface 1 and VLAN-interface 2 on Switch A are 10.1.1.1/25 and 10.1.1.129/25 respectively.
l In the address pool 10.1.1.0/25, the address lease duration is ten days and twelve hours, the domain name suffix is aabbcc.com, the DNS server address is 10.1.1.2, the WINS server address is 10.1.1.4, and the gateway address is 10.1.1.126.
l In the address pool 10.1.1.128/25, the address lease duration is five days, the domain name suffix is aabbcc.com, the DNS server address is 10.1.1.2, and the gateway address is 10.1.1.254; there is no WINS server address.
l Enable unauthorized DHCP server detection on Switch A so that the administrator can check out any unauthorized DHCP servers from the system log information.
Applicable Product Matrix
Product series |
Software version |
Hardware version |
S3600-EI series Ethernet switches |
Release 1510, Release 1602 |
S3600-EI |
S5600 series Ethernet switches |
Release 1510, Release 1602 |
All versions |
Configuration Procedure
# Enable DHCP.
<SwitchA> system-view
[SwitchA] dhcp enable
# Exclude the IP addresses of the DNS server, WINS server, and gateways from dynamic assignment.
[SwitchA] dhcp server forbidden-ip 10.1.1.2
[SwitchA] dhcp server forbidden-ip 10.1.1.4
[SwitchA] dhcp server forbidden-ip 10.1.1.126
[SwitchA] dhcp server forbidden-ip 10.1.1.254
# Enable unauthorized DHCP server detection.
[SwitchA] dhcp server detect
# Configure the address range, domain name suffix and DNS server address in DHCP address pool 0.
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
[SwitchA-dhcp-pool-0] domain-name aabbcc.com
[SwitchA-dhcp-pool-0] dns-list 10.1.1.2
[SwitchA-dhcp-pool-0] quit
# Configure the address range, gateway address, and lease duration in DHCP address pool 1.
[SwitchA] dhcp server ip-pool 1
[SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128
[SwitchA-dhcp-pool-1] gateway-list 10.1.1.126
[SwitchA-dhcp-pool-1] expired day 10 hour 12
[SwitchA-dhcp-pool-1] quit
# Configure the address range, lease duration, DNS server address and gateway address in DHCP address pool 2.
[SwitchA] dhcp server ip-pool 2
[SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128
[SwitchA-dhcp-pool-2] expired day 5
[SwitchA-dhcp-pool-2] nbns-list 10.1.1.4
[SwitchA-dhcp-pool-2] gateway-list 10.1.1.254
[SwitchA-dhcp-pool-2] quit
With the unauthorized DHCP server detection enabled, Switch A will log information about all DHCP servers, including authorized ones. The administrator needs to find unauthorized DHCP servers from the system log information. If Switch A detects an unauthorized DHCP server, the following log information is recorded.
<SwitchA>
%Apr 10 21:34:55:782 2000 SwitchA DHCPS/4/DHCPS_LOCAL_SERVER:- 1 -
Local DHCP server information(detect by server):SERVER IP = 10.1.1.5; Sourceclient information: interface = Vlan-interface2, type = DHCP_REQUEST, CHardAddr= 00e0-fc55-0011
Complete Configuration
dhcp server ip-pool 0
network 10.1.1.0 mask 255.255.255.0
dns-list 10.1.1.2
domain-name aabbcc.com
#
dhcp server ip-pool 1
network 10.1.1.0 mask 255.255.255.128
gateway-list 10.1.1.126
expired day 10 hour 12
#
dhcp server ip-pool 2
network 10.1.1.128 mask 255.255.255.128
gateway-list 10.1.1.254
nbns-list 10.1.1.4
expired day 5
#
dhcp server forbidden-ip 10.1.1.2
dhcp server forbidden-ip 10.1.1.4
dhcp server forbidden-ip 10.1.1.126
dhcp server forbidden-ip 10.1.1.254
dhcp server detect
#
Precautions
If you use the inheritance relation between the parent and child address pools in this configuration, make sure that the number of IP addresses to be assigned from a child address pool does not exceed the number of its total available addresses; otherwise, extra IP addresses will be obtained from the parent address pool, and the attributes (for example, gateway) of the parent address pool are also obtained by the clients.
In this example, the number of clients requesting IP addresses from VLAN-interface 1 is recommended to be less than or equal to 122 and the number of clients requesting IP addresses from VLAN-interface 2 is recommended to be less than or equal to 124.
DHCP Server Interface Address Pool Configuration Guide
Network Diagram
Figure 1-2 Network diagram for DHCP server interface address pool configuration
Networking and Configuration Requirements
l Configure the IP address of VLAN-interface 1 on the DHCP server (Switch A) as 192.168.0.1/24.
l The DHCP clients belong to VLAN 1 and dynamically obtain IP addresses through DHCP.
l The DHCP server assigns a fixed IP address of 192.168.0.10/24 from the interface address pool to the file server with MAC address 000D-88F7-0001, and assigns IP addresses on the network segment 192.168.0.0/24 to other clients with the lease duration of 10 days. The IP address of the DNS server is 192.168.0.20/24, and that of the WINS server is 192.168.0.30/24.
Applicable Product Matrix
Product series |
Software version |
Hardware version |
S3600-EI series Ethernet switches |
Release 1510, Release 1602 |
S3600-EI |
S5600 series Ethernet switches |
Release 1510, Release 1602 |
All versions |
Configuration Procedure
<SwitchA> system-view
[SwitchA] dhcp enable
# Exclude the IP addresses of the DNS server, WINS server, and file server from dynamic assignment.
[SwitchA] dhcp server forbidden-ip 192.168.0.10
[SwitchA] dhcp server forbidden-ip 192.168.0.20
[SwitchA] dhcp server forbidden-ip 192.168.0.30
# Configure the IP address of VLAN-interface 1 as 192.168.0.1/24.
[SwitchA] interface Vlan-interface 1
[SwitchA-Vlan-interface1] ip address 192.168.0.1 24
# Configure VLAN-interface 1 to operate in DHCP interface address pool mode.
[SwitchA-Vlan-interface1] dhcp select interface
# Configure a static IP-to-MAC binding in the DHCP interface address pool.
[SwitchA-Vlan-interface1] dhcp server static-bind ip-address 192.168.0.10 mac-address 000D-88F7-0001
# Specify the lease duration, DNS server address, and WINS server address in the DHCP interface address pool.
[SwitchA-Vlan-interface1] dhcp server expired day 10
[SwitchA-Vlan-interface1] dhcp server dns-list 192.168.0.20
[SwitchA-Vlan-interface1] dhcp server nbns-list 192.168.0.30
[SwitchA-Vlan-interface1] quit
Complete Configuration
#
interface Vlan-interface1
ip address 192.168.0.1 255.255.255.0
dhcp select interface
dhcp server static-bind ip-address 192.168.1.10 mac-address 000d-88f7-0001
dhcp server dns-list 192.168.0.20
dhcp server nbns-list 192.168.0.30
dhcp server expired day 10
#
dhcp server forbidden-ip 192.168.0.10
dhcp server forbidden-ip 192.168.0.20
dhcp server forbidden-ip 192.168.0.30
#
Precautions
After all the addresses in the interface address pool have been assigned, the DHCP server looks up IP addresses from the global address pool containing the network segment of the interface address pool for the DHCP clients. As a result, the IP addresses obtained from the global address pool and those obtained from the interface address pool are not on the same network segment, so the clients cannot communicate with each other.
In this example, the number of clients requesting IP addresses from VLAN-interface 1 is recommended to be less than or equal to 250.
DHCP Relay Agent Configuration Guide
Since some DHCP packets are broadcast, DHCP is only applicable to the situation where DHCP clients and the DHCP server are in the same network segment, that is, you need to deploy at least one DHCP server for each network segment, which is not economical.
DHCP relay agent is designed to address this problem. It enables DHCP clients in a subnet to communicate with the DHCP server in another subnet to obtain IP addresses. In this way, the DHCP clients in multiple networks can use the same DHCP server, which is cost-effective and allows for centralized management.
Network Diagram
Figure 1-3 Network diagram for DHCP relay agent configuration
Networking and Configuration Requirements
l VLAN-interface 1 on the DHCP relay agent (Switch A) connects to the network where DHCP clients reside. The IP address of VLAN-interface 1 is 10.10.1.1/24 and the IP address of VLAN-interface 2 is 10.1.1.2/24.
l The clients (except Host A, which uses a fixed IP address of 10.10.10.5/24) dynamically obtain IP addresses from the DHCP server at 10.1.1.1/24.
l Switch A forwards messages between DHCP clients and the DHCP server to assign IP addresses in subnet 10.10.1.0/24 and related configuration information to the clients.
l Enable the address check function on VLAN 1 of Switch A to allow only the clients with valid fixed IP addresses or with IP addresses obtained from the DHCP server to access external networks.
Applicable Product Matrix
Product series |
Software version |
Hardware version |
S3600-SI/EI series Ethernet switches |
Release 1510, Release 1602 |
All versions |
S5600 series Ethernet switches |
Release 1510, Release 1602 |
All versions |
Configuration Procedure
# Create DHCP server group 1 and specify DHCP server 10.1.1.1 for it.
<SwitchA> system-view
[SwitchA] dhcp-server 1 ip 10.1.1.1
# Configure the IP address of VLAN-interface 1 as 10.10.1.1/24.
[SwitchA] interface Vlan-interface 1
[SwitchA-Vlan-interface1] ip address 10.10.1.1 24
# Map VLAN-interface 1 to DHCP server group 1.
[SwitchA-Vlan-interface1] dhcp-server 1
[SwitchA-Vlan-interface1] quit
# Bind the IP address 10.10.10.5/24 to the MAC address 0001-0010-0001 of Host A on the DHCP relay agent..
[SwitchA] dhcp-security static 10.10.10.5 0001-0010-0001
# Enable the address check function on the DHCP relay agent.
[SwitchA] interface Vlan-interface 1
[SwitchA-Vlan-interface1] address-check enable
Currently, an S3600-SI series Ethernet switch operating as a DHCP relay agent does not support the address check function.
Complete Configuration
dhcp-server 1 ip 10.1.1.1
#
dhcp-security static 10.10.10.5 0001-0010-0001
#
interface Vlan-interface1
ip address 10.10.1.1 255.255.255.0
dhcp-server 1
address-check enable
#
Precautions
l The DHCP relay agent and server are reachable to each other.
l You need to perform corresponding configurations on the DHCP server to enable the DHCP clients to obtain IP addresses from the DHCP server. For DHCP server configuration information, refer to the DHCP Server Global Address Pool Configuration Guide and DHCP Server Interface Address Pool Configuration Guide.
DHCP Snooping Configuration Guide
For security, a network administrator needs to use the mappings between DHCP clients’ IP addresses obtained from the DHCP server and their MAC addresses. DHCP snooping is used to record such mappings from:
l DHCP-ACK packets
l DHCP-REQUEST packets
If there is an unauthorized DHCP server on a network, the DHCP clients may obtain invalid IP addresses. With DHCP snooping, the ports of a device can be configured as trusted or untrusted to ensure the clients to obtain IP addresses from authorized DHCP servers.
l Trusted: A trusted port is connected to an authorized DHCP server directly or indirectly. It forwards DHCP messages normally to guarantee that DHCP clients can obtain valid IP addresses.
l Untrusted: An untrusted port is connected to an unauthorized DHCP server. The DHCP-ACK or DHCP-OFFER packets received on the port are discarded to prevent DHCP clients from receiving invalid IP addresses.
Network Diagram
Figure 1-4 Network diagram for DHCP snooping configuration
Networking and Configuration Requirements
As shown in Figure 1-4, Ethernet 1/0/5 of Switch is connected to the DHCP server, and Ethernet 1/0/1, Ethernet 1/0/2, and Ethernet 1/0/3 are respectively connected to Client A, Client B, and Client C.
l Enable DHCP snooping on Switch.
l Specify Ethernet 1/0/5 on Switch as a DHCP snooping trusted port.
Applicable Product Matrix
Product series |
Software version |
Hardware version |
S5600 series Ethernet switches |
Release 1510, Release 1602 |
All versions |
S5100-SI/EI series Ethernet switches |
Release 2200, Release 2201 |
All versions |
S3600-SI/EI series Ethernet switches |
Release 1510, Release 1602 |
All versions |
S3100-EI series Ethernet switches |
Release 2104, Release 2107 |
All versions |
S3100-52P |
Release 1500, Release 1602 |
S3100-52P |
Configuration Procedure
# Enable DHCP snooping on the switch.
<Switch> system-view
[Switch] dhcp-snooping
# Specify Ethernet 1/0/5 as a trusted port.
[Switch] interface Ethernet1/0/5
[Switch-Ethernet1/0/5] dhcp-snooping trust
[Switch-Ethernet1/0/5] quit
Complete Configuration
interface Ethernet1/0/5
dhcp-snooping trust
#
dhcp-snooping
#
Precautions
l You need to specify the port connected to the authorized DHCP server as a trusted port to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the ports connected to the DHCP clients must be in the same VLAN.
l To enable DHCP snooping on an S3600 switch that belongs to an IRF fabric, you need to set the fabric ports on all devices in the fabric to DHCP snooping trusted ports to ensure that the clients connected to each device can obtain IP addresses.
l You are not recommended to configure both the DHCP client/BOOTP client and DHCP snooping on the same device; otherwise, the switch may fail to record DHCP snooping entries.
DHCP Snooping Option 82 Configuration Guide
A DHCP snooping device adds Option 82, which contains the location information of the DHCP client, to the DHCP request message and sends the message to the DHCP server. The server uses Option 82 to assign a proper IP address and other parameters to the client to implement security control and accounting.
Network Diagram
Figure 1-5 Network diagram for DHCP snooping Option 82
Networking and Configuration Requirements
The work area of an enterprise is divided into three groups, group 1, group 2, and group 3, which are located in three rooms. A DHCP server is deployed to assign IP addresses of different segments to the three groups.
It is required that:
l The DHCP server assigns IP addresses on network segment 192.168.10.0/24 to devices in the work area. The lease time is 12 hours, and the IP addresses of the DNS server and the WINS server are 192.168.100.2 and 192.168.100.3 respectively.
l Enable DHCP snooping on Switch A and specify Ethernet 1/0/4 as a DHCP snooping trusted port.
l Group 1, group 2 and group 3 are connected to the DHCP snooping device through Ethernet 1/0/1, Ethernet 1/0/2 and Ethernet 1/0/3 respectively to communicate with the DHCP server.
l Enable Option 82 support on the DHCP snooping device, and put the user group information into Option 82 of DHCP messages.
l The DHCP server assigns IP addresses ranging from 192.168.10.2 to 192.168.10.25 to clients in group 1, assigns IP addresses ranging from 192.168.10.100 to 192.168.10.150 to clients in group 2, and assigns IP addresses ranging from 192.168.10.151 to 192.168.10.200 to clients in group 3.
Applicable Product Matrix
Product series |
Software version |
Hardware version |
S5600 series Ethernet switches |
Release 1602 |
All versions |
S5100-SI/EI series Ethernet switches |
Release 2200, Release 2201 |
All versions |
S3600-SI/EI series Ethernet switches |
Release 1602 |
All versions |
S3100-EI series Ethernet switches |
Release 2104, Release 2107 |
All versions |
S3100-52P |
Release 1602 |
S3100-52P |
Configuration Procedure
Configuring Switch A
# Enable DHCP snooping.
<SwitchA> system-view
[SwitchA] dhcp-snooping
# Configure Ethernet 1/0/4 as a DHCP snooping trusted port.
[SwitchA] interface ethernet1/0/4
[SwitchA-Ethernet1/0/4] dhcp-snooping trust
[SwitchA-Ethernet1/0/4] quit
# Enable Switch A to support Option 82.
[SwitchA] dhcp-snooping information enable
# Pad the Option 82 remote-id ID sub-option with group 1 on Ethernet 1/0/1.
[SwitchA] interface ethernet1/0/1
[SwitchA-Ethernet1/0/1] dhcp-snooping information remote-id string group1
[SwitchA-Ethernet1/0/1] quit
# Pad the Option 82 remote-id ID sub-option with group 2 on Ethernet 1/0/2.
[SwitchA] interface ethernet1/0/2
[SwitchA-Ethernet1/0/2] dhcp-snooping information remote-id string group2
[SwitchA-GigabitEthernet1/0/2] quit
# Pad the Option 82 remote-id ID sub-option with group 3 on Ethernet 1/0/3
[SwitchA] interface ethernet1/0/3
[SwitchA-Ethernet1/0/3] dhcp-snooping information remote-id string group3
[SwitchA-Ethernet1/0/3] quit
Configuration on the DHCP Server
The DHCP server is configured on a Cisco Catalyst 3745 switch with software version IOS 12.3(11)T2. To configure a device of another type or version as the DHCP server, refer to the related user manual.
# Configure the server interface IP address as 192.168.10.1/24.
Server(config)# interface fastethernet 0/0
Server(config-if)# ip address 192.168.10.1 255.255.255.0
# Enable DHCP server, and configure the DHCP server to assign IP addresses based on Option 82.
Server(config)# ip dhcp use class
# Create a DHCP class for clients in group 1, and specify the corresponding remote ID sub-option for matching. For the content not to be matched, enter the wildcard ”*”.
Server(config)# ip dhcp class group1
Server(dhcp-class)# relay agent information
Server(dhcp-class-relayinfo)# relay-information hex 0208000600010001*
Server(dhcp-class-relayinfo)# exit
# Create a DHCP class for clients in group 2, and specify the corresponding remote ID sub-option for matching.
Server(config)# ip dhcp class group2
Server(dhcp-class)# relay agent information
Server(dhcp-class-relayinfo)# relay-information hex 0208000600010002*
Server(dhcp-class-relayinfo)# exit
# Create a DHCP class for clients in group 3 and specify the corresponding remote ID sub-option for matching.
Server(config)# ip dhcp class group3
Server(dhcp-class)# relay agent information
Server(dhcp-class-relayinfo)# relay-information hex 0208000600010003*
Server(dhcp-class-relayinfo)# exit
# Create a DHCP address pool named office, and specify the lease time, gateway address, DNS server address, and WINS server address for clients.
Server(config)# ip dhcp pool office
Server(dhcp-config)# network 192.168.10.0
Server(dhcp-config)# lease 0 12
Server(dhcp-config)# default-router 192.168.10.1
Server(dhcp-config)# dns-server 192.168.100.2
Server(dhcp-config)# netbios-name-server 192.168.100.3
# Specify address ranges for the three DHCP classes respectively.
Server(dhcp-config)# class group1
Server(dhcp-pool-class)# address range 192.168.10.2 192.168.10.25
Server(dhcp-pool-class)# class group2
Server(dhcp-pool-class)# address range 192.168.10.100 192.168.10.150
Server(dhcp-pool-class)# class group3
Server(dhcp-pool-class)# address range 192.168.10.151 192.168.10.200
Complete Configuration
#
dhcp-snooping information enable
dhcp-snooping information strategy replace
#
interface Ethernet1/0/1
dhcp-snooping information remote-id string group1
#
interface Ethernet1/0/2
dhcp-snooping information remote-id string group2
#
interface Ethernet1/0/3
dhcp-snooping information remote-id string group3
#
interface Ethernet1/0/4
dhcp-snooping trust
#
dhcp-snooping
#
Precautions
l Option 82 is effective only when the DHCP snooping function is enabled.
l Enable Option 82 support on the DHCP snooping device that is closest to the DHCP clients to locate the clients accurately (recommended).
DHCP Accounting Configuration Guide
DHCP accounting allows a DHCP server to notify the RADIUS server of the start/end of accounting when it assigns/releases a lease. The cooperation of the DHCP server and RADIUS server implements the network accounting function and ensures network security at the same time.
Network Diagram
Figure 1-6 Network diagram for DHCP accounting configuration
Networking and Configuration Requirements
l The DHCP server connects to a DHCP client and a RADIUS server through Ethernet 1/0/1 and Ethernet 1/0/2 respectively.
l Ethernet 1/0/1 belongs to VLAN 2; Ethernet 1/0/2 belongs to VLAN 3.
l The IP address of VLAN-interface 2 is 10.1.1.1/24, that of VLAN-interface 3 is 10.1.2.1/24, and that of the RADIUS server is 10.1.2.2/24.
l DHCP accounting is enabled on the DHCP server.
l The global DHCP address pool belongs to the network segment 10.1.1.0. The DHCP server operates as a RADIUS client and adopts AAA for authentication.
Applicable Product Matrix
Product series |
Software version |
Hardware version |
S3600-EI series Ethernet switches |
Release 1510 |
S3600-EI |
S5600 series Ethernet switches |
Release 1510 |
All versions |
Configuration Procedure
<Switch> system-view
[Switch] vlan 2
[Switch-vlan2] quit
# Create VLAN 3.
[Switch] vlan 3
[Switch-vlan3] quit
# Enter Ethernet 1/0/1 view and add the port to VLAN 2.
[Switch] interface Ethernet 1/0/1
[Switch-Ethernet1/0/1] port access vlan 2
[Switch-Ethernet1/0/1] quit
# Enter Ethernet 1/0/2 view and add the port to VLAN 3.
[Switch] interface Ethernet 1/0/2
[Switch-Ethernet1/0/2] port access vlan 3
[Switch-Ethernet1/0/2] quit
# Enter VLAN-interface 2 view and assign the IP address 10.1.1.1/24 to the VLAN interface.
[Switch] interface Vlan-interface 2
[Switch-Vlan-interface2] ip address 10.1.1.1 24
[Switch-Vlan-interface2] quit
# Enter VLAN-interface 3 view and assign the IP address 10.1.2.1/24 to the VLAN interface.
[Switch] interface Vlan-interface 3
[Switch-Vlan-interface3] ip address 10.1.2.1 24
[Switch-Vlan-interface3] quit
# Create a RADIUS scheme and a domain, and then associate the domain with the RADIUS scheme.
[Switch] radius scheme 123
[Switch-radius-123] primary authentication 10.1.2.2
[Switch-radius-123] primary accounting 10.1.2.2
[Switch-radius-123] quit
[Switch] domain 123
[Switch-isp-123] scheme radius-scheme 123
[Switch-isp-123] quit
# Create an address pool on the DHCP server.
[Switch] dhcp server ip-pool test
[Switch-dhcp-pool-test] network 10.1.1.0 mask 255.255.255.0
# Enable DHCP accounting.
[Switch-dhcp-pool-test] accounting domain 123
Complete Configuration
radius scheme 123
primary authentication 10.1.2.2
primary accounting 10.1.2.2
#
domain 123
scheme radius-scheme 123
#
dhcp server ip-pool test
network 10.1.1.0 mask 255.255.255.0
accounting domain 123
#
vlan 2
#
vlan 3
#
interface Vlan-interface2
ip address 10.1.1.1 255.255.255.0
#
interface Vlan-interface3
ip address 10.1.2.1 255.255.255.0
#
interface Ethernet1/0/1
port access vlan 2
#
interface Ethernet1/0/2
port access vlan 3
#
Precautions
Before configuring DHCP accounting, make sure that:
l The DHCP server is configured (such as the address pool, lease time and other configuration parameters).
l The DHCP client is enabled.
l Routes are reachable.
DHCP Client Configuration Guide
With the DHCP client enabled on an interface, the interface will use DHCP to obtain configuration parameters such as an IP address from the DHCP server.
Network Diagram
Refer to Figure 1-1.
Networking and Configuration Requirements
Configure VLAN-interface 1 on Switch B to obtain an IP address through DHCP.
Applicable Product Matrix
Product series |
Software version |
Hardware version |
S5600 series Ethernet switches |
Release 1510, Release 1602 |
All versions |
S5100-SI/EI series Ethernet switches |
Release 2200, Release 2201 |
All versions |
S3600-SI/EI series Ethernet switches |
Release 1510, Release 1602 |
All versions |
S3100-EI series Ethernet switches |
Release 2104, Release 2107 |
All versions |
S3100-C-SI series Ethernet switches S3100-T-SI series Ethernet switches |
Release 0011, Release 2102, Release 2107 |
All versions |
S3100-TP-SI series Ethernet switches |
Release 2102, Release 2107 |
All versions( except S3100-52TP-SI) |
S3100-52TP-SI |
Release 2106, Release 2107 |
S3100-52TP-SI |
S3100-52P |
Release 1500, Release 1602 |
S3100-52P |
Configuration Procedure
# Create VLAN-interface 1 on Switch B and enter its view.
<SwitchB> system-view
[SwitchB] interface Vlan-interface 1
# Configure VLAN-interface 1 to obtain an IP address through DHCP.
[SwitchB-Vlan-interface1] ip address dhcp-alloc
[SwitchB-Vlan-interface1] quit
Complete Configuration
interface Vlan-interface1
ip address dhcp-alloc
#
Precautions
None