Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5500-EI Series Ethernet Switches	Release 2102	All versions
S7500E Series Ethernet Switches	Release 6100 Release 6300	All versions
S3500-EA Series Ethernet Switches	Release 5303	All versions

Configuration Procedure

# Configure the IP address of VLAN-interface 2 on Switch A.

<SwitchA> system-view

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 10.1.1.1 25

[SwitchA-Vlan-interface2] quit

# Enable DHCP.

[SwitchA] dhcp enable

# Create DHCP address pool 0, and configure a static IP-MAC binding, DNS server and gateway in it.

[SwitchA] dhcp server ip-pool 0

[SwitchA-dhcp-pool-0] static-bind ip-address 10.1.1.5

[SwitchA-dhcp-pool-0] static-bind mac-address 000f-e200-0002

[SwitchA-dhcp-pool-0] dns-list 10.1.1.2

[SwitchA-dhcp-pool-0] gateway-list 10.1.1.126

[SwitchA-dhcp-pool-0] quit

Complete Configuration

dhcp server ip-pool 0

static-bind ip-address 10.1.1.5 mask 255.0.0.0

static-bind mac-address 000f-e200-0002

gateway-list 10.1.1.126

dns-list 10.1.1.2

expired unlimited

interface Vlan-interface2

ip address 10.1.1.1 255.255.255.128

dhcp enable

Configuration Guidelines

l The IP address of a static binding cannot be an interface’s address of the DHCP server. Otherwise, an IP address conflict may occur and the bound client cannot obtain an IP address correctly.

l A DHCP address pool now supports only one static binding, which can be a MAC-to-IP or ID-to-IP binding (a client ID is a string of 4 to 160 characters that uniquely identifies a client).

l The ID of the static binding must be identical to the ID displayed by using the display dhcp client verbose command on the client. Otherwise, the client cannot obtain an IP address.

Configuring Dynamic IP Address Allocation

Network Diagram

Figure 1-2 Network diagram for dynamic IP address allocation

Networking and Configuration Requirements

l The DHCP server (Switch A) assigns IP addresses to clients in subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25.

l The IP addresses of VLAN interfaces 1 and 2 on Switch A are 10.1.1.1/25 and 10.1.1.129/25 respectively.

l In the subnet 10.1.1.0/25, the address lease duration is ten days and twelve hours, domain name is aabbcc.com, DNS server address is 10.1.1.2/25, WINS server address is 10.1.1.4/25, and gateway address is 10.1.1.126/25.

l In the subnet 10.1.1.128/25, the address lease duration is five days, domain name is aabbcc.com, DNS server address is 10.1.1.2/25 gateway address is 10.1.1.254/25 and there is no WINS server address.

l The domain name and DNS server address on subnets 10.1.1.0/25 and 10.1.1.128/25 are the same. Therefore, they can be configured only for the subnet 10.1.1.0/24 and the other two subnets can inherit the configuration.

l Enable unauthorized DHCP server detection on Switch A for the administrator to find unauthorized DHCP servers from the log information.

Applicable Product Matrix

Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5500-EI Series Ethernet Switches	Release 2102	All versions
S7500E Series Ethernet Switches	Release 6100 Release 6300	All versions
S3500-EA Series Ethernet Switches	Release 5303	All versions

Configuration Procedure

# Enable DHCP.

[SwitchA] dhcp enable

# Exclude IP addresses from dynamic allocation (addresses of the DNS server, WINS server, and gateways).

[SwitchA] dhcp server forbidden-ip 10.1.1.2

[SwitchA] dhcp server forbidden-ip 10.1.1.4

[SwitchA] dhcp server forbidden-ip 10.1.1.126

[SwitchA] dhcp server forbidden-ip 10.1.1.254

# Enable unauthorized DHCP server detection.

[SwitchA] dhcp server detect

# Configure DHCP address pool 0, including address range, domain name and DNS server address.

[SwitchA] dhcp server ip-pool 0

[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0

[SwitchA-dhcp-pool-0] domain-name aabbcc.com

[SwitchA-dhcp-pool-0] dns-list 10.1.1.2

[SwitchA-dhcp-pool-0] quit

# Configure DHCP address pool 1, including address range, gateway, WINS server address, and lease time.

[SwitchA] dhcp server ip-pool 1

[SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128

[SwitchA-dhcp-pool-1] gateway-list 10.1.1.126

[SwitchA-dhcp-pool-1] expired day 10 hour 12

[SwitchA-dhcp-pool-1] nbns-list 10.1.1.4

[SwitchA-dhcp-pool-1] quit

# Configure DHCP address pool 2 (address range, gateway, and lease duration).

[SwitchA] dhcp server ip-pool 2

[SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128

[SwitchA-dhcp-pool-2] expired day 5

[SwitchA-dhcp-pool-2] gateway-list 10.1.1.254

[SwitchA-dhcp-pool-2] quit

With the unauthorized DHCP server detection enabled, Switch A records all the DHCP servers, including the authorized DHCP server. Then, the administrator can find unauthorized DHCP servers from the log information. When an unauthorized DHCP server is detected, the following log information is displayed.

%Apr 30 08:07:51:896 2000 H3C DHCPS/4/DHCPS_LOCAL_SERVER:

Local DHCP server information: Server IP (detected by DHCP server) =

10.1.1.5, DHCP server interface = Vlan-interface1

Source client information: DHCP message type = DHCPREQUEST, DHCP

client hardware address = 000f-e200-000b

Complete Configuration

dhcp server ip-pool 0

network 10.1.1.0 mask 255.255.255.0

dns-list 10.1.1.2

domain-name aabbcc.com

dhcp server ip-pool 1

network 10.1.1.0 mask 255.255.255.128

gateway-list 10.1.1.126

nbns-list 10.1.1.4

expired day 10 hour 12

dhcp server ip-pool 2

network 10.1.1.128 mask 255.255.255.128

gateway-list 10.1.1.254

expired day 5

dhcp server forbidden-ip 10.1.1.2

dhcp server forbidden-ip 10.1.1.4

dhcp server forbidden-ip 10.1.1.126

dhcp server forbidden-ip 10.1.1.254

dhcp server detect

dhcp enable

Configuration Guidelines

l If no IP address is available in a child address pool, the DHCP server will fail to assign addresses to clients because it will not assign those in the father address pool to clients. In this example, clients connected to VLAN-interface 1 should not exceed 122, and clients connected to VLAN-interface 2 should not exceed 124.

l When the DHCP server and clients are on the same subnet and the dhcp select server global-pool subaddress command is configured on the DHCP server’s interface, the DHCP server will assign an IP address from the address pool containing the secondary IP address of the server’s interface (connected to the client); if the interface has multiple secondary IP addresses, the address pool containing the first secondary IP address is selected. Otherwise, the DHCP server will assign an IP address from the address pool containing the primary IP address of the server’s interface.

Configuring DHCP Relay Agent

Since DHCP clients request IP addresses via broadcast messages, the DHCP server and clients must be on the same subnet. Therefore, a DHCP server must be available on each subnet, which is not practical.

The DHCP relay agent solves the problem. Via a relay agent, DHCP clients communicate with a DHCP server on another subnet to obtain IP addresses. Thus, DHCP clients on different subnets can contact the same DHCP server for ease of centralized management and cost reduction.

Figure 1-3 Netw Network diagram for DHCP relay agent ork Diagram

Networking and Configuration Requirements

l VLAN-interface 1 on the DHCP relay agent (Switch A) connects to the network where DHCP clients reside. The IP address of VLAN-interface 1 is 10.10.1.1/24 and IP address of VLAN-interface 2 is 10.1.1.2/24 that connects with the DHCP server 10.1.1.1/24.

l Switch A forwards messages so that DHCP clients can obtain IP addresses on subnet 10.10.1.0/24 and related configuration information from the DHCP server.

l Host A uses a static IP address of 10.10.1.5/24, while other hosts obtain dynamic IP addresses.

l Enable IP address match check on Switch A, so that only the clients that have valid IP addresses or obtain IP addresses through DHCP can access the external network.

Applicable Product Matrix

Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5500-SI Series Ethernet Switches	Release 1207	All versions except S5500-20TP-SI
S5500-SI Series Ethernet Switches	Release 1301	S5500-20TP-SI
S5500-EI Series Ethernet Switches	Release 2102	All versions
S7500E Series Ethernet Switches	Release 6100 Release 6300	All versions
S3500-EA Series Ethernet Switches	Release 5303	All versions

Configuration Procedure

# Enable DHCP.

<SwitchA> system-view

[SwitchA] dhcp enable

# Enable the DHCP relay agent on VLAN-interface 1.

[SwitchA] interface vlan-interface 1

[SwitchA-Vlan-interface1] ip address 10.10.1.1 24

[SwitchA-Vlan-interface1] dhcp select relay

[SwitchA-Vlan-interface1] quit

# Add the IP address of the DHCP server to DHCP server group 1 and correlate VLAN-interface 1 to the group.

[SwitchA] dhcp relay server-group 1 ip 10.1.1.1

[SwitchA] interface vlan-interface 1

[SwitchA-Vlan-interface1] dhcp relay server-select 1

[SwitchA-Vlan-interface1] quit

# Configure a static binding between IP address 10.10.1.5/24 and MAC address 0001-0010-0001.

[SwitchA] dhcp relay security static 10.10.1.5 0001-0010-0001

# Enable IP address match check on the DHCP relay agent.

[SwitchA] interface Vlan-interface 1

[SwitchA-Vlan-interface1] dhcp relay address-check enable

[SwitchA-Vlan-interface1] quit

Complete Configuration

dhcp relay server-group 1 ip 10.1.1.1

interface Vlan-interface1

ip address 10.10.1.1 255.255.255.0

dhcp select relay

dhcp relay server-select 1

dhcp relay address-check enable

dhcp enable

dhcp relay security static 10.10.1.5 0001-0010-0001

Configuration Guidelines

l You also need to perform configurations on the DHCP server. For how to configure the DHCP server, refer to Configuring Dynamic IP Address Allocation.

l The DHCP relay agent and DHCP server are reachable to each other.

l The dhcp relay address-check enable command is independent of other commands of the DHCP relay agent. That is, the IP address match check takes effect when this command is executed, regardless of whether other commands are used.

Configuring DHCP Snooping

For security, a network administrator needs to use the mappings between DHCP clients’ IP addresses obtained from the DHCP server and their MAC addresses.

DHCP snooping records clients’ MAC and IP addresses by reading DHCP-REQUEST and DHCP-ACK messages.

Network Diagram

Figure 1-4 Network diagram for DHCP snooping

Networking and Configuration Requirements

l Switch B is connected to a DHCP server through GigabitEthernet 1/0/1, and to two DHCP clients through GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3.

l GigabitEthernet 1/0/1 of Switch B can receive DHCP server responses and the other two cannot.

l Switch B records clients’ IP-to-MAC address bindings in DHCP-REQUEST messages and DHCP-ACK messages received from trusted ports.

l Switch B supports Option 82. After receiving a DHCP request, Switch B adds Option 82 padded in verbose format to the request message and forwards the message to the DHCP server.

Applicable Product Matrix

Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5500-SI Series Ethernet Switches	Release 1207	All versions except S5500-20TP-SI
S5500-SI Series Ethernet Switches	Release 1301	S5500-20TP-SI
S5500-EI Series Ethernet Switches	Release 2102	All versions
S7500E Series Ethernet Switches	Release 6100 Release 6300	All versions
S3500-EA Series Ethernet Switches	Release 5303	All versions

Note that S5500-SI series Ethernet switches support DHCP snooping and trusted port configurations, but do not support DHCP snooping Option 82.

Configuration Procedure

# Enable DHCP snooping.

<SwitchB> system-view

[SwitchB] dhcp-snooping

# Configure GigabitEthernet 1/0/1 as a trusted port.

[SwitchB] interface gigabitethernet1/0/1

[SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust

[SwitchB-GigabitEthernet1/0/1] quit

# Configure DHCP snooping Option 82 support on GigabitEthernet 1/0/2.

[SwitchB] interface gigabitethernet1/0/2

[SwitchB-GigabitEthernet1/0/2] dhcp-snooping information enable

# Configure the padding format for Option 82 on GigabitEthernet 1/0/2 as verbose.

[SwitchB-GigabitEthernet1/0/2] dhcp-snooping information format verbose node-identifier sysname

[SwitchB-GigabitEthernet1/0/2] quit

# Configure DHCP snooping Option 82 support on GigabitEthernet 1/0/3.

[SwitchB] interface gigabitethernet1/0/3

[SwitchB-GigabitEthernet1/0/3] dhcp-snooping information enable

# Configure the padding format for Option 82 on GigabitEthernet 1/0/3 as verbose.

[SwitchB-GigabitEthernet1/0/3] dhcp-snooping information format verbose node-identifier sysname

Complete Configuration

dhcp-snooping

interface GigabitEthernet1/0/1

dhcp-snooping trust

interface GigabitEthernet1/0/2

dhcp-snooping information enable

dhcp-snooping information format verbose node-identifier sysname

interface GigabitEthernet1/0/3

dhcp-snooping information enable

dhcp-snooping information format verbose node-identifier sysname

Configuration Guidelines

l The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP clients and relay agent or between the DHCP clients and server.

l The DHCP snooping enabled device cannot be a DHCP server or DHCP relay agent.

l You are not recommended to enable the DHCP client, BOOTP client, and DHCP snooping on the same device. Otherwise, DHCP snooping entries may fail to be generated, or the BOOTP client/DHCP client may fail to obtain an IP address.

l You need to specify the ports connected to authorized DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. A trusted port and a port connected to DHCP clients must be in the same VLAN.

l Configuring both the DHCP snooping and selective QinQ function on the switch is not recommended because it may result in malfunctioning of DHCP snooping.

l DHCP snooping supports no link aggregation. If a Layer 2 Ethernet interface is added into an aggregation group, DHCP snooping configuration on it will not take effect. When the interface is removed from the group, DHCP snooping can take effect.

Configuring DHCP Snooping Option 82 Support

When a DHCP snooping device supporting Option 82 receives a client’s request, it adds Option 82 to the request message and sends it to a DHCP server. Then, the DHCP server can locate the DHCP client and assign an appropriate IP address and other parameters to the client, thus further implementing security control and accounting.

Network Diagram

Figure 1-5 Network diagram for DHCP snooping

Networking and Configuration Requirements

The working area of a company is divided into three groups, group 1, group 2, and group 3, separately located in three rooms. The company needs to assign different IP address ranges for the groups through a DHCP server. The requirements are:

l Assign IP addresses on the network segment 192.168.10.0/24. The lease duration is twelve hours, DNS server address is 192.168.100.2, and WINS server address is 192.168.100.3.

l Enable DHCP snooping on Switch A, and configure GigabitEthernet 1/0/4 as a DHCP snooping trusted port.

l Group 1, group 2, and group3 are connected to the DHCP snooping device through GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 respectively.

l Configure DHCP snooping Option 82 support to add port information into Option 82 of DHCP messages.

l Configure the DHCP server to support Option 82. Based on the group information contained in Option 82, the DHCP server assigns 192.168.10.2 through 192.168.10.25 to clients in group 1, 192.168.10.100 through 192.168.10.150 to clients in group 2, and 192.168.10.151 through 192.168.10.200 to clients in group 3.

Applicable Product Matrix

Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5500-SI Series Ethernet Switches	Release 1207	All versions except S5500-20TP-SI
S5500-SI Series Ethernet Switches	Release 1301	S5500-20TP-SI
S5500-EI Series Ethernet Switches	Release 2102	All versions
S7500E Series Ethernet Switches	Release 6100 Release 6300	All versions
S3500-EA Series Ethernet Switches	Release 5303	All versions

Configuration Procedure

Configuration on Switch A

# Enable DHCP snooping.

<SwitchA> system-view

[SwitchA] dhcp-snooping

# Configure GigabitEthernet 1/0/4 as a DHCP snooping trusted port.

[SwitchA] interface gigabitethernet1/0/4

[SwitchA-GigabitEthernet1/0/4] dhcp-snooping trust

[SwitchA-GigabitEthernet1/0/4] quit

# Configure DHCP snooping Option 82 support on GigabitEthernet 1/0/1, and configure the padding format for Option 82 as normal.

[SwitchA] interface gigabitethernet1/0/1

[SwitchA-GigabitEthernet1/0/1] dhcp-snooping information enable

[SwitchA-GigabitEthernet1/0/1] dhcp-snooping information format normal

[SwitchA-GigabitEthernet1/0/1] quit

# Configure DHCP snooping Option 82 support on GigabitEthernet 1/0/2, and configure the padding format for Option 82 as normal.

[SwitchA] interface gigabitethernet1/0/2

[SwitchA-GigabitEthernet1/0/2] dhcp-snooping information enable

[SwitchA-GigabitEthernet1/0/2] dhcp-snooping informationformat normal

[SwitchA-GigabitEthernet1/0/2] quit

# Configure DHCP snooping Option 82 support on GigabitEthernet 1/0/3, and configure the padding format for Option 82 as normal.

[SwitchA] interface gigabitethernet1/0/3

[SwitchA-GigabitEthernet1/0/3] dhcp-snooping information enable

[SwitchA-GigabitEthernet1/0/3] dhcp-snooping information format normal

[SwitchA-GigabitEthernet1/0/3] quit

Configuration on the DHCP server

The DHCP server configurations are performed on a Cisco Catalyst 3745 switch with software version IOS 12.3(11)T2. For configurations on other device models or other versions, refer to the corresponding user manuals.

# Configure the IP address for the DHCP server’s interface as 192.168.10.1/24.

Server> enable

Server# configure terminal

Server(config)# interface fastethernet 0/0

Server(config-if)# ip address 192.168.10.1 255.255.255.0

Server(config-if)# exit

# Configure the DHCP server function and enable address allocation based on Option 82.

Server(config)# service dhcp

Server(config)# ip dhcp use class

# Create a DHCP class for clients in group 1 that are connected to the DHCP snooping device through GigabitEthernet 1/0/1, and configure the server to match the VLAN ID and interface number (circuit ID sub-option) in Option 82. The wildcard (*) represents characters that do not need to be matched.

Server(config)# ip dhcp class group1

Server(dhcp-class)# relay agent information

Server(dhcp-class-relayinfo)# relay-information hex 0106000400010001*

Server(dhcp-class-relayinfo)# exit

# Create a DHCP class for clients in group 2 that are connected to the DHCP snooping device through GigabitEthernet 1/0/2, and configure the matching information. The commands are similar to the above. You only need to change the interface number for Option 82 to 2.

Server(config)# ip dhcp class group2

Server(dhcp-class)# relay agent information

Server(dhcp-class-relayinfo)# relay-information hex 0106000400010002*

Server(dhcp-class-relayinfo)# exit

# Create a DHCP class for clients in group 3 that are connected to the DHCP snooping device through GigabitEthernet 1/0/3, and configure the matching information. The commands are similar to the above. You only need to change the interface number for Option 82 to 3.

Server(config)# ip dhcp class group3

Server(dhcp-class)# relay agent information

Server(dhcp-class-relayinfo)# relay-information hex 0106000400010003*

Server(dhcp-class-relayinfo)# exit

# Configure DHCP address pool office (lease duration, gateway, DNS server, and WINS server).

Server(config)# ip dhcp pool office

Server(dhcp-config)# network 192.168.10.0

Server(dhcp-config)# lease 0 12

Server(dhcp-config)# default-router 192.168.10.1

Server(dhcp-config)# dns-server 192.168.100.2

Server(dhcp-config)# netbios-name-server 192.168.100.3

# Specify address ranges for the three DHCP classes.

Server(dhcp-config)# class group1

Server(dhcp-pool-class)# address range 192.168.10.2 192.168.10.25

Server(dhcp-pool-class)# class group2

Server(dhcp-pool-class)# address range 192.168.10.100 192.168.10.150

Server(dhcp-pool-class)# class group3

Server(dhcp-pool-class)# address range 192.168.10.151 192.168.10.200

Complete Configuration

dhcp-snooping

interface GigabitEthernet1/0/4

dhcp-snooping trust

interface GigabitEthernet1/0/1

dhcp-snooping information enable

dhcp-snooping information format normal

interface GigabitEthernet1/0/2

dhcp-snooping information enable

dhcp-snooping information format normal

interface GigabitEthernet1/0/3

dhcp-snooping information enable

dhcp-snooping information format normal

Configuration Guidelines

l You need to enable DHCP snooping before configuring DHCP snooping to support Option 82.

l You are recommended to configure DHCP snooping Option 82 support on the DHCP snooping device closest to DHCP clients, so that the clients can be accurately located.

Configuring DHCP Client

After you specify an interface of the device as a DHCP client, the interface can use DHCP to get information (such as IP address) from the DHCP server, for ease of configuration and centralized management.

Network Diagram

See Figure 1-2.

Networking and Configuration Requirements

Configure VLAN-interface 1 on the switch to obtain an IP address through DHCP.

Applicable Product Matrix

Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5500-SI Series Ethernet Switches	Release 1207	All versions except S5500-20TP-SI
S5500-SI Series Ethernet Switches	Release 1301	S5500-20TP-SI
S5500-EI Series Ethernet Switches	Release 2102	All versions
S7500E Series Ethernet Switches	Release 6100 Release 6300	All versions
S3500-EA Series Ethernet Switches	Release 5303	All versions

Configuration Procedure

# Create VLAN-interface 1 and enter VLAN interface view.

[SwitchB] interface Vlan-interface 1

# Configure VLAN-interface 1 to obtain an IP address through DHCP.

[SwitchB-Vlan-interface1] ip address dhcp-alloc

[SwitchB-Vlan-interface1] quit

Complete Configuration

interface Vlan-interface1

ip address dhcp-alloc

Configuration Guidelines

You are not recommended to enable both DHCP client and DHCP snooping on the same device. Otherwise, DHCP snooping entries may fail to be generated, or the DHCP client may fail to obtain an IP address.

Configuring Auto-Configuration

With auto-configuration, a device that starts up without any configuration file can automatically obtain a configuration file and execute it, thus implementing simplified network configuration and centralized management. The auto-configuration process is described as follows:

1) When a switch starts up without any configuration file, the system sets an active interface (such as the default VLAN interface) as the DHCP client to request from the DHCP server for parameters, such as an IP address and name of a TFTP server, and the bootfile name.

2) After getting related parameters, the DHCP client will send a TFTP request to obtain the configuration file from the specified TFTP server for system initialization. If the client cannot get such parameters, it will perform system initialization without loading any configuration file.

1.1.1 Network Diagram

Figure 1-6 Network diagram for auto-configuration

Networking and Configuration Requirements

A company has two departments, marketing department and research&development (R&D) department. The switches directly connected to terminal hosts access the network through different network devices (DHCP relay agents), as shown in Figure 1-6.

l Switch A (DHCP server) assigns IP addresses and other network configuration parameters for hosts of the marketing and R&D departments.

l Run the TFTPD32 software on a host so that it can serve as a TFTP server.

l Switch B serves as both the gateway of the marketing department and a DHCP relay agent. It is connected to the DHCP server and TFTP server through VLAN-interface 2, and connected to Switch D and Switch E through VLAN-interface 3 (with IP address 192.168.2.1/24). Switch D and Switch E are respectively connected to Switch B through VLAN-interface 3.

l Switch C serves as both the gateway of the R&D department and a DHCP relay agent. It is connected to the DHCP server and TFTP server through VLAN-interface 2, and connected to Switch F and Switch G through VLAN-interface 3 (with IP address 192.168.3.1/24). Switch F and Switch G are respectively connected to Switch C through VLAN-interface 3.

To simplify network device management, ensure network security and implement device login and control through telnet, you can configure auto-configuration on the switches directly connected to terminal hosts, so that the switches can automatically obtain configuration files after startup. Through the configuration files, you can:

l Configure the interfaces to obtain IP addresses through DHCP.

l Enable telnet server.

l Create a local user.

l Telnet to the device when authentication is required.

Applicable Product Matrix

Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301 Release 5303	All versions
S5500-EI Series Ethernet Switches	Release 2102	All versions
S3500-EA Series Ethernet Switches	Release 5303	All versions

Configuration Procedure

The following configurations are performed and verified in a lab environment. All the parameters of the device before configuration are factory defaults. If you have configured the device, make sure that your configuration does not conflict with the following configuration.

Configuration on Switch A (DHCP server)

# Configure the IP address of VLAN-interface 2.

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port gigabitethernet 1/0/1

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 192.168.1.42

[SwitchA-Vlan-interface2] quit

# Enable DHCP.

[SwitchA] dhcp enable

# Configure DHCP address pool market to dynamically assign IP addresses on network segment 192.168.2.0/24 to the marketing department, and specify the TFTP server address, gateway address, and configuration file name.

[SwitchA] dhcp server ip-pool market

[SwitchA-dhcp-pool-market] network 192.168.2.0 24

[SwitchA-dhcp-pool-market] tftp ip-address 192.168.1.40

[SwitchA-dhcp-pool-market] gateway-list 192.168.2.1

[SwitchA-dhcp-pool-market] bootfile-name market.cfg

[SwitchA-dhcp-pool-market] quit

# Configure DHCP address pool research to dynamically assign IP addresses on network segment 192.168.3.0/24 to the R&D department, and specify the TFTP server address, gateway address, and configuration file name.

[SwitchA] dhcp server ip-pool research

[SwitchA-dhcp-pool-research] network 192.168.3.0 24

[SwitchA-dhcp-pool-research] tftp ip-address 192.168.1.40

[SwitchA-dhcp-pool-research] gateway-list 192.168.3.1

[SwitchA-dhcp-pool-research] bootfile-name research.cfg

[SwitchA-dhcp-pool-research] quit

# Configure static routes to the networks through the DHCP relay agents.

[SwitchA] ip route-static 192.168.2.0 24 192.168.1.41

[SwitchA] ip route-static 192.168.3.0 24 192.168.1.43

[SwitchA] quit

Configuration on Switch B (DHCP relay agent)

# Configure IP addresses for VLAN-interface 2 and VLAN-interface 3.

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-vlan2] port gigabitethernet 1/0/3

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ip address 192.168.1.41

[SwitchB-Vlan-interface2] quit

[SwitchB] vlan 3

[SwitchB-vlan3] port gigabitethernet 1/0/1

[SwitchB-vlan3] port gigabitethernet 1/0/2

[SwitchB-vlan3] quit

[SwitchB] interface vlan-interface 3

[SwitchB-Vlan-interface3] ip address 192.168.2.1

[SwitchB-Vlan-interface3] quit

# Enable DHCP.

[SwitchB] dhcp enable

# Create DHCP server group 1 and add the IP address of the DHCP server into it.

[SwitchB] dhcp relay server-group 1 ip 192.168.1.42

# Enable DHCP relay agent on VLAN-interface 3.

[SwitchB] interface vlan-interface 3

[SwitchB-Vlan-interface3] dhcp select relay

# Correlate VLAN-interface 3 to DHCP server group 1.

[SwitchB-Vlan-interface3] dhcp relay server-select 1

Configuration on Switch C (DHCP relay agent)

# Configure IP addresses of the VLAN interfaces.

<SwitchC> system-view

[SwitchC] vlan 2

[SwitchC-vlan2] port gigabitethernet 1/0/3

[SwitchC-vlan2] quit

[SwitchC] interface vlan-interface 2

[SwitchC-Vlan-interface2] ip address 192.168.1.43

[SwitchC-Vlan-interface2] quit

[SwitchC] vlan 3

[SwitchC-vlan3] port gigabitethernet 1/0/1

[SwitchC-vlan3] port gigabitethernet 1/0/2

[SwitchC-vlan3] quit

[SwitchC] interface vlan-interface 3

[SwitchC-Vlan-interface3] ip address 192.168.3.1

[SwitchC-Vlan-interface3] quit

# Enable DHCP.

[SwitchC] dhcp enable

# Create DHCP server group 1 and add the IP address of the DHCP server into it.

[SwitchC] dhcp relay server-group 1 ip 192.168.1.42

# Enable DHCP relay agent on VLAN-interface 3.

[SwitchC] interface vlan-interface 3

[SwitchC-Vlan-interface3] dhcp select relay

# Correlate VLAN-interface 3 to DHCP server group 1.

[SwitchC-Vlan-interface3] dhcp relay server-select 1

Configuration on the host (TFTP server)

# Create a configuration file named market.cfg in the directory D:/TFTP server of the host. The content of the configuration file is as follows:

sysname Market

telnet server enable

vlan 3

local-user market

password simple market

service-type telnet

level 3

interface Vlan-interface3

ip address dhcp-alloc

interface GigabitEthernet1/0/1

port access vlan 3

user-interface vty 0 4

authentication-mode scheme

user privilege level 3

return

# Create a configuration file named research.cfg in the directory D:/TFTP server of the host. The content of the configuration file is as follows:

sysname Research

telnet server enable

vlan 3

local-user research

password simple research

service-type telnet

level 3

interface Vlan-interface3

ip address dhcp-alloc

interface GigabitEthernet1/0/1

port access vlan 3

user-interface vty 0 4

authentication-mode scheme

user privilege level 3

return

# Run the TFTPD32 software, and then click Settings, as shown in 0.

Figure 1-7 TFTP server configuration page

# Specify a path for Base Directory to save the configuration file, and then click OK, as shown in 0.

Figure 1-8 Specify a path to save the configuration file

# Configure routes to network segments 192.168.2.0/24 and 192.168.3.0/24 using the following commands.

route add 192.168.2.0 mask 255.255.255.0 192.168.1.41

route add 192.168.3.0 mask 255.255.255.0 192.168.1.43

Complete Configuration

l Configuration on Switch A

vlan 1

vlan 2

dhcp server ip-pool market

network 192.168.2.0 mask 255.255.255.0

gateway-list 192.168.2.1

bootfile-name market.cfg

tftp-server ip-address 192.168.1.17

dhcp server ip-pool research

network 192.168.3.0 mask 255.255.255.0

gateway-list 192.168.3.1

bootfile-name research.cfg

tftp-server ip-address 192.168.1.17

interface Vlan-interface2

ip address 192.168.1.42 255.255.255.0

interface GigabitEthernet1/0/1

port access vlan 2

ip route-static 192.168.2.0 255.255.255.0 192.168.1.41

ip route-static 192.168.3.0 255.255.255.0 192.168.1.43

dhcp enable

l Configuration on Switch B

dhcp relay server-group 1 ip 192.168.1.42

vlan 1

vlan 2

vlan 3

interface Vlan-interface2

ip address 192.168.1.41 255.255.255.0

interface Vlan-interface3

ip address 192.168.2.1 255.255.255.0

dhcp select relay

dhcp relay server-select 1

interface GigabitEthernet1/0/1

port access vlan 3

interface GigabitEthernet1/0/2

port access vlan 3

interface GigabitEthernet1/0/3

port access vlan 2

dhcp enable

l Configuration on Switch C

dhcp relay server-group 1 ip 192.168.1.42

vlan 1

vlan 2

vlan 3

interface Vlan-interface2

ip address 192.168.1.43 255.255.255.0

interface Vlan-interface3

ip address 192.168.3.1 255.255.255.0

dhcp select relay

dhcp relay server-select 1

interface GigabitEthernet1/0/1

port access vlan 3

interface GigabitEthernet1/0/2

port access vlan 3

interface GigabitEthernet1/0/3

port access vlan 2

dhcp enable

Configuration Guidelines

l To apply auto-configuration on a switch, you need to perform configurations of the DHCP server, DHCP relay agent, TFTP server, and DNS server (optional), and save the configuration file of the switch to the TFTP server.

l The DHCP server needs to assign gateway addresses to clients which then can request for TFTP and DNS services from other subnets.

l Before rebooting a switch, you are recommended to connect only one interface to the network to ensure normal operation of the auto-configuration function.

l After the switch obtains the configuration file, it only executes the configuration file, rather than saving it locally. When the switch is rebooted, it needs to obtain the configuration file again.

H3C Low-End and Mid-Range Ethernet Switches Configuration Examples(V1.01)

1 DHCP Configuration Guide

Configuration on Switch A

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us