Login
- Table of Contents
-
- H3C S3610[S5510] Series Ethernet Switches Operation Manual-Release 5303(V1.01)
- 00-1Cover
- 00-2Product Overview
- 01-Login Configuration
- 02-VLAN Configuration
- 03-IP Addressing and Performance Configuration
- 04-QinQ-BPDU Tunneling Configuration
- 05-Port Correlation Configuration
- 06-Link Aggregation Configuration
- 07-MAC Address Table Management Configuration
- 08-IP Source Guard Configuration
- 09-MSTP Configuration
- 10-IPv6 Configuration
- 11-Routing Overview
- 12-IPv4 Routing Configuration
- 13-BFD-GR Configuration
- 14-IPv6 Routing Configuration
- 15-Multicast Protocol Configuration
- 16-802.1x-HABP-MAC Authentication Configuration
- 17-AAA-RADIUS-HWTACACS Configuration
- 18-ARP Configuration
- 19-DHCP Configuration
- 20-ACL Configuration
- 21-QoS Configuration
- 22-Port Mirroring Configuration
- 23-Cluster Management Configuration
- 24-UDP Helper Configuration
- 25-SNMP-RMON Configuration
- 26-NTP Configuration
- 27-DNS Configuration
- 28-File System Management Configuration
- 29-Information Center Configuration
- 30-System Maintaining and Debugging Configuration
- 31-NQA Configuration
- 32-VRRP Configuration
- 33-SSH Configuration
- 34-MCE Configuration
- 35-OAM Configuration
- 36-DLDP Configuration
- 37-RRPP Configuration
- 38-SSL-HTTPS Configuration
- 39-PKI Configuration
- 40-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 19-DHCP Configuration | 443.78 KB |
Table of Contents
1.2.2 Dynamic IP Address Allocation Process
1.2.3 IP Address Lease Extension
1.4.2 Introduction to DHCP Options
Chapter 2 DHCP Server Configuration
2.1 Introduction to DHCP Server
2.1.3 IP Address Allocation Sequence
2.2 DHCP Server Configuration Task List
2.4 Enabling the DHCP Server on an Interface
2.5 Configuring an Address Pool for the DHCP Server
2.5.2 Creating a DHCP Address Pool
2.5.3 Configuring an Address Allocation Mode
2.5.4 Configuring a Domain Name Suffix for the Client
2.5.5 Configuring DNS Servers for the Client
2.5.6 Configuring WINS Servers and NetBIOS Node Type for the Client
2.5.7 Configuring the BIMS Server Information for the Client
2.5.8 Configuring Gateways for the Client
2.5.9 Configuring Option 184 Parameters for the Client with Voice Service
2.5.10 Configuring the TFTP Server and Bootfile Name for the Client
2.5.11 Configuring Self-Defined DHCP Options
2.6 Configuring the DHCP Server Security Functions
2.6.1 Configuration Prerequisites
2.6.2 Enabling Unauthorized DHCP Server Detection
2.6.3 Configuring IP Address Conflict Detection
2.7 Configuring the Handling Mode for Option 82
2.8 Displaying and Maintaining the DHCP Server
2.9 DHCP Server Configuration Examples
2.10 Troubleshooting DHCP Server Configuration
Chapter 3 DHCP Relay Agent Configuration
3.1 Introduction to DHCP Relay Agent
3.1.3 DHCP Relay Agent Support for Option 82
3.3 Configuring the DHCP Relay Agent
3.3.2 Enabling the DHCP Relay Agent on an Interface
3.3.3 Correlating a DHCP Server Group with a Relay Agent Interface
3.3.4 Configuring the DHCP Relay Agent to Send a DHCP-Release Request
3.3.5 Configuring the DHCP Relay Agent Security Functions
3.3.6 Configuring the DHCP Relay Agent to Support Option 82
3.4 Displaying and Maintaining DHCP Relay Agent Configuration
3.5 DHCP Relay Agent Configuration Example
3.6 Troubleshooting DHCP Relay Agent Configuration
Chapter 4 DHCP Client Configuration
4.1 Introduction to DHCP Client
4.2 Enabling the DHCP Client on an Interface
4.3 Displaying and Maintaining the DHCP Client
4.4 DHCP Client Configuration Example
Chapter 5 DHCP Snooping Configuration
5.1.1 Function of DHCP Snooping
5.1.2 DHCP Snooping Support for Option 82
5.2 Configuring DHCP Snooping Basic Functions
5.3 Configuring DHCP Snooping to Support Option 82
5.3.2 Configuring DHCP Snooping to Support Option 82
5.4 Displaying and Maintaining DHCP Snooping
5.5 DHCP Snooping Configuration Example
Chapter 6 BOOTP Client Configuration
6.1 Introduction to BOOTP Client
6.1.2 Obtaining an IP Address Dynamically
6.2 Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP
6.3 Displaying and Maintaining BOOTP Client Configuration
6.4 BOOTP Client Configuration Example
Chapter 1 DHCP Overview
When configuring ARP, go to these sections for information you are interested in:
1.1 Introduction to DHCP
The fast expansion and growing complexity of networks result in scarce IP addresses assignable to hosts. Meanwhile, with the wide application of wireless networks, the frequent movement of laptops across networks requires that the IP addresses be changed accordingly. Therefore, related configurations on hosts become more complex. Dynamic Host Configuration Protocol (DHCP) was introduced to solve these problems.
DHCP is built on a client-server model, in which the client sends a configuration request and then the server returns a reply to send configuration parameters such as an IP address to the client.
A typical DHCP application, as shown in Figure 1-1, includes a DHCP server and multiple clients (PCs and laptops).
Figure 1-1 A typical DHCP application
& Note:
When residing in a different subnet from the DHCP server, the DHCP client can get the IP address and other configuration parameters from the server via a DHCP relay agent. For information about the DHCP relay agent, refer to Introduction to DHCP Relay Agent.
1.2 DHCP Address Allocation
1.2.1 Allocation Mechanisms
DHCP supports three mechanisms for IP address allocation.
l Manual allocation: The network administrator assigns an IP address to a client like a WWW server, and DHCP conveys the assigned address to the client.
l Automatic allocation: DHCP assigns a permanent IP address to a client.
l Dynamic allocation: DHCP assigns an IP address to a client for a limited period of time, which is called a lease. Most clients obtain their addresses in this way.
1.2.2 Dynamic IP Address Allocation Process
Figure 1-2 Dynamic IP address allocation process
As shown in the figure above, a DHCP client obtains an IP address from a DHCP server via four steps:
1) The client broadcasts a DHCP-DISCOVER message to locate a DHCP server.
2) A DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message. Refer to DHCP Message Format for related information.
3) If several DHCP servers send offers to the client, the client accepts the first received offer, and broadcasts it in a DHCP-REQUEST message to formally request the IP address.
4) All DHCP servers receive the DHCP-REQUEST message, but only the server to which the client sent a formal request for the offered IP address returns a DHCP-ACK message to the client, confirming that the IP address has been allocated to the client, or returns a DHCP-NAK unicast message, denying the IP address allocation.
& Note:
l After the client receives the DHCP-ACK message, it will probe whether the IP address assigned by the server is in use by broadcasting a gratuitous ARP packet. If the client receives no response within specified time, the client can use this IP address. Otherwise, the client sends a DHCP-DECLINE message to the server to request an IP address again.
l If there are multiple DHCP servers, IP addresses offered by other DHCP servers are assignable to other clients.
1.2.3 IP Address Lease Extension
The IP address dynamically allocated by a DHCP server to a client has a lease. After the lease duration elapses, the IP address will be reclaimed by the DHCP server. If the client wants to use the IP address again, it has to extend the lease duration.
After the half lease duration elapses, the DHCP client will send the DHCP server a DHCP-REQUEST unicast message to extend the lease duration. Upon availability of the IP address, the DHCP server returns a DHCP-ACK unicast confirming that the client’s lease duration has been extended, or a DHCP-NAK unicast denying the request.
If the client receives the DHCP-NAK message, it will broadcast another DHCP-REQUEST message for lease extension after 7/8 lease duration elapses. The DHCP server will handle the request as above mentioned.
1.3 DHCP Message Format
Figure 1-3 gives the DHCP message format, which is based on the BOOTP message format and involves eight types. These types of messages have the same format except that some fields have different values. The numbers in parentheses indicate the size of each field in bytes.
Figure 1-3 DHCP message format
l op: Message type defined in option field. 1 = REQUEST, 2 = REPLY
l htype,hlen: Hardware address type and length of a DHCP client.
l hops: Number of relay agents a request message traveled.
l xid: Transaction ID, a random number chosen by the client to identify an IP address allocation.
l secs: Filled in by the client, the number of seconds elapsed since the client began address acquisition or renewal process. Currently this field is reserved and set to 0.
l flags: The leftmost bit is defined as the BROADCAST (B) flag. If this flag is set to 0, the DHCP server sent a reply back by unicast; if this flag is set to 1, the DHCP server sent a reply back by broadcast. The remaining bits of the flags field are reserved for future use.
l ciaddr: Client IP address.
l yiaddr: 'your' (client) IP address, assigned by the server.
l siaddr: Server IP address, from which the clients obtained configuration parameters.
l giaddr: The first relay agent IP address a request message traveled.
l chaddr: Client hardware address.
l sname: The server host name, from which the client obtained configuration parameters.
l file: Bootfile name and routing information, defined by the server to the client.
l options: Optional parameters field that is variable in length, which includes the message type, lease, DNS IP address, WINS IP address and so forth.
1.4 DHCP Options
1.4.1 DHCP Options Overview
The DHCP message adopts the same format as the Bootstrap Protocol (BOOTP) message for compatibility, but differs from it in the option field, which identifies new features for DHCP.
DHCP uses the option field in DHCP messages to carry control information and network configuration parameters, implementing dynamic address allocation and providing more network configuration information for clients.
Figure 1-4 shows the DHCP option format.
1.4.2 Introduction to DHCP Options
The common DHCP options are:
l Option 6: DNS server option. It specifies the DNS server IP address to be assigned to the client.
l Option 51: IP address lease option.
l Option 53: DHCP message type option. It identifies the type of the DHCP message.
l Option 55: Parameter request list option. It is used by a DHCP client to request specified configuration parameters. The option contains values that correspond to the parameters requested by the client.
l Option 66: TFTP server name option. It specifies a TFTP server to be assigned to the client.
l Option 67: Bootfile name option. It specifies the bootfile name to be assigned to the client.
l Option 150: TFTP server IP address option. It specifies the TFTP server IP address to be assigned to the client.
For more information about DHCP options, refer to RFC 2132.
1.4.3 Self-Defined Options
Some options have no unified definitions in RFC 2132. The formats of some self-defined options are introduced as follows.
I. Relay agent option (Option 82)
Option 82 is the relay agent option in the option field of the DHCP message. It records the location information of the DHCP client. When a DHCP relay agent receives a client’s request, it adds Option 82 to the request message and sends it to the server.
The administrator can locate the DHCP client to further implement security control and accounting. The Option 82 supporting server can also use such information to define individual assignment policies of IP address and other parameters for the clients.
Option 82 involves at most 255 sub-options. At least one sub-option must be defined. Now the DHCP relay agent supports two sub-options: sub-option 1 (Circuit ID) and sub-option 2 (Remote ID).
Option 82 has no unified definition. Its padding formats vary with vendors. Currently the device supports two padding formats: normal and verbose.
1) Normal padding format
The padding contents for sub-options in the normal padding format are:
l sub-option 1: Padded with the VLAN ID and number of the port that received the client’s request. The following figure gives its format. The value of the sub-option type is 1, and that of the circuit ID type is 0.
Figure 1-5 Sub-option 1 in normal padding format
l sub-option 2: Padded with the MAC address of the interface that received the client’s request. The following figure gives its format. The value of the sub-option type is 2, and that of the remote ID type is 0.
Figure 1-6 Sub-option 2 in normal padding format
2) Verbose padding format:
The padding contents for sub-options in the verbose padding format are:
l sub-option 1: Padded with the user-specified access node identifier (ID of the device that adds Option 82 in DHCP messages), and type, number, and VLAN ID of the port that received the client’s request. Its format is shown in the following figure.
Figure 1-7 Sub-option 1 in verbose padding format
& Note:
In the above figure, except that the VLAN ID field has a fixed length of 2 bytes, all the other padding contents of sub-option 1 are length variable.
l sub-option 2: Padded with the MAC address of the interface that received the client’s request. It has the same format as that in normal padding format, as shown in Figure 1-6.
II. Option 184
Option 184 is a reserved option, and parameters in the option can be defined as needed. The device supports Option 184 carrying the voice related parameters, so a DHCP client with voice functions can get an IP address along with specified voice parameters from the DHCP server.
Option 184 involves the following sub-options:
l Sub-option 1: IP address of the primary network calling processor, which is a server serving as the network calling control source and providing program downloads.
l Sub-option 2: IP address of the backup network calling processor that DHCP clients will contact when the primary one is unreachable.
l Sub-option 3: Voice VLAN ID and the result whether DHCP clients take this ID as the voice VLAN or not.
l Sub-option 4: Failover route that specifies the destination IP address and the called number (SIP users use such IP addresses and numbers to communicate with each other) that a SIP user uses to reach another SIP user when both the primary and backup calling processors are unreachable.
& Note:
You must define the sub-option 1 to make other sub-options take effect.
1.5 Protocols and Standards
l RFC2131: Dynamic Host Configuration Protocol
l RFC2132: DHCP Options and BOOTP Vendor Extensions
l RFC1542: Clarifications and Extensions for the Bootstrap Protocol
l RFC 3046: DHCP Relay Agent Information Option
Chapter 2 DHCP Server Configuration
When configuring the DHCP server, go to these sections for information you are interested in:
l DHCP Server Configuration Task List
l Enabling the DHCP Server on an Interface
l Configuring an Address Pool for the DHCP Server
l Configuring the DHCP Server Security Functions
l Configuring the Handling Mode for Option 82
l Displaying and Maintaining the DHCP Server
l DHCP Server Configuration Examples
l Troubleshooting DHCP Server Configuration
& Note:
l The DHCP server configuration is supported only on VLAN interfaces and loopback interfaces. The secondary IP address pool configuration is not supported on loopback interfaces.
l DHCP Snooping must be disabled on the DHCP server.
2.1 Introduction to DHCP Server
2.1.1 Application Environment
The DHCP server is well suited to the network where:
l It is hard to implement manual configuration and centralized management.
l The hosts are more than the assignable IP addresses and it is impossible to assign a fixed IP address to each host. For example, an ISP limits the number of hosts to access the Internet at a time, so lots of hosts need to acquire IP addresses dynamically.
l A few hosts need fixed IP addresses.
2.1.2 DHCP Address Pool
I. Address pool structure
In response to a client’s request, the DHCP server selects an idle IP address from an address pool and sends it together with other parameters such as lease and DNS server address to the client.
The address pool database is organized as a tree. The root of the tree is the address pool for natural networks, branches are address pools for subnets, and leaves are addresses statically bound to clients. For the same level address pools, a previously configured pool has a higher selection priority than a new one.
At the very beginning, subnetworks inherit network parameters and clients inherit subnetwork parameters. Therefore, common parameters, for example a DNS server address, should be configured at the highest (network or subnetwork) level of the tree.
After establishment of the inheritance relationship, the new configuration at the higher level (father) of the tree will be:
l Inherited if the lower level (child) has no such configuration, or
l Overridden if the lower level (child) has such configuration.
& Note:
The IP address lease does not enjoy the inheritance attribute.
II. Principles for selecting an address pool
The DHCP server observes the following principles to select an address pool to assign IP addresses to clients:
1) If there is an address pool where an IP address is statically bound to the MAC address or ID of the client, the DHCP server will select this address pool and assign the statically bound IP address to the client. For the configuration of this address pool, refer to section Configuring manual address allocation.
2) Otherwise, the DHCP server will select the smallest address pool that contains the IP address of the receiving interface (if the client and the server reside in the same network segment), or the smallest address pool that contains the IP address specified in the giaddr field of the client’s request (if a DHCP relay agent is in-between). If no IP address is available in such address pool, the DHCP server will fail to assign an address to the client because it cannot assign an IP address from the father address pool to the client. For the configuration of such address pool, refer to section Configuring dynamic address allocation.
For example, two address pools are configured on the DHCP server. The ranges of IP addresses that can be dynamically assigned are 1.1.1.0/24 and 1.1.1.0/25 respectively. If the IP address of the interface receiving DHCP requests is 1.1.1.1/25, the DHCP server will select IP addresses for clients from the 1.1.1.0/25 address pool. If no IP address is available in the 1.1.1.0/25 address pool, the DHCP server will fail to assign addresses to clients. If the IP address of the interface receiving DHCP requests is 1.1.1.130/25, the DHCP server will select IP addresses for clients from the 1.1.1.0/24 address pool.
& Note:
Keep the IP addresses for dynamic allocation within the subnet where the interface of the DHCP server resides to avoid wrong IP address allocation.
2.1.3 IP Address Allocation Sequence
A DHCP server assigns an IP address to a client according to the following sequence:
1) The IP address manually bound to the client’s MAC address or ID
2) The IP address that was ever assigned to the client
3) The IP address designated by the Option 50 field in a DHCP-DISCOVER message
4) The first assignable IP address found in a proper DHCP address pool
5) The IP address that was a conflict or passed its lease duration
If no IP address is assignable, the server will not respond.
2.2 DHCP Server Configuration Task List
Complete the following tasks to configure the DHCP server:
|
Remarks |
|
|
Required |
|
|
Optional |
|
|
Required |
|
|
Optional |
|
|
Optional |
2.3 Enabling DHCP
Enable DHCP before performing other configurations.
Follow these steps to enable DHCP:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable DHCP |
dhcp enable |
Required Disabled by default. |
2.4 Enabling the DHCP Server on an Interface
With the DHCP server enabled on an interface, upon receiving a client’s request, the DHCP server will assign an IP address from its address pool to the DHCP client.
Follow these steps to enable the DHCP server on an interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable the DHCP server on an interface |
dhcp select server global-pool [ subaddress ] |
Optional Enabled by default. |
& Note:
The subaddress keyword is valid only when the server and client are on the same subnet. If a DHCP relay agent exists in between, regardless of subaddress, the DHCP server will select an IP address from the address pool of the subnet which contains the primary IP address of the DHCP relay agent’s interface (connected to the client).
When the DHCP server and client are on the same subnet, the server will:
l With subaddress specified, assign an IP address from the address pool of the subnet which the secondary IP address of the server’s interface connected to the client belongs to, or assign from the first secondary IP address if several secondary IP addresses exist. If no secondary IP address is configured for the interface, the server is unable to assign an IP address to the client.
l Without subaddress specified, assign an IP address from the address pool of the subnet which the primary IP address of the server’s interface (connected to the client) belongs to.
2.5 Configuring an Address Pool for the DHCP Server
2.5.1 Configuration Task List
Complete the following tasks to configure an address pool:
|
Task |
Remarks |
|
|
Required |
||
|
Required to configure either of the two |
||
|
Optional |
||
|
Configuring WINS Servers and NetBIOS Node Type for the Client |
||
|
Configuring Option 184 Parameters for the Client with Voice Service |
||
|
Configuring the TFTP Server and Bootfile Name for the Client |
||
2.5.2 Creating a DHCP Address Pool
Follow these steps to create a DHCP address pool:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create a DHCP address pool and enter its view |
dhcp server ip-pool pool-name |
Required No DHCP address pool is created by default. |
2.5.3 Configuring an Address Allocation Mode
Caution:
You can configure either the static binding or dynamic address allocation for an address pool as needed.
It is required to specify an address range for the dynamic address allocation. A static binding is a special address pool containing only one IP address.
I. Configuring manual address allocation
Some DHCP clients such as a WWW server need fixed IP addresses. You can create a static binding of a client’s MAC or ID to IP address in the DHCP address pool.
When the client with the MAC address or ID requests an IP address, the DHCP server will find the IP address from the binding for the client.
A DHCP address pool now supports only one static binding, which can be a MAC-to-IP or ID-to-IP binding.
Follow these steps to configure the static binding in a DHCP address pool:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
|
Bind IP addresses statically |
static-bind ip-address ip-address [ mask-length | mask mask ] |
Required No IP addresses are statically bound by default. |
|
|
Bind MAC addresses or IDs statically |
Specify the MAC address |
static-bind mac-address mac-address |
Required to configure either of the two Neither is bound statically by default. |
|
Specify the ID |
static-bind client-identifier client-identifier |
||
& Note:
l Use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier command to accomplish a static binding configuration.
l In a DHCP address pool, if you execute the static-bind mac-address command before the static-bind client-identifier command, the latter will overwrite the former and vice versa.
l If you use the static-bind ip-address, static-bind mac-address, or static-bind client-identifier command repeatedly in the DHCP address pool, the new configuration will overwrite the previous one.
l The IP address of the static binding cannot be an interface address of the DHCP server. Otherwise, an IP address conflict may occur and the bound client cannot obtain an IP address correctly.
l The ID of the static binding must be identical to the ID displayed by using the display dhcp client verbose command on the client. Otherwise, the client cannot obtain an IP address.
II. Configuring dynamic address allocation
You need to specify one and only one address range using a mask for the dynamic address allocation.
To avoid address conflicts, the DHCP server excludes IP addresses used by the GW, FTP server and so forth from dynamic allocation.
You can specify the lease duration for a DHCP address pool different from others, and a DHCP address pool can only have the same lease duration. A lease does not enjoy the inheritance attribute.
Follow these steps to configure the dynamic address allocation:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify an IP address range |
network network-address [ mask-length | mask mask ] |
Required Not specified by default, meaning no assignable address. |
|
Specify the address lease duration |
expired { day day [ hour hour [ minute minute ] ] | unlimited } |
Optional One day by default. |
|
Return to system view |
quit |
— |
|
Exclude IP addresses from automatic allocation |
dhcp server forbidden-ip low-ip-address [ high-ip-address ] |
Optional Except IP addresses of the DHCP server interfaces, all addresses in the DHCP address pool are assignable by default. |
& Note:
l In DHCP address pool view, using the network command repeatedly overwrites the previous configuration.
l Using the dhcp server forbidden-ip command repeatedly can specify multiple IP address ranges not assignable.
2.5.4 Configuring a Domain Name Suffix for the Client
You can specify a domain name suffix in each DHCP address pool on the DHCP server to provide the clients with the domain name suffix. With this suffix assigned, the client needs only input part of a domain name, and the system will add the domain name suffix for name resolution. For details about DNS, refer to DNS Configuration of this manual.
Follow these steps to configure a domain name suffix in the DHCP address pool:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter the DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify a domain name suffix for the client |
domain-name domain-name |
Required Not specified by default. |
2.5.5 Configuring DNS Servers for the Client
When a DHCP client wants to access a host on the Internet via the host name, it contacts a Domain Name System (DNS) server holding host name-to-IP address mappings to get the host IP address. You can specify up to eight DNS servers in the DHCP address pool.
Follow these steps to configure DNS servers in the DHCP address pool:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify DNS servers for the client |
dns-list ip-address&<1-8> |
Required Not specified by default. |
2.5.6 Configuring WINS Servers and NetBIOS Node Type for the Client
A Microsoft DHCP client using NetBIOS protocol contacts a Windows Internet Naming Service (WINS) server for name resolution. Therefore, the DHCP server should assign a WINS server address when assigning an IP address to the client.
You can specify up to eight WINS servers in a DHCP address pool.
You need to specify in a DHCP address pool a NetBIOS node type for the client to approach name resolution. There are four NetBIOS node types:
l b (broadcast)-node: The b-node client sends the destination name in a broadcast message. The destination returns its IP address to the client after receiving the message.
l p (peer-to-peer)-node: The p-node client sends the destination name in a unicast message to the WINS server, and the WINS server returns the destination IP address.
l m (mixed)-node: A combination of broadcast first and peer-to-peer second. The m-node client broadcasts the destination name, if no response, then unicasts the destination name to the WINS server to get the destination IP address.
l h (hybrid)-node: A combination of peer-to-peer first and broadcast second. The h-node client unicasts the destination name to the WINS server, if no response, then broadcasts it to get the destination IP address.
Follow these steps to configure WINS servers and NetBIOS node type in the DHCP address pool:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify WINS server IP addresses for the client |
nbns-list ip-address&<1-8> |
Required (optional for b-node) No address is specified by default. |
|
Specify the NetBIOS node type |
netbios-type { b-node | h-node | m-node | p-node } |
Required Not specified by default. |
& Note:
If b-node is specified for the client, you need to specify no WINS server address.
2.5.7 Configuring the BIMS Server Information for the Client
A DHCP client performs regular software update and backup using configuration files obtained from a branch intelligent management system (BIMS) server. Therefore, the DHCP server needs to offer DHCP clients the BIMS server IP address, port number, shared key from the DHCP address pool.
Follow these steps to configure the BIMS server IP address, port number, and shared key in the DHCP address pool:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify the BIMS server IP address, port number, and shared key |
bims-server ip ip-address [ port port-number ] sharekey key |
Required Not specified by default. |
2.5.8 Configuring Gateways for the Client
DHCP clients that want to access hosts outside the local subnet request gateways to forward data. You can specify gateways in each address pool for clients and the DHCP server will assign gateway addresses while assigning an IP address to the client. Up to eight gateways can be specified in a DHCP address pool.
Follow these steps to configure the gateways in the DHCP address pool:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify gateways |
gateway-list ip-address&<1-8> |
Required No gateway is specified by default. |
2.5.9 Configuring Option 184 Parameters for the Client with Voice Service
To assign voice calling parameters along with an IP address to DHCP clients with voice service, you need to configure Option 184 on the DHCP server. For information about Option 184, refer to Option 184.
If option 55 in the request from a DHCP client contains option 184, the DHCP server will return parameters specified in option 184 to the client. The client then can initiate a call using parameters in Option 184.
Follow these steps to configure option 184 parameters in the DHCP address pool:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify the IP address of the primary network calling processor |
voice-config ncp-ip ip-address |
Required Not specified by default. |
|
Specify the IP address of the backup network calling processor |
voice-config as-ip ip-address |
Optional Not specified by default. |
|
Configure the voice VLAN |
voice-config voice-vlan vlan-id { disable | enable } |
Optional Not configured by default. |
|
Specify the failover IP address |
voice-config fail-over ip-address dialer-string |
Optional No failover IP address is specified by default. |
& Note:
Specify an IP address for the network calling processor before performing other configuration.
2.5.10 Configuring the TFTP Server and Bootfile Name for the Client
This task is to specify the IP address and name of a TFTP server and the bootfile name in the DHCP address pool. The DHCP clients use these parameters to contact the TFTP server, requesting the configuration file used for system initialization, which is called auto-configuration. The request process of the client is described below:
1) When a router starts up without loading any configuration file, the system sets an active interface (such as the VLAN interface of the default VLAN) as the DHCP client to request from the DHCP server parameters such as an IP address and name of a TFTP server, and the bootfile name.
2) After getting related parameters, the DHCP client will send a TFTP request to obtain the configuration file from the specified TFTP server for system initialization. If the client cannot get such parameters, it will perform system initialization without loading any configuration file.
To implement auto-configuration, you need to specify the IP address and name of a TFTP server and the bootfile name in the DHCP address pool on the DHCP server, but you do not need to perform any configuration on the DHCP client.
When option 55 in the requesting client message contains parameters of option 66, option 67, or option 150, the DHCP server will return the IP address and name of the specified TFTP server, and bootfile name to the client.
Follow these steps to configure the IP address and name of the TFTP server and the bootfile name in the DHCP address pool:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Specify the TFTP server |
tftp-server ip-address ip-address |
Optional Not specified by default. |
|
Specify the name of the TFTP server |
tftp-server domain-name domain-name |
Optional Not specified by default. |
|
Specify the bootfile name |
bootfile-name bootfile-name |
Optional Not specified by default. |
2.5.11 Configuring Self-Defined DHCP Options
By configuring self-defined DHCP options, you can
l Define new DHCP options. New configuration options will come out with DHCP development. To support these new options, you can add them into the attribute list of the DHCP server.
l Define existing DHCP options. Some options have no unified definitions in RFC 2132; however, vendors can define such options as needed. The self-defined DHCP option enables DHCP clients to obtain vendor-specific information.
l Extend existing DHCP options. When the current DHCP options cannot meet the customers’ requirements (for example, you cannot use the dns-list command to configure more than eight DNS server addresses), you can configure a self defined option for extension.
Follow these steps to configure a self-defined DHCP option in the DHCP address pool:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter DHCP address pool view |
dhcp server ip-pool pool-name |
— |
|
Configure a self-defined DHCP option |
option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } |
Required No DHCP option is configured by default. |
Table 2-1 Description of common options
|
Option |
Option name |
Corresponding command |
Command parameter |
|
3 |
Router Option |
gateway-list |
ip-address |
|
6 |
Domain Name Server Option |
dns-list |
ip-address |
|
15 |
Domain Name |
domain-name |
ascii |
|
44 |
NetBIOS over TCP/IP Name Server Option |
nbns-list |
ip-address |
|
46 |
NetBIOS over TCP/IP Node Type Option |
netbios-type |
hex |
|
51 |
IP Address Lease Time |
expired |
hex |
|
58 |
Renewal (T1) Time Value |
expired |
hex |
|
59 |
Rebinding (T2) Time Value |
expired |
hex |
|
66 |
TFTP server name |
tftp-server |
ascii |
|
67 |
Bootfile name |
bootfile-name |
ascii |
|
43 |
Vendor Specific Information |
— |
hex |
Caution:
l Be cautious when configuring self-defined DHCP options because such configuration may affect the DHCP operation process.
l When you use self-defined option (Option 51) to configure the IP address lease duration, convert the lease duration into seconds in hexadecimal notation.
2.6 Configuring the DHCP Server Security Functions
This configuration is necessary to secure DHCP services on the DHCP server.
2.6.1 Configuration Prerequisites
Before performing this configuration, complete the following configuration on the DHCP server:
l Enable DHCP
l Configure the DHCP address pool
2.6.2 Enabling Unauthorized DHCP Server Detection
There are unauthorized DHCP servers on networks, which reply DHCP clients with wrong IP addresses.
With this feature enabled, when receiving a DHCP message with the siaddr field not being 0 from a client, the DHCP server will record the value of the siaddr field in the message and the receiving interface. The administrator can use this information to check out any DHCP unauthorized servers.
Follow these steps to enable unauthorized DHCP server detection:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable unauthorized DHCP server detection |
dhcp server detect |
Required Disabled by default. |
& Note:
With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server. The administrator needs to find unauthorized DHCP servers from the log information.
2.6.3 Configuring IP Address Conflict Detection
To avoid IP address conflicts, the DHCP server checks whether the address to be assigned is in use via sending ping packets.
The DHCP server pings the IP address to be assigned using ICMP. If the server gets a response within the specified period, the server will ping another IP address; otherwise, the server will ping the IP addresses once again until the specified number of ping packets are sent. If still no response, the server will assign the IP address to the requesting client (The DHCP client probes the IP address by sending gratuitous ARP packets).
Follow these steps to configure IP address conflict detection:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Specify the number of ping packets |
dhcp server ping packets number |
Optional One ping packet by default. The value 0 indicates that no ping operation is performed. |
|
Configure a timeout waiting for ping responses |
dhcp server ping timeout milliseconds |
Optional 500 ms by default. The value 0 indicates that no ping operation is performed. |
2.7 Configuring the Handling Mode for Option 82
When the DHCP server receives a message with Option 82, if the server is configured to handle Option 82, it will return a response message carrying Option 82 to assign an IP address to the requesting client.
If the server is configured to ignore Option 82, it will assign an IP address to the client without adding Option 82 in the response message.
I. Configuration prerequisites
Before performing this configuration, complete the following configuration on the DHCP server:
l Enable DHCP
l Configure the DHCP address pool
II. Configuring the handling mode for Option 82
Follow these steps to enable the DHCP server to handle Option 82:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the server to handle Option 82 |
dhcp server relay information enable |
Optional Enabled by default. |
& Note:
To support Option 82, it is required to perform configuration on both the DHCP server and relay agent (or the device enabled with DHCP Snooping). Refer to Configuring the DHCP Relay Agent to Support Option 82 and Configuring DHCP Snooping to Support Option 82 for related configuration details.
2.8 Displaying and Maintaining the DHCP Server
|
To do… |
Use the command… |
Remarks |
|
Display information about IP address conflicts |
display dhcp server conflict { all | ip ip-address } |
Available in any view |
|
Display information about lease expiration |
display dhcp server expired { all | ip ip-address | pool [ pool-name ] } |
|
|
Display information about assignable IP addresses |
display dhcp server free-ip |
|
|
Display IP addresses excluded from dynamic allocation in the DHCP address pool |
display dhcp server forbidden-ip |
|
|
Display information about bindings |
display dhcp server ip-in-use { all | ip ip-address | pool [ pool-name ] } |
|
|
Display information about DHCP server statistics |
display dhcp server statistics |
|
|
Display information about the address pool tree organization |
display dhcp server tree { all | pool [ pool-name ] } |
|
|
Clear information about IP address conflicts |
reset dhcp server conflict { all | ip ip-address } |
Available in user view |
|
Clear information about dynamic bindings |
reset dhcp server ip-in-use { all | ip ip-address | pool [ pool-name ] } |
|
|
Clear information about DHCP server statistics |
reset dhcp server statistics |
& Note:
Using the save command does not save DHCP server lease information. Therefore, when the system boots up or the reset dhcp server ip-in-use command is executed, no lease information will be available in the configuration file. In this case, the server will deny the request for lease extension from a client and the client needs to request an IP address again.
2.9 DHCP Server Configuration Examples
DHCP networking involves two types:
l The DHCP server and client are on the same subnet and exchange messages directly.
l The DHCP server and client are not on the same subnet and they communicate with each other via a DHCP relay agent.
The DHCP server configuration for the two types is the same.
I. Network requirements
l The DHCP server (Switch A) assigns IP address to clients in subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25.
l The IP addresses of VLAN-interfaces 1 and 2 on Switch A are 10.1.1.1/25 and 10.1.1.129/25 respectively.
l In the address pool 10.1.1.0/25, the address lease duration is ten days and twelve hours, domain name suffix aabbcc.com, DNS server address 10.1.1.2, gateway 10.1.1.126, and WINS server 10.1.1.4.
l In the address pool 10.1.1.128/25, the address lease duration is five days, domain name suffix aabbcc.com, DNS server address 10.1.1.2, and gateway address 10.1.1.254, and there is no WINS server address.
l The domain name and DNS server address on the subnets 10.1.1.0/25 and 10.1.1.128/25 are the same. Therefore, the domain name suffix and DNS server address can be configured only for the subnet 10.1.1.0/24. The subnet 10.1.1.128/25 can inherit the configuration of the subnet 10.1.1.0/24.
& Note:
In this example, the number of requesting clients connected to VLAN-interface 1 should be less than 122, and that of clients connected to VLAN-interface 2 less than 124.
II. Network diagram
Figure 2-1 DHCP network diagram
III. Configuration procedure
Specify IP addresses for VLAN interfaces (omitted).
Configure the DHCP server
# Enable DHCP.
<SwitchA> system-view
[SwitchA] dhcp enable
# Exclude IP addresses (addresses of the DNS server, WINS server and gateways).
[SwitchA] dhcp server forbidden-ip 10.1.1.2
[SwitchA] dhcp server forbidden-ip 10.1.1.4
[SwitchA] dhcp server forbidden-ip 10.1.1.126
[SwitchA] dhcp server forbidden-ip 10.1.1.254
# Configure DHCP address pool 0 (address range, client domain name suffix, and DNS server address).
[SwitchA] dhcp server ip-pool 0
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0
[SwitchA-dhcp-pool-0] domain-name aabbcc.com
[SwitchA-dhcp-pool-0] dns-list 10.1.1.2
[SwitchA-dhcp-pool-0] quit
# Configure DHCP address pool 1 (address range, gateway, lease duration, and WINS server).
[SwitchA] dhcp server ip-pool 1
[SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128
[SwitchA-dhcp-pool-1] gateway-list 10.1.1.126
[SwitchA-dhcp-pool-1] expired day 10 hour 12
[SwitchA-dhcp-pool-2] nbns-list 10.1.1.4
[SwitchA-dhcp-pool-1] quit
# Configure DHCP address pool 2 (address range, gateway, and lease duration).
[SwitchA] dhcp server ip-pool 2
[SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128
[SwitchA-dhcp-pool-2] expired day 5
[SwitchA-dhcp-pool-2] gateway-list 10.1.1.254
2.10 Troubleshooting DHCP Server Configuration
I. Symptom
A client’s IP address obtained from the DHCP server conflicts with another IP address.
II. Analysis
A host on the subnet may have the same IP address.
III. Solution
1) Disconnect the client’s network cable and ping the client’s IP address on another host with a long timeout time to check whether there is a host using the same IP address.
2) If a ping response is received, the IP address has been manually configured on the host. Execute the dhcp server forbidden-ip command on the DHCP server to exclude the IP address from dynamic allocation.
3) Connect the client’s network cable. Release the IP address and obtain another one on the client. Take WINDOW XP as an example, run cmd to enter into DOS window. Type ipconfig/release to relinquish the IP address and then ipconfig/renew to obtain another IP address.
Chapter 3 DHCP Relay Agent Configuration
When configuring the DHCP relay agent, go to these sections for information you are interested in:
l Introduction to DHCP Relay Agent
l Configuring the DHCP Relay Agent
l Displaying and Maintaining DHCP Relay Agent Configuration
l DHCP Relay Agent Configuration Example
l Troubleshooting DHCP Relay Agent Configuration
l The DHCP relay agent configuration is supported only VLAN interfaces.
l DHCP Snooping must be disabled on the DHCP relay agent.
3.1 Introduction to DHCP Relay Agent
3.1.1 Application Environment
Since DHCP clients request IP addresses via broadcast messages, the DHCP server and clients must be on the same subnet. Therefore, a DHCP server must be available on each subnet. It is not practical.
DHCP relay agent solves the problem. Via a relay agent, DHCP clients communicate with a DHCP server on another subnet to obtain configuration parameters. Thus, DHCP clients on different subnets can contact the same DHCP server for ease of centralized management and cost reduction.
3.1.2 Fundamentals
Figure 3-1 shows a typical application of the DHCP relay agent.
Figure 3-1 DHCP relay agent application
No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section Dynamic IP Address Allocation Process). The following describes the forwarding process on the DHCP relay agent.
Figure 3-2 DHCP relay agent work process
As shown in the figure above, the DHCP relay agent works as follows:
1) After receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client, the DHCP relay agent fills the giaddr field of the message with its IP address and forwards the message to the designated DHCP server in unicast mode.
2) Based on the giaddr field, the DHCP server returns an IP address and other configuration parameters to the relay agent, which conveys them to the client.
3.1.3 DHCP Relay Agent Support for Option 82
Option 82 records the location information of the DHCP client. The administrator can locate the DHCP client to further implement security control and accounting. For more information, refer to Relay agent option (Option 82).
If the DHCP relay agent supports Option 82, it will handle a client’s request according to the contents defined in Option 82, if any. The handling strategies are described in the table below.
If a reply returned by the DHCP server contains Option 82, the DHCP relay agent will remove the Option 82 before forwarding the reply to the client.
|
If a client’s requesting message has… |
Handling strategy |
Padding format |
The DHCP relay agent will… |
|
Option 82 |
Drop |
Random |
Drop the message. |
|
Keep |
Random |
Forward the message without changing Option 82. |
|
|
Replace |
normal |
Forward the message after replacing the original Option 82 with the Option 82 padded in normal format. |
|
|
verbose |
Forward the message after replacing the original Option 82 with the Option 82 padded in verbose format. |
||
|
no Option 82 |
— |
normal |
Forward the message after adding the Option 82 padded in normal format. |
|
— |
verbose |
Forward the message after adding the Option 82 padded in verbose format. |
3.2 Configuration Task List
Complete the following tasks to configure the DHCP relay agent:
|
Task |
Remarks |
|
Required |
|
|
Required |
|
|
Correlating a DHCP Server Group with a Relay Agent Interface |
Required |
|
Configuring the DHCP Relay Agent to Send a DHCP-Release Request |
Optional |
|
Optional |
|
|
Optional |
3.3 Configuring the DHCP Relay Agent
3.3.1 Enabling DHCP
Enable DHCP before performing other DHCP-related configurations.
Follow these steps to enable DHCP:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable DHCP |
dhcp enable |
Required Disabled by default. |
3.3.2 Enabling the DHCP Relay Agent on an Interface
With this task completed, upon receiving a DHCP request from the enabled interface, the relay agent will forward the request to a DHCP server for address allocation.
Follow these steps to enable the DHCP relay agent on an interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
Interface interface-type interface-number |
— |
|
Enable the DHCP relay agent on the current interface |
dhcp select relay |
Required With DHCP enabled, interfaces work in the DHCP server mode. |
& Note:
If the DHCP client obtains an IP address via the DHCP relay agent, the address pool of the subnet which the IP address of the DHCP relay agent belongs to must be configured on the DHCP server. Otherwise, the DHCP client cannot obtain a correct IP address.
3.3.3 Correlating a DHCP Server Group with a Relay Agent Interface
To improve reliability, you can specify several DHCP servers as a group on the DHCP relay agent and correlate a relay agent interface with the server group. When the interface receives requesting messages from clients, the relay agent will forward them to all the DHCP servers of the group.
Follow these steps to correlate a DHCP server group with a relay agent interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create a DHCP server group and add a server into the group |
dhcp relay server-group group-id ip ip-address |
Required Not created by default. |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Correlate the DHCP server group with the current interface |
dhcp relay server-select group-id |
Required By default, no interface is correlated with any DHCP server group. |
& Note:
l You can specify at most twenty DHCP server groups on the relay agent and at most eight DHCP server addresses for each DHCP server group.
l The IP addresses of DHCP servers and those of relay agent’s interfaces cannot be on the same subnet. Otherwise, the client cannot obtain an IP address.
l A DHCP server group can correlate with one or multiple DHCP relay agent interfaces, while a relay agent interface can only correlate with one DHCP server group. Using the dhcp relay server-select command repeatedly overwrites the previous configuration. However, if the specified DHCP server group does not exist, the interface still uses the previous correlation.
l The group-id in the dhcp relay server-select command was specified by the dhcp relay server-group command.
3.3.4 Configuring the DHCP Relay Agent to Send a DHCP-Release Request
Sometimes, you need to release a client’s IP address manually on the DHCP relay agent. With this task completed, the DHCP relay agent can actively send a DHCP-RELEASE request that contains the client’s IP address to be released. Upon receiving the DHCP-RELEASE request, the DHCP server then releases the IP address for the client.
Follow these steps to configure the DHCP relay agent in system view to send a DHCP-RELEASE request:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the DHCP relay agent to send a DHCP-RELEASE request |
dhcp relay release ip client-ip |
Required |
3.3.5 Configuring the DHCP Relay Agent Security Functions
I. Creating static bindings and enable IP address check
The DHCP relay agent can dynamically record clients’ IP-to-MAC bindings after clients get IP addresses. It also supports static bindings, which means you can manually configure IP-to-MAC bindings on the DHCP relay agent, so that users can access external network using fixed IP addresses.
For avoidance of invalid IP address configuration, you can configure the DHCP relay agent to check whether a requesting client’s IP and MAC addresses match a binding on it (both dynamic and static bindings). If not, the client cannot access outside networks via the DHCP relay agent.
Follow these steps to create a static binding and enable IP address check:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create a static binding |
dhcp relay security static ip-address mac-address |
Optional No static binding is created by default. |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable invalid IP address check |
dhcp relay address-check { disable | enable } |
Required Disabled by default. |
& Note:
l The dhcp relay address-check enable command is independent of other commands of the DHCP relay agent. That is, the invalid address check takes effect when this command is executed, regardless of whether other commands are used.
l You are recommended to configure IP address check on the interface enabled with the DHCP relay agent; otherwise, the valid DHCP clients may not be capable of accessing networks.
II. Configuring dynamic binding update interval
Via the DHCP relay agent, a DHCP client sends a DHCP-RELEASE unicast message to the DHCP server to relinquish its IP address. In this case the DHCP relay agent simply conveys the message to the DHCP server, thus it does not remove the IP address from its bindings. To solve this, the DHCP relay agent can update dynamic bindings at a specified interval.
The DHCP relay agent uses the IP address of a client and the MAC address of the DHCP relay interface to regularly send a DHCP-REQUEST message to the DHCP server.
l If the server returns a DHCP-ACK message or does not return any message within a specified interval, which means the IP address is assignable now, the DHCP relay agent will update its bindings by aging out the binding entry of the IP address.
l If the server returns a DHCP-NAK message, which means the IP address is still in use, the relay agent will not age it out.
Follow these steps to configure dynamic binding update interval:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure binding update interval |
dhcp relay security tracker { interval | auto } |
Optional auto by default. (auto interval is calculated by the relay agent according to the number of bindings.) |
III. Enabling unauthorized DHCP servers detection
There are unauthorized DHCP servers on networks, which reply DHCP clients with wrong IP addresses.
With this feature enabled, upon receiving a DHCP message with the siaddr field (IP address of the server assigning IP addresses to clients) not being 0 from a client, the DHCP relay agent will record the value of the siaddr field and the information on the interface receiving the DHCP message. The administrator can use this information to check out any DHCP unauthorized servers.
Follow these steps to enable unauthorized DHCP server detection:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable unauthorized DHCP server detection |
dhcp relay server-detect |
Required Disabled by default. |
& Note:
With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server. The administrator needs to find unauthorized DHCP servers from the log information. After the recorded information of a DHCP server is cleared, a new record will be put for the DHCP server.
3.3.6 Configuring the DHCP Relay Agent to Support Option 82
I. Prerequisites
You need to complete the following tasks before configuring the DHCP relay agent to support Option 82.
l Enabling DHCP
l Enabling the DHCP relay agent on the specified interface
l Correlating a DHCP server group with relay agent interfaces
II. Configuring the DHCP relay agent to support Option 82
Follow these steps to configure the DHCP relay agent to support Option 82:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable the relay agent to support Option 82 |
dhcp relay information enable |
Required Disabled by default. |
|
Configure the handling strategy for requesting messages containing Option 82 |
dhcp relay information strategy { drop | keep | replace } |
Optional replace by default. |
|
Configure the padding format for Option 82 |
dhcp relay information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } |
Optional normal by default. |
& Note:
l To support Option 82, it is required to perform related configuration on both the DHCP server and relay agent. Refer to Configuring the Handling Mode for Option 82 for DHCP server configuration of this kind.
l If the handling strategy of the DHCP relay agent is configured as replace, you need to configure a padding format for Option 82. If the handling strategy is keep or drop, you need not configure any padding format.
l If sub-option 1 (node identifier) of Option 82 is padded with the device name (sysname) of a node, the device name must contain no spaces. Otherwise, the DHCP relay agent will drop the message.
3.4 Displaying and Maintaining DHCP Relay Agent Configuration
|
To do… |
Use the command… |
Remarks |
|
Display information about DHCP server groups correlated to a specified or all interfaces |
display dhcp relay { all | interface interface-type interface-number } |
Available in any view |
|
Display information about bindings of DHCP relay agents |
display dhcp relay security [ ip-address | dynamic | static ] |
Available in any view |
|
Display statistics information about bindings of DHCP relay agents |
display dhcp relay security statistics |
Available in any view |
|
Display information about the refreshing interval for entries of dynamic IP-to-MAC bindings |
display dhcp relay security tracker |
Available in any view |
|
Display information about the configuration of a specified or all DHCP server groups |
display dhcp relay server-group { group-id | all } |
Available in any view |
|
Display packet statistics on relay agent |
display dhcp relay statistics [ server-group { group-id | all } ] |
Available in user view |
|
Clear packet statistics from relay agent |
reset dhcp relay statistics [ server-group group-id ] |
Available in user view |
3.5 DHCP Relay Agent Configuration Example
I. Network requirements
VLAN-interface 1 on the DHCP relay agent (Switch A) connects to the network where DHCP clients reside. The IP address of VLAN-interface 1 is 10.10.1.1/24 and IP address of VLAN-interface 2 is 10.1.1.2/24 that communicates with the DHCP server 10.1.1.1/24. As shown in the figure below, Switch A forwards messages between DHCP clients and the DHCP server.
II. Network diagram
Figure 3-3 Network diagram for DHCP relay agent
III. Configuration procedure
# Enable DHCP.
<SwitchA> system-view
[SwitchA] dhcp enable
# Enable the DHCP relay agent on VLAN-interface 1.
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] dhcp select relay
[SwitchA-Vlan-interface1] quit
# Configure DHCP server group 1 with the DHCP server 10.1.1.1, and correlate the DHCP server group 1 with VLAN-interface 1.
[SwitchA] dhcp relay server-group 1 ip 10.1.1.1
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] dhcp relay server-select 1
& Note:
l Performing the configuration on the DHCP server is also required to guarantee the client-server communication via the relay agent. Refer to DHCP Server Configuration Examples for DHCP server configuration information.
l If the DHCP relay agent and server are on different subnets, routes in between must be reachable.
3.6 Troubleshooting DHCP Relay Agent Configuration
I. Symptom
DHCP clients cannot obtain any configuration parameters via the DHCP relay agent.
II. Analysis
Some problems may occur with the DHCP relay agent or server configuration. Enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information for locating the problem.
III. Solution
Check that:
l The DHCP is enabled on the DHCP server and relay agent.
l The address pool on the same subnet where DHCP clients reside is available on the DHCP server.
l The routes between the DHCP server and DHCP relay agent are reachable.
l The relay agent interface connected to DHCP clients is correlated with correct DHCP server group and IP addresses for the group members are correct.
Chapter 4 DHCP Client Configuration
When configuring the DHCP client, go to these sections for information you are interested in:
l Enabling the DHCP Client on an Interface
l Displaying and Maintaining the DHCP Client
l DHCP Client Configuration Example
& Note:
l The DHCP client configuration is supported only on VLAN interfaces.
l You are not recommended to enable both the DHCP client and the DHCP Snooping on the same device. Otherwise, DHCP Snooping entries may fail to be generated, or the DHCP client may fail to obtain an IP address.
4.1 Introduction to DHCP Client
With the DHCP client enabled on an interface, the interface will use DHCP to obtain configuration parameters such as an IP address from the DHCP server.
For S3610&S5510 series Ethernet switches (operating as DHCP clients), the vendor and device information contained in Option 60 of DHCP requests is not configurable; instead, it is determined by the application program of the switches. Refer to Table 4-1 for different information added in Option 60 based on device models.
Table 4-1 Description on the vendor and device information in Option 60
|
Device Model |
Vendor and device information |
|
S3610-28TP |
H3C. H3C S3610-28TP |
|
S3610-28P |
H3C. H3C S3610-28P |
|
S3610-28F |
H3C. H3C S3610-28F |
|
S3610-52P |
H3C. H3C S3610-52P |
|
S3610-52M-AC |
H3C. H3C S3610-52M |
|
S3610-52M-DC |
H3C. H3C S3610-52M |
|
S5510-24F |
H3C. H3C S5510-24F |
|
S5510-24P |
H3C. H3C S5510-24P |
4.2 Enabling the DHCP Client on an Interface
Follow these steps to enable the DHCP client on an interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable the DHCP client on the interface |
ip address dhcp-alloc [ client-identifier mac interface-type interface-number ] |
Required Disabled by default. |
& Note:
l An interface can be configured to acquire an IP address in multiple ways, but these ways are exclusive. The latest configuration will overwrite the previous configuration.
l After the DHCP client is enabled on an interface, no secondary IP address is configurable for the interface.
l If the IP address assigned by the DHCP server shares a network segment with the IP addresses of other interfaces on the device, the DHCP client enabled interface will not request any IP address of the DHCP server unless the conflicted IP address is manually deleted and the interface is made UP again by first executing the shutdown command and then the undo shutdown command or the DHCP client is enabled on the interface by executing the undo ip address dhcp-alloc and ip address dhcp-alloc commands in sequence.
4.3 Displaying and Maintaining the DHCP Client
|
To do… |
Use the command… |
Remarks |
|
Display specified configuration information |
display dhcp client [ verbose ] [ interface interface-type interface-number ] |
Available in any view |
4.4 DHCP Client Configuration Example
I. Network requirements
On a LAN, Switch B contacts the DHCP server via VLAN-interface 1 to obtain an IP address.
II. Network diagram
III. Configuration procedure
The following is the configuration on Switch B shown in Figure 2-1.
# Enable the DHCP client on VLAN-interface 1.
<SwitchB> system-view
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address dhcp-alloc
& Note:
To implement the DHCP client-server model, you need to perform related configuration on the DHCP server. For details, refer to DHCP Server Configuration Examples.
Chapter 5 DHCP Snooping Configuration
When configuring DHCP snooping, go to these sections for information you are interested in:
l Configuring DHCP Snooping Basic Functions
l Configuring DHCP Snooping to Support Option 82
l Displaying and Maintaining DHCP Snooping
l DHCP Snooping Configuration Example
l DHCP Snooping supports no link aggregation. If an Ethernet port is added into an aggregation group, DHCP Snooping configuration on it will not take effect. When the port is removed from the group, DHCP Snooping can take effect.
l The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
l The DHCP Snooping enabled device cannot be a DHCP server or DHCP relay agent.
l You are not recommended to enable the DHCP client, BOOTP client, and DHCP Snooping on the same device. Otherwise, DHCP Snooping entries may fail to be generated, or the BOOTP client/DHCP client may fail to obtain an IP address.
5.1 DHCP Snooping Overview
5.1.1 Function of DHCP Snooping
As a DHCP security feature, DHCP snooping can implement the following:
I. Recording IP-to-MAC mappings of DHCP clients
For security sake, a network administrator needs to record the mapping between a client’s IP address obtained from the DHCP server and the client’s MAC address. DHCP snooping can meet the need.
DHCP snooping records clients’ MAC and IP addresses by reading their DHCP-REQUEST and DHCP-ACK messages from trusted ports. The network administrator can check out which IP addresses are assigned to the DHCP clients with the display dhcp-snooping command.
II. Ensuring DHCP clients to obtain IP addresses from valid DHCP servers
If there is an unauthorized DHCP server on a network, the DHCP clients may obtain invalid IP addresses. With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the clients to obtain IP addresses from authorized DHCP servers.
l Trusted: A trusted port is connected to a valid DHCP server directly or indirectly. It forwards DHCP messages normally, guaranteeing that DHCP clients can obtain valid IP addresses.
l Untrusted: An untrusted port is connected to an invalid DHCP server. The DHCP-ACK or DHCP-OFFER packets received from the port are discarded, preventing DHCP clients from receiving invalid IP addresses.
5.1.2 DHCP Snooping Support for Option 82
Option 82 records the location information of the DHCP client. The administrator can locate the DHCP client to further implement security control and accounting. For more information, refer to Relay agent option (Option 82).
If DHCP snooping supports Option 82, it will handle a client’s request according to the contents defined in Option 82, if any. The handling strategies are described in the table below.
If a reply returned by the DHCP server contains Option 82, the DHCP snooping device will remove the Option 82 before forwarding the reply to the client. If the reply contains no Option 82, it forwards it directly.
|
If a client’s requesting message has… |
Handling strategy |
Padding format |
The DHCP snooping device will… |
|
Option 82 |
Drop |
Random |
Drop the message. |
|
Keep |
Random |
Forward the message without changing Option 82. |
|
|
Replace |
normal |
Forward the message after replacing the original Option 82 with the Option 82 padded in normal format. |
|
|
verbose |
Forward the message after replacing the original Option 82 with the Option 82 padded in verbose format. |
||
|
no Option 82 |
— |
normal |
Forward the message after adding the Option 82 padded in normal format. |
|
— |
verbose |
Forward the message after adding the Option 82 padded in verbose format. |
& Note:
The handling strategy and padding format for Option 82 on the DHCP-Snooping device are the same as those on the relay agent.
5.2 Configuring DHCP Snooping Basic Functions
Follow these steps to configure DHCP snooping basic functions:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable DHCP snooping |
dhcp-snooping |
Required Disabled by default. |
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
Specify the port as trusted |
dhcp-snooping trust |
Required Untrusted by default. |
& Note:
l You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN.
l You are not recommended to configure both the DHCP snooping and selective Q-in-Q function on the switch, which may result in the DHCP snooping to function abnormally.
5.3 Configuring DHCP Snooping to Support Option 82
5.3.1 Prerequisites
You need to enable the DHCP Snooping function before configuring DHCP Snooping to support Option 82.
5.3.2 Configuring DHCP Snooping to Support Option 82
Follow these steps to configure DHCP snooping to support Option 82:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
Enable DHCP Snooping to support Option 82 |
dhcp-snooping information enable |
Required Disabled by default. |
|
Configure the handling strategy for requesting messages containing Option 82 |
dhcp-snooping information strategy { drop | keep | replace } |
Optional replace by default. |
|
Configure the padding format for Option 82 |
dhcp-snooping information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } |
Optional normal by default. |
& Note:
l To support Option 82, it is required to perform related configuration on both the DHCP server and the device enabled with DHCP Snooping. Refer to Configuring the Handling Mode for Option 82 for DHCP server configuration of this kind.
l If the handling strategy of the DHCP-Snooping-enabled device is configured as replace, you need to configure a padding format for Option 82. If the handling strategy is keep or drop, you need not configure any padding format.
l If the Option 82 is padded with the device name (sysname) of a node, the device name must contain no spaces. Otherwise, the DHCP-Snooping-enabled device will drop the message.
5.4 Displaying and Maintaining DHCP Snooping
|
To do… |
Use the command… |
Remarks |
|
Display DHCP snooping address binding information |
display dhcp-snooping |
Available in any view |
|
Display information about trusted ports |
display dhcp-snooping trust |
|
|
Clear DHCP snooping address binding information |
reset dhcp-snooping { all | ip ip-address } |
Available in user view |
5.5 DHCP Snooping Configuration Example
I. Network requirements
l Switch B is connected to a DHCP server through Ethernet 1/0/1, and to two DHCP clients through Ethernet 1/0/2 and Ethernet 1/0/3.
l Ethernet 1/0/1 forwards DHCP server responses while the other two do not.
l Switch B records clients’ IP-to-MAC address bindings in DHCP-REQUEST messages and DHCP-ACK messages received from trusted ports.
l Switch B supports Option 82. After receiving a DHCP request from the client, Switch B adds Option 82 padded in verbose format to the request message and forwards the message to the DHCP server.
II. Network diagram
Figure 5-1 Network diagram for DHCP snooping configuration
III. Configuration procedure
# Enable DHCP snooping.
<SwitchB> system-view
[SwitchB] dhcp-snooping
# Specify Ethernet 1/0/1 as trusted port.
[SwitchB] interface ethernet 1/0/1
[SwitchB-Ethernet1/0/1] dhcp-snooping trust
[SwitchB-Ethernet1/0/1] quit
# Configure DHCP Snooping to support Option 82 on Ethernet 1/0/2.
[SwitchB] interface ethernet 1/0/2
[SwitchB-Ethernet1/0/2] dhcp-snooping information enable
# Configure the padding format to verbose for Option 82 on Ethernet 1/0/2.
[SwitchB-Ethernet1/0/2] dhcp-snooping information format verbose node-identifier sysname
[SwitchB-Ethernet1/0/2] quit
# Configure DHCP Snooping to support Option 82 on Ethernet 1/0/3.
[SwitchB] interface ethernet 1/0/3
[SwitchB-Ethernet1/0/3] dhcp-snooping information enable
# Configure the padding format to verbose for Option 82 on Ethernet 1/0/3.
[SwitchB-Ethernet1/0/3] dhcp-snooping information format verbose node-identifier sysname
Chapter 6 BOOTP Client Configuration
While configuring a BOOTP client, go to these sections for information you are interested in:
l Introduction to BOOTP Client
l Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP
l Displaying and Maintaining BOOTP Client Configuration
& Note:
l BOOTP client configuration only applies to VLAN interfaces.
l You are not recommended to enable both the DHCP client and the DHCP Snooping on the same device. Otherwise, DHCP Snooping entries may fail to be generated, or the BOOTP client may fail to obtain an IP address.
6.1 Introduction to BOOTP Client
This section covers these topics:
l Obtaining an IP Address Dynamically
6.1.1 BOOTP Application
After you specify an interface of a device as a BOOTP client, the interface can use BOOTP to get information (such as IP address) from the BOOTP server, which simplifies your configuration.
Before using BOOTP, an administrator needs to configure a BOOTP parameter file for each BOOTP client on the BOOTP server. The parameter file contains information such as MAC address and IP address of a BOOTP client. When a BOOTP client originates a request to the BOOTP server, the BOOTP server will search for the BOOTP parameter file and return the corresponding configuration information.
Because you need to configure a parameter file for each client on the BOOTP server, BOOTP usually runs under a relatively stable environment. If the network changes frequently, DHCP is applicable.
& Note:
Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an IP address for the BOOTP client, without any BOOTP server.
6.1.2 Obtaining an IP Address Dynamically
& Note:
A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition.
A BOOTP client dynamically obtains an IP address from a BOOTP server in the following way:
1) The BOOTP client broadcasts a BOOTP request, which contains its own MAC address.
2) The BOOTP server receives the request and searches the configuration file for the corresponding IP address according to the MAC address of the BOOTP client. The BOOTP server then returns a BOOTP response to the BOOTP client.
3) The BOOTP client obtains the IP address from the received the response.
6.1.3 Protocols and Standards
Some protocols and standards related to BOOTP include:
l RFC 951: Bootstrap Protocol (BOOTP)
l RFC 2132: DHCP Options and BOOTP Vendor Extensions
l RFC 1542: Clarifications and Extensions for the Bootstrap Protocol
6.2 Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP
Follow these steps to configure an interface to dynamically obtain an IP address:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Configure an interface to dynamically obtain IP address through BOOTP |
ip address bootp-alloc |
Required By default, an interface does not use BOOTP to obtain an IP address. |
6.3 Displaying and Maintaining BOOTP Client Configuration
|
To do… |
Use the command… |
Remarks |
|
Display related information on a BOOTP client |
display bootp client [ interface interface-type interface-number ] |
Available in any view |
6.4 BOOTP Client Configuration Example
I. Network requirement
Switch B’s port belonging to VLAN 1 is connected to the LAN. VLAN-interface 1 obtains an IP address from the DHCP server by using BOOTP.
II. Network diagram
See Figure 2-1.
III. Configuration procedure
The following describes only the configuration on Switch B serving as a client.
# Configure VLAN-interface 1 to dynamically obtain an IP address from the DHCP server.
<SwitchB> system-view
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address bootp-alloc
& Note:
To make the BOOTP client to obtain an IP address from the DHCP server, you need to perform additional configurations on the DHCP server. For details, refer to DHCP Server Configuration Examples.
