Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-DHCP Commands | 209.67 KB |
Table of Contents
Chapter 1 DHCP Configuration Commands
1.1 General DHCP Configuration Commands
1.2 DHCP Server Configuration Commands
1.2.2 display dhcp server forbidden-ip
1.2.6 dhcp server forbidden-ip
1.2.9 dhcp server netbios-type
1.2.12 dhcp server static-bind
1.2.13 display dhcp server conflict
1.2.14 display dhcp server expired
1.2.15 display dhcp server free-ip
1.2.16 display dhcp server ip-in-use
1.2.17 display dhcp server statistics
1.2.18 display dhcp server tree
1.2.27 reset dhcp server conflict
1.2.28 reset dhcp server ip-in-use
1.2.29 reset dhcp server statistics
1.2.31 static-bind mac-address
1.3 DHCP Relay Agent Configuration Commands
1.3.4 dhcp relay security address-check
1.3.5 dhcp relay security tracker
1.3.6 dhcp relay security tracker enable
1.3.8 display dhcp relay address
1.3.9 display dhcprelay-security
1.3.10 display dhcp relay security tracker
1.3.12 reset dhcp relay statistics
1.4 DHCP Option 82 Configuration Commands
1.4.1 dhcp relay information enable
1.4.2 dhcp relay information format
1.4.3 dhcp relay information format verbose node-identifier
1.4.4 dhcp relay information strategy
1.4.5 dhcp server relay information enable
1.5 DHCP Snooping Configuration Commands
1.5.2 display dhcp-snooping entry
1.5.3 display dhcp-snooping trust
1.5.5 dhcp-snooping enable vlan
1.5.7 dhcp-snooping information enable
1.5.8 dhcp-snooping information format
1.5.9 dhcp-snooping information format verbose node-identifier
1.5.10 dhcp-snooping information strategy
1.5.11 dhcp-snooping security check enable
1.5.13 reset dhcp-snooping entry
Chapter 1 DHCP Configuration Commands
1.1 General DHCP Configuration Commands
1.1.1 dhcp enable
Syntax
dhcp enable
undo dhcp enable
View
System view
Parameters
None
Description
Use the dhcp enable command to enable DHCP.
Use the undo dhcp enable command to disable DHCP.
For both DHCP server and DHCP relay agent, you must enable DHCP first before performing other DHCP configurations. The other related DHCP configurations take effect only after DHCP is enabled.
Examples
# Enable DHCP.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp enable
1.1.2 dhcp select
Syntax
In VLAN interface view:
dhcp select { global | interface | relay }
undo dhcp select
In system view:
dhcp select { global | interface | relay } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
undo dhcp select { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
View
VLAN interface view, system view
Parameters
global: Specifies to forward DHCP packets to the local DHCP server and let the local server assign IP addresses in global address pools to DHCP clients.
interface: Specifies to forward DHCP packets to the local DHCP server and let the local server assign IP addresses in VLAN interface address pool to DHCP clients.
relay: Specifies to forward DHCP packets to remote DHCP servers and let remote servers assign IP addresses to DHCP clients. In this case, the current switch operates as a DHCP relay agent.
interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: Specifies a VLAN interface or a range of VLAN interfaces.
all: Specifies all the VLAN interfaces.
Caution:
The dhcp select interface command cannot be used together with the ip relay address or dhcp relay security address-check enable command. Otherwise, the ip relay address command or the dhcp relay security address-check enable command will not take effect.
Description
Use the dhcp select command to specify a method used by the switch to process the DHCP packets it received. You can use this command in VLAN interface view to specify a processing method of DHCP packets for current VLAN interface, or in system view to specify a processing method for multiple VLAN interfaces.
Use the undo dhcp select command to restore the default.
By default, the switch forwards the DHCP packets it received to the local DHCP server and let the local server assign IP addresses in global address pools to DHCP clients. (That is, the switch processes the DHCP packets in the global method.)
Examples
# Specify to forward DHCP packets to the local DHCP server and let the local server assign IP addresses in global address pools to DHCP clients.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface vlan-interface 1
[H3C-Vlan-interface1] dhcp select global
1.1.3 dhcp server detect
Syntax
dhcp server detect
undo dhcp server detect
View
System view
Parameters
None
Description
Use the dhcp server detect command to enable unauthorized DHCP server detection.
Use the undo dhcp server detect command to disable unauthorized DHCP server detection.
Unauthorized DHCP server detection is disabled by default.
Examples
# Enable unauthorized DHCP server detection.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server detect
1.2 DHCP Server Configuration Commands
1.2.1 debugging dhcp server
Syntax
debugging dhcp server { all | error | event | packet }
undo debugging dhcp server { all | error | event | packet }
View
User view
Parameters
all: Enables/disables all debugging for the DHCP server.
error: Enables/disables error debugging for the DHCP server, including errors that occur when the DHCP server processes DHCP packets or assigns IP addresses.
event: Enables/disables event debugging for the DHCP server, including the assigning of IP addresses and timing out of ping packets.
packet: Enables/disables packet debugging for the DHCP server, including DHCP packets and ping packets.
Description
Use the debugging dhcp server command to enable specified debugging for the DHCP server.
Use the undo debugging dhcp server command to disable specified debugging for the DHCP server.
No debugging is enabled by default.
Examples
# Enable event debugging for the DHCP server.
<H3C> debugging dhcp server event
1.2.2 display dhcp server forbidden-ip
Syntax
display dhcp server forbidden-ip
View
Any view
Parameters
None
Description
Use the display dhcp server forbidden-ip command to display forbidden IP addresses in the DHCP address pool.
Examples
# Display forbidden IP addresses in the DHCP address pool.
<H3C> display dhcp server forbidden-ip
Forbidden IP Range from 3.3.3.1 to 3.3.3.1
Forbidden IP Range from 3.3.3.4 to 3.3.3.99
Forbidden IP Range from 3.3.3.101 to 3.3.3.254
Forbidden IP Range from 17.9.0.1 to 17.9.0.1
Forbidden IP Range from 17.9.0.3 to 17.9.0.5
Forbidden IP Range from 17.9.0.8 to 17.9.255.254
1.2.3 dhcp server dns-list
Syntax
In VLAN interface view:
dhcp server dns-list ip-address [ ip-address ]
undo dhcp server dns-list { ip-address | all }
In system view:
dhcp server dns-list ip-address [ ip-address ] { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
undo dhcp server dns-list { ip-address | all } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
View
VLAN interface view, system view
Parameters
ip-address: IP address of a DHCP server. You can specify up to eight IP addresses (separated by spaces) in one command.
interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: Specifies one VLAN interface, or a range of VLAN interfaces.
all: Specifies all VLAN interfaces or all configured IP addresses.
Description
Use the dhcp server dns-list command to configure one or more DNS server addresses for the DHCP address pool of the current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).
Use the undo dhcp server dns-list command to remove one or more DNS server addresses from the DHCP address pool of the current VLAN interface, or the DHCP address pool(s) of the specified VLAN interface(s).
By default, no DNS server address is configured.
With eight DNS server addresses already configured, if you add a new DNS server address by executing the dhcp server dns-list command, the newly configured one overwrites the oldest one.
Related commands: dns-list.
Examples
# Configure the DNS server address 1.1.1.254 for the DHCP address pool of VLAN-interface 1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 1
[H3C-Vlan-interface1] dhcp server dns-list 1.1.1.254
1.2.4 dhcp server domain-name
Syntax
In VLAN interface view:
dhcp server domain-name domain-name
undo dhcp server domain-name
In system view:
dhcp server domain-name domain-name { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
undo dhcp server domain-name domain-name { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
View
DHCP address pool view, VLAN interface view, system view
Parameters
domain-name: DHCP client domain name for the DHCP address pool of specified VLAN interface, a string of 3 to 50 characters.
interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: Specifies one VLAN interface, or a range of VLAN interfaces.
all: Specifies all VLAN interfaces.
Description
Use the dhcp server domain-name command to configure a DHCP client domain name for the DHCP address pool of the current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).
Use the undo dhcp server domain-name command to remove the DHCP client domain name from the DHCP address pool of the current VLAN interface, or the DHCP address pool(s) of the specified VLAN interface(s).
No DHCP client domain name is configured by default.
Related commands: domain-name.
Examples
# Configure the DHCP client domain name of the DHCP address pool of the current VLAN interface as vlan-interface1.com.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface vlan-interface 1
[H3C-Vlan-interface1] dhcp server domain-name vlan-interface1.com
1.2.5 dhcp server expired
Syntax
In VLAN interface view:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
undo dhcp server expired
In system view:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
undo dhcp server expired { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
View
VLAN interface view, system view
Parameters
day day: Sets the number of days. The day argument ranges from 0 to 365.
hour hour: Sets the number of hours. The hour argument ranges from 0 to 23.
minute minute: Sets the number of minutes. The minute argument ranges from 0 to 59.
unlimited: Sets an unlimited lease time.
interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: Specifies one VLAN interface, or a range of VLAN interfaces.
all: Specifies all VLAN interfaces.
Description
Use the dhcp server expired command to set the IP address lease time for the DHCP address pool of current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).
Use the undo dhcp server expired command to restore the default
The default lease time is one day.
Related commands: expired.
Examples
# Set the unlimited IP address lease time for the DHCP address pool of VLAN-interface 1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface vlan-interface 1
[H3C-Vlan-interface1] dhcp server expired unlimited
1.2.6 dhcp server forbidden-ip
Syntax
dhcp server forbidden-ip low-ip-address [ high-ip-address ]
undo dhcp server forbidden-ip low-ip-address [ high-ip-address ]
View
System view
Parameters
low-ip-address: Lowest IP address in the forbidden IP address range.
high-ip-address: Highest IP address in the forbidden IP address range. Note that the value of this argument must be larger than (or equal to) that of the low-ip-address argument. If you do not provide this argument, then the forbidden IP address range contains only the IP address specified by the low-ip-address argument.
Description
Use the dhcp server forbidden-ip command to forbid a range of IP addresses to be automatically assigned to DHCP clients.
Use the undo dhcp server forbidden-ip command to cancel the forbiddance.
All IP addresses in a DHCP address pool can be automatically assigned by default.
Related commands: dhcp server ip-pool, network, static-bind ip-address, dhcp server static-bind.
Examples
# Forbid the IP addresses from 10.110.1.1 to 10.110.1.63 to be automatically assigned.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server forbidden-ip 10.110.1.1 10.110.1.63
1.2.7 dhcp server ip-pool
Syntax
dhcp server ip-pool pool-name
undo dhcp server ip-pool pool-name
View
System view
Parameters
pool-name: Name of the address pool, a string that is of 1 to 64 characters in length. An address pool name uniquely identifies an address pool.
Description
Use the dhcp server ip-pool command to create a global DHCP address pool and enter the corresponding DHCP address pool view.
Use the undo dhcp server ip-pool command to remove a specified global DHCP address pool.
No global DHCP address pool is created by default.
Related commands: dhcp enable.
Examples
# Create DHCP address pool 0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0]
1.2.8 dhcp server nbns-list
Syntax
In VLAN interface view:
dhcp server nbns-list ip-address [ ip-address ]
undo dhcp server nbns-list { ip-address | all }
In system view:
dhcp server nbns-list ip-address [ ip-address ] { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
undo dhcp server nbns-list { ip-address | all } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
View
VLAN interface view, system view
Parameters
ip-address: NetBIOS server IP address. You can specify up to eight IP addresses (separated by spaces) in one command.
interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: Specifies one VLAN interface, or a range of VLAN interfaces.
all: Specifies all VLAN interfaces or all configured IP addresses.
Description
Use the dhcp server nbns-list command to configure one or more NetBIOS server IP addresses for the DHCP address pool of the current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).
Use the undo dhcp server nbns-list command to remove one or all NetBIOS server IP addresses from the DHCP address pool of current VLAN interface, or the DHCP address pool(s) of the specified VLAN interface(s)..
By default, no NetBIOS server IP address is configured.
With eight NetBIOS server addresses already configured, if you add a new one by executing the dhcp server nbns-list command, the newly configured one overwrites the oldest one.
Related commands: nbns-list, dhcp server netbios-type.
Examples
# Configure the NetBIOS server with an IP address of 10.12.1.99 for the DHCP address pool of VLAN-interface 1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface vlan-interface 1
[H3C-Vlan-interface1] dhcp server nbns-list 10.12.1.99
1.2.9 dhcp server netbios-type
Syntax
In VLAN interface view:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
undo dhcp server netbios-type
In system view:
dhcp server netbios-type { b-node | h-node | m-node | p-node } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
undo dhcp server netbios-type { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
View
VLAN interface view, system view
Parameters
b-node: Specifies b-node to be the NetBIOS node type. DHCP clients of this node type establish host name-to-IP address mapping by broadcasting. (b stands for broadcast.)
p-node: Specifies p-node to be the NetBIOS node type. DHCP clients of this node type establish host name-to-IP address mapping by communicating with NetBIOS server. (p stands for peer-to-peer.)
m-node: Specifies m-node to be the NetBIOS node type. DHCP clients of this node type are p nodes which take some broadcast features. (m stands for mixed.)
h-node: Specifies h-node to be the NetBIOS node type. DHCP clients of this node type are b nodes which take peer-to-peer mechanism. (h stands for hybrid.)
Description
Use the dhcp server netbios-type command to configure a NetBIOS node type for DHCP clients of DHCP address pool(s) of the current or specified VLAN interfaces.
Use the undo dhcp server netbios-type command to remove the NetBIOS node type from the DHCP address pool(s) of the current or specified VLAN interfaces.
The default DHCP client NetBIOS node type is h-node.
Related commands: netbios-type, dhcp server nbns-list.
Examples
# Configure p-node as the NetBIOS node type for DHCP clients of the DHCP address pool of VLAN-interface 1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface vlan-interface 1
[H3C-Vlan-interface1] dhcp server netbios-type p-node
1.2.10 dhcp server option
Syntax
In VLAN interface view:
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address [ ip-address ] }
undo dhcp server option code
In system view:
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address [ ip-address ] } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
undo dhcp server option code { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
View
VLAN interface view, system view
Parameters
code: Option code. This argument ranges from 2 to 254.
ascii ascii-string: Specifies a string comprising ASCII characters. The string can be of 1 to 63 characters in length.
hex hex-string: Specifies a numeric string containing 2 or 4 hexadecimal digits (hh or hhhh).
ip-address ip-address [ ip-address ]: Specifies one or more IP addresses. You can specify up to eight IP addresses (separated by spaces) in one command.
interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: Specifies one or more VLAN interfaces.
all: Specifies all VLAN interfaces.
Description
Use the dhcp server option command to configure a custom DHCP option for the DHCP address pool of current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).
Use the undo dhcp server option command to remove a custom DHCP option configured for the DHCP address pool of current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).
If you execute the dhcp server option command multiple times, the new configurations overwrite the corresponding old ones.
Related commands: option.
Examples
# Configure a custom DHCP option for the DHCP address pool of VLAN-interface 1, with the code argument of 100 and the hex-string argument of 0x11 and 0x22.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface vlan-interface 1
[H3C-Vlan-interface1] dhcp server option 100 hex 11 22
1.2.11 dhcp server ping
Syntax
dhcp server ping { packets number | timeout milliseconds }
undo dhcp server ping { packets | timeout }
View
System view
Parameters
packets number: Sets the maximum times to send ping packets. The number argument ranges from 0 to 10 and defaults to 2. Value of 0 specifies not to send any ping packet.
timeout milliseconds: Sets the maximum time to wait for a response to a ping packet. The milliseconds argument is in the unit of milliseconds; it ranges from 0 to 10000 and defaults to 500.
Description
Use the dhcp server ping command to set the maximum times to send ping packets or the maximum time for the DHCP server to wait for a response after sending a ping packet.
Use the undo dhcp server ping command to revert to the corresponding default setting.
Caution:
The host’s interval of sending discover packets is in the range 15 seconds to 30 seconds. When the ping command is used for collision detection, the host will fail to apply for IP addresses if the server’s time to wait for a response to a ping packet is longer than the host's interval of sending discover packets. So you had better satisfy the condition that the server’s time to wait for a response to a ping packet must be shorter than 15 seconds when the ping command is used for collision detection.
Examples
# Set the maximum times to send ping packets to 10.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ping packets 10
# Set the maximum time to wait for a response to a ping packet to 600 milliseconds.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ping timeout 600
1.2.12 dhcp server static-bind
Syntax
dhcp server static-bind ip-address ip-address mac-address mac-address
undo dhcp server static-bind { ip-address ip-address | mac-address mac-address }
View
VLAN interface view
Parameters
ip-address: IP address to be bound statically. Note that the IP address must be a valid IP address in the address pool of the current VLAN interface.
mac-address: MAC address for the IP address to be bound to.
Description
Use the dhcp server static-bind command to statically bind an IP address in the address pool of the current VLAN interface to a MAC address.
Use the undo dhcp server static-bind command to remove a statically bound IP address entry.
IP addresses in the address pool of a VLAN interface are not statically bound by default.
VLAN interface address pool only supports one-to-one MAC-IP binding.
Examples
# Statically bind the IP address 10.1.1.1 to the MAC address 0000-e03f-0305.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface vlan-interface 1
[H3C-Vlan-interface1] dhcp server static-bind ip-address 10.1.1.1 mac-address 0000-e03f-0305
1.2.13 display dhcp server conflict
Syntax
display dhcp server conflict { all | ip ip-address }
View
Any view
Parameters
all: Specifies all IP addresses.
ip ip-address: Specifies an IP address.
Description
Use the display dhcp server conflict command to display the statistics about DHCP address conflicts.
Related commands: reset dhcp server conflict.
Examples
# Display the statistics about DHCP address conflicts.
<H3C> display dhcp server conflict all
Address Discover Time
10.110.1.2 Jan 11 2003 11:57:07 PM
Table 1-1 Description on the fields of the display dhcp server conflict command
|
Field |
Description |
|
Address |
The IP address that causes the conflict |
|
Discover Time |
The time when the conflict is discovered |
1.2.14 display dhcp server expired
Syntax
display dhcp server expired { ip ip-address | pool [ pool-name ] | interface [ vlan-interface vlan-id ] | all }
View
Any view
Parameters
ip ip-address: Specifies an IP address.
pool [ pool-name ]: Specifies a global address pool. If you do not input a pool-name, all global address pools are included.
interface [ vlan-interface vlan-id ]: Specifies a VLAN interface address pool. If you do not input a vlan-id, all VLAN interface address pools are included.
all: Specifies all DHCP address pools.
Description
Use the display dhcp server expired command to display information about lease-expired addresses. If no available IP address exists in a DHCP address pool, the DHCP server assigns the lease-expired IP addresses in the pool to DHCP clients as needed.
Examples
# Display information about lease-expired addresses.
<H3C> display dhcp server expired all
Global pool:
IP address Hardware address Lease expiration Type
Interface pool:
IP address Hardware address Lease expiration Type
Table 1-2 Description on the fields of the display dhcp server expired command
|
Field |
Description |
|
Global pool |
The information followed is about expired IP addresses in global address pool(s) |
|
Interface pool |
The information followed is about lease-expired IP addresses in VLAN interface address pool(s) |
|
IP address |
Bound IP addresses |
|
Hardware address |
Bound MAC addresses |
|
Lease expiration |
The time when an IP address expires |
|
Type |
Binding type |
1.2.15 display dhcp server free-ip
Syntax
display dhcp server free-ip
View
Any view
Parameters
None
Description
Use the display dhcp server free-ip command to display the ranges of available (unassigned) IP addresses in DHCP address pools.
Examples
# Display the ranges of available (unassigned) IP addresses in DHCP address pools.
<H3C> display dhcp server free-ip
IP Range from 1.0.0.0 to 2.2.2.1
IP Range from 2.2.2.3 to 2.255.255.255
IP Range from 4.0.0.0 to 4.255.255.255
IP Range from 5.5.5.0 to 5.5.5.0
IP Range from 5.5.5.2 to 5.5.5.255
1.2.16 display dhcp server ip-in-use
Syntax
display dhcp server ip-in-use { ip ip-address | pool [ pool-name ] | interface [ vlan-interface vlan-id ] | all }
View
Any view
Parameters
ip ip-address: Specifies an IP address.
pool [ pool-name ]: Specifies a global address pool. If you do not input a pool-name, all global address pools are included.
interface [ vlan-interface vlan-id ]: Specifies a VLAN interface address pool. If you do not input a vlan-id, all VLAN interface address pools are included.
all: Specifies all DHCP address pools.
Description
Use the display dhcp server ip-in-use command to display information about IP address binding in DHCP address pool(s).
Related commands: reset dhcp server ip-in-use.
Examples
# Display information about IP address binding in all DHCP address pools.
<H3C> display dhcp server ip-in-use all
Global pool:
IP address Hardware address Lease expiration Type
2.2.2.2 4444-4444-4444 NOT Used Manual
Interface pool:
IP address Hardware address Lease expiration Type
5.5.5.1 0050-ba28-930a Jun 5 2003 10:56:07 AM Auto:COMMITED
Table 1-3 Description on the fields of the display dhcp server ip-in-use command
|
Fields |
Description |
|
Global pool |
The information followed is about bound IP addresses in global address pool(s) |
|
Interface pool |
The information followed is about bound IP addresses in VLAN interface address pool(s) |
|
IP address |
Bound IP addresses |
|
Hardware address |
Bound MAC addresses |
|
Lease expiration |
The time when an IP address expires |
|
Type |
Binding type |
1.2.17 display dhcp server statistics
Syntax
display dhcp server statistics
View
Any view
Parameters
None
Description
Use the display dhcp server statistics command to display statistics information about the DHCP server.
Related commands: reset dhcp server statistics.
Examples
# Display statistics information about the DHCP server.
<H3C> display dhcp server statistics
Global Pool:
Pool Number: 5
Binding
Auto: 0
Manual: 1
Expire: 0
Interface Pool:
Pool Number: 1
Binding
Auto: 1
Manual: 0
Expire: 0
Boot Request: 6
Dhcp Discover: 1
Dhcp Request: 4
Dhcp Decline: 0
Dhcp Release: 1
Dhcp Inform: 0
Boot Reply: 4
Dhcp Offer: 1
Dhcp Ack: 3
Dhcp Nak: 0
Bad Messages: 0
Table 1-4 Description on the fields of the display dhcp server statistics command
|
Field |
Description |
|
Global Pool |
The information followed is about the statistics of the global address pools |
|
Interface Pool |
The information followed is about the statistics of the address pools of VLAN interfaces |
|
Pool Number |
Number of address pools |
|
Auto |
Number of automatically bound IP addresses |
|
Manual |
Number of manually bound IP addresses |
|
Expire |
Number of expired IP addresses |
|
Boot Request: 6 Dhcp Discover: 1 Dhcp Request: 4 Dhcp Decline: 0 Dhcp Release: 1 Dhcp Inform: 0 |
Total and categorized DHCP packets received by the DHCP server |
|
Boot Reply: 4 Dhcp Offer: 1 Dhcp Ack: 3 Dhcp Nak: 0 |
Total and categorized DHCP packets sent by the DHCP server |
|
Bad Messages |
Number of bad DHCP packets |
1.2.18 display dhcp server tree
Syntax
display dhcp server tree { pool [ pool-name ] | interface [ vlan-interface vlan-id ] | all }
View
Any view
Parameters
pool [ pool-name ]: Specifies a global address pool. If you do not specify a global address pool, all global address pools are included.
interface [ vlan-interface vlan-id ]: Specifies the address pool of a VLAN interface. If you do not specify a VLAN interface, address pools of all VLAN interfaces are included.
all: Specifies all addresses pools.
Description
Use the display dhcp server tree command to display information about DHCP address pool hierarchy.
Examples
# Display information about DHCP address pool hierarchy.
<H3C> display dhcp server tree all
Global pool:
Pool name: 5
network 10.10.1.0 mask 255.255.255.0
Child node:6
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 6
static-bind ip-address 10.10.1.2 mask 255.0.0.0
static-bind mac-address 00e0-00fc-0001
Parent node:5
option 1 ip-address 255.255.0.
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 7
network 10.10.1.64 mask 255.255.255.192
PrevSibling node:5
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
dns-list 1.1.1.1
domain-name 444444
nbns-list 3.3.3.3
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Table 1-5 Description on the fields of the display dhcp server tree command
|
Field |
Description |
|
Global pool |
The information followed is about global address pools |
|
Interface pool |
The information followed is about VLAN interface address pools |
|
Pool Name |
The name of an address pool |
|
Network |
Range of addresses available for assigning |
|
static-bind ip-address 10.10.1.2 mask 255.0.0.0 static-bind mac-address 00e0-00fc-0001 |
An IP address and the corresponding MAC address statically bound to it |
|
child node:6 |
The address pool named 6 is a child node of the one named 5 Based on the node position of the address pool named 5, the node type displayed here includes the following: Child node: Indicates the node to which the address pool named 6 corresponds is a child node of that of the address pool named 5. In this case, node 6 stands for a subnet of the network node 5 stands for Parent node: Indicates the node to which the address pool named 6 corresponds is the parent node of that of the address pool named 5. In this case, node 6 stands for the network segment Sibling node: Indicates the node to which the address pool named 6 corresponds is the next sibling node of that of the address pool named 5. Information about these address pools is displayed in the order they are established PrevSibling node: Indicates the node to which the address pool named 6 corresponds is the previous sibling node of that of the address pool named 5 |
|
Option |
Customized DHCP options |
|
expired |
The valid period of the leased IP addresses in the address pool, including number of days, hours and minutes |
|
gateway-list |
The list of outbound gateways configured for the DHCP clients |
|
dns-list |
The list of DNS servers configured for the DHCP clients |
|
domain-name |
The domain name configured for the DHCP clients |
|
nbns-list |
The NetBIOS server configured for the DHCP clients |
1.2.19 dns-list
Syntax
dns-list ip-address [ ip-address ]
undo dns-list { ip-address | all }
View
DHCP address pool view
Parameters
ip-address: IP address of a DNS server. You can specify up to eight IP addresses (separated by spaces) in one command.
all: Specifies all configured DNS server IP addresses.
Description
Use the dns-list command to configure one or more DNS server IP addresses for a global DHCP address pool.
Use the undo dns-list command to remove one or all DNS server IP addresses configured for a global DHCP address pool.
By default, no DNS server IP address is configured for a global DHCP address pool.
With eight DNS server addresses already configured, if you add a new one by executing the dns-list command, the new one overwrites the oldest one.
Related commands: dhcp server dns-list, dhcp server ip-pool.
Examples
# Configure a DNS server with an IP address of 1.1.1.254 for the global DHCP address pool 0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0] dns-list 1.1.1.254
1.2.20 domain-name
Syntax
domain-name domain-name
undo domain-name
View
DHCP address pool view
Parameters
domain-name: Domain name, a string that is of 3 to 50 characters in length.
Description
Use the domain-name command to configure a domain name for the DHCP clients of a global DHCP address pool.
Use the undo domain-name command to remove the domain name configured for the DHCP clients of a global DHCP address pool.
By default, no domain name is configured for the DHCP clients of a global DHCP address pool.
Related commands: dhcp server ip-pool, dhcp server domain-name.
Examples
# Configure a domain name (mydomain.com) for the DHCP clients of the global DHCP address pool 0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0] domain-name mydomain.com
1.2.21 expired
Syntax
expired { day day [ hour hour [ minute minute ] ] | unlimited }
undo expired
View
DHCP address pool view
Parameters
day day: Specifies the number of days. The day argument ranges from 0 to 365.
hour hour: Specifies the number of hours. The hour argument ranges from 0 to 23.
minute minute: Specifies the number of minutes. The minute argument ranges from 0 to 59.
unlimited: Specifies an unlimited lease time.
Description
Use the expired command to set the valid period for a global DHCP address pool.
Use the undo expired command to revert to the default valid period.
The default valid period is 1 day.
Related commands: dhcp server ip-pool, dhcp server expired.
Examples
# Set the IP address lease time of the global DHCP address pool 0 to one day plus two hours and three minutes.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0] expired day 1 hour 2 minute 3
1.2.22 gateway-list
Syntax
gateway-list ip-address [ ip-address ]
undo gateway-list { ip-address | all }
View
DHCP address pool view
Parameters
ip-address: IP address of an outbound gateway. You can specify up to eight IP addresses (separated by spaces) in one command.
all: Specifies all outbound gateway IP addresses.
Description
Use the gateway-list command to configure one or more outbound gateway addresses for DHCP clients.
Use the undo gateway-list command to remove one or all outbound gateway addresses configured for DHCP clients.
By default, no outbound gateway address is configured for DHCP clients.
With eight outbound gateway addresses already configured, if you add a new outbound gateway address by executing the gateway-list command, the new one overwrites the oldest one.
Examples
# Configure an outbound gateway with an IP address of 10.110.1.99 for DHCP clients of global DHCP address pool 0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0] gateway-list 10.110.1.99
1.2.23 nbns-list
Syntax
nbns-list ip-address [ ip-address ]
undo nbns-list { ip-address | all }
View
DHCP address pool view
Parameters
ip-address: IP address of a NetBIOS server. You can specify up to eight IP addresses (separated by spaces) in one command.
all: Specifies all configured NetBIOS server IP addresses.
Description
Use the nbns-list command to configure one or more NetBIOS server addresses for a global DHCP address pool.
Use the undo nbns-list command to remove one or all NetBIOS server addresses configured for a global DHCP address pool.
By default, no NetBIOS server address is configured for a global DHCP address pool.
With eight NetBIOS server addresses already configured, if you add a new NetBIOS server address by executing the nbns-list command, the new one overwrites the oldest one.
Related commands: dhcp server ip-pool, dhcp server nbns-list, netbios-type.
Examples
# Configure a NetBIOS server with an IP address of 10.12.1.99 for the global DHCP address pool named 0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0] nbns-list 10.12.1.99
1.2.24 netbios-type
Syntax
netbios-type { b-node | h-node | m-node | p-node }
undo netbios-type
View
DHCP address pool view
Parameters
b-node: Specifies the NetBIOS node type of DHCP clients to be b-node (b stands for broadcast). Nodes of this type establish their host name-to-IP address mappings by broadcasting.
p-node: Specifies the NetBIOS node type of DHCP clients to be p-node (p stands for peer-to-peer). Nodes of this type establish their host name-to-IP address mappings by communicating with NetBIOS server.
m-node: Specifies the NetBIOS node type of DHCP clients to be m-node (m stands for mixed). Nodes of this type are p nodes which take some broadcast features.
h-node: Specifies the NetBIOS node type of DHCP clients to be h-node (h stands for hybrid). Nodes of this type are b nodes which take peer-to-peer mechanism.
Description
Use the netbios-type command to configure the NetBIOS node type for DHCP clients of a global DHCP address pool.
Use the undo netbios-type command to remove NetBIOS node type configuration of a global DHCP address pool.
By default, the DHCP clients are of h-node type.
Related commands: dhcp server ip-pool, dhcp server netbios-byte, dhcp server nbns-list.
Examples
# Configure the NetBIOS node type of DHCP clients of the global DHCP address pool 0 to b-node.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0] netbios-type b-node
1.2.25 network
Syntax
network ip-address [ mask netmask | mask-length ]
undo network
View
DHCP address pool view
Parameters
ip-address: Address range for dynamic IP address assigning.
mask netmask: Specifies the subnet mask of the address pool. If you do not provide this argument, the default subnet mask is used.
mask-length: Length of the network mask of an IP address pool. It is an integer in the range 0 to 30.
Description
Use the network command to configure an address range for dynamic IP address assignment.
Use the undo network command to remove the address range configured for dynamic IP address assignment.
By default, no IP address range is configured for dynamic IP address assignment.
Each DHCP address pool can be configured with only one address range. If you execute the network command multiple times, then only the last configured address range works.
Related commands: dhcp server ip-pool, dhcp server forbidden-ip.
Examples
# Configure 192.168.8.0/24 as the address range for the global DHCP address pool 0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0] network 192.168.8.0 mask 255.255.255.0
1.2.26 option
Syntax
option code { ascii ascii-string | hex hex-string | ip-address ip-address [ ip-address ] }
undo option code
View
DHCP address pool view
Parameters
code: Customized option value, a number ranging from 2 to 254.
ascii ascii-string: Specifies an ASCII string. The ascii-string argument is a string that is of 1 to 63 characters in length.
hex hex-string: Specifies a numeric string containing two or four hexadecimal digits (hh or hhhh).
ip-address ip-address [ ip-address ]: Specifies one or more IP addresses. You can specify up to eight IP addresses (separated by spaces) in one command.
Description
Use the option command to configure a custom DHCP option for a global DHCP address pool.
Use the undo option command to remove a custom DHCP option configured for the global DHCP address pool.
If you execute the option command multiple times, the new configurations overwrite the corresponding old ones
Related commands: dhcp server ip-pool, dhcp server option.
Examples
# Configure a custom option for the global DHCP address pool, with an option value of 100 and two hexadecimal numbers of 0x11 and 0x22.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0] option 100 hex 11 22
1.2.27 reset dhcp server conflict
Syntax
reset dhcp server conflict { ip ip-address | all }
View
User view
Parameters
ip-address: Clears statistics about the specified IP address conflicts.
all: Clears all statistics about address conflicts.
Description
Use the reset dhcp server conflict command to clear statistics information about DHCP address conflicts.
Related commands: display dhcp server conflict.
Examples
# Clear all statistics information about DHCP address conflicts.
<H3C> reset dhcp server conflict all
1.2.28 reset dhcp server ip-in-use
Syntax
reset dhcp server ip-in-use{ all | interface [ vlan-interface vlan-id ] | ip ip-address | pool [ pool-name ] }
View
User view
Parameters
all: Specifies all binding entries.
ip-address: Specifies the binding entry that contains the specified IP address.
pool-name: Specifies a global DHCP address pool. If you do not provide this argument, then all global DHCP address pools are included.
vlan-id: Specifies a VLAN interface DHCP address pool. If you do not provide this argument, then all VLAN interface DHCP address pools are included.
Description
Use the reset dhcp server ip-in-use command to clear configuration about dynamically bound DHCP addresses.
Related commands: display dhcp server ip-in-use.
Examples
# Clear the binding entries that contain the IP address of 10.110.1.1.
<H3C> reset dhcp server ip-in-use ip 10.110.1.1
1.2.29 reset dhcp server statistics
Syntax
reset dhcp server statistics
View
User view
Parameters
None
Description
Use the reset dhcp server statistics command to clear statistics information about the DHCP servers, such as the number of DHCP address pools, the number of automatically bound, manually bound IP addresses and expired IP addresses, and the number of unrecognized packets, DHCP_Request packets and DHCP_ACK packets.
Related commands: display dhcp server statistics.
Examples
# Clear statistics information about the DHCP servers.
<H3C> reset dhcp server statistics
1.2.30 static-bind ip-address
Syntax
static-bind ip-address ip-address [ { mask netmask } | mask-length ]
undo static-bind ip-address
View
DHCP address pool view
Parameters
ip-address: IP address to be bound.
mask netmask: Specifies the subnet mask of the IP address to be bound. If you do not provide the argument, the default subnet mask is used.
mask-length: Length of the subnet mask for an IP address. It is an integer in the range 1 to 30.
Description
Use the static-bind ip-address command to specify the IP address to be statically bound.
Use the undo static-bind ip-address command to free a statically bound IP address.
By default, no IP address is statically bound.
The static-bind ip-address command and the static-bind mac-address command must be coupled when you configure statically bound entries to specify the corresponding IP address bound to the MAC address specified by the static-bind mac-address command.
Related commands: dhcp server ip-pool, static-bind mac-address.
Examples
# Bind the MAC address 0000-e03f-0306 of a PC to the IP address 10.1.1.2, whose subnet mask is 255.255.255.0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0] static-bind ip-address 10.1.1.2 mask 255.255.255.0
[H3C-dhcp-0] static-bind mac-address 0000-e03f-0306
1.2.31 static-bind mac-address
Syntax
static-bind mac-address mac-address
undo static-bind mac-address
View
DHCP address pool view
Parameters
mac-address: MAC address to be bound.
Description
Use the static-bind mac-address command to specify the MAC address to be statically bound.
Use the undo static-bind mac-address command to free a statically bound MAC address.
By default, no MAC address is statically bound.
The static-bind mac-address command and the static-bind ip-address command must be coupled when you configure statically bound entries to specify the corresponding MAC address bound to the IP address specified by the static-bind ip-address command.
Related commands: dhcp server ip-pool, static-bind ip-address.
Examples
# Bind the PC with a MAC address of 0000-e03f-0305 to 10.1.1.1, whose subnet mask is 255.255.255.0.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server ip-pool 0
[H3C-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[H3C-dhcp-0] static-bind mac-address 0000-e03f-0305
1.3 DHCP Relay Agent Configuration Commands
1.3.1 debugging dhcp relay
Syntax
debugging dhcp relay { all| packet | error | event }
undo debugging dhcp relay { all| packet | error | event }
View
User view
Parameters
all: Enables all types of debugging.
packet: Enables debugging for packets.
error: Enables debugging for error messages.
event: Enables debugging for events.
Description
Use the debugging dhcp-relay command to enable specified or all DHCP relay agent debugging.
Use the undo debugging dhcp-relay command to disable specified or all DHCP relay agent debugging.
No DHCP relay agent debugging is enabled by default.
Examples
# Enable all DHCP relay agent debugging.
<H3C> debugging dhcp relay
*0.7200205-DHCP-8-dhcp_debug:
From client to server:
Interface: VLAN-Interface 1
Type: dhcp-request
ClientHardAddress: 0010-dc19-695d
ServerIpAddress: 192.168.1.2
*0.7200230-DHCP-8-dhcp_debug:
From server to client:
Interface: VLAN-Interface 1
ServerGroupNo: 0
Type: dhcp-ack
ClientHardAddress: 0010-dc19-695d
your ip address: 10.1.1.1
*0.7200580-DHCP-8-largehop:
Discard DHCP request packet because of too large hop count!
*0.7200725-DHCP-8-invalidpkt:
Wrong DHCP packet!
Table 1-6 Description on the fields of the debugging dhcp-relay command
|
Field |
Description |
|
Interface |
The VLAN interface that forwards DHCP packets |
|
Type |
Type of the forwarded DHCP packet |
|
ClientHardAddress |
The MAC address of the DHCP client |
|
ServerIpAddress |
The IP address of the DHCP server |
|
your ip address |
The IP address assigned to the DHCP client |
1.3.2 dhcp relay release
dhcp relay release client-ip client-mac [ server-ip ]
View
System view, VLAN interface view
Parameters
client-ip: IP address of the DHCP client.
client-mac: MAC address of the DHCP client, in the format of H-H-H.
server-ip: IP address of the DHCP server.
Description
Use the dhcp relay release command to request the DHCP relay agent to release the IP address of a client.
If you specify no DHCP server,
l In system view, the DHCP relay agent will send a release packet to all the DHCP servers in the DHCP server groups corresponding to all the interfaces in the DHCP relay agent mode.
l In VLAN interface view, the DHCP relay agent will send a release packet to all the DHCP servers in the DHCP server group associated with this interface.
If you specify a DHCP server, the DHCP relay agent will send a release packet to the specified DHCP server.
Examples
# Configure the DHCP relay agent to send a request to all DHCP servers to release the IP address 1.1.1.1 assigned to the client with the MAC address 00e0-0000-0001.
<Sysname> system-view
[Sysname] dhcp relay release 1.1.1.1 00e0-0000-0001
1.3.3 dhcp relay security
Syntax
dhcp relay security ip-address mac-address static
undo dhcp relay security ip-address
View
System view
Parameters
ip-address: IP address the user uses.
mac-address: MAC address the user owns.
static: Specifies the user address entry is static.
Description
Use the dhcp relay security command to add a user address entry for the DHCP server.
Use the undo dhcp relay security command to remove a user address entry configured for the DHCP server.
Before adding/removing a user address entry, you can check user address entries configured for the DHCP server using the display dhcprelay-security command.
Examples
# Configure a user address entry for a DHCP server, with an IP address of 1.1.1.1 and a MAC address of 0005-5D02-F2B3.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp relay security 1.1.1.1 0005-5D02-F2B3 static
1.3.4 dhcp relay security address-check
Syntax
dhcp relay security address-check { enable | disable }
View
VLAN interface view
Parameters
None
Description
Use the dhcp relay security address-check enable command to enable security address checking on a VLAN interface.
Use the dhcp relay security address-check disable command to disable security address checking on a VLAN interface.
The DHCP security feature is disabled on the VLAN interface by default. .
Examples
# Enable security address checking on VLAN-interface 1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C]interface vlan-interface 1
[H3C-Vlan-interface1] dhcp relay security address-check enable
1.3.5 dhcp relay security tracker
Syntax
dhcp relay security tracker { interval | auto }
undo dhcp relay security tracker
View
System view
Parameters
auto: Calculates the refreshing interval according to the number of entries automatically (divide 60 by the number of entries). The larger the number of entries is, the shorter the refreshing interval is. However, the refreshing interval cannot be shorter than 500 ms.
interval: Specifies a refreshing interval, in the range 1 to 120 seconds.
Description
Use the dhcp relay security tracker command to configure the interval at which the DHCP relay agent shakes hands with the DHCP server to refresh its dynamic user address entries. Use the undo dhcp relay security tracker command to restore the default refreshing interval.
By default, the refreshing interval is auto, that is, automatically calculate the refreshing interval according to the number of entries.
Examples
# Set the refreshing interval to 100 seconds.
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp relay security tracker 100
1.3.6 dhcp relay security tracker enable
dhcp relay security tracker enable
dhcp relay security tracker disable
View
System view
Parameters
None
Description
Use the dhcp relay security tracker enable command to enable DHCP relay agent handshake.
Use the dhcp relay security tracker disable command to disable DHCP relay agent handshake.
By default, DHCP relay agent handshake is enabled.
Examples
# Disable DHCP relay agent handshake.
<H3C> system-view
System View: return to User View with Ctrl+Z
[H3C] dhcp relay security tracker disable
1.3.7 dhcp-server detect
Syntax
dhcp server detect
undo dhcp server detect
View
System view
Parameters
None
Description
Use the dhcp server detect command to enable fake DHCP server detecting.
Use the undo dhcp server detect command to disable fake DHCP server detecting.
A private DHCP server in a network also answers IP address request packets and issues IP addresses to DHCP clients. However, the IP addresses they issued always bring addresses conflicts and cause users cannot access networks. This kind of DHCP servers are known as fake DHCP servers.
Examples
# Enable fake DHCP server detecting.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp server detect
1.3.8 display dhcp relay address
Syntax
display dhcp relay address { interface vlan-interface vlan-id | all }
View
Any view
Parameters
vlan-id: VLAN number.
interface vlan-interface: Specifies to display information about the DHCP servers configured for the VLAN interface.
all: Specifies to display information about the DHCP servers configured for all VLAN interfaces.
Description
Use the display dhcp relay address command to display information about DHCP servers configured for a VLAN interface.
Examples
# Display information about DHCP servers configured for all VLAN interfaces.
<H3C> display dhcp relay address all
** Vlan-interface192 DHCP Relay Address **
Relay Address [0] : 193.193.1.1
Relay Address [1] : 1.1.1.1
# Display information about DHCP servers configured for VLAN-interface 192.
<H3C> display dhcp relay address interface vlan 192
** Vlan-interface192 DHCP Relay Address **
Relay Address [0] : 193.193.1.1
Relay Address [1] : 1.1.1.1
1.3.9 display dhcprelay-security
Syntax
display dhcprelay-security [ ip-address ]
View
Any view
Parameters
ip-address: User IP address.
Description
Use the display dhcprelay-security command to display information about specific or all user address entries that the DHCP server maintains.
Examples
# Display information about all user address entries that the DHCP server maintains.
<H3C> display dhcprelay-security
IP Address MAC Address IP Address Type
2.2.2.2 0005-5d02-f2b2 Static
3.3.3.3 0005-5d02-f2b3 Dynamic
--- 2 dhcp-security item(s) found ---
Table 1-7 Description on the fields of the display dhcp-security command
|
Field |
Description |
|
IP Address |
User IP address |
|
MAC Address |
User MAC address |
|
IP Address Type |
Type of the user address entry, which can be static or dynamic |
1.3.10 display dhcp relay security tracker
Syntax
display dhcp relay security tracker
View
Any view
Parameters
None
Description
Use the display dhcp relay security tracker command to display information about whether the function of handshake between the DHCP relay agent and the DHCP server is enabled and the interval at which DHCP relay agent dynamic user address entries are refreshed.
Examples
# Display the interval at which DHCP relay agent dynamic user address entries are refreshed.
<H3C> display dhcp relay security tracker
Dhcp relay security tracker function is enable
Current tracker interval: 10s (Specified by user)
1.3.11 ip relay address
Syntax
ip relay address ip-address
undo ip relay address { ip-address | all }
View
VLAN interface view
Parameters
ip-address: IP address of the DHCP server to which the DHCP packets received by this VLAN interface are forwarded.
all: Specifies all DHCP servers configured for the VLAN interface to forward DHCP packets to.
Description
Use the ip relay address command to specify the VLAN interface to operate in DHCP relay agent mode and to specify the DHCP server to which the DHCP packets received by this VLAN interface are forwarded.
Use the undo ip relay address command to remove the DHCP server configured for the VLAN interface to forward DHCP packets.
No DHCP server is configured for a VLAN interface by default.
Caution:
The IP address of the intended DHCP server for the DHCP relay agent feature cannot be the IP address of the VLAN interface corresponding to the DHCP relay agent. Otherwise, the system gives the information such as “Error. The DHCP relay agent address you entered overlaps with local ip!”.
Examples
# Specify users belonging to VLAN-interface 1 to acquire their IP addresses from a specified DHCP server.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C]interface vlan1
[H3C-Vlan-interface1] ip relay address 10.9.0.3
1.3.12 reset dhcp relay statistics
Syntax
reset dhcp relay statistics
View
User view
Parameters
None
Description
Use the reset dhcp relay statistics command to clear the statistics about the DHCP relay agent.
Examples
# Clear the statistics about the DHCP relay agent.
<Sysname> reset dhcp relay statistics
1.4 DHCP Option 82 Configuration Commands
1.4.1 dhcp relay information enable
Syntax
To enable the Option 82 function on a VLAN interface in VLAN interface view:
dhcp relay information enable
undo dhcp relay information enable
To enable the Option 82 function on multiple VLAN interfaces in system view:
dhcp relay information enable { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
undo dhcp relay information enable { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }
View
VLAN interface view, System view
Parameters
vlan-id: ID of the specific VLAN interface.
all: All VLAN interfaces.
Description
Use the dhcp relay information enable command to enable the function of Option 82 support on a DHCP relay agent.
Use the undo dhcp relay information enable command to disable the function of Option 82 support on the DHCP relay agent.
By default, this function is disabled.
Related commands: dhcp server relay information enable.
Examples
# Enable Option 82 support on the DHCP relay agent so that the relay agent on VLAN-interface 1 adds Option 82 into the request packets from the DHCP clients before it sends these packets to a DHCP server.
<H3C> system-view
System View: return to User View with Ctrl+Z
[H3C] interface vlan 1
[H3C-Vlan-interface1] dhcp relay information enable
# Disable Option 82 support on the DHCP relay agent.
[H3C] interface vlan1
[H3C-Vlan-interface1] undo dhcp relay information enable
1.4.2 dhcp relay information format
Syntax
dhcp relay information format { normal | verbose }
undo dhcp relay information format
View
VLAN interface view
Parameters
normal: Normal mode of DHCP relay agent Option 82.
verbose: Fixed network mode of DHCP relay agent Option 82.
Description
Use the dhcp relay information format command to configure the mode of the DHCP relay agent Option 82.
Use the undo dhcp relay information format command to restore the default.
The normal mode is adopted by default.
Examples
# Configure the mode of the relay agent Option 82 on VLAN-interface 1 as fixed network mode.
<H3C> system-view
System View: return to User View with Ctrl+Z
[H3C]interface vlan1
[H3C-Vlan-interface1] dhcp relay information format verbose
# Restore the default mode of the relay agent Option 82 on VLAN-interface 1.
[H3C-Vlan-interface1] undo dhcp relay information format
1.4.3 dhcp relay information format verbose node-identifier
Syntax
dhcp relay information format verbose node-identifier { mac | sysname | user-defined string<1-50> }
undo dhcp relay information format verbose node-identifier
View
VLAN interface view
Parameters
mac: Specifies the bridge MAC address as the node identifier of the Option 82 to be relayed.
sysname: Specifies the system name as the node identifier of the Option 82 to be relayed.
user-defined string<1-50>: Specifies a string as the node identifier of the Option 82 to be relayed.
Description
Use the dhcp relay information format verbose node-identifier command to set the node identifier of the Option 82 to be relayed.
Use the undo dhcp relay information format verbose node-identifier command to restore the default node identifier of the Option 82.
By default, bridge MAC addresses are used as the node identifiers of the Option 82.
Examples
# Set the system name as the node identifier when the mode of the relay agent Option 82 on VLAN-interface 1 is fixed network mode.
<H3C> system-view
System View: return to User View with Ctrl+Z
[H3C]interface vlan1
[H3C-Vlan-interface1] dhcp relay information format verbose node-identifier sysname
# Restore the default node identifier of the user when the mode of relay agent Option 82 on VLAN-interface 1 is fixed network mode.
[H3C-Vlan-interface1] undo dhcp relay information format verbose node-identifier
1.4.4 dhcp relay information strategy
Syntax
dhcp relay information strategy { drop | keep | replace }
undo dhcp relay information strategy
View
VLAN interface view
Parameters
drop: Indicates that the DHCP relay agent will drop DHCP packets carrying Option 82.
keep: Indicates that the DHCP relay agent does not change Option 82 in packets.
replace: Indicates that the DHCP relay agent replaces Option 82 in packets with its own Option 82.
Description
Use the dhcp relay information strategy command to configure the way for a DHCP relay agent to process packets carrying Option 82.
Use the undo dhcp relay information strategy command to restore the default.
By default, the replace strategy is adopted.
Examples
# Configure the DHCP relay agent on VLAN-interface 1 to drop DHCP request packets carrying Option 82.
<H3C> system-view
System View: return to User View with Ctrl+Z
[H3C] interface vlan1
[H3C-Vlan-interface1] dhcp relay information strategy drop
# Restore the default.
[H3C-Vlan-interface1] undo dhcp relay information strategy
1.4.5 dhcp server relay information enable
Syntax
dhcp server relay information enable
undo dhcp server relay information enable
View
System view
Parameters
None
Description
Use the dhcp server relay information enable command to enable the function of Option 82 support on DHCP server.
Use the undo dhcp server relay information enable command to disable the function of Option 82 support on DHCP server.
When a client connected to a DHCP relay agent broadcasts a DHCP request packet, the DHCP relay agent is responsible for forwarding the packet to a DHCP server. After Option 82 support is enabled on the DHCP server, if the request packet forwarded by the DHCP relay agent to the DHCP server carries Option 82, the DHCP server will send back the Option 82 to the DHCP relay agent.
After receiving the response packet from the DHCP server to the DHCP client, the DHCP relay agent check whether Option 82 exists in the packet. If yes, it strips Option 82. That is, the response packet sent to the client does not carry Option 82.
By default, the function is enabled. That is, the DHCP server will return Option 82 carried in the request packet to the DHCP relay agent.
Related commands: dhcp relay information enable.
Examples
# Enable the DHCP server to return Option 82 carried in the request packets to the DHCP relay agent.
<H3C> system-view
System View: return to User View with Ctrl+Z
[H3C] dhcp server relay information enable
# Disable the DHCP server from returning Option 82 carried in the request packets to the DHCP relay agent.
[H3C] undo dhcp server relay information enable
1.5 DHCP Snooping Configuration Commands
1.5.1 debugging dhcp-snooping
Syntax
debugging dhcp-snooping { packet [ interface interface-type interface-number [ to interface-type interface-number ] ] | error | event | all }
undo debugging dhcp-snooping { packet [ interface interface-type interface-number [ to interface-type interface-number ] ] | error | event | all }
View
User view
Parameters
packet: DHCP snooping packet debugging.
interface-type interface-number: Specifies a port by its type and number.
error: DHCP snooping error debugging.
event: DHCP snooping event debugging.
all: All types of DHCP snooping debugging.
Description
Use the debugging dhcp-snooping command to enable DHCP snooping debugging.
Use the undo debugging dhcp-snooping command to disable DHCP snooping debugging.
By default, DHCP snooping debugging is disabled.
Examples
# Enable DHCP snooping packet debugging.
<H3C> debugging dhcp-snooping packet
# Disable DHCP snooping packet debugging.
<H3C> undo debugging dhcp-snooping packet
1.5.2 display dhcp-snooping entry
Syntax
display dhcp-snooping entry { vlan vlan-id [ to vlan-id ] | interface port-type port-numer | aggregation-group group-id | ip ip-address | all }
View
Any view
Parameters
vlan-id: VLAN ID.
port-type port-number: Specifies a port by its type and number.
group-id: Aggregation group ID.
ip-address: IP address.
all: Displays all the DHCP snooping entries.
Description
Use the display dhcp-snooping entry command to display IP-to-MAC bindings recorded by the DHCP snooping device.
The displayed information includes the IP address assigned to a DHCP client, MAC address of the DHCP client, IP address lease, binding type, VLAN where the port connecting the DHCP client resides, and port to which the DHCP client is connected.
Examples
# Display all IP-to-MAC bindings recorded by the DHCP snooping device.
<H3C> display dhcp-snooping entry all
Type:
T - Dynamic Temporary Item D - Dynamic Valid Item S - Static Item
Interface:
Eth - Ethernet GE - GigabitEthernet LAG - Link Aggregation group
IpAddress MacAddress Lease(sec) Type VLAN Port
---------------------------------------------------------------
100.100.200.150 0102-0304-0506 12 T 20 GE2/1/1
100.100.200.151 0102-0304-0501 9837 D 10 LAG3
---- total 2 item(s) ----1
Table 1-8 Description on the fields of the display dhcp snooping command
|
Field |
Description |
|
Type |
Binding type of the DHCP snooping entry, which can be static, dynamic, or temporary. |
|
IpAddress |
IP address assigned to the DHCP client |
|
MacAddress |
MAC address of the DHCP client |
|
VLAN |
VLAN where the port connecting the DHCP client resides |
|
Port |
Port to which the DHCP client is connected |
|
Lease |
Lease of the entry |
1.5.3 display dhcp-snooping trust
Syntax
display dhcp-snooping trust
View
Any view
Parameters
None
Description
Use the display dhcp-snooping trust command to display information about trusted ports.
Related commands: dhcp-snooping trust.
Examples
# Display information about trusted ports.
<H3C> display dhcp-snooping trust
DHCP snooping is enabled globally.
The number of DHCP snooping trusted ports is 2.
--------------------------------------------------------------------------GigabitEthernet0/1/1 GigabitEthernet0/1/2
1.5.4 dhcp-snooping enable
Syntax
dhcp-snooping enable
undo dhcp-snooping enable
View
System view
Parameters
None
Description
Use the dhcp-snooping enable command to enable DHCP snooping globally.
Use the undo dhcp-snooping enable command to disable DHCP snooping globally.
By default, DHCP snooping is disabled.
& Note:
l After you enable DHCP snooping globally, all the ports on the switch are untrusted ports by default, which will filter packets with source UDP port 67. With the dhcp-snooping trust command, you can configure a port as trusted to handle packets with source UDP port 67. Refer to the dhcp-snooping trust command for details.
l When deploying an ACL, the system automatically assigns a globally unique index for the ACL. After the dhcp-snooping enable command is successfully executed, you can view the system-index index-num when displaying the configuration information.
Examples
# Enable DHCP snooping globally.
<H3C> system
System View: return to User View with Ctrl+Z.
[H3C] dhcp-snooping enable
1.5.5 dhcp-snooping enable vlan
Syntax
Enable DHCP snooping on a VLAN in VLAN view:
dhcp-snooping enable
undo dhcp-snooping enable
Enable DHCP snooping on the specified VLAN in system view:
dhcp-snooping enable { vlan vlan-id [ to vlan-id ] | all }
undo dhcp-snooping enable { vlan vlan-id [ to vlan-id ] | all }
View
System view, VLAN view
Parameters
vlan-id: VLAN ID.
all: Enables DHCP snooping on all VLANs.
Description
Use the dhcp-snooping enable command to enable DHCP snooping on specified VLAN(s) or all VLANs.
Use the undo dhcp-snooping enable command to disable DHCP snooping on specified VLAN(s) or all VLANs.
By default, DHCP snooping is disabled on a VLAN.
Caution:
l The DHCP snooping configuration on a VLAN, and DHCP relay agent or DHCP server configuration on the corresponding VLAN interface are mutually exclusive. You need to disable the DHCP relay agent or DHCP server function on the VLAN interface to make the DHCP snooping function take effect.
l After you enable DHCP snooping on a VLAN, DHCP messages containing source port 68 are redirected to the CPU to record clients’ binding information.
l When deploying an ACL, the system automatically assigns a globally unique index for the ACL. After the dhcp-snooping enable command is successfully executed, you can view the system-index index-num when displaying the configuration information.
l Before enabling DHCP snooping on a VLAN, you need to enable DHCP snooping globally.
Examples
# Enable DHCP snooping on VLAN 2.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp-snooping enable
[H3C] dhcp-snooping enable vlan 2
1.5.6 dhcp-snooping entry
Syntax
dhcp-snooping entry ip ip-address mac mac-address vlan vlan-id { interface port-type port-numer | aggregation-group group-id }
undo dhcp-snooping entry ip ip-address mac mac-address
View
System view
Parameters
mac-address: MAC address.
vlan-id: VLAN ID.
ip-address: IP address.
port-type port-number: Port type and port number.
group-id: Aggregation group ID.
Description
Use the dhcp-snooping entry command to configure a static DHCP snooping entry.
Use the dhcp-snooping entry ip ip-address mac mac-address vlan vlan-id interface port-type port-number command to configure a static DHCP snooping entry, including an IP address, a MAC address, a VLAN ID and a port number.
Use the dhcp-snooping entry ip ip-address mac mac-address vlan vlan-id aggregation-group group-id command to configure a static DHCP snooping entry, including an IP address, a MAC address, a VLAN ID and an aggregation group ID.
Use the undo dhcp-snooping entry ip ip-address mac mac-address command to remove a static DHCP snooping entry.
Examples
# Configure a static DHCP snooping entry, including IP address 10.15.178.30, MAC address 00e0-f000-030d, VLAN 10, and physical port Ethernet 3/1/4.
<H3C> system-view
[H3C] dhcp-snooping entry ip 10.15.178.30 mac 00e0-f000-030d vlan 10 interface ethernet 3/1/4
1.5.7 dhcp-snooping information enable
Syntax
dhcp-snooping information enable
undo dhcp-snooping information enable
View
VLAN view
Parameters
None
Description
Use the dhcp-snooping information enable command to configure DHCP snooping to support Option 82 for the VLAN.
Use the undo dhcp-snooping information enable command to disable this function.
By default, DHCP snooping Option 82 support is disabled in all VLANs.
Caution:
This command can be executed only after DHCP snooping is enabled on the VLAN.
Examples
# Configure DHCP snooping to support Option 82 for VLAN 2.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp-snooping enable
[H3C] vlan 2
[H3C-vlan2] dhcp-snooping enable
[H3C-vlan2] dhcp-snooping information enable
1.5.8 dhcp-snooping information format
Syntax
dhcp-snooping information format { verbose | normal }
undo dhcp-snooping information format
View
VLAN view
Parameters
normal: Specifies the normal padding format.
verbose: Specifies the verbose padding format.
Description
Use the dhcp-snooping information format command to specify the padding format for Option 82.
Use the undo dhcp-snooping information format command to restore the default.
By default, the padding format for Option 82 is normal.
Caution:
l This command can be used only after the DHCP snooping Option 82 support is enabled for the VLAN.
l If the Option 82 is padded with the device name (sysname), the sysname must contain no spaces or special characters (such as forward slashes).
Examples
# Specify the padding format as verbose for Option 82.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp-snooping enable
[H3C] vlan 2
[H3C-vlan2] dhcp-snooping enable
[H3C-vlan2] dhcp-snooping information enable
[H3C-vlan2] dhcp-snooping information format verbose
1.5.9 dhcp-snooping information format verbose node-identifier
Syntax
dhcp-snooping information format verbose node-identifier { mac | sysname | user-defined string }
undo dhcp-snooping information format verbose node-identifier
View
VLAN view
Parameters
mac: Uses the bridge MAC address as the node identifier.
sysname: Uses the device name as the node identifier.
string: Uses a user-defined string of 1 to 15 characters as the node identifier
Description
Use the dhcp-snooping information format verbose node-identifier command to configure the node identifier of DHCP snooping Option 82.
Use the undo dhcp-snooping information format verbose node-identifier command to restore the default.
By default, the bridge MAC address is adopted as the node identifier for Option 82.
Caution:
l This command can be used only after the padding format for Option 82 is specified as verbose for the VLAN.
l If a user-defined string is used for the node identifier, the character string must contain no spaces or special characters (such as forward slashes).
Examples
# Specify the sysname as the node identifier for Option 82.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp-snooping enable
[H3C] vlan 2
[H3C-vlan2] dhcp-snooping enable
[H3C-vlan2] dhcp-snooping information enable
[H3C-vlan2] dhcp-snooping information format verbose
[H3C-vlan2] dhcp-snooping information format verbose node-identifier sysname
1.5.10 dhcp-snooping information strategy
Syntax
dhcp-snooping information strategy { drop | keep | replace }
undo dhcp-snooping information strategy
View
VLAN view
Parameters
drop: Drops DHCP requests containing Option 82.
keep: Keeps Option 82 in DHCP requests.
replace: Replaces Option 82 in DHCP requests with the one configured for DHCP snooping.
Description
Use the dhcp-snooping information strategy command to configure the handling strategy for Option 82 in DHCP requests for the VLAN.
Use the undo dhcp-snooping information strategy command to restore the default.
By default, the handling strategy for Option 82 in DHCP requests for the VLAN is replace.
Caution:
This command can be used only after the DHCP snooping Option 82 support is enabled for the VLAN.
Examples
# Configure the handling strategy for Option 82 in DHCP requests for VLAN 2 as keep.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp-snooping enable
[H3C] vlan 2
[H3C-vlan2] dhcp-snooping enable
[H3C-vlan2] dhcp-snooping information enable
[H3C-vlan2] dhcp-snooping information strategy keep
1.5.11 dhcp-snooping security check enable
Syntax
In port view:
dhcp-snooping security check enable
undo dhcp-snooping security check enable
In system view:
dhcp-snooping security check enable interface interface-type interface-number [ to interface-type interface-number ]
undo dhcp-snooping security check enable interface interface-type interface-number [ to interface-type interface-number ]
View
Port view, system view
Parameters
port-type port-number: Port type and port number.
Description
Use the dhcp-snooping security check enable command to enable the DHCP snooping security check function.
Use the undo dhcp-snooping security check enable command to disable the function.
By default, the DHCP snooping security check function is disabled.
& Note:
l After the security check function is enabled on a port, an ARP packet passing through the port will be redirected to the CPU. If a DHCP snooping entry matches the sender IP and MAC addresses of the ARP packet, the ARP packet is forwarded; otherwise, the ARP packet is discarded.
l To support this function, it is required to enabled DHCP snooping on all VLANs to which the port belongs; otherwise, ARP packets may fail to be forwarded in the VLAN where DHCP snooping is not enabled.
l When deploying an ACL, the system automatically assigns a globally unique index for the ACL. After the dhcp-snooping security check enable command is successfully executed, you can view the system-index index-num when displaying the configuration information.
l This command is supported on 100M (megabit) and gigabit Ethernet ports.
l This command can be configured only after DHCP snooping is enabled globally.
Examples
# Enable the DHCP snooping security check function on port Ethernet 2/1/1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp-snooping enable
[H3C] interface Ethernet 2/1/1
[H3C-Ethernet 2/1/1] dhcp-snooping security check enable
1.5.12 dhcp-snooping trust
Syntax
dhcp-snooping trust
undo dhcp-snooping trust
View
Port view
Parameters
None
Description
Use the dhcp-snooping trust command to configure the port as a trusted port.
Use the undo dhcp-snooping trust command to restore the default state.
After DHCP snooping is enabled globally, all ports on the switch are untrusted ports by default.
Caution:
l An untrusted port filters out packets with source UDP port 67. You can configure the port as trusted to handle packets with source UDP port 67.
l After deploying an ACL, the system automatically assigns a globally unique index for the ACL. After the dhcp-snooping trust command is successfully executed, you can view the system-index index-num when displaying the configuration information.
l This command is supported on 100M Ethernet ports, gigabit Ethernet ports, gigabit RPR ports and 10G (gigabit) RPR ports.
l This command can be configured only after DHCP snooping is enabled globally.
Examples
# Specify Ethernet 1/1/1 as a trusted port.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] dhcp-snooping enable
[H3C] interface ethernet1/1/1
[H3C-Ethernet1/1/1] dhcp-snooping trust
1.5.13 reset dhcp-snooping entry
Syntax
reset dhcp-snooping entry { mac mac-address | vlan vlan-id | ip ip-address | interface port-type port-numer | aggregation-group group-id | dynamic| static | all }
View
User view
Parameters
mac-address: MAC address.
vlan-id: VLAN ID.
ip-address: IP address.
port-type port-number: Specifies a port by its type and number.
group-id: Aggregation group ID.
dynamic: Dynamic DHCP snooping entries.
static: Static DHCP snooping entries.
all: All DHCP snooping entries.
Description
Use the reset dhcp-snooping entry command to remove DHCP snooping entries.
Use the reset dhcp-snooping entry mac mac-address command to remove dynamic DHCP snooping entry information containing specified MAC address.
Use the reset dhcp-snooping entry ip ip-address command to remove dynamic DHCP snooping entry information containing the specified IP address.
Use the reset dhcp-snooping entry vlan vlan-id command to remove dynamic DHCP snooping entry information containing the specified VLAN.
Use the reset dhcp-snooping entry interface port-type port-number command to remove dynamic DHCP snooping entry information containing the specified port.
Use the reset dhcp-snooping entry aggregation-group group-id command to remove dynamic DHCP snooping entry information containing the specified aggregation group.
Use the reset dhcp-snooping entry dynamic command to remove all dynamic DHCP snooping entries.
Use the reset dhcp-snooping entry static command to remove all static DHCP snooping entries.
Use the reset dhcp-snooping entry all command to remove all DHCP snooping entries.
Examples
# Remove all DHCP snooping entries.
<H3C> reset dhcp-snooping entry all
