Use the undo dhcp-snooping command to disable the DHCP snooping function. After DHCP snooping is disabled, all the ports can forward DHCP replies from the DHCP server without recording the IP-to-MAC bindings of the DHCP clients.

By default, the DHCP snooping function is disabled.

Note that:

l You need to disable DHCP relay agent before enabling DHCP snooping on the switch.

l The clients connected to a DHCP snooping device cannot obtain an IP address through BOOTP.

Related commands: display dhcp-snooping.

Examples

# Enter system view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

# Enable the DHCP snooping function.

[Sysname] dhcp-snooping

dhcp-snooping information enable

Syntax

dhcp-snooping information enable

undo dhcp-snooping information enable

View

System view

Parameters

None

Description

Use the dhcp-snooping information enable command to enable DHCP snooping Option 82.

Use the undo dhcp-snooping information enable command to disable DHCP snooping Option 82.

DHCP snooping Option 82 is disabled by default.

Note that:

l Among S3100 series switches, only S3100-EI series switches support the two commands.

l Enable DHCP snooping before performing this configuration.

Examples

# Enable DHCP snooping Option 82.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] dhcp-snooping information enable

dhcp-snooping information format

Syntax

dhcp-snooping information format { hex | ascii }

View

System view

Parameters

hex: Specifies the storage format of Option 82 as HEX (namely, hexadecimal string).

ascii: Specifies the storage format of Option 82 as ASCII.

Description

Use the dhcp-snooping information format command to configure the storage format of non-user-defined Option 82 as HEX or ASCII.

By default, the Option 82 is in HEX format.

Note that among S3100 series switches, only S3100-EI series switches support the two commands.

The dhcp-snooping information format command applies only to the default content of the Option 82 field. If you have configured the circuit ID or remote ID sub-option, the storage format of the sub-option is ASCII, instead of the one specified with the dhcp-snooping information format command.

Examples

# Configure the storage format of Option 82 as ASCII.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] dhcp-snooping information format ascii

dhcp-snooping information packet-format

Syntax

dhcp-snooping information packet-format { extended | standard }

View

System view

Parameters

extended: Specifies the padding format for Option 82 as the extended format.

standard: Specifies the padding format for Option 82 as the standard format.

Description

Use the dhcp-snooping information packet-format command to configure the padding format for Option 82 as the extended or standard one.

By default, the padding format for Option 82 is the extended one.

Note that among S3100 series switches, only S3100-EI series switches support the two commands.

Examples

# Configure the padding format for Option 82 as the standard one.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] dhcp-snooping information packet-format standard

dhcp-snooping information remote-id

Syntax

dhcp-snooping information remote-id { sysname | string string }

undo dhcp-snooping information remote-id

View

System view

Parameters

sysname: Uses the system name (sysname) of the DHCP snooping device to pad the remote ID sub-option in Option 82.

string: Customized content of the remote ID sub-option, a string of 1 to 63 ASCII characters.

Description

Use the dhcp-snooping information remote-id command to configure the remote ID sub-option in Option 82.

Use the undo dhcp-snooping information remote-id command to restore the default value of the remote ID sub-option in Option 82.

By default, the remote ID sub-option in Option 82 is the MAC address of the DHCP Snooping device that received the DHCP client’s request.

Note that among S3100 series switches, only S3100-EI series switches support the two commands.

Examples

# Configure the remote ID sub-option of Option 82 as the system name (sysname) of the DHCP snooping device.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] dhcp-snooping information remote-id sysname

dhcp-snooping information strategy

Syntax

dhcp-snooping information strategy { drop | keep | replace }

undo dhcp-snooping information strategy

View

System view, Ethernet port view

Parameters

drop: If a packet contains Option 82, DHCP snooping drops this packet.

keep: If a packet contains Option 82, DHCP snooping keeps and forwards this packet.

replace: If a packet contains Option 82, DHCP snooping replaces the original Option 82 field with the Option 82 field having the specified padding content and forwards the packet.

Description

Use the dhcp-snooping information strategy command in system view to configure a handling policy for DHCP requests that contain Option 82 sent by the DHCP client.

Use the undo dhcp-snooping information strategy command to restore the default handling policy.

Use the dhcp-snooping information strategy command in Ethernet port view to configure a handling policy for requests that contain Option 82 received on the current port.

Use the undo dhcp-snooping information strategy command to restore the default handling policy.

By default, after DHCP-snooping Option 82 support is enabled, DHCP snooping replaces the Option 82 field in the requests sent by the DHCP clients.

Note that among S3100 series switches, only S3100-EI series switches support the two commands.

l Enable DHCP-snooping and DHCP-snooping Option 82 before performing this configuration.

l If a handling policy is configured on a port, this configuration overrides the globally configured handling policy for requests received on this port, while the globally configured handling policy applies on those ports where a handling policy is not natively configured.

Examples

# Configure the keep handling policy for DHCP requests that contain Option 82 on the DHCP snooping device.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] dhcp-snooping information strategy keep

dhcp-snooping information vlan circuit-id

Syntax

dhcp-snooping information [ vlan vlan-id ] circuit-id string string

undo dhcp-snooping information { [ vlan vlan-id ] circuit-id | circuit-id all }

View

Ethernet port view

Parameters

vlan vlan-id: Specifies a VLAN. DHCP packets from the VLAN are padded with the circuit ID sub-option.

string: Content of the circuit ID sub-option, a string of 3 to 63 ASCII characters.

Description

Use the dhcp-snooping information vlan circuit-id command to configure the content of the circuit ID field in Option 82.

Use the undo dhcp-snooping information circuit-id command to restore the default.

With vlan vlan-id specified, the customized circuit ID sub-option applies only to the DHCP packets from the specified VLAN. With no vlan vlan-id specified, the customized circuit ID sub-option applies to all DHCP packets that pass through the current port.

Use the undo dhcp-snooping information vlan vlan-id circuit-id command to restore the default circuit ID in DHCP packets from the specified VLAN.

Use the undo dhcp-snooping information circuit-id command to restore the default circuit ID for all DHCP packets except those from the specified VLAN.

Use the undo dhcp-snooping information circuit-id all command to restore the default circuit ID for all DHCP packets.

By default, the circuit ID field in Option 82 contains the VLAN ID and index of the port that received the client’s request.

If you have configured a circuit ID with the vlan vlan-id argument specified, and the other one without the argument in Ethernet port view, the former circuit ID applies to the DHCP messages from the specified VLAN, while the latter one applies to DHCP messages from other VLANs.

Note that among S3100 series switches, only S3100-EI series switches support the two commands.

Examples

# Set the circuit ID field in Option 82 of the DHCP messages sent through Ethernet 1/0/1 to abc.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] dhcp-snooping information circuit-id string abc

dhcp-snooping information vlan remote-id

Syntax

dhcp-snooping information [ vlan vlan-id ] remote-id string string

undo dhcp-snooping information { [ vlan vlan-id ] remote-id | remote-id all }

View

Ethernet port view

Parameters

vlan vlan-id: Specifies the VLAN ID of the remote ID to be customized.

string: Customized content of the remote ID sub-option, a string of 3 to 63 ASCII characters.

Description

Use the dhcp-snooping information vlan remote-id command to configure the content of the remote ID in Option 82

Use the undo dhcp-snooping information remote-id command to restore the default remote ID in Option 82.

With vlan vlan-id specified, the customized remote ID sub-option applies only to the DHCP packets from the specified VLAN. Without vlan vlan-id specified, the customized remote ID sub-option applies to all DHCP packets that pass through the current port.

Use the undo dhcp-snooping information vlan vlan-id remote-id command to restore the default remote ID in DHCP packets from the specified VLAN.

Use the undo dhcp-snooping information remote-id command to restore the default remote ID in all DHCP packets except those from the specified VLAN.

Use the undo dhcp-snooping information remote-id all command to restore the default remote ID in all DHCP packets.

By default, the remote ID sub-option in Option 82 is the MAC address of the DHCP Snooping device that received the DHCP client’s request.

If you have configured a remote ID with the vlan vlan-id argument specified, and the other one without the argument in Ethernet port view, the former remote ID applies to the DHCP messages from the specified VLAN, while the latter one applies to DHCP messages from other VLANs.

Note that among S3100 series switches, only S3100-EI series switches support the two commands.

Examples

# Configure the remote ID of Option 82 in DHCP packets to abc on the port Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] dhcp-snooping information remote-id string abc

dhcp-snooping server-guard enable

Syntax

dhcp-snooping server-guard enable

undo dhcp-snooping server-guard enable

View

Ethernet port view

Parameters

None

Description

Use the dhcp-snooping server-guard enable command to enable unauthorized DHCP server detection on the port, through which DHCP-DISCOVER messages will be sent to detect unauthorized DHCP servers.

Use the undo dhcp-snooping server-guard enable command to disable unauthorized DHCP server detection on the port.

Note that:

l Among S3100 series switches, only S3100-SI series switches support the two commands.

l You need to enable DHCP snooping before enabling unauthorized DHCP server detection on the switch.

Examples

# Enable unauthorized DHCP server detection on Ethernet 1/0/3.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/3

[Sysname-Ethernet1/0/3] dhcp-snooping server-guard enable

dhcp-snooping server-guard method

Syntax

dhcp-snooping server-guard method { trap | shutdown }

undo dhcp-snooping server-guard method

View

Ethernet port view

Parameters

trap: Sends a trap to notify the administrator when an unauthorized DHCP server is detected.

shutdown: Shuts down the port administratively when an unauthorized DHCP server is detected, and sends a trap to notify the administrator.

Description

Use the dhcp-snooping server-guard method command to specify the method for handling unauthorized DHCP servers. With the keyword trap specified, when an unauthorized DHCP server is detected, the switch sends a trap to notify the administrator; with the keyword shutdown specified, when an unauthorized DHCP server is detected, the switch shuts down the port administratively, and sends a trap to notify the administrator.

Use the undo dhcp-snooping server-guard method command to restore the default.

By default, the unauthorized DHCP server detection handling method is trap.

Note that:

l Among S3100 series switches, only S3100-SI series switches support the two commands.

l A port shut down administratively is in the closed state and cannot receive or forward packets; however, using the display current-configuration command cannot display the port state. You can use the undo shutdown command in port view to enable this port.

Example

# Specify the unauthorized DHCP server handling method as shutdown.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/3

[Sysname-Ethernet1/0/3] dhcp-snooping server-guard method shutdown

dhcp-snooping server-guard source-mac

Syntax

dhcp-snooping server-guard source-mac mac-address

undo dhcp-snooping server-guard source-mac

View

System view

Parameters

mac-address: MAC address, in the format of H-H-H.

Description

Use the dhcp-snooping server-guard source-mac command to specify a source MAC address for DHCP-DISCOVER messages.

Use the undo dhcp-snooping server-guard source-mac command to restore the default MAC address.

By default, the source MAC address of DHCP-DISCOVER messages is the bridge MAC address of the switch.

Note that among S3100 series switches, only S3100-SI series switches support the two commands.

Examples

# Specify the source MAC address for DHCP-DISCOVER messages as 000f-e200-3100.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] dhcp-snooping server-guard source-mac 000f-e200-3100

dhcp-snooping trust

Syntax

dhcp-snooping trust

undo dhcp-snooping trust

View

Ethernet port view

Parameters

None

Description

Use the dhcp-snooping trust command to set an Ethernet port to a DHCP-snooping trusted port.

Use the undo dhcp-snooping trust command to restore an Ethernet port to a DHCP-snooping untrusted port.

By default, with the DHCP snooping enabled, all the ports of a switch are untrusted ports.

Note that:

l Among S3100 series switches, only S3100-EI series switches support the two commands.

l After DHCP snooping is enabled, you need to specify the port connected to a valid DHCP server as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the ports connected to DHCP clients must be in the same VLAN.

Related commands: display dhcp-snooping trust.

Examples

# Enter system view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

# Set the Ethernet 1/0/1 port to a trusted port.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] dhcp-snooping trust

display dhcp-snooping

Syntax

display dhcp-snooping [ unit unit-id ]

View

Any view

Parameters

unit unit-id: Indicates the number of the device whose DHCP-snooping information needs to be viewed, the value is 1.

Description

Use the display dhcp-snooping command to display the user IP-MAC address mapping entries recorded by the DHCP snooping function.

Related commands: dhcp-snooping.

Examples

# Display the user IP-MAC address mapping entries recorded by the DHCP snooping function (S3100-EI).

<Sysname> display dhcp-snooping

DHCP-Snooping is enabled.

The client binding table for all untrusted ports.

Type : D--Dynamic , S--Static

Unit ID : 1

Type IP Address MAC Address Lease VLAN Interface

==== =============== =============== ========= ==== =================

D 10.1.1.1 00e0-fc00-0006 200 1 Ethernet1/0/1

--- 1 dhcp-snooping item(s) of unit 1 found ---

# Display the user IP-MAC address mapping entries recorded by the DHCP snooping function (S3100-SI).

<Sysname> display dhcp-snooping

DHCP-Snooping is enabled.

Type : D--Dynamic , S--Static

Type IP Address MAC Address Remaining VLAN Interface

lease

==== =============== =============== ========= ==== =================

D 10.1.1.1 00e0-fc00-0006 N/A 1 Ethernet1/0/1

--- 1 dhcp-snooping item(s) of unit 1 found ---

display dhcp-snooping server-guard

Syntax

display dhcp-snooping server-guard

View

Any view

Parameters

None

Description

Use the display dhcp-snooping server-guard command to display information about unauthorized DHCP server detection.

Note that among S3100 series switches, only S3100-SI series switches support this command.

Examples

# Display information about unauthorized DHCP server detection.

<Sysname> display dhcp-snooping server-guard

DHCP-Snooping is enabled.

DHCP-Snooping server guard become effective.

Interface Status Find Time

================================================================

Ethernet1/0/3 Server detected 223

Ethernet1/0/4 No server detected 0

Ethernet1/0/5 Server detected and shutdown 213

Table 1-1 Description on the fields of the display dhcp-snooping server-guard command

Field	Description
DHCP-Snooping is enabled	The DHCP snooping function is enabled.
DHCP-Snooping server guard become effective	Unauthorized DHCP server detection is enabled.
Interface	The ports enabled with unauthorized DHCP server detection
Status	Port status: l No server detected: No unauthorized DHCP server is detected on the port. l Server detected: An unauthorized DHCP server was detected on the port, and a trap was sent. l Server detected and shutdown: An unauthorized DHCP server was detected on the port. The port has been shut down administratively, and a trap was sent.
Find Time	The time interval between when the switch started and when the last unauthorized DHCP server was detected, in seconds. (If no unauthorized DHCP server is detected, 0 is displayed.)

display dhcp-snooping trust

Syntax

display dhcp-snooping trust

View

Any view

Parameters

None

Description

Use the display dhcp-snooping trust command to display the (enabled/disabled) state of the DHCP snooping function and the trusted ports.

Note that among S3100 series switches, only S3100-EI series switches support the command.

Related commands: dhcp-snooping trust.

Examples

# Display the state of the DHCP snooping function and the trusted ports.

<Sysname> display dhcp-snooping trust

DHCP-Snooping is enabled.

DHCP-Snooping trust become effective.

Interface Trusted

===================== =================

Ethernet1/0/10 Trusted

The above display information indicates that the DHCP snooping function is enabled, and the Ethernet 1/0/10 port is a trusted port.

display ip source static binding

Syntax

display ip source static binding [ vlan vlan-id | interface interface-type interface-number ]

View

Any view

Parameters

vlan-id: ID of the VLAN whose IP static binding entries are to be displayed.

interface-type interface-number: Type and number of the port whose IP static binding entries are to be displayed.

Description

Use the display ip source static binding command to display the IP static binding entries configured. If you specify a VLAN, all the IP static binding entries for the specified VLAN will be displayed. If you specify a port, all the IP static binding entries for the specified port will be displayed.

Note that among S3100 series switches, only S3100-EI series switches support the two commands.

Examples

# Display all IP static binding entries configured.

<Sysname> display ip source static binding

Type IP Address MAC Address Remaining VLAN Interface

lease

==== =============== =============== ========= ==== =================

S 192.168.0.25 0015-e20f-0101 infinite 1 Ethernet1/0/2

S 192.168.0.58 0001-e201-4f01 infinite 1 Ethernet1/0/3

S 192.168.0.101 000f-0101-0204 infinite 1 Ethernet1/0/2

S 192.168.0.122 000f-e20f-21a3 infinite 1 Ethernet1/0/3

S 192.168.0.144 0015-e943-712f infinite 1 Ethernet1/0/2

--- 5 static binding item(s) found ---

ip check source ip-address

Syntax

ip check source ip-address [ mac-address ]

undo ip check source ip-address [ mac-address ]

View

Ethernet port view

Parameters

mac-address: Enables IP filtering based on the source MAC address of the packets.

Description

Use the ip check source ip-address command to enable the filtering of the IP packets received through the current port based on the source IP address of the packets.

Use the undo ip check source ip-address command to disable the filtering of the IP packets received through the current port based on the source IP address of the packets.

Use the ip check source ip-address mac-address command to enable the filtering of the IP packets received through the current port based on the source IP address and source MAC address of the packets.

Use the undo ip check source ip-address mac-address command to disable the filtering of the IP packets received through the current port based on the source IP address and source MAC address of the packets.

By default, the filtering of the IP packets received through a port based on the source IP address or source MAC address of the packets is disabled.

Note that among S3100 series switches, only S3100-EI series switches support the two commands.

Examples

# Enable the filtering of the IP packets received through port Ethernet 1/0/11 based on the source IP address of the packets.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/11

[Sysname-Ethernet1/0/11] ip check source ip-address

ip source static binding

Syntax

ip source static binding ip-address ip-address [ mac-address mac-address ]

undo ip source static binding ip-address ip-address

View

Ethernet port view

Parameters

ip-address ip-address: Specifies the IP address to be statically bound.

mac-address mac-address: Specifies the MAC address to be statically bound.

Description

Use the ip source static binding ip-address command to configure the static binding among source IP address, source MAC address, and the port number so as to generate static binding entries.

Use the undo ip source static binding ip-address command to remove the static binding among source IP address, source MAC address, and the port.

By default, no binding among source IP address, source MAC address, and the port number is configured.

To create a static binding after IP filtering is enabled with the mac-address keyword included on a port, the mac-address argument must be specified; otherwise, the packets sent from this IP address cannot pass the IP filtering.

Note that among S3100 series switches, only S3100-EI series switches support the two commands.

Related commands: ip check source ip-address.

Examples

# Configure static binding among source IP address 1.1.1.1, source MAC address 0015-e20f-0101, and Ethernet 1/0/3.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/3

[Sysname-Ethernet1/0/3] ip source static binding ip-address 1.1.1.1 mac-address 0015-e20f-0101

2 Rate Limit Configuration Commands

Among S3100 series Ethernet switches, only S3100-EI series switches support the DHCP Rate Limit function.

Rate Limit Configuration Commands

dhcp protective-down recover enable

Syntax

dhcp protective-down recover enable

undo dhcp protective-down recover enable

View

System view

Parameters

None

Description

Use the dhcp protective-down recover enable command to enable port state auto-recovery on the switch.

Use the undo dhcp protective-down recover enable command to disable port state auto-recovery.

With the port state auto-recovery function, a port that is shut down because the DHCP traffic rate limit configured on it is exceeded can automatically be brought up after a specified interval.

By default, the port state auto-recovery function on the switch is disabled.

Examples

# Enable port state auto-recovery on the switch.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] dhcp protective-down recover enable

dhcp protective-down recover interval

Syntax

dhcp protective-down recover interval interval

undo dhcp protective-down recover interval

View

System view

Parameters

interval: Interval (in seconds) for a port disabled due to the DHCP traffic exceeding the set threshold to be brought up again. This argument ranges from 10 to 86,400.

Description

Use the dhcp protective-down recover interval command to set an auto recovery interval.

Use the undo dhcp protective-down recover interval command to restore the default interval.

With the port state auto-recovery function enabled on a switch, the auto recovery interval defaults to 300 seconds.

Note that:

l Before configuring the port state auto-recovery interval, you must enable port state auto-recovery on the switch first.

l The new port state auto-recovery interval only applies to the ports that are shut down after the dhcp protective-down recover interval command is last executed.

Examples

# Set the port state auto-recovery interval to 30 seconds.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] dhcp protective-down recover enable

[Sysname] dhcp protective-down recover interval 30

dhcp rate-limit

Syntax

dhcp rate-limit rate

undo dhcp rate-limit

View

Ethernet port view

Parameters

rate: Maximum rate of DHCP traffic in pps. This argument ranges from 10 to 150.

Description

Use the dhcp rate-limit command to configure the maximum rate of DHCP traffic for the port. When the number of DHCP packets received on the port per second exceeds the specified threshold, the switch will discard the exceeding DHCP packets.

Use the undo dhcp rate-limit command to restore the default.

By default, after the DHCP traffic limit is enabled, the maximum rate of DHCP traffic is 15 pps.

Note that:

You need to enable the function to limit DHCP traffic (refer to the dhcp rate-limit enable command) for a port before executing either of these two commands for the port.

Examples

# Configure the DHCP traffic threshold to 100 pps for port Ethernet 1/0/11.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface ethernet 1/0/11

[Sysname-Ethernet1/0/11] dhcp rate-limit enable

[Sysname-Ethernet1/0/11] dhcp rate-limit 100

dhcp rate-limit enable

Syntax

dhcp rate-limit enable

undo dhcp rate-limit enable

View

Ethernet port view

Parameters

None

Description

Use the dhcp rate-limit enable command to enable the function to limit DHCP traffic for an Ethernet port. You can use this command to limit the DHCP traffic passing through an Ethernet port. When the number of DHCP packets received on the port per second exceeds the specified threshold (the default value is 15 pps), the switch will discard the exceeding DHCP packets.

Use the undo dhcp rate-limit enable command to disable the function. You can use this command to relieve the DHCP traffic limit configured on an Ethernet port.

By default, the function to limit DHCP traffic is disabled on an Ethernet port. That is, DHCP traffic passing through an Ethernet port is not limited.

Examples

# Enable the function to limit DHCP traffic for Ethernet 1/0/11 port.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface ethernet 1/0/11

[Sysname-Ethernet1/0/11] dhcp rate-limit enable

3 DHCP/BOOTP Client Configuration

DHCP Client Configuration Commands

display dhcp client

Syntax

display dhcp client [ verbose ]

View

Any view

Parameters

verbose: Displays the detailed address allocation information.

Description

Use the display dhcp client command to display the information about the address allocation of DHCP clients.

Note that S3100 series Ethernet switches that operate as DHCP clients support a maximum lease duration of 24 days currently.

Examples

# Display the information about the address allocation of DHCP clients.

<Sysname> display dhcp client verbose

DHCP client statistic information:

Vlan-interface1:

Current machine state: BOUND

Allocated IP: 192.168.0.2 255.255.255.0

Allocated lease: 86400 seconds, T1: 43200 seconds, T2: 75600 seconds

Lease from 2002.09.20 01:05:03 to 2002.09.21 01:05:03

Server IP: 192.168.0.1

Transaction ID = 0x3d8a7431

Default router: 192.168.0.1

Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds.

Table 3-1 Description on the fields of the display dhcp client command

Field	Description
Vlan-interface1	VLAN interface operating as a DHCP client to obtain an IP address dynamically
Current machine state	The state of the client state machine
Allocated IP	IP address allocated to the DHCP client
lease	Lease period
T1	Renewal timer setting
T2	Rebinding timer setting
Lease from….to….	The starting and end time of the lease period
Server IP	IP address of the DHCP server selected
Transaction ID	Transaction ID
Default router	Gateway address
Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds.	The timer expires in 11 hours, 56 minutes, and 1 second.

ip address dhcp-alloc

Syntax

ip address dhcp-alloc

undo ip address dhcp-alloc

View

VLAN interface view

Parameters

None

Description

Use the ip address dhcp-alloc command to configure a VLAN interface to obtain an IP address through DHCP.

Use the undo ip address dhcp-alloc command to cancel the configuration.

By default, a VLAN interface does not use DHCP to obtain an IP address.

To improve security and avoid malicious attacks to the unused sockets, S3100 Ethernet switches provide the following functions:

l UDP ports 67 and 68 used by DHCP are enabled/disabled only when DHCP is enabled/disabled.

The implementation is as follows:

l After the DHCP client is enabled by executing the ip address dhcp-alloc command, UDP port 68 is enabled.

l After the DHCP client is disabled by executing the undo ip address dhcp-alloc command, UDP port 68 is disabled.

Examples

# Configure VLAN-interface 1 to obtain an IP address through DHCP.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 1

[Sysname-Vlan-interface1] ip address dhcp-alloc

BOOTP Client Configuration Commands

display bootp client

Syntax

display bootp client [ interface Vlan-interface vlan-id ]

View

Any view

Parameters

vlan-id: ID of the VLAN interface.

Description

Use the display bootp client command to display BOOTP client-related information, including the MAC address of the BOOTP client and the IP address obtained.

Examples

# Display the BOOTP client-related information.

<Sysname> display bootp client interface Vlan-interface 1

Vlan-interface1:

Allocated IP: 192.168.0.2 255.255.255.0

Transaction ID = 0x3d8a7431

Mac Address 000f-e20a-c3ef

Default router: 192.168.0.1

Table 3-2 Description on the fields of the display bootp client command

Field	Description
Vlan-interface1	VLAN-interface 1 is configured to obtain an IP address through BOOTP.
Allocated IP	IP address allocated to the VLAN interface
Transaction ID	Value of the XID field in BOOTP packets
Mac Address	MAC address of the BOOTP client
Default router	Default router

ip address bootp-alloc

Syntax

ip address bootp-alloc

undo ip address bootp-alloc

View

VLAN interface view

Parameters

None

Description

Use the ip address bootp-alloc command to configure a VLAN interface to obtain an IP address through BOOTP.

Use the undo ip address bootp-alloc command to cancel the configuration.

By default, a VLAN interface does not use BOOTP to obtain an IP address.

Related commands: display bootp client.

Examples

# Configure VLAN-interface 1 to obtain an IP address through BOOTP.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 1

[Sysname-Vlan-interface1] ip address bootp-alloc

H3C S3100 Series Ethernet Switches command Manual-Release 21XX Series(V1.06)

dhcp-snooping information enable

3 DHCP/BOOTP Client Configuration

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us