Login
- Table of Contents
-
- H3C WX3000 Series Unified Switches Switching Engine Command Reference-6W103
- 00-Preface
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-Auto Detect Command
- 06-Voice VLAN Command
- 07-GVRP Command
- 08-Basic Port Configuration Command
- 09-Link Aggregation Command
- 10-Port Isolation Command
- 11-Port Security-Port Binding Command
- 12-DLDP Command
- 13-MAC Address Table Management Command
- 14-MSTP Command
- 15-802.1x and System Guard Command
- 16-AAA Command
- 17-MAC Address Authentication Command
- 18-IP Address and Performance Command
- 19-DHCP Command
- 20-ACL Command
- 21-QoS-QoS Profile Command
- 22-Mirroring Command
- 23-ARP Command
- 24-SNMP-RMON Command
- 25-Multicast Command
- 26-NTP Command
- 27-SSH Command
- 28-File System Management Command
- 29-FTP-SFTP-TFTP Command
- 30-Information Center Command
- 31-System Maintenance and Debugging Command
- 32-VLAN-VPN Command
- 33-HWPing Command
- 34-DNS Command
- 35-Smart Link-Monitor Link Command
- 36-PoE-PoE Profile Command
- 37-Routing Protocol Command
- 38-UDP Helper Command
- 39-Index
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 19-DHCP Command | 111.72 KB |
Table of Contents
1 DHCP Relay Agent Configuration Commands
DHCP Relay Agent Configuration Commands
dhcp relay information strategy
2 DHCP Snooping Configuration Commands
DHCP Snooping Configuration Commands
dhcp-snooping information enable
dhcp-snooping information format
dhcp-snooping information packet-format
dhcp-snooping information remote-id
dhcp-snooping information strategy
dhcp-snooping information vlan circuit-id
dhcp-snooping information vlan remote-id
display ip source static binding
3 DHCP/BOOTP Client Configuration
DHCP Client Configuration Commands
BOOTP Client Configuration Commands
DHCP Relay Agent Configuration Commands
address-check
Syntax
address-check enable
address-check disable
View
VLAN interface view
Parameters
None
Description
Use the address-check enable command to enable IP address match checking on the DHCP relay agent. After this feature is enabled, the DHCP relay agent can cooperate with the ARP module to check whether a requesting client’s IP and MAC addresses match a binding on the DHCP relay agent; if not, the client cannot access outside networks via the DHCP relay agent.
Use the address-check disable command to disable IP address match checking on the DHCP relay agent.
By default, IP address match checking on the DHCP relay agent is disabled.
Examples
# Enter system view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
# Enter VLAN-interface 1 view.
[Sysname] interface vlan-interface 1
# Enable IP address match checking on VLAN-interface 1 of the DHCP relay agent.
[Sysname-Vlan-interface1] address-check enable
dhcp-relay hand
Syntax
dhcp relay hand enable
dhcp relay hand disable
View
System view
Parameters
None
Description
Use the dhcp relay hand enable command to enable the DHCP relay handshake function. With this feature enabled, the DHCP relay agent uses the IP address of a client and the MAC address of the DHCP relay interface to periodically send a handshake message to the DHCP server to determine whether or not to update the clent’s binding entry.
Use the dhcp relay hand disable command to disable the DHCP relay handshake function.
By default, the DHCP relay handshake function is enabled.
Examples
# Disable the DHCP relay handshake function.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] dhcp relay hand disable
dhcp relay information enable
Syntax
dhcp relay information enable
undo dhcp relay information enable
View
System view
Parameters
None
Description
Use the dhcp relay information enable command to enable Option 82 support on a DHCP relay agent.
Use the undo dhcp relay information enable command to disable Option 82 support on a DHCP relay agent.
By default, this function is disabled.
By default, with the Option 82 support function enabled on the DHCP relay agent, the DHCP relay agent will adopt the replace strategy to process the request packets containing Option 82. However, if other strategies are configured before, then enabling the 82 supporting on the DHCP relay will not change the configured strategies.
Related commands: dhcp relay information strategy.
Examples
# Enter system view.
<Sysnamer> system-view
System View: return to User View with Ctrl+Z.
# Enable Option 82 support on a DHCP relay agent.
[Sysname] dhcp relay information enable
dhcp relay information strategy
Syntax
dhcp relay information strategy { drop | keep | replace }
undo dhcp relay information strategy
View
System view
Parameters
drop: Specifies to drop messages containing Option 82.
keep: Specifies to forward messages containing Option 82 without any change.
replace: Specifies to forward messages containing Option 82 after replacing the original Option 82 with the Option 82 padded with the specified content.
Description
Use the dhcp relay information strategy command to configure the DHCP relay agent handling strategy for messages containing Option 82 sent by the DHCP client.
Use the undo dhcp relay information strategy command to restore the default handling strategy.
By default, the handling strategy for messages containing Option 82 is replace.
Related commands: dhcp relay information enable.
Examples
# Enter system view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
# Configure the DHCP relay agent handling strategy for messages containing Option 82 sent by the DHCP client as drop.
[Sysname] dhcp relay information strategy drop
dhcp-security static
Syntax
dhcp-security static ip-address mac-address
undo dhcp-security { ip-address | all | dynamic | static }
View
System view
Parameters
ip-address: User IP address.
mac-address: User MAC address.
all: Removes all user address entries.
dynamic: Removes dynamic user address entries.
static: Removes static user address entries.
Description
Use the dhcp-security static command to configure a static DHCP address binding entry.
Use the undo dhcp-security command to remove one or all address binding entries, or all address binding entries of a specified type.
Related commands: display dhcp-security.
Examples
# Enter system view.
<Sysname> system-view
System View: return to User View with Ctrl+Z
# Configure a static address binding entry, with the IP address being 1.1.1.1 and the MAC address being 0005-5D02-F2B3.
[Sysname] dhcp-security static 1.1.1.1 0005-5D02-F2B3
dhcp-security tracker
Syntax
dhcp-security tracker { interval | auto }
undo dhcp-security tracker [ interval ]
View
System view
Parameters
interval: Refreshing interval in seconds, in the range of 1 to 120.
auto: Specifies the auto refreshing interval, which is automatically calculated according to the number of binding entries.
Description
The default handshake interval is auto, the value of 60 seconds divided by the number of binding entries.
Use the dhcp-security tracker command to set the interval at which the DHCP relay agent refreshes dynamic binding entries.
Use the undo dhcp-security tracker command to restore the default interval.
By default, the refreshing interval is automatically calculated according to the number of binding entries.
Examples
# Enter system view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
# Set the interval to refresh dynamic binding entries to 60 seconds.
[Sysname] dhcp-security tracker 60
dhcp-server
Syntax
dhcp-server groupNo
undo dhcp-server
View
VLAN interface view
Parameters
groupNo: DHCP server group number. This argument ranges from 0 to 19.
Description
Use the dhcp-server command to map the current VLAN interface to a DHCP server group.
Use the undo dhcp-server command to cancel the mapping.
Note that:
l A DHCP server group can correspond to multiple interfaces, while an interface can only be correlated with one DHCP server group.
l If you execute the dhcp-server command repeatedly, the latest configuration will overwrite the previous one.
l Before referencing a DHCP server group, you need to use the dhcp-server groupNo ip ip-address&<1-8> command to configure the DHCP server group.
Related commands: dhcp-server ip, display dhcp-server, display dhcp-server interface vlan-interface.
To improve security and avoid malicious attack to the unused SOCKETs, the device provides the following functions:
l UDP 67 and UDP 68 ports used by DHCP are enabled only when DHCP is enabled.
l UDP 67 and UDP 68 ports are disabled when DHCP is disabled.
The corresponding implementation is as follows:
l When a VLAN interface is mapped to a DHCP server group with the dhcp-server command, the DHCP relay agent is enabled. At the same time, UDP 67 and UDP 68 ports used by DHCP are enabled.
l When the mapping between a VLAN interface and a DHCP server group is removed with the undo dhcp-server command, DHCP services are disabled. At the same time, UDP 67 and UDP 68 ports used by DHCP are disabled.
Examples
# Enter system view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
# Enter VLAN-interface 1 view.
[Sysname] interface vlan-interface 1
# Specify that VLAN-interface 1 corresponds to DHCP server group 1.
[Sysname-Vlan-interface1] dhcp-server 1
dhcp-server detect
dhcp-server detect
undo dhcp-server detect
View
System view
Parameters
None
Description
Use the dhcp-server detect command to enable the device serving as a DHCP relay agent to detect unauthorized DHCP servers.
Use the undo dhcp-server detect command to disable the unauthorized DHCP server detection function.
By default, the unauthorized DHCP server detection function is disabled
Related commands: dhcp server, display dhcp-server.
Examples
# Enter system view
<Sysname> system-view
System View: return to User View with Ctrl+Z.
# Enable the unauthorized-DHCP server detection function on the DHCP relay agent.
[Sysname] dhcp-server detect
dhcp-server ip
Syntax
dhcp-server groupNo ip ip-address&<1-8>
undo dhcp-server groupNo
View
System view
Parameters
groupNo: DHCP server group number, ranging from 0 to 19.
ip-address&<1-8>: IP address of the DHCP server. &<1-8> indicates that up to eight IP addresses can be input, with any two IP addresses separated by a space.
Description
Use the dhcp-server ip command to configure the DHCP server IP address(es) in a specified DHCP server group.
Use the undo dhcp-server command to remove all DHCP server IP addresses in a DHCP server group.
Related commands: dhcp-server, display dhcp-server.
Examples
# Enter system view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
# Configure three DHCP server IP addresses 1.1.1.1, 2.2.2.2, and 3.3.3.3 for DHCP server group 1, so that this group contains three DHCP servers (server 1, server 2 and server 3).
[Sysname] dhcp-server 1 ip 1.1.1.1 2.2.2.2 3.3.3.3
display dhcp-security
Syntax
display dhcp-security [ ip-address | dynamic | static | tracker ]
View
Any view
Parameters
ip-address: IP address. This argument is used to display the user address entry with the specified IP address.
dynamic: Displays the dynamic user address entries.
static: Displays the static user address entries.
tracker: Displays the interval to update the user address entries.
Description
Use the display dhcp-security command to display information about address binding entries on the DHCP relay agent..
Examples
# Display information about all address binding entries.
<Sysname> display dhcp-security
IP Address MAC Address IP Address Type
10.1.1.1 0001-0001-0001 Static
192.168.10.2 000d-88f7-b090 Dynamic_ack
--- 2 dhcp-security item(s) found ---
Table 1-1 display dhcp-security command output description
|
Field |
Description |
|
IP Address |
IP address of the DHCP client |
|
MAC Address |
MAC address of the DHCP client |
|
IP Address Type |
Type of the user address entry (static/dynamic) |
display dhcp-server
Syntax
display dhcp-server groupNo
View
Any view
Parameters
groupNo: DHCP server group number, ranging from 0 to 19.
Description
Use the display dhcp-server command to display information about a specified DHCP server group.
Related commands: dhcp-server ip, dhcp-server, display dhcp-server interface vlan-interface.
Examples
# Display information about DHCP server group 0.
<Sysname> display dhcp-server 0
IP address of DHCP server group 0: 1.1.1.1
IP address of DHCP server group 0: 2.2.2.2
IP address of DHCP server group 0: 3.3.3.3
IP address of DHCP server group 0: 4.4.4.4
IP address of DHCP server group 0: 5.5.5.5
IP address of DHCP server group 0: 6.6.6.6
IP address of DHCP server group 0: 7.7.7.7
IP address of DHCP server group 0: 8.8.8.8
Messages from this server group: 0
Messages to this server group: 0
Messages from clients to this server group: 0
Messages from this server group to clients: 0
DHCP_OFFER messages: 0
DHCP_ACK messages: 0
DHCP_NAK messages: 0
DHCP_DECLINE messages: 0
DHCP_DISCOVER messages: 0
DHCP_REQUEST messages: 0
DHCP_INFORM messages: 0
DHCP_RELEASE messages: 0
BOOTP_REQUEST messages: 0
BOOTP_REPLY messages: 0
Table 1-2 display dhcp-server command output description
|
Field |
Description |
|
IP address of DHCP server group 0: |
DHCP server IP addresses of DHCP server group 0 |
|
Messages from this server group |
Number of the packets the DHCP relay receives from the DHCP server group |
|
Messages to this server group |
Number of the packets the DHCP relay sends to the DHCP server group |
|
Messages from clients to this server group |
Number of the packets the DHCP relay receives from the DHCP clients |
|
Messages from this server group to clients |
Number of the packets the DHCP relay sends to the DHCP clients |
|
DHCP_OFFER messages |
Number of the DHCP-OFFER packets received by the DHCP relay |
|
DHCP_ACK messages |
Number of the DHCP-ACK packets received by the DHCP relay |
|
DHCP_NAK messages |
Number of the DHCP-NAK packets received by the DHCP relay |
|
DHCP_DECLINE messages |
Number of the DHCP-DECLINE packets received by the DHCP relay |
|
DHCP_DISCOVER messages |
Number of the DHCP-DISCOVER packets received by the DHCP relay |
|
DHCP_REQUEST messages |
Number of the DHCP-REQUEST packets received by the DHCP relay |
|
DHCP_INFORM messages |
Number of the DHCP-INFORM packets received by the DHCP relay |
|
DHCP_RELEASE messages |
Number of the DHCP-RELEASE packets received by the DHCP relay |
|
BOOTP_REQUEST messages |
Number of the BOOTP request packets |
|
BOOTP_REPLY messages |
Number of the BOOTP response packets |
display dhcp-server interface
Syntax
display dhcp-server interface vlan-interface vlan-id
View
Any view
Parameters
vlan-id: VLAN ID.
Description
Use the display dhcp-server interface command to display information about the DHCP server group to which a VLAN interface is mapped.
Related commands: dhcp-server, display dhcp-server.
Examples
# Display information about the DHCP server group to which VLAN-interface 2 is mapped.
<Sysname> display dhcp-server interface vlan-interface 2
Dhcp-group 0 is configured on this interface
The above information indicates the VLAN-interface 2 is mapped to DHCP server group 0.
reset dhcp-server
Syntax
reset dhcp-server groupNo
View
User view
Parameters
groupNo: DHCP server group number, ranging from 0 to 19.
Description
Use the reset dhcp-server command to clear the statistics information of the specified DHCP server group.
Related commands: dhcp server, display dhcp-server.
Examples
# Clear the statistics information of DHCP server group 2.
<Sysname> reset dhcp-server 2
DHCP Snooping Configuration Commands
dhcp-snooping
Syntax
dhcp-snooping
undo dhcp-snooping
View
System view
Parameters
None
Description
Use the dhcp-snooping command to enable the DHCP snooping function.
Use the undo dhcp-snooping command to disable the DHCP snooping function. After DHCP snooping is disabled, all the ports can forward DHCP replies from the DHCP server without recording the IP-to-MAC bindings of the DHCP clients.
By default, the DHCP snooping function is disabled.
Note that:
l You need to disable DHCP relay agent before enabling DHCP snooping on the device.
l The clients connected to a DHCP snooping device cannot obtain an IP address through BOOTP.
Related commands: dhcp-server, display dhcp-snooping.
Examples
# Enter system view.
<device> system-view
System View: return to User View with Ctrl+Z.
# Enable the DHCP snooping function.
[device] dhcp-snooping
dhcp-snooping information enable
Syntax
dhcp-snooping information enable
undo dhcp-snooping information enable
View
System view
Parameters
None
Description
Use the dhcp-snooping information enable command to enable DHCP snooping Option 82.
Use the undo dhcp-snooping information enable command to disable DHCP snooping Option 82.
DHCP snooping Option 82 is disabled by default.
Enable DHCP snooping before performing this configuration.
Examples
# Enable DHCP snooping Option 82.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] dhcp-snooping information enable
dhcp-snooping information format
Syntax
dhcp-snooping information format { hex | ascii }
View
System view
Parameters
hex: Specifies the storage format of Option 82 as HEX (namely, hexadecimal string).
ascii: Specifies the storage format of Option 82 as ASCII.
Description
Use the dhcp-snooping information format command to configure the storage format of non-user-defined Option 82 as HEX or ASCII.
By default, the Option 82 is in HEX format.
The dhcp-snooping information format command applies only to the default content of the Option 82 field. If you have configured the circuit ID or remote ID sub-option, the storage format of the sub-option is ASCII, instead of the one specified with the dhcp-snooping information format command.
Examples
# Configure the storage format of Option 82 as ASCII.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] dhcp-snooping information format ascii
dhcp-snooping information packet-format
Syntax
dhcp-snooping information packet-format { extended | standard }
View
System view
Parameters
extended: Specifies the padding format for Option 82 as the extended format.
standard: Specifies the padding format for Option 82 as the standard format.
Description
Use the dhcp-snooping information packet-format command to configure the padding format for Option 82 as the extended or standard one.
By default, the padding format for Option 82 is the extended one.
Examples
# Configure the padding format for Option 82 as the standard one.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] dhcp-snooping information packet-format standard
dhcp-snooping information remote-id
Syntax
dhcp-snooping information remote-id { sysname | string string }
undo dhcp-snooping information remote-id
View
System view
Parameters
sysname: Uses the system name (sysname) of the DHCP snooping device to pad the remote ID sub-option in Option 82.
string: Customized content of the remote ID sub-option, a string of 1 to 63 ASCII characters.
Description
Use the dhcp-snooping information remote-id command to configure the remote ID sub-option in Option 82.
Use the undo dhcp-snooping information remote-id command to restore the default value of the remote ID sub-option in Option 82.
By default, the remote ID sub-option in Option 82 is the MAC address of the DHCP Snooping device that received the DHCP client’s request.
Examples
# Configure the remote ID sub-option of Option 82 as the system name (sysname) of the DHCP snooping device.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] dhcp-snooping information remote-id sysname
dhcp-snooping information strategy
Syntax
dhcp-snooping information strategy { drop | keep | replace }
undo dhcp-snooping information strategy
View
System view, Ethernet port view
Parameters
drop: If a packet contains Option 82, DHCP snooping drops this packet.
keep: If a packet contains Option 82, DHCP snooping keeps and forwards this packet.
replace: If a packet contains Option 82, DHCP snooping replaces the original Option 82 field with the Option 82 field having the specified padding content and forwards the packet.
Description
Use the dhcp-snooping information strategy command in system view to configure a handling policy for DHCP requests that contain Option 82 sent by the DHCP client.
Use the undo dhcp-snooping information strategy command to restore the default handling policy.
Use the dhcp-snooping information strategy command in Ethernet port view to configure a handling policy for requests that contain Option 82 received on the current port.
Use the undo dhcp-snooping information strategy command to restore the default handling policy.
By default, after DHCP-snooping Option 82 support is enabled, DHCP snooping replaces the Option 82 field in the requests sent by the DHCP clients.
l Enable DHCP-snooping and DHCP-snooping Option 82 before performing this configuration.
l If a handling policy is configured on a port, this configuration overrides the globally configured handling policy for requests received on this port, while the globally configured handling policy applies on those ports where a handling policy is not natively configured.
Examples
# Configure the keep handling policy for DHCP requests that contain Option 82 on the DHCP snooping device.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] dhcp-snooping information strategy keep
dhcp-snooping information vlan circuit-id
Syntax
dhcp-snooping information [ vlan vlan-id ] circuit-id string string
undo dhcp-snooping information { [ vlan vlan-id ] circuit-id | circuit-id all }
View
Ethernet port view
Parameters
vlan vlan-id: Specifies a VLAN. DHCP packets from the VLAN are padded with the circuit ID sub-option.
string: Content of the circuit ID sub-option, a string of 3 to 63 ASCII characters.
Description
Use the dhcp-snooping information vlan circuit-id command to configure the content of the circuit ID field in Option 82.
Use the undo dhcp-snooping information circuit-id command to restore the default.
With vlan vlan-id specified, the customized circuit ID sub-option applies only to the DHCP packets from the specified VLAN. With no vlan vlan-id specified, the customized circuit ID sub-option applies to all DHCP packets that pass through the current port.
Use the undo dhcp-snooping information vlan vlan-id circuit-id command to restore the default circuit ID in DHCP packets from the specified VLAN.
Use the undo dhcp-snooping information circuit-id command to restore the default circuit ID for all DHCP packets except those from the specified VLAN.
Use the undo dhcp-snooping information circuit-id all command to restore the default circuit ID for all DHCP packets.
By default, the circuit ID field in Option 82 contains the VLAN ID and index of the port that received the client’s request.
If you have configured a circuit ID with the vlan vlan-id argument specified, and the other one without the argument in Ethernet port view, the former circuit ID applies to the DHCP messages from the specified VLAN, while the latter one applies to DHCP messages from other VLANs.
Examples
# Set the circuit ID field in Option 82 of the DHCP messages sent through GigabitEthernet 1/0/1 to abc.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] interface gigabitethernet 1/0/1
[device-GigabitEthernet1/0/1] dhcp-snooping information circuit-id string abc
dhcp-snooping information vlan remote-id
Syntax
dhcp-snooping information [ vlan vlan-id ] remote-id string string
undo dhcp-snooping information { [ vlan vlan-id ] remote-id | remote-id all }
View
Ethernet port view
Parameters
vlan vlan-id: Specifies the VLAN ID of the remote ID to be customized.
string: Customized content of the remote ID sub-option, a string of 3 to 63 ASCII characters.
Description
Use the dhcp-snooping information vlan remote-id command to configure the content of the remote ID in Option 82
Use the undo dhcp-snooping information remote-id command to restore the default remote ID in Option 82.
With vlan vlan-id specified, the customized remote ID sub-option applies only to the DHCP packets from the specified VLAN. Without vlan vlan-id specified, the customized remote ID sub-option applies to all DHCP packets that pass through the current port.
Use the undo dhcp-snooping information vlan vlan-id remote-id command to restore the default remote ID in DHCP packets from the specified VLAN.
Use the undo dhcp-snooping information remote-id command to restore the default remote ID in all DHCP packets except those from the specified VLAN.
Use the undo dhcp-snooping information remote-id all command to restore the default remote ID in all DHCP packets.
By default, the remote ID sub-option in Option 82 is the MAC address of the DHCP Snooping device that received the DHCP client’s request.
If you have configured a remote ID with the vlan vlan-id argument specified, and the other one without the argument in Ethernet port view, the former remote ID applies to the DHCP messages from the specified VLAN, while the latter one applies to DHCP messages from other VLANs.
Examples
# Configure the remote ID of Option 82 in DHCP packets to abc on the port GigabitEthernet 1/0/1.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] interface gigabitethernet 1/0/1
[device-GigabitEthernet1/0/1] dhcp-snooping information remote-id string abc
dhcp-snooping trust
Syntax
dhcp-snooping trust
undo dhcp-snooping trust
View
Ethernet port view
Parameters
None
Description
Use the dhcp-snooping trust command to set an Ethernet port to a DHCP-snooping trusted port.
Use the undo dhcp-snooping trust command to restore an Ethernet port to a DHCP-snooping untrusted port.
By default, with the DHCP snooping enabled, all the ports of a device are untrusted ports.
Note that:
After DHCP snooping is enabled, you need to specify the port connected to a valid DHCP server as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the ports connected to DHCP clients must be in the same VLAN.
Related commands: display dhcp-snooping trust.
Examples
# Enter system view.
<device> system-view
System View: return to User View with Ctrl+Z.
# Set the GigabitEthernet 1/0/1 port to a trusted port.
[device] interface gigabitethernet 1/0/1
[device-GigabitEthernet1/0/1] dhcp-snooping trust
display dhcp-snooping
Syntax
display dhcp-snooping [ unit unit-id ]
View
Any view
Parameters
unit unit-id: Displays the DHCP-snooping information on the specified device in the fabric. unit-id indicates the number of the device whose DHCP-snooping information needs to be viewed. If unit unit-id is not specified, DHCP snooping information of all units in the fabric is displayed.
Description
Use the display dhcp-snooping command to display the user IP-MAC address mapping entries recorded by the DHCP snooping function.
Related commands: dhcp-snooping.
Examples
# Display the user IP-MAC address mapping entries recorded by the DHCP snooping function.
<device> display dhcp-snooping
DHCP-Snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static
Unit ID : 1
Type IP Address MAC Address Lease VLAN Interface
==== ============= ================ ========= ==== ====================
D 10.1.1.1 000f-e200-0006 200 1 GigabitEthernet1/0/1
--- 1 dhcp-snooping item(s) of unit 1 found ---
display dhcp-snooping trust
Syntax
display dhcp-snooping trust
View
Any view
Parameters
None
Description
Use the display dhcp-snooping trust command to display the (enabled/disabled) state of the DHCP snooping function and the trusted ports.
Related commands: dhcp-snooping trust.
Examples
# Display the state of the DHCP snooping function and the trusted ports.
<device> display dhcp-snooping trust
DHCP-Snooping is enabled.
DHCP-Snooping trust become effective.
Interface Trusted
===================== =================
GigabitEthernet1/0/10 Trusted
The above display information indicates that the DHCP snooping function is enabled, and the GigabitEthernet 1/0/10 port is a trusted port.
display ip source static binding
Syntax
display ip source static binding [ vlan vlan-id | interface interface-type interface-number ]
View
Any view
Parameters
vlan-id: ID of the VLAN whose IP static binding entries are to be displayed.
interface-type interface-number: Type and number of the port whose IP static binding entries are to be displayed.
Description
Use the display ip source static binding command to display the IP static binding entries configured. If you specify a VLAN, all the IP static binding entries for the specified VLAN will be displayed. If you specify a port, all the IP static binding entries for the specified port will be displayed.
Examples
# Display all IP static binding entries configured.
<device> display ip source static binding
Type IP Address MAC Address Remaining VLAN Interface
lease
==== =============== =============== ========= ==== =================
S 192.168.0.25 0015-e20f-0101 infinit 1 GigabitEthernet1/0/2
S 192.168.0.58 0001-e201-4f01 infinit 1 GigabitEthernet1/0/3
S 192.168.0.101 000f-0101-0204 infinit 1 GigabitEthernet1/0/2
S 192.168.0.122 000f-e20f-21a3 infinit 1 GigabitEthernet1/0/3
S 192.168.0.144 0015-e943-712f infinit 1 GigabitEthernet1/0/2
--- 5 static binding item(s) found ---
ip check source ip-address
Syntax
ip check source ip-address [ mac-address ]
undo ip check source ip-address [ mac-address ]
View
Ethernet port view
Parameters
mac-address: Enables IP filtering based on the source MAC address of the packets.
Description
Use the ip check source ip-address command to enable the filtering of the IP packets received through the current port based on the source IP address of the packets.
Use the undo ip check source ip-address command to disable the filtering of the IP packets received through the current port based on the source IP address of the packets.
Use the ip check source ip-address mac-address command to enable the filtering of the IP packets received through the current port based on the source IP address and source MAC address of the packets.
Use the undo ip check source ip-address mac-address command to disable the filtering of the IP packets received through the current port based on the source IP address and source MAC address of the packets.
By default, the filtering of the IP packets received through a port based on the source IP address or source MAC address of the packets is disabled.
Examples
# Enable the filtering of the IP packets received through port GigabitEthernet 1/0/11 based on the source IP address of the packets.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] interface gigabitethernet 1/0/11
[device-GigabitEthernet1/0/11] ip check source ip-address
ip source static binding
Syntax
ip source static binding ip-address ip-address [ mac-address mac-address ]
undo ip source static binding ip-address ip-address
View
Ethernet port view
Parameters
ip-address ip-address: Specifies the IP address to be statically bound.
mac-address mac-address: Specifies the MAC address to be statically bound.
Description
Use the ip source static binding ip-address command to configure the static binding among source IP address, source MAC address, and the port number so as to generate static binding entries.
Use the undo ip source static binding ip-address command to remove the static binding among source IP address, source MAC address, and the port.
By default, no binding among source IP address, source MAC address, and the port number is configured.
To create a static binding after IP filtering is enabled with the mac-address keyword included on a port, the mac-address argument must be specified; otherwise, the packets sent from this IP address cannot pass the IP filtering.
Related commands: ip check source ip-address.
Examples
# Configure static binding among source IP address 1.1.1.1, source MAC address 0015-e20f-0101, and GigabitEthernet 1/0/3.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] interface gigabitethernet 1/0/3
[device-GigabitEthernet1/0/3] ip source static binding ip-address 1.1.1.1 mac-address 0015-e20f-0101
3 DHCP/BOOTP Client Configuration
DHCP Client Configuration Commands
display dhcp client
Syntax
display dhcp client [ verbose ]
View
Any view
Parameters
verbose: Displays the detailed address allocation information.
Description
Use the display dhcp client command to display the information about the address allocation of DHCP clients.
Note that the device that operates as a DHCP client supports a maximum lease duration of 24 days currently.
Examples
# Display the information about the address allocation of DHCP clients.
<device> display dhcp client verbose
DHCP client statistic information:
Vlan-interface1:
Current machine state: BOUND
Allocated IP: 192.168.0.2 255.255.255.0
Allocated lease: 86400 seconds, T1: 43200 seconds, T2: 75600 seconds
Lease from 2002.09.20 01:05:03 to 2002.09.21 01:05:03
Server IP: 192.168.0.1
Transaction ID = 0x3d8a7431
Default router: 192.168.0.1
Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds.
Table 3-1 display dhcp client command output description
|
Field |
Description |
|
Vlan-interface1 |
VLAN interface operating as a DHCP client to obtain an IP address dynamically |
|
Current machine state |
The state of the client state machine |
|
Allocated IP |
IP address allocated to the DHCP client |
|
lease |
Lease period |
|
T1 |
Renewal timer setting |
|
T2 |
Rebinding timer setting |
|
Lease from….to…. |
The starting and end time of the lease period |
|
Server IP |
IP address of the DHCP server selected |
|
Transaction ID |
Transaction ID |
|
Default router |
Gateway address |
|
Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds. |
The timer expires in 11 hours, 56 minutes, and 1 second. |
ip address dhcp-alloc
Syntax
ip address dhcp-alloc
undo ip address dhcp-alloc
View
VLAN interface view
Parameters
None
Description
Use the ip address dhcp-alloc command to configure a VLAN interface to obtain an IP address through DHCP.
Use the undo ip address dhcp-alloc command to cancel the configuration.
By default, a VLAN interface does not use DHCP to obtain an IP address.
Examples
# Configure VLAN-interface 1 to obtain an IP address through DHCP.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] interface vlan-interface 1
[device-Vlan-interface1] ip address dhcp-alloc
BOOTP Client Configuration Commands
display bootp client
Syntax
display bootp client [ interface Vlan-interface vlan-id ]
View
Any view
Parameters
vlan-id: ID of the VLAN interface.
Description
Use the display bootp client command to display BOOTP client-related information, including the MAC address of the BOOTP client and the IP address obtained.
Examples
# Display the BOOTP client-related information.
<device> display bootp client interface vlan-interface 1
Vlan-interface1:
Allocated IP: 192.168.0.2 255.255.255.0
Transaction ID = 0x3d8a7431
Mac Address 000f-e20a-c3ef
Default router: 192.168.0.1
Table 3-2 display bootp client command output description
|
Field |
Description |
|
Vlan-interface1 |
VLAN-interface 1 is configured to obtain an IP address through BOOTP. |
|
Allocated IP |
IP address allocated to the VLAN interface |
|
Transaction ID |
Value of the XID field in BOOTP packets |
|
Mac Address |
MAC address of the BOOTP client |
|
Default router |
Default router |
ip address bootp-alloc
Syntax
ip address bootp-alloc
undo ip address bootp-alloc
View
VLAN interface view
Parameters
None
Description
Use the ip address bootp-alloc command to configure a VLAN interface to obtain an IP address through BOOTP.
Use the undo ip address bootp-alloc command to cancel the configuration.
By default, a VLAN interface does not use BOOTP to obtain an IP address.
Related commands: display bootp client.
Examples
# Configure VLAN-interface 1 to obtain an IP address through BOOTP.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] interface vlan-interface 1
[device-Vlan-interface1] ip address bootp-alloc
