H3C S3100-52P Ethernet Switch Operation Manual-Release 1500(V1.02)

HomeSupportResource CenterSwitchesH3C S3100 Switch SeriesH3C S3100 Switch SeriesTechnical DocumentsConfigure & DeployConfiguration GuidesH3C S3100-52P Ethernet Switch Operation Manual-Release 1500(V1.02)
18-DHCP Operation
Title Size Download
18-DHCP Operation 272.67 KB

Chapter 1  DHCP Overview

1.1  Introduction to DHCP

With networks getting larger in size and more complicated in structure, lack of available IP addresses becomes the common situation the network administrators have to face, and network configuration becomes a tough task for the network administrators. With the emerging of wireless networks and the using of laptops, the position change of hosts and frequent change of IP addresses also require new technology. Dynamic host configuration protocol (DHCP) is developed in this background.

DHCP adopts a client/server model, where DHCP clients send requests to DHCP servers for configuration parameters; and the DHCP servers return the corresponding configuration information such as IP addresses to configure IP addresses dynamically.

A typical DHCP application includes one DHCP server and multiple clients (such as PCs and laptops), as shown in Figure 1-1.

Figure 1-1 Typical DHCP application

1.2  DHCP IP Address Assignment

1.2.1  IP Address Assignment Policy

Currently, DHCP provides the following three IP address assignment policies to meet the requirements of different clients:

l           Manual assignment. The administrator statically binds IP addresses to few clients with special uses (such as WWW server). Then the DHCP server assigns these fixed IP addresses to the clients.

l           Automatic assignment. The DHCP server assigns IP addresses to DHCP clients. The IP addresses will be occupied by the DHCP clients permanently.

l           Dynamic assignment. The DHCP server assigns IP addresses to DHCP clients for predetermined period of time. In this case, a DHCP client must apply for an IP address again at the expiration of the period. This policy applies to most clients.

1.2.2  Obtaining IP Addresses Dynamically

A DHCP client undergoes the following four phases to dynamically obtain an IP address from a DHCP server:

1)         Discover: In this phase, the DHCP client tries to find a DHCP server by broadcasting a DHCP-DISCOVER packet.

2)         Offer: In this phase, the DHCP server offers an IP address. After the DHCP server receives the DHCP-DISCOVER packet, it chooses an unassigned IP address according to the priority order of IP address assignment and then sends the IP address and other configuration information together in a DHCP-OFFER packet to the DHCP client. The sending mode is decided by the flag filed in the DHCP-DISCOVER packet, refer to section 1.3   "DHCP Packet Format” for detail.

3)         Select: In this phase, the DHCP client selects an IP address. If more than one DHCP server sends DHCP-OFFER packets to the DHCP client, the DHCP client only accepts the DHCP-OFFER packet that first arrives, and then broadcasts a DHCP-REQUEST packet containing the assigned IP address carried in the DHCP-OFFER packet.

4)         Acknowledge: In this phase, the DHCP servers acknowledge the IP address. Upon receiving the DHCP-REQUEST packet, only the selected DHCP server returns a DHCP-ACK packet to the DHCP client to confirm the assignment of the IP address to the client, or returns a DHCP-NAK packet to refuse the assignment of the IP address to the client. When the client receives the DHCP-ACK packet, it broadcasts an ARP packet with the assigned IP address as the destination address to detect the assigned IP address, and uses the IP address only if it does not receive any response within a specified period.

 

&  Note:

The IP addresses offered by other DHCP servers but not used by the DHCP client are still available to other clients.

 

1.2.3  Updating IP Address Lease

After a DHCP server dynamically assigns an IP address to a DHCP client, the IP address keeps valid only within a specified lease time and will be reclaimed by the DHCP server when the lease expires. If the DHCP client wants to use the IP address for a longer time, it must update the IP lease.

By default, a DHCP client updates its IP address lease automatically by unicasting a DHCP-REQUEST packet to the DHCP server when half of the lease time elapses. The DHCP server responds with a DHCP-ACK packet to notify the DHCP client of a new IP lease if the server can assign the same IP address to the client. Otherwise, the DHCP server responds with a DHCP-NAK packet to notify the DHCP client that the IP address will be reclaimed when the lease time expires.

If the DHCP client fails to update its IP address lease when half of the lease time elapses, it will update its IP address lease by broadcasting a DHCP-REQUEST packet to the DHCP servers again when seven-eighths of the lease time elapses. The DHCP server performs the same operations as those described above.

1.3  DHCP Packet Format

DHCP has eight types of packets. They have the same format, but the values of some fields in the packets are different. The DHCP packet format is based on that of the BOOTP packets. The following figure describes the packet format (the number in the brackets indicates the field length, in bytes):

Figure 1-2 DHCP packet format

The fields are described as follows:

l           op: Operation types of DHCP packets, 1 for request packets and 2 for response packets.

l           htype, hlen: Hardware address type and length of the DHCP client.

l           hops: Number of DHCP relays which a DHCP packet passes. For each DHCP relay that the DHCP request packet passes, the field value increases by 1.

l           xid: Random number that the client selects when it initiates a request. The number is used to identify an address-requesting process.

l           secs: Elapsed time after the DHCP client initiates a DHCP request.

l           flags: The first bit is the broadcast response flag bit. It is used to identify that the DHCP response packet is sent in the unicast or broadcast mode. Other bits are reserved.

l           ciaddr: IP address of a DHCP client.

l           yiaddr: IP address that the DHCP server assigns to a client.

l           siaddr: IP address of the DHCP server.

l           giaddr: IP address of the first DHCP relay that the DHCP client passes after it sent the request packet.

l           chaddr: Hardware address of the DHCP client.

l           sname: Name of the DHCP server.

l           file: Path and name of the boot configuration file that the DHCP server specifies for the DHCP client.

l           option: Optional variable-length fields, including packet type, valid lease time, IP address of a DNS server, and IP address of the WINS server.

1.4  Protocol Specification

Protocol specifications related to DHCP include:

l           RFC2131: Dynamic Host Configuration Protocol

l           RFC2132: DHCP Options and BOOTP Vendor Extensions

l           RFC1542: Clarifications and Extensions for the Bootstrap Protocol

 


Chapter 2  DHCP Snooping Configuration

2.1  Introduction to DHCP Snooping

For the sake of security, the IP addresses used by online DHCP clients need to be tracked for the administrator to verify the corresponding relationship between the IP addresses the DHCP clients obtained from DHCP servers and the MAC addresses of the DHCP clients.

l           Layer 3 switches can track DHCP client IP addresses through DHCP relay.

l           Layer 2 switches can track DHCP client IP addresses through the DHCP snooping function, which listens DHCP broadcast packets.

When an unauthorized DHCP server exists in the network, a DHCP client may obtains an illegal IP address. To ensure that the DHCP clients obtain IP addresses from valid DHCP servers, you can specify a port to be a trusted port or an untrusted port by the DHCP snooping function.

l           Trusted ports can be used to connect DHCP servers or ports of other switches. Untrusted ports can be used to connect DHCP clients or networks.

l           Untrusted ports drop the DHCP-ACK and DHCP-OFFER packets received from DHCP servers. Trusted ports forward any received DHCP packets to ensure that DHCP clients can obtain IP addresses from valid DHCP servers.

Figure 2-1 illustrates a typical network diagram for DHCP snooping application, where Switch A is an S3100-52P series Ethernet switch.

Figure 2-1 Typical network diagram for DHCP snooping application

Figure 2-2 illustrates the interaction between a DHCP client and a DHCP server.

Figure 2-2 Interaction between a DHCP client and a DHCP server

DHCP snooping listens the following two types of packets to retrieve the IP addresses the DHCP clients obtain from DHCP servers and the MAC addresses of the DHCP clients:

l           DHCP-ACK packet

l           DHCP-REQUEST packet

2.2  DHCP Snooping Configuration

Table 2-1 Configure the DHCP snooping function

Operation

Command

Description

Enter system view

system-view

Enable the DHCP snooping function

dhcp-snooping

Required

By default, the DHCP snooping function is disabled.

Enter Ethernet port view

interface interface-type interface-number

Set the port connected to a DHCP server to a trusted port

dhcp-snooping trust

Optional

By default, all ports of a switch are untrusted ports.

 

&  Note:

When you need to enable DHCP snooping on the switches in a fabric state, configure the fabric ports on all devices to be trusted ports to ensure that the users connected to each device can obtain IP addresses.

 

2.3  Displaying DHCP Snooping

After the above configurations, you can verify the configurations by executing the display command in any view.

Table 2-2 Display DHCP snooping

Operation

Command

Description

Display the user IP-MAC address mapping entries recorded by the DHCP snooping function

display dhcp-snooping [ unit unit-id ]

You can execute the display command in any view

Display the (enabled/disabled) state of the DHCP snooping function and the trusted ports

display dhcp-snooping trust

 

2.4  Configuration Example

I. Network requirements

As shown in Figure 2-1, the Ethernet1/0/1 port of Switch A ( S3100-52P ) is connected to Switch B (acting as a DHCP relay). A network segment containing some DHCP clients is connected to the Ethernet1/0/2 port of Switch A.

l           Enable the DHCP snooping function on Switch A.

l           Set the Ethernet1/0/1 port of Switch A to a trusted port.

II. Configuration procedure

# Enter system view.

<H3C> system-view

# Enable the DHCP snooping function.

[H3C] dhcp-snooping

# Enter Ethernet1/0/1 port view.

[H3C] interface Ethernet1/0/1

# Set the port to a trusted port.

[H3C-Ethernet1/0/1] dhcp-snooping trust

 


Chapter 3  DHCP/BOOTP Client Configuration

3.1  Introduction to DHCP Client

As the network scale expands and the network complexity increases, the network configurations become more and more complex accordingly. It is usually the case that the computer locations change (such as the portable computers in wireless networks) or the number of the computers exceeds that of the available IP addresses. The dynamic host configuration protocol (DHCP) is developed to meet these requirements. DHCP adopts the client/server model, where DHCP clients request DHCP servers dynamically for configuration information, and the DHCP servers in turn return corresponding configuration information based on policies.

A typical DHCP implementation usually involves a DHCP server and multiple clients (such as PCs and portable computers), as shown in Figure 3-1.

Figure 3-1 A typical DHCP implementation

The interactions between a DHCP client and a DHCP server are shown in Figure 3-2.

Figure 3-2 The interaction between a DHCP client and a DHCP server

To obtain a valid IP address dynamically, a DHCP client exchanges different information with the DHCP server in different phases. Usually, the following three phases are involved.

1)         The DHCP client accesses the network for the first time

When a DHCP client accesses a network for the first time, it goes through the following four phases to establish connections with the DHCP server.

l           Discovery. The DHCP client tries to discover a DHCP server by broadcasting DHCP-DISCOVER packets in the network. Only DHCP servers respond to this type of packets.

l           Offering IP addresses. Upon receiving DHCP-DISCOVER packets, each DHCP server selects a free IP address from an address pool and sends a DHCP-OFFER packet that carries the selected IP address and other configuration information to the DHCP client.

l           Selecting the IP address to be used. The DHCP client only accepts and processes the first-arrived DHCP-OFFER packet (if multiple DHCP servers send DHCP-OFFER packets to it), and broadcasts a DHCP-REQUEST packet to each DHCP server. The packet contains the IP address carried in the DHCP-OFFER packet the DHCP client receives.

l           Acknowledgement. Upon receiving the DHCP-REQUEST packet, the DHCP server that owns the IP address carried in the DHCP-REQUEST sends a DHCP-ACK packet to the DHCP client. The packet contains the IP address offered and other configuration information. The DHCP client binds TCP/IP protocol components to its MAC address after receiving the packet.

IP addresses offered by other DHCP servers (if any) through DHCP-OFFER packets but not selected by the DHCP client are still available for other clients.

2)         The DHCP client accesses the network for the second and the followed time

In this case, the DHCP client establishes connections with the DHCP server through the following steps.

l           After accessing the network successfully for the first time, the DHCP client can access the network again by broadcasting a DHCP-REQUEST packet that contains the IP address assigned to it last time instead of a DHCP-DISCOVER packet.

l           Upon receiving the DHCP-REQUEST packet and, when the IP address applied by the client is available, the DHCP server that owns the IP address responds with a DHCP-ACK packet to enable the DHCP client to use the IP address again.

l           If the IP address is not available (for example, it is assigned to another DHCP client), the DHCP server responds with a DHCP_NAK packet, which enables the DHCP client to request for a new IP address by sending a DHCP-DISCOVER packet once again.

3)         The DHCP client extends the lease of an IP address

IP addresses assigned dynamically are only valid for a specified period of time and the DHCP servers reclaim their assigned IP addresses at the expiration of these periods. Therefore, a DHCP client need to extend the lease period if it is to use a dynamically assigned IP address for a period longer than allowed.

By default, a DHCP client updates its IP address lease automatically by sending DHCP-REQUEST packets to the DHCP server when half of the lease period expires. The DHCP server, in turn, responds with a DHCP-ACK packet to notify the DHCP client of the new lease if the IP address is still available. An S3100-52P switch operating as a DHCP support this lease auto-update process.

3.2  Introduction to BOOTP Client

A BOOTP client can request the server for an IP address through BOOTP. It goes through the following two phases to apply for an IP address.

l           Sending a BOOTP request packet to the server

l           Processing the BOOTP response packet received from the server

To obtain an IP address through BOOTP, a BOOTP client first sends a BOOTP request packet to the server. Upon receiving the request packet, the server returns a BOOTP response packet. The BOOTP client then retrieves the assigned IP address from the response packet.

The BOOTP packets are sent using user datagram protocol (UDP). To ensure reliable packet transmission, a timer is triggered when a BOOTP client sends a request packet to the server. If no response packet is received from the server after the timer times out, the client sends the request packet again. BOOTP request packets are sent every five seconds and three times at most. A BOOTP client stops sending BOOTP request packets if it fails to obtain an IP address after sending three successive BOOTP request packets.

3.3  DHCP/BOOTP Client Configuration

An S3100-52P Ethernet switch can operate as a DHCP client or BOOTP client. In this case, the IP address of the management VLAN interface is obtained through DHCP or BOOTP.

3.3.1  Prerequisites

Before configuring the management VLAN, you need to create the VLAN that is to act as the management VLAN. As VLAN 1 is the default VLAN, there is no need to create it if you configure VLAN 1 to be the management VLAN.

3.3.2  Configuring a DHCP/BOOTP Client

Table 3-1 Configure a DHCP/BOOTP client

Operation

Command

Description

Enter system view

system-view

Required

Configure a specified VLAN to be the management VLAN

management-vlan vlan-id

Required

By default, VLAN 1 operates as the management VLAN.

Create the management VLAN interface and enter VLAN interface view

interface vlan-interface vlan-id

Required

Configure the way in which the management VLAN interface obtains an IP address

ip address { bootp-alloc | dhcp-alloc }

Required

By default, no IP address is assigned to the management VLAN interface.

 

3.3.3  Configuration Example

I. Network requirements

To manage the Switch A remotely, which operates as a DHCP client, through Telnet, The following are required:

l           Switch A obtains an IP address through DHCP

l           The route between Switch A and the remote console is reachable.

To achieve this, you need to perform the following configuration for the switch:

l           Configuring the management VLAN interface to obtain an IP address through DHCP

l           Configuring a default route

II. Configuration procedures

# Enter system view.

<H3C> system-view

# Create VLAN 10 and configure VLAN 10 to be the management VLAN.

[H3C] vlan 10

[H3C-vlan10] quit

[H3C] management-vlan 10

# Create VLAN 10 interface and enter VLAN interface view.

[H3C] interface vlan-interface 10

# Configure the management VLAN interface to obtain an IP address through DHCP.

[H3C-Vlan-interface10] ip address dhcp-alloc

[H3C-Vlan-interface10] quit

# Configure the default route.

[H3C] ip route-static 0.0.0.0 0.0.0.0 1.1.1.2

3.4  Displaying the Information about a DHCP/BOOTP Client

Table 3-2 Display the information about a DHCP/BOOTP client

Operation

Command

Description

Display the information about IP address assignment on the DHCP client

display dhcp client [ verbose ]

Optional

You can execute the display commands in any view.

Display the information about the BOOTP client

display bootp client [ interface vlan-interface vlan-id ]