Login
- Table of Contents
-
- 17-BRAS Services Command Reference
- 00-Preface
- 01-AAA commands
- 02-ANCP commands
- 03-PPP commands
- 04-Value-added services commands
- 05-DHCP commands
- 06-DHCPv6 commands
- 07-User profile commands
- 08-Connection limit commands
- 09-L2TP commands
- 10-PPPoE commands
- 11-IPoE commands
- 12-802.1X commands
- 13-UCM commands
- 14-CP-UP connection management commands
- 15-UP backup commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-DHCP commands | 1.21 MB |
dhcp conflict-ip-address offline
dhcp flood-protection aging-time
dhcp flood-protection global enable
dhcp flood-protection threshold
dhcp interface-rate-suppression aging-time
dhcp interface-rate-suppression enable
dhcp interface-rate-suppression global enable
dhcp interface-rate-suppression threshold
display dhcp interface-rate-suppression
reset dhcp interface-rate-suppression
dhcp server allocated-ip threshold
dhcp server bootp reply-rfc-1048
dhcp server database update interval
dhcp server database update now
dhcp server database update stop
dhcp server multi-ip per-mac enable
dhcp server policy-first enable
dhcp server relay information enable
dhcp server reply-exclude-option60
dhcp server request-ip-address check
display dhcp server packet statistics
display dhcp server statistics
display dhcp-access packet statistics
display dhcp-access user-table
reset dhcp server packet statistics
reset dhcp-access packet statistics
snmp-agent trap enable dhcp server
vpn-instance (IP pool group view)
dhcp relay client-information record
dhcp relay client-information refresh
dhcp relay client-information refresh enable
dhcp relay dhcp-server timeout
dhcp relay forward reply by-option82
dhcp relay information circuit-id
dhcp relay information remote-id
dhcp relay information strategy
dhcp relay master-server switch-delay
dhcp relay non-first-hop enable
dhcp relay server-address algorithm
display dhcp relay client-information
display dhcp relay information
display dhcp relay packet statistics
display dhcp relay remote-server-info
display dhcp relay server-address
reset dhcp relay client-information
reset dhcp relay packet statistics
dhcp snooping binding database filename
dhcp snooping binding database update interval
dhcp snooping binding database update now
dhcp snooping check mac-address
dhcp snooping check request-message
dhcp snooping information circuit-id
dhcp snooping information enable
dhcp snooping information remote-id
dhcp snooping information strategy
dhcp snooping max-learning-num
display dhcp snooping binding database
display dhcp snooping information
display dhcp snooping packet statistics
DHCP commands
Common DHCP commands
dhcp client-detect
Use dhcp client-detect to enable client offline detection on the DHCP server or DHCP relay agent.
Use undo dhcp client-detect to disable client offline detection on the DHCP server or DHCP relay agent.
Syntax
dhcp client-detect
undo dhcp client-detect
Default
Client offline detection is disabled on the DHCP server or DHCP relay agent.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
The client offline detection feature on the DHCP server reclaims an assigned IP address and deletes the binding entry when the ARP entry ages out for the IP address.
This feature on the DHCP relay agent deletes the related relay entry and sends a RELEASE message to the DHCP server when an ARP entry ages out.
This feature is not supported in the BRAS scenario.
Examples
# Enable client offline detection.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp client-detect
dhcp conflict-ip-address offline
Use dhcp conflict-ip-address offline to enable the IP conflicting user offline feature. When the IP addresses assigned to new DHCP clients and the IP addresses of online DHCP client conflict, the conflicting IP addresses are released, and both the new and existing online users are offline.
Use undo dhcp conflict-ip-address offline to restore the default.
Syntax
dhcp conflict-ip-address offline
undo dhcp conflict-ip-address offline
Default
The IP conflicting user offline feature is disabled. When the IP address assigned to a new DHCP client conflicts with the IP address of an online DHCP client, the online DHCP client still stays online.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The following IP address conflicts might occur in a DHCP network:
· The IP address assigned by the authentication and authorization module to a new user is the same as the IP address of an online DHCP client.
· The IP address assigned by the DHCP server to a new DHCP client is the same as the IP address in the DHCP relay entry of an online DHCP client.
If these conflicts occur, by default, the conflicting online DHCP clients still stay online, and new users cannot come online. You can configure this feature to release conflicting IP addresses so that new users can obtain IP addresses next time they request IP addresses through DHCP.
With this feature enabled on the DHCP server, the DHCP server releases the conflicting IP address of the online DHCP client and informs the access module that this address is not available.
With this feature enabled on the DHCP relay agent, the relay agent processes the conflicts as follows:
· If the IP address assigned to a new user by the authentication and authorization module conflicts with the DHCP relay entry of an online client, the relay agent performs the following operations:
a. Sends a DHCP-RELEASE packet to the DHCP server to release the conflicting IP address.
b. Informs the access module of the new user that this IP address is not available.
· If the IP address in the DHCP reply for a new user conflicts with the DHCP relay entry of an online client, the relay agent performs the following operations:
a. Sends a DHCP-RELEASE packet to the server to release the conflicting IP address.
b. Drops the DHCP reply.
This feature takes effect on the DHCP relay agent only after you enable the recording of relay entries on it.
Examples
# Enable the IP conflicting user offline feature.
<Sysname> system-view
[Sysname] dhcp conflict-ip-address offline
Related commands
dhcp relay client-information record
dhcp dscp
Use dhcp dscp to set the DSCP value for DHCP packets sent by the DHCP server or the DHCP relay agent.
Use undo dhcp dscp to restore the default.
Syntax
dhcp dscp dscp-value
undo dhcp dscp
Default
The DSCP value is 56 in DHCP packets sent by the DHCP server or the DHCP relay agent.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies the DSCP value for DHCP packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value to 30 for DHCP packets sent by the DHCP server or the DHCP relay agent.
<Sysname> system-view
[Sysname] dhcp dscp 30
dhcp enable
Use dhcp enable to enable DHCP.
Use undo dhcp enable to disable DHCP.
Syntax
dhcp enable
undo dhcp enable
Default
DHCP is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
DHCP related configuration takes effect only after you enable DHCP.
Enable DHCP before you configure the DHCP server or relay agent.
Examples
# Enable DHCP.
<Sysname> system-view
[Sysname] dhcp enable
dhcp flood-protection aging-time
Use dhcp flood-protection aging-time to set the aging time of DHCP flood attack protection entries.
Use undo dhcp flood-protection aging-time to restore the default.
Syntax
dhcp flood-protection aging-time time
undo dhcp flood-protection aging-time
Default
The aging time is 300 seconds for DHCP flood attack protection entries.
Views
System view
Predefined user roles
network-admin
Parameters
time: Specifies the aging time of DHCP flood attack protection entries, in seconds. The value range is 30 to 600.
Usage guidelines
When the aging time of a DHCP flood attack protection entry for a MAC address is reached, the DHCP device examines the drop rate of DHCP packets sent from the MAC address.
· If the packet drop rate is lower than the DHCP flood attack threshold, the device deletes the entry. If later a DHCP packet from that MAC address arrives, the DHCP device will create a new flood attack protection entry and count the number of incoming DHCP packets for that client again.
· If the packet drop rate is equal to or higher than the DHCP flood attack threshold, the device resets the aging time for the entry.
This command takes effect only after you execute the dhcp flood-protection enable command.
If you execute the command multiple times, the most recent configuration takes effect.
Examples
# Set the aging time to 90 seconds for DHCP flood attack protection entries.
<Sysname> system-view
[Sysname] dhcp flood-protection aging-time 90
Related commands
dhcp flood-protection enable
dhcp flood-protection threshold
display dhcp flood-protection
dhcp flood-protection enable
Use dhcp flood-protection enable to enable DHCP flood attack protection on an interface.
Use undo dhcp flood-protection enable to disable DHCP flood attack protection on an interface.
Syntax
dhcp flood-protection enable
undo dhcp flood-protection enable
Default
The global DHCP flood attack protection setting applies to the interfaces on the device.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
When the device receives a DHCP packet from a client, it creates a DHCP flood attack protection entry in check state. In the entry, the client is identified by its MAC address. If the number of incoming DHCP packets from the same MAC address reaches the upper limit in the detection duration, the device determines that the client is launching a DHCP flood attack. The DHCP flood attack protection entry changes to the restrain state, and the device discards the DHCP packets from that client.
You can configure DHCP flood attack protection globally or on a per-interface basis.
DHCP flood attack protection takes effect on an interface if it is enabled globally or on that interface. To enable DHCP flood attack protection only on some of the interfaces, disable the feature globally and enable it on the desired interfaces.
Examples
# Enable DHCP flood attack protection on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp flood-protection enable
Related commands
dhcp flood-protection aging-time
dhcp flood-protection global enable
dhcp flood-protection threshold
display dhcp flood-protection
dhcp flood-protection global enable
Use dhcp flood-protection global enable to enable global DHCP flood attack protection.
Use undo dhcp flood-protection global enable to disable global DHCP flood attack protection.
Syntax
dhcp flood-protection global enable
undo dhcp flood-protection global enable
Default
Global DHCP flood attack protection is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To enable DHCP flood attack protection on all interfaces, use this command.
After you configure DHCP flood attack protection globally on the device, the device creates a DHCP flood attack protection entry in check state for a client upon receiving a DHCP packet from that client. In the entry, the client is identified by its MAC address. If the number of incoming DHCP packets from that client reaches the upper limit in the detection duration, the device determines that the client is launching a DHCP flood attack. The DHCP flood attack protection entry changes to the restrain state, and the device discards the DHCP packets from that client.
You can configure DHCP flood attack protection globally by using the dhcp flood-protection global enable command or on a per-interface basis by using the dhcp flood-protection enable command.
DHCP flood attack protection takes effect on an interface if it is enabled globally or on that interface. To enable DHCP flood attack protection only on some of the interfaces, disable the feature globally and enable it on the desired interfaces.
Examples
# Enable global DHCP flood attack protection.
<Sysname> system-view
[Sysname] dhcp flood protection global enable
Related commands
dhcp flood-protection enable
dhcp flood-protection threshold
Use dhcp flood-protection threshold to set the DHCP packet rate threshold for triggering DHCP flood attack protection.
Use undo dhcp flood-protection threshold to restore the default.
Syntax
dhcp flood-protection threshold packet-number milliseconds
undo dhcp flood-protection threshold
Default
The device allows a maximum of 10 DHCP packets per 5000 milliseconds from each DHCP client.
Views
System view
Predefined user roles
network-admin
Parameters
packet-number: Specifies the maximum number of DHCP packets in the range of 2 to 200.
milliseconds: Specifies the DHCP flood attack detection duration in milliseconds. The value range is 1000 to 30000.
The DHCP flood attack protection enables the DHCP device to detect DHCP flood attacks according to the DHCP packet rate threshold on a per-MAC basis. If the number of incoming DHCP packets from the same MAC address exceeds the upper limit in the detection duration, the client at that MAC address is launching a DHCP flood attack.
This command takes effect only after you execute the dhcp flood-protection enable command.
If you execute the command multiple times, the most recent configuration takes effect.
Examples
# Configure the device to allow a maximum of two DHCP packets per 9000 milliseconds from each DHCP client.
<Sysname> system-view
[Sysname] dhcp flood-protection threshold 2 9000
Related commands
dhcp flood-protection aging-time
dhcp flood-protection enable
display dhcp flood-protection
dhcp interface-rate-suppression aging-time
Use dhcp interface-rate-suppression aging-time to set the aging time of interface-based DHCP attack suppression entries.
Use undo dhcp interface-rate-suppression aging-time to restore the default.
Syntax
dhcp interface-rate-suppression aging-time time
undo dhcp interface-rate-suppression aging-time
Default
The aging time is 300 seconds for interface-based DHCP attack suppression entries.
Views
System view
Predefined user roles
network-admin
Parameters
time: Specifies the aging time of interface-based DHCP attack suppression entries, in seconds. The value range is 30 to 600.
Usage guidelines
When the aging time of a DHCP attack suppression entry on an interface is reached, the device examines the packet receiving rate on the interface.
· If the packet receiving rate is below the suppression threshold, the device deletes the entry. If later a DHCP packet arrives on that interface, the device will create a new attack suppression entry and count the number of incoming DHCP packets on that interface again.
· If the packet receiving rate is above the suppression threshold, the device resets the aging time.
This command takes effect only after you execute the dhcp interface-rate-suppression enable command.
If you execute the command multiple times, the most recent configuration takes effect.
Examples
# Set the aging time to 90 seconds for interface-based DHCP attack suppression entries.
<Sysname> system-view
[Sysname] dhcp interface-rate-suppression aging-time 90
Related commands
dhcp interface-rate-suppression enable
dhcp interface-rate-suppression threshold
display dhcp interface-rate-suppression
dhcp interface-rate-suppression enable
Use dhcp interface-rate-suppression enable to enable DHCP attack suppression on an interface.
Use undo dhcp interface-rate-suppression enable to disable DHCP attack suppression on an interface.
Syntax
dhcp interface-rate-suppression enable
undo dhcp interface-rate-suppression enable
Default
The enabling status of the DHCP attack suppression feature on an interface is the same as that of the global DHCP attack suppression feature.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
When an interface enabled with this feature receives a DHCP packet, the device creates a DHCP attack suppression entry in check state for the interface. If the DHCP packet receiving rate on the interface reaches or exceeds the threshold, a DHCP attack occurs on the interface. The suppression entry changes to the restrain state. To protect the CPU against DHCP attack packets, the device limits the DHCP packet receiving rate on the interface before the aging time of the suppression entry is reached.
Examples
# Enable DHCP attack suppression on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp interface-rate-suppression enable
Related commands
dhcp interface-rate-suppression aging-time
dhcp interface-rate-suppression threshold
display dhcp interface-rate-suppression
dhcp interface-rate-suppression global enable
Use dhcp interface-rate-suppression global enable to enable DHCP attack suppression globally.
Use undo dhcp interface-rate-suppression global enable to disable DHCP attack suppression globally.
Syntax
dhcp interface-rate-suppression global enable
undo dhcp interface-rate-suppression global enable
Default
Global DHCP attack suppression is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To enable DHCP attack suppression on all interfaces, use this command.
DHCP attack suppression protects an interface from DHCP attacks by limiting the rate of incoming DHCP packets after the specified threshold is crossed.
After you enable DHCP attack suppression globally on all interfaces, the device creates a DHCP attack suppression entry in check state for each interface and counts their incoming DHCP packets. If the incoming DHCP packet rate on an interface reaches or exceeds the threshold, the device determines that the interface is under a DHCP attack. Then, it changes the suppression entry for the interface to the restrain state. To protect the CPU against DHCP attack packets, the device limits the incoming DHCP packet rate on the interface until the suppression entry ages out.
You can enable DHCP attack suppression globally, or on a per-interface basis by using the dhcp interface-rate-suppression enable command.
· DHCP attack suppression takes effect on an interface as long as it is enabled globally or on the interface.
· To suppress DHCP attacks only on some of the interfaces, you must disable DHCP attack suppression globally, and then enable the feature on the target interfaces.
Examples
# Enable DHCP attack suppression globally.
<Sysname> system-view
[Sysname] dhcp interface-rate-suppression global enable
Related commands
dhcp interface-rate-suppression enable
dhcp interface-rate-suppression threshold
Use dhcp interface-rate-suppression threshold to set the DHCP packet rate threshold for triggering interface-based DHCP attack suppression.
Use undo dhcp interface-rate-suppression threshold to restore the default.
Syntax
dhcp interface-rate-suppression threshold packet-number milliseconds
undo dhcp interface-rate-suppression threshold
Default
The device can receive a maximum of 3000 DHCP packets per 5000 milliseconds on an interface.
Views
System view
Predefined user roles
network-admin
Parameters
packet-number: Specifies the maximum number of DHCP packets received on an interface, in the range of 2 to 6000.
milliseconds: Specifies the interface-based DHCP attack detection duration in milliseconds. The value range is 1000 to 10000.
Usage guidelines
A DHCP attack occurs on an interface if the DHCP packet receiving rate on the interface reaches the threshold.
This command takes effect only after you execute the dhcp interface-rate-suppression enable command.
If you execute the command multiple times, the most recent configuration takes effect.
Examples
# Set the DHCP packet rate threshold to 2000 DHCP packets per 9000 milliseconds for triggering interface-based DHCP attack suppression.
<Sysname> system-view
[Sysname] dhcp interface-rate-suppression threshold 2000 9000
Related commands
dhcp interface-rate-suppression aging-time
dhcp interface-rate-suppression enable
display dhcp interface-rate-suppression
dhcp log enable
Use dhcp log enable to enable DHCP server logging.
Use undo dhcp log enable to disable DHCP server logging.
Syntax
dhcp log enable
undo dhcp log enable
Default
DHCP server logging is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the DHCP server to generate DHCP logs and send them to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.
As a best practice, disable this feature if the log generation affects the device performance or reduces the address allocation efficiency. For example, this situation might occur when a large number of clients frequently come online or go offline.
Examples
# Enable DHCP server logging.
<Sysname> system-view
[Sysname] dhcp log enable
dhcp rate-limit
Use dhcp rate-limit to enable DHCP packet rate limit on an interface and set the limit value.
Use undo dhcp rate-limit to disable DHCP packet rate limit.
Syntax
dhcp rate-limit rate
undo dhcp rate-limit
Default
The DHCP packet rate limit is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
rate: Specifies the maximum rate in Kbps. The value range for this argument is 1 to 10240.
Usage guidelines
With this feature enabled, an interface discards DHCP packets that exceed the maximum rate.
Examples
# Set the DHCP packet rate limit to 64 Kbps on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp rate-limit 64
dhcp select
Use dhcp select to enable the DHCP server or DHCP relay agent on an interface.
Use undo dhcp select to disable the DHCP server or DHCP relay agent on an interface. The interface will discard incoming DHCP packets.
Syntax
dhcp select { relay | server }
undo dhcp select { relay | server }
Default
The interface operates in the DHCP server mode and responds to DHCP requests with configuration parameters.
Views
Interface view
Predefined user roles
network-admin
Parameters
relay: Enables the DHCP relay agent on the interface.
server: Enables the DHCP server on the interface.
Usage guidelines
Before enabling a DHCP server to operate as a DHCP relay agent, use the reset dhcp server ip-in-use command to clear address bindings and authorized ARP entries. These authorized ARP entries might conflict with ARP entries that are created after the DHCP relay agent is enabled.
Examples
# Enable the DHCP relay agent on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp select relay
Related commands
dhcp relay always-unicast
dhcp server request-ip-address check
dhcp smart-relay enable
reset dhcp server ip-in-use
dhcp session-mismatch action
Use dhcp session-mismatch action to specify a DHCP request processing method for roaming DHCP clients.
Use undo dhcp session-mismatch action to restore the default.
Syntax
dhcp session-mismatch action { fast-renew | roam }
undo dhcp session-mismatch action
Default
The DHCP device discards DHCP address requests sent from roaming DHCP clients.
Views
Interface view
Predefined user roles
network-admin
Parameters
fast-renew: Releases existing leases for roaming clients and assigns new IP addresses to them.
roam: Assigns addresses to roaming clients based on their existing address leases and renews the leases. This keyword is applicable only to IPoE users roaming among the interfaces that belong to the same roming group.
Usage guidelines
This command is applicable only to IPoE networks.
When a DHCP client roams in a network, the client sends an offline request to the DHCP device (DHCP server or relay agent) before requesting a new address. If the DHCP device does not receive the offline request, it will discard the DHCP client's new address request because it determines that the request is an attack packet.
This feature allows the DHCP device to process address requests as follows upon receiving them from roaming DHCP clients:
· If the fast-renew keyword is specified:
¡ The DHCP server releases existing address leases of the roaming clients and assigns them new IP addresses.
¡ The DHCP relay agent informs the DHCP server to release existing address leases of roaming clients and forwards the requests to the DHCP server.
· If the roam keyword is specified:
¡ The DHCP server assigns addresses to the roaming clients based on their existing address leases and renews the leases.
¡ The DHCP relay agent forwards the address requests of the roaming clients to the DHCP server.
The roam keyword allows the clients to use the original IP addresses to access the network without another access authentication.
This feature might make online users go offline. Enable this feature for roaming DHCP clients only when no DHCP attacks exist in the network.
This command is mutually exclusive with the dhcp server multi-ip per-mac enable command.
Examples
# On Ten-GigabitEthernet 3/1/1, configure the DHCP server to use the fast-renew method for roaming clients.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp session-mismatch action fast-renew
Related commands
ip subscriber roaming enable (BRAS Service Command Reference)
dhcp user offline
Use dhcp user offline to enable the DHCP server to release the existing IP address lease of a client after it receives an IP address request from that client again.
Use undo dhcp user offline to restore the default.
Syntax
dhcp { discover | reboot-request } * user offline
undo dhcp { discover | reboot-request } * user offline
Default
On receipt of an IP address request from a client that already has a lease, the DHCP server answers the request with the IP address in that lease.
Views
System view
Predefined user roles
network-admin
Parameters
discover: Specify the DHCPDISCOVER message.
reboot-request: Specify the DHCPREQUEST message sent after a reboot.
Usage guidelines
When a client goes offline, the DHCP server might not be aware of the offline event and cannot release the client lease timely. If the client comes online again from a different authentication domain, information in Options 16, 17, and 60 in the DHCP request sent by the client will change. If the DHCP server returns the IP address in the existing lease to the client without parsing Option information in the request, the client will be unable to access the network. This is because the obtained IP address does not match the new authentication domain.
To resolve this issue, you can use this command specifying a DHCP message type. The DHCP server will perform the following tasks when it receives an IP address request from a client that already has a lease:
· If the type of the address request matches the specified DHCP message type, the DHCP server will do the following:
¡ Release the existing IP address lease for that client.
¡ Ignore the IP address request.
After the wait timer for DHCP server response expires, the client will resend an IP address request. On receipt of the request, the DHCP server will select a correct IP pool based on the Option information and assign a new IP address to the client.
· If the type of the address request does not match the specified DHCP message type, the DHCP server answers the request with the IP address in that lease.
Examples
# Enable the DHCP server to release the existing IP address lease of a client if it receives a DHCP-DISCOVER from that client again.
<Sysname> system-view
[Sysname] dhcp discover user offline
# Enable the DHCP server to release the existing IP address lease of a client if it receives a DHCP-REQUEST from that client again.
<Sysname> system-view
[Sysname] dhcp reboot-request user offline
display dhcp flood-protection
Use display dhcp flood-protection to display information about DHCP flood attack protection entries.
Syntax
In standalone mode:
display dhcp flood-protection slot slot-number [ cpu cpu-number ] [ mac-address mac-address [ interface interface-type interface-number ] | state { check | restrain } [ verbose ] | statistics | verbose ]
In IRF mode:
display dhcp flood-protection chassis chassis-number slot slot-number [ cpu cpu-number ] [ mac-address mac-address [ interface interface-type interface-number ] | state { check | restrain } [ verbose ] | statistics | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address mac-address: Specifies a MAC address in the format of H-H-H. If you specify this option, the command displays detailed information about the DHCP flood attack protection entries for the specified MAC address. If you do not specify this option, the command displays brief information about DHCP flood attack protection entries.
interface interface-type interface-number: Displays information about the DHCP flood attack protection entries for the specified interface.
state { check | restrain }: Displays information about DHCP flood attack protection entries in the specified state. The check keyword specifies the check state. The restrain keyword specifies the restrain state.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
statistics: Displays statistics for DHCP flood attack protection entries.
verbose: Displays detailed information about DHCP flood attack protection entries.
Usage guidelines
If you do not specify any parameters, this command displays brief information about all DHCP flood attack protection entries on the device.
Examples
# (In standalone mode.) Display brief information about DHCP flood attack protection entries on a slot.
<Sysname> display dhcp flood-protection slot 3
Global DHCP flood protection: Enabled
DHCP flood protection threshold: 100 packets/ 2000 milliseconds
Index MAC address UDP port SVLAN/CVLAN State
0 4211-cc00-0116 67 4091/4094 Restrain
1 60d0-d50a-0231 68 4091/4094 Check
2 4211-cc00-0117 67 4091/4094 Restrain
3 000f-3d81-7faf 67 4091/4094 Check
4 4211-cc00-0118 67 4091/4094 Restrain
-------------------------------------------------------------------------------
Total entries: 5
# (In standalone mode.) Display detailed information about DHCP flood attack protection entries on a slot.
<Sysname> display dhcp flood-protection slot 3 verbose
Interface: Ten-GigabitEthernet3/1/1
MAC address: 78a8-3e93-0216
Hardware status: Succeeded
SVLAN/CVLAN: -/-
State: Restrain
Entry created at: 2021/06/24 11:23:45
Total passed packets: 1
Total restrain packets: 2
Interface: Ten-GigabitEthernet3/1/2
MAC address: 78a8-3e93-0217
Hardware status: Succeeded
SVLAN/CVLAN: -/-
State: Restrain
Entry created at: 2021/06/24 11:23:43
Total passed packets: 1
Total restrain packets: 2
Interface: Ten-GigabitEthernet3/1/3
MAC address: 78a8-3e93-0218
Hardware status: Succeeded
SVLAN/CVLAN: -/-
State: Restrain
Entry created at: 2021/06/24 11:23:41
Total passed packets: 1
Total restrain packets: 2
------------------------------------------------------------------------------
Total entries: 3
# (In standalone mode.) Display detailed information about DHCP flood attack protection entries for MAC address 4211-cc00-0116 on a slot.
<Sysname> display dhcp flood-protection slot 3 mac-address 4211-cc00-0116
Interface: Ten-GigabitEthernet3/1/1
MAC address: 4211-cc00-0116
Hardware status: Succeeded
SVLAN/CVLAN: 4091/4094
State: Restrain
Entry created at: 2018/01/08 15:51:50
Total passed packets: 2
Total restrain packets: 3
-------------------------------------------------------------------------------
Total entries: 1
# (In standalone mode.) Displays statistics for DHCP flood attack protection entries.
<Sysname> display dhcp flood-protection slot 3 statistics
Total entries: 5
Entries in check state: 2
Entries in restrain state: 3
Table 1 Command output
|
Field |
Description |
|
Global DHCP flood protection |
Whether global DHCP flood attack protection is enabled. |
|
DHCP flood protection threshold: xxx packets/ yyy milliseconds |
The DHCP packet count limit is xxx and the detection duration is yyy milliseconds. |
|
Index |
Sequence number of the DHCP flood attack protection entry. |
|
MAC address |
Source MAC address in DHCP packets. |
|
UDP port |
Destination UDP port number in DHCP packets. |
|
SVLAN/CVLAN |
Inner VLAN ID and outer VLAN ID in DHCP packets. If a DHCP packet does not belong to any VLAN, this field displays a hyphen (-). |
|
State |
State of the DHCP flood attack protection entry: · Check. · Restrain. |
|
Interface |
Interface that received DHCP packets. |
|
Hardware status |
Result of issuing the entry to the hardware: · Succeeded—Succeeded in issuing the entry to the hardware. · Failed—Failed to issue the entry to the hardware because of a device failure or insufficient hardware resources. · N/A—The entry was not issued to the hardware because the packet was not an attack packet. · Not support—DHCP attack protection is not supported in hardware. |
|
Entry created at |
Time when the DHCP flood attack protection entry was created. The entry is in check state when it is created. |
|
Total passed packets |
Number of packets that have been passed through when the DHCP flood attack protection entry is in check state. |
|
Total restrain packets |
Number of dropped packets when the DHCP flood attack protection entry is in restrain state. |
|
Total entries |
Total number of DHCP flood attack protection entries. |
|
Entries in check state |
Total number of DHCP flood attack protection entries in check state. |
|
Entries in restrain state |
Total number of DHCP flood attack protection entries in restrain state. |
Related commands
dhcp flood-protection aging-time
dhcp flood-protection enable
dhcp flood-protection threshold
reset dhcp flood-protection
display dhcp interface-rate-suppression
Use display dhcp interface-rate-suppression to display information about interface-based DHCP attack suppression entries.
Syntax
In standalone mode:
display dhcp interface-rate-suppression slot slot-number [ cpu cpu-number ] [ interface interface-type interface-number | state { check | restrain } [ verbose ] | statistics | verbose ]
In IRF mode:
display dhcp interface-rate-suppression chassis chassis-number slot slot-number [ cpu cpu-number ] [ interface interface-type interface-number | state { check | restrain } [ verbose ] | statistics | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays detailed information about the DHCP attack suppression entry for the specified interface.
state { check | restrain }: Displays information about interface-based DHCP attack suppression entries in the specified state. The check keyword specifies the check state. The restrain keyword specifies the restrain state.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
statistics: Displays interface-based DHCP attack suppression statistics.
verbose: Displays detailed information about interface-based DHCP attack suppression entries.
Usage guidelines
If you do not specify any parameters, this command displays brief information about all interface-based DHCP attack suppression entries on the device.
Examples
# (In standalone mode.) Display brief information about interface-based DHCP attack suppression entries on a slot.
<Sysname> display dhcp interface-rate-suppression slot 3
DHCP attack suppression threshold: 100 packets/ 2000 milliseconds
Index Interface State
0 XGE3/1/1 Restrain
1 XGE3/1/2 Check
2 XGE3/1/3 Restrain
-------------------------------------------------------------------------------
Total entries: 3
# (In standalone mode.) Display detailed information about interface-based DHCP attack suppression entries on a slot.
<Sysname>display dhcp interface-rate-suppression slot 3 verbose
Interface: Ten-GigabitEthernet3/1/1
Hardware status: Succeeded
State: Restrain
Entry created at 2021/06/24 11:23:45
Total passed packets: 7
Total restrain packets: 0
Interface: Ten-GigabitEthernet3/1/2
Hardware status: Succeeded
State: Restrain
Entry created at 2021/06/24 11:23:43
Total passed packets: 7
Total restrain packets: 0
Interface: Ten-GigabitEthernet3/1/3
Hardware status: Succeeded
State: Restrain
Entry created at 2021/06/24 11:23:41
Total passed packets: 6
Total restrain packets: 0
------------------------------------------------------------------------------
Total entries: 3
# (In standalone mode.) Display detailed information about the DHCP attack suppression entry for Ten-GigabitEthernet 3/1/1 on a slot.
<Sysname> display dhcp interface-rate-suppression slot 3 interface Ten-GigabitEthernet 3/1/1
Interface: Ten-GigabitEthernet3/1/1
Hardware status: Succeeded
State: Restrain
Entry created at 2018/07/08 15:51:50
Total passed packets: 2
Total restrain packets: 3
# (In standalone mode.) Display interface-based DHCP attack suppression statistics on a slot.
<Sysname> display dhcp interface-rate-suppression slot 3 statistics
Interfaces enabled with DHCP attack suppression: 3
Entries in check state: 2
Entries in restrain state: 1
Table 2 Command output
|
Field |
Description |
|
DHCP attack suppression threshold: xxx packets/ yyy milliseconds |
The DHCP packet count limit is xxx and the detection duration is yyy milliseconds. |
|
Index |
Sequence number of the interface-based DHCP attack suppression entry. |
|
State |
State of the interface-based DHCP attack suppression entry: · Check. · Restrain. |
|
Interface |
Interface that received DHCP packets. |
|
Hardware status |
Result of issuing the entry to the hardware: · Succeeded—Succeeded in issuing the entry to the hardware. · Failed—Failed to issue the entry to the hardware because of a device failure or insufficient hardware resources. · N/A—The entry was not issued to the hardware because the packet was not an attack packet. · Not support—DHCP attack protection is not supported in hardware. |
|
Entry created at |
Time when the interface-based DHCP attack suppression entry was created. |
|
Total passed packets |
Number of forwarded DHCP packets when the DHCP flood attack suppression entry is in restrain state. |
|
Total restrain packets |
Number of dropped DHCP packets when the DHCP flood attack suppression entry is in restrain state. |
|
Total entries |
Total number of interface-based DHCP attack suppression entries. |
|
Interfaces enabled with DHCP attack suppression |
Total number of interfaces on which DHCP attack suppression is enabled. |
|
Check state count |
Total number of interface-based DHCP attack suppression entries in check state. |
|
Restrain state count |
Total number of interface-based DHCP attack suppression entries in restrain state. |
Related commands
dhcp interface-rate-suppression aging-time
dhcp interface-rate-suppression enable
dhcp interface-rate-suppression threshold
reset dhcp interface-rate-suppression
display dhcp rate-limit
Use display dhcp rate-limit to display packet statistics for the DHCP packet rate-limiting feature.
Syntax
In standalone mode:
display dhcp rate-limit slot slot-number [ cpu cpu-number ]
In IRF mode:
display dhcp rate-limit chassis chassis-number slot slot-number [ cpu cpu-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Usage guidelines
To limit the incoming DHCP packet rate, use the ip subscriber dhcp rate-limit command. To display packet statistics for the DHCP packet rate-limiting feature, use the display dhcp rate-limit command.
Examples
# (In standalone mode.) Display packet statistics for the DHCP packet rate-limiting feature on a slot.
<Sysname> display dhcp rate-limit slot 3
DHCP rate-limit packet statistics:
Dropped since last poll:12
Total dropped packets:22
Total passed packets:1000
Table 3 Command output
|
Field |
Description |
|
DHCP rate-limit packet statistics |
Packet statistics for the DHCP packet rate-limiting feature. |
|
Dropped since last poll |
Number of packets dropped by the DHCP packet rate-limiting feature since the most recent data poll. |
|
Total dropped packets |
Total number of packets dropped by the DHCP packet rate-limiting feature. |
|
Total passed packets |
Total number of packets permitted by the DHCP packet rate-limiting feature. |
Related commands
ip subscriber dhcp rate-limit
reset dhcp rate-limit
remote-server
Use remote-server to specify DHCP servers for an IP pool.
Use undo remote-server to remove DHCP servers from an IP pool.
Syntax
remote-server ip-address&<1-8> [ public | vpn-instance vpn-instance-name ]
undo remote-server [ ip-address&<1-8> ]
Default
No DHCP server is specified for an IP pool.
Views
IP pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies a space-separated list of up to eight DHCP server addresses.
public: Specifies the DHCP servers on the public network.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the DHCP servers belong. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the servers belong to the public network, do not specify this option.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
If you do not specify any DHCP server address, the undo remote-server command removes all DHCP servers from the IP pool.
If neither the public keyword nor the vpn-instance vpn-instance-name option is specified, DHCP servers on the same network as the DHCP client are selected.
Examples
# Specify DHCP server 10.1.1.1 for IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] remote-server 10.1.1.1
Related commands
display dhcp relay remote-server-info
reset dhcp flood-protection
Use reset dhcp flood-protection to delete DHCP flood attack protection entries.
Syntax
In standalone mode:
reset dhcp flood-protection slot slot-number [ cpu cpu-number ] [ mac-address mac-address [ interface interface-type interface-number ] ] [ packet-statistics ]
In IRF mode:
reset dhcp flood-protection chassis chassis-number slot slot-number [ cpu cpu-number ] [ mac-address mac-address [ interface interface-type interface-number ] ] [ packet-statistics ]
Views
User view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Deletes DHCP flood attack protection entries with the specified MAC address in the format of H-H-H. If you do not specify this option, the command deletes all DHCP flood attack protection entries.
interface interface-type interface-number: Deletes DHCP flood attack protection entries for the specified interface.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
packet-statistics: Clears the packet statistics in the specified entries. If you do not specify this keyword, this command deletes the specified DHCP flood attack protection entries.
Usage guidelines
If you do not specify any parameters, this command deletes all DHCP flood attack protection entries on the device.
Examples
# (In standalone mode.) Delete all DHCP flood attack protection entries on a slot.
<Sysname> reset dhcp flood-protection slot 3
Related commands
display dhcp flood-protection
reset dhcp interface-rate-suppression
Use reset dhcp interface-rate-suppression to delete interface-based DHCP attack suppression entries.
Syntax
In standalone mode:
reset dhcp interface-rate-suppression slot slot-number [ cpu cpu-number ] [ interface interface-type interface-number ] [ packet-statistics ]
In IRF mode:
reset dhcp interface-rate-suppression chassis chassis-number slot slot-number [ cpu cpu-number ] [ interface interface-type interface-number ] [ packet-statistics ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Deletes the DHCP attack suppression entry for the specified interface.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In standalone mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
packet-statistics: Clears the packet statistics in the specified entries. If you do not specify this keyword, this command deletes the specified interface-based DHCP attack suppression entries.
Usage guidelines
If you do not specify any parameters, this command deletes all interface-based DHCP attack suppression entries on the device.
Examples
# (In standalone mode.) Delete all interface-based DHCP attack suppression entries on a slot.
<Sysname> reset dhcp interface-rate-suppression slot 3
Related commands
display dhcp interface-rate-suppression
reset dhcp rate-limit
Use reset dhcp rate-limit to clear packet statistics for the DHCP packet rate-limiting feature.
Syntax
In standalone mode:
reset dhcp rate-limit slot slot-number [ cpu cpu-number ]
In IRF mode:
reset dhcp rate-limit chassis chassis-number slot slot-number [ cpu cpu-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Usage guidelines
This command clears the DHCP packet statistics collected for the DHCP packet rate-limiting feature. You can enable that feature by using the ip subscriber dhcp rate-limit command.
Examples
# (In standalone mode.) Clear packet statistics for the DHCP packet rate-limiting feature on a slot.
<Sysname> reset dhcp rate-limit slot 3
Related commands
display dhcp rate-limit
ip subscriber dhcp rate-limit (BRAS Services Command Reference)
DHCP server commands
address range
Use address range to configure an IP address range in an IP pool for dynamic allocation.
Use undo address range to restore the default.
Syntax
address range start-ip-address end-ip-address
undo address range
Default
No IP address range exists.
Views
Secondary network segment view
Predefined user roles
network-admin
Parameters
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address.
Usage guidelines
|
|
CAUTION: To ensure successful IP address allocation, the address range specified by using the address range command must be within the network segment specified by using the network, gateway, or network secondary command. |
If no IP address range is specified in IP pool view or secondary network segment view, the following addresses are assignable:
· All IP addresses in the network segment specified by using the network command or the gateway command.
· All IP addresses in the secondary network segment specified by using the network secondary command.
If you specify an IP address range in IP pool view or secondary network segment view, only addresses in both the address range and the network segment are assignable.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify an address range of 192.168.8.1 through 192.168.8.150 in IP pool 1.
<Sysname> system-view
[Sysname] ip pool 1
[Sysname-ip-pool-1] network 192.168.8.1 mask 255.255.255.0
[Sysname-ip-pool-1] address range 192.168.8.1 192.168.8.150
# Specify an address range of 192.168.8.1 through 192.168.8.150 for the secondary network segment in IP pool 1.
<Sysname> system-view
[Sysname] ip pool 1
[Sysname-ip-pool-1] network 192.168.8.1 secondary
[Sysname-ip-pool-1-secondary] address range 192.168.8.1 192.168.8.150
Related commands
class
dhcp class
display ip pool
network
allocate-new-ip enable
Use allocate-new-ip enable to enable random IP address allocation.
Use undo allocate-new-ip enable to disable random IP address allocation.
Syntax
allocate-new-ip enable
undo allocate-new-ip enable
Default
Random IP address allocation is disabled.
Views
IP pool view
Predefined user roles
network-admin
|
|
CAUTION: Enable this feature on the DHCP server with caution if it works in conjunction with a DHCP relay agent that is located on an access device. In this situation, this feature might prevent access users from coming online again after an abnormal offline event. |
By default, the DHCP server tries to allocate the same IP address as the previous allocation to the same user.
With this feature enabled, the DHCP server tries to allocate a new IP address to a user every time the user acquires an IP address. This feature is applicable to the scenarios where each user is identified by IP address. In such a network scenario, it is required that a user must obtain different IP addresses for each IP address acquisition.
Examples
# Enable random IP address allocation.
<Sysname> system-view
[Sysname] ip pool 1
[Sysname-ip-pool-1] allocate-new-ip enable
This command will enable the random address allocation mode. Enable it? [Y/N]:
bims-server
Use bims-server to specify the IP address, port number, and shared key of the BIMS server in an IP pool.
Use undo bims-server to restore the default.
Syntax
bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } string
undo bims-server
Default
No BIMS server information is specified.
Views
IP pool view
Predefined user roles
network-admin
Parameters
ip ip-address: Specifies the IP address of the BIMS server.
port port-number: Specifies the port number of the BIMS server, in the range of 1 to 65534.
cipher: Specifies a key in encrypted form.
simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the key string. Its plaintext form is a case-sensitive string of 1 to 16 characters. Its encrypted form is a case-sensitive string of 1 to 53 characters. The DHCP client uses the shared key to encrypt packets sent to the BIMS server.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify BIMS server IP address 1.1.1.1, port number 80, and shared key aabbcc in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] bims-server ip 1.1.1.1 port 80 sharekey simple aabbcc
display ip pool
bootfile-name
Use bootfile-name to specify a configuration file name or URL.
Use undo bootfile-name to restore the default.
Syntax
bootfile-name { bootfile-name | url }
undo bootfile-name
Default
No configuration file name or URL is specified.
Views
IP pool view
Predefined user roles
network-admin
Parameters
bootfile-name: Specifies the configuration file name, a case-sensitive string of 1 to 63 characters.
url: Specifies the HTTP URL of the configuration file. It is a case-sensitive string of 1 to 63 characters.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
To specify a configuration file on a TFTP server, use the bootfile-name argument.
To specify a configuration file on an HTTP server, use the url argument.
Examples
# Specify configuration file name boot.cfg in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] bootfile-name boot.cfg
# Specify configuration file URL http://10.1.1.1/boot.cfg in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] bootfile-name http://10.1.1.1/boot.cfg
display ip pool
next-server
tftp-server domain-name
tftp-server ip-address
class ip-pool
Use class ip-pool to specify an IP pool for a DHCP user class.
Use undo class ip-pool to remove the IP pool specified for a DHCP user class.
Syntax
class class-name ip-pool pool-name
undo class class-name ip-pool
Default
No IP pool is specified for a DHCP user class.
Views
DHCP policy view
Predefined user roles
network-admin
Parameters
class-name: Specifies a DHCP user class by its name, a case-insensitive string of 1 to 63 characters.
pool-name: Specifies an IP pool by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
You can specify only one IP pool for a DHCP user class in a DHCP policy. If you execute this command multiple times for a user class, the most recent configuration takes effect.
Examples
# Specify IP pool pool1 for DHCP user class test in DHCP policy 1.
<Sysname> system-view
[Sysname] dhcp policy 1
[Sysname-dhcp-policy-1] class test ip-pool pool1
Related commands
default ip-pool
dhcp policy
ip pool
class option-group
Use class option-group to specify a DHCP option group for a DHCP user class.
Use undo class option-group to remove the configuration.
Syntax
class class-name option-group option-group-number
undo class class-name option-group
Default
No DHCP option group is specified for a DHCP user class.
Views
IP pool view
Predefined user roles
network-admin
Parameters
class-name: Specifies a DHCP user class by its name, a case-insensitive string of 1 to 63 characters.
option-group-number: Specifies a DHCP option group by its number in the range of 1 to 32768.
Usage guidelines
When receiving a DHCP-DISCOVER message, the server compares the client against the user classes in the order that they are specified by this command. If a match is found, the server assigns the client the DHCP options in the option group. If multiple matches are found, the server selects option groups by using the following methods:
· If the option groups have options in common, the server selects the option group specified for the first matching user class.
· If the option groups have different options, the server selects all the matching option groups.
You can specify only one option group for a DHCP user class in an IP pool. If you execute this command multiple times for a user class, the most recent configuration takes effect.
Examples
# Specify DHCP option group 1 for user class user in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] class user option-group 1
Related commands
dhcp option-group
class range
Use class range to specify an IP address range for a DHCP user class.
Use undo class range to remove the IP address range for the DHCP user class.
Syntax
class class-name range start-ip-address end-ip-address
undo class class-name range
Default
No IP address range is specified for a DHCP user class.
Views
IP pool view
Predefined user roles
network-admin
Parameters
class-name: Specifies a DHCP user class name, a case-insensitive string of 1 to 63 characters. If the specified user class does not exist, the DHCP server will not assign the addresses in the address range specified for the user class to any clients.
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address.
Usage guidelines
|
|
CAUTION: When you change the address range for a DHCP user class, make sure the new range contains the IP addresses that have been assigned. If the new range does not contain the IP address assigned to a client, the lease renewal attempt of the client will fail. The client must wait for the current lease to expire to request a new lease. |
The class range command allows you to divide an address segment into multiple address ranges for different DHCP user classes. The address range for a user class must be within the primary network segment specified by using the network command. If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by using the address range command. If the address range has no assignable IP addresses or no address range is configured, the address allocation fails.
After you specify an address range for a user class, you cannot use the network secondary command to specify a secondary network segment in the IP pool.
You can specify only one address range for a DHCP user class in an IP pool. If you execute this command multiple times for a DHCP user class, the most recent configuration takes effect.
Examples
# Specify an IP address range of 192.168.8.1 through 192.168.8.150 for DHCP user class user in IP pool 1.
<Sysname> system-view
[Sysname] ip pool 1
[Sysname-ip-pool-1] class user range 192.168.8.1 192.168.8.150
Related commands
address range
dhcp class
display ip pool
default ip-pool
Use default ip-pool to specify the default IP pool.
Use undo default ip-pool to restore the default.
Syntax
default ip-pool pool-name
undo default ip-pool
Default
No default IP pool is specified.
Views
DHCP policy view
Predefined user roles
network-admin
Parameters
pool-name: Specifies an IP pool by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
In a DHCP policy, the DHCP server uses the default IP pool to assign IP addresses and other parameters to clients that do not match any user classes. If no default IP pool is specified or the default IP pool does not have assignable IP addresses, the address assignment fails.
You can specify only one default IP pool in a DHCP policy. If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify IP pool pool1 as the default IP pool in DHCP policy 1.
<Sysname> system-view
[Sysname] dhcp policy 1
[Sysname-dhcp-policy-1] default ip-pool pool1
Related commands
class ip-pool
dhcp policy
dhcp apply-policy
Use dhcp apply-policy to apply a DHCP policy to an interface.
Use undo dhcp apply-policy to restore the default.
Syntax
dhcp apply-policy policy-name
undo dhcp apply-policy
Default
No DHCP policy is applied to an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a DHCP policy by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
You can apply only one DHCP policy to an interface. If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Apply DHCP policy test to Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp apply-policy test
Related commands
dhcp policy
dhcp class
Use dhcp class to create a DHCP user class and enter its view, or enter the view of an existing DHCP user class.
Use undo dhcp class to delete the specified DHCP user class.
Syntax
dhcp class class-name
undo dhcp class class-name
Default
No DHCP user classes exist.
Views
System view
Predefined user roles
network-admin
Parameters
class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters.
Usage guidelines
In the DHCP user class view, you can use the if-match command to configure match rules to group clients to the user class.
Examples
# Create DHCP user class test and enter DHCP user class view.
<Sysname> system-view
[Sysname] dhcp class test
[Sysname-dhcp-class-test]
Related commands
address range
class ip-pool
class option-group
class range
dhcp policy
if-match
dhcp option-group
Use dhcp option-group to create a DHCP option group and enter its view, or enter the view of an existing DHCP option group.
Use undo dhcp option-group to delete a DHCP option group.
Syntax
dhcp option-group option-group-number
undo dhcp option-group option-group-number
Default
No DHCP option groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
option-group-number: Assigns a number to the DHCP option group, in the range of 1 to 32768.
Examples
# Create DHCP option group 1 and enter DHCP option group view.
<Sysname> system-view
[Sysname] dhcp option-group 1
[Sysname-dhcp-option-group-1]
Related commands
class option-group
option
dhcp policy
Use dhcp policy to create a DHCP policy and enter its view, or enter the view of an existing DHCP policy.
Use undo dhcp policy to delete a DHCP policy.
Syntax
dhcp policy policy-name
undo dhcp policy policy-name
Default
No DHCP policies exist.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Assigns a name to the DHCP policy. The policy name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
In DHCP policy view, you can specify IP pools for different user classes. Clients matching a user class will obtain IP addresses and other parameters from the specified IP pool.
For a DHCP policy to take effect, you must apply it to an interface.
Examples
# Create DHCP policy test and enter its view.
<Sysname> system-view
[Sysname] dhcp policy test
[Sysname-dhcp-policy-test]
Related commands
class ip-pool
default ip-pool
dhcp apply-policy
dhcp class
dhcp route-log enable
Use dhcp route-log enable to enable route logging for all IP address pools.
Use undo dhcp route-log enable to disable route logging for all IP address pools.
dhcp route-log enable
undo dhcp route-log enable
Default
Route logging is disabled for all IP address pools.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables the DHCP server to generate log messages for route events that occur in IP address pools. Route events include network route adding or deletion.
To enable route logging for IP address pools, use one of the following commands:
· dhcp route-log enable
This command enables route logging for all types of IP address pools on the DHCP server.
· route-log enable
This command enables route logging for a single IP address pool on the DHCP server. To enable route logging for only one IP address pool, perform the following task:
a. Verify that route logging is disabled for all IP address pools on the DHCP server.
You can use the undo dhcp route-log enable command to disable route logging for all IP address pools.
b. Use the route-log enable command in the view of the target IP address pool.
Enabling global route logging might cause a large number of unnecessary route log messages. To resolve this issue, use the undo route-log enable command to disable route logging for some IP address pools.
Examples
# Enable route logging for all IP address pools on the DHCP server.
<Sysname> system-view
[Sysname] dhcp route-log enable
Related commands
route-log enable
dhcp server allocated-ip threshold
Use dhcp server allocated-ip threshold to set the IP address allocation success rate threshold. The success rate is the rate of successfully allocated IP addresses to received DHCP requests within 5 minutes.
Use undo dhcp server allocated-ip threshold to restore the default.
Syntax
dhcp server allocated-ip threshold threshold-value
undo dhcp server allocated-ip threshold
Default
No SNMP notification is sent for an IP address allocation success rate threshold violation.
Views
System view
Predefined user roles
network-admin
Parameters
threshold-value: Specifies the success rate threshold in percentage in the range of 1 to 100.
Usage guidelines
If the IP address allocation success rate is lower than the threshold, the DHCP module sends an SNMP notification to report the event.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the IP address allocation success rate threshold to 85%.
<Sysname> system-view
[Sysname] dhcp server allocated-ip threshold 85
Related commands
snmp-agent trap enable dhcp server
dhcp server always-broadcast
Use dhcp server always-broadcast to enable the DHCP server to always broadcast responses.
Use undo dhcp server always-broadcast to restore the default.
Syntax
dhcp server always-broadcast
undo dhcp server always-broadcast
Default
The DHCP server reads the broadcast flag in a DHCP request to decide whether to broadcast or unicast the response.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the DHCP server to ignore the broadcast flag in DHCP requests and always broadcast all responses.
The DHCP server always unicasts a response in the following situations, regardless of whether this command is executed:
· The DHCP request is from a DHCP client that has an IP address (the ciaddr field is not 0).
· The DHCP request is forwarded by a DHCP relay agent from a DHCP client (the giaddr field is not 0).
Examples
# Enable the DHCP server to always broadcast all responses.
<Sysname> system-view
[Sysname] dhcp server always-broadcast
dhcp server apply ip-pool
Use dhcp server apply ip-pool to apply an IP pool to an interface.
Use undo dhcp server apply ip-pool to restore the default.
Syntax
dhcp server apply ip-pool pool-name
undo dhcp server apply ip-pool
Default
No IP pool is applied to an interface
Views
Interface view
Predefined user roles
network-admin
Parameters
pool-name: Specifies the name of an IP pool, a case-insensitive string of 1 to 63 characters.
Usage guidelines
Upon receiving a DHCP request from the interface, the DHCP server searches for a static binding for the client from all IP pools. If no static binding is found, the server assigns configuration parameters from the IP pool applied on the interface to the client. If the IP pool has no assignable IP address or does not exist, the DHCP client cannot obtain an IP address.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Apply IP pool 0 to Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp server apply ip-pool 0
ip pool
dhcp server bootp ignore
Use dhcp server bootp ignore to configure the DHCP server to ignore BOOTP requests.
Use undo dhcp server bootp ignore to restore the default.
Syntax
dhcp server bootp ignore
undo dhcp server bootp ignore
Default
The DHCP server does not ignore BOOTP requests.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests.
Examples
# Configure the DHCP server to ignore BOOTP requests.
<Sysname> system-view
[Sysname] dhcp server bootp ignore
dhcp server bootp reply-rfc-1048
Use dhcp server bootp reply-rfc-1048 to enable the sending of BOOTP responses in RFC 1048 format.
Use undo dhcp server bootp reply-rfc-1048 to disable this feature.
Syntax
dhcp server bootp reply-rfc-1048
undo dhcp server bootp reply-rfc-1048
Default
This feature is disabled. The DHCP server does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into responses.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Not all BOOTP clients can send requests compliant with RFC 1048. This command enables the DHCP server to fill the Vend field in RFC 1048-compliant format in DHCP responses to RFC 1048-incompliant requests sent by BOOTP clients.
This command takes effect only when BOOTP is used to request statically bound IP addresses.
Examples
# Enable the sending of BOOTP responses in RFC 1048 format on the DHCP server.
<Sysname> system-view
[Sysname] dhcp server bootp reply-rfc-1048
dhcp server check mac-address
Use dhcp server check mac-address to enable MAC address check on the DHCP server.
Use undo dhcp server check mac-address to disable MAC address check on the DHCP server.
Syntax
dhcp server check mac-address
undo dhcp server check mac-address
Default
MAC address check is disabled on the DHCP server.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This feature enables the DHCP server to compare the chaddr field of a received DHCP request with the source MAC address in the frame header. If they are the same, the DHCP server verifies the packet legal and continues processing the packet. If they are not the same, the DHCP server discards the request.
Examples
# Enable MAC address check on the DHCP server.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp server check mac-address
dhcp server database filename
Use dhcp server database filename to configure the DHCP server to back up the DHCP bindings to a file.
Use undo dhcp server database filename to restore the default.
Syntax
dhcp server database filename { filename | url url [ username username [ password { cipher | simple } string ] ] }
undo dhcp server database filename
Default
The DHCP server does not back up the DHCP bindings.
Views
System view
Predefined user roles
network-admin
Parameters
filename: Specifies the name of a local backup file, a case-sensitive string of 1 to 255 characters. For information about the filename argument, see Fundamentals Configuration Guide.
url url: Specifies the URL of a remote backup file, a case-sensitive string of 1 to 255 characters. Do not include a username or password in the URL.
username username: Specifies the username for accessing the URL of the remote backup file, a case-sensitive string of 1 to 32 characters. Do not specify this option if a username is not required for accessing the URL of the remote backup file.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters. Do not specify this argument if a password is not required for accessing the URL of the remote backup file.
Usage guidelines
The command automatically creates the file if you specify a nonexistent file.
With this command executed, the DHCP server backs up its bindings immediately and runs auto backup. The server, by default, waits 300 seconds after a binding change to update the backup file. You can use the dhcp server database update interval command to change the waiting time. If no DHCP binding changes, the backup file is not updated.
As a best practice, back up the bindings to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCP server to malfunction.
When the backup file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password:
· If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file path, where the port number is optional.
· If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file path, where the port number is optional.
· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.
· If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[1::1]/database.dhcp.
· You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp.
Examples
# Configure the DHCP server to back up its bindings to file database.dhcp.
<Sysname> system-view
[Sysname] dhcp server database filename database.dhcp
# Configure the DHCP server to back up its bindings to file database.dhcp in the working directory of the FTP server at 10.1.1.1.
<Sysname> system-view
[Sysname] dhcp server database filename url ftp://10.1.1.1/database.dhcp username 1 password simple 1
Related commands
dhcp server database update interval
dhcp server database update now
dhcp server database update stop
dhcp server database update interval
Use dhcp server database update interval to set the waiting time for the DHCP server to update the backup file after a DHCP binding change.
Use undo dhcp server database update interval to restore the default.
Syntax
dhcp server database update interval interval
undo dhcp server database update interval
Default
The DHCP server waits 300 seconds to update the backup file after a DHCP binding change. If no DHCP binding changes, the backup file is not updated.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the waiting time in the range of 60 to 864000 seconds.
Usage guidelines
When a DHCP binding is created, updated, or removed, the waiting period starts. The DHCP server updates the backup file when the waiting period is reached. All bindings changed during the period will be saved to the backup file.
The waiting time takes effect only after you configure the DHCP binding auto backup by using the dhcp server database filename command.
Examples
# Set the waiting time to 10 minutes for the DHCP server to update the backup file.
<Sysname> system-view
[Sysname] dhcp server database update interval 600
Related commands
dhcp server database filename
dhcp server database update now
dhcp server database update stop
dhcp server database update now
Use dhcp server database update now to manually save the DHCP bindings to the backup file.
Syntax
dhcp server database update now
Views
System view
Predefined user roles
network-admin
Usage guidelines
Each time this command is executed, the DHCP bindings are saved to the backup file.
For this command to take effect, you must configure the DHCP auto backup by using the dhcp server database filename command.
Examples
# Manually save the DHCP bindings to the backup file.
<Sysname> system-view
[Sysname] dhcp server database update now
Related commands
dhcp server database filename
dhcp server database update interval
dhcp server database update stop
dhcp server database update stop
Use dhcp server database update stop to terminate the download of DHCP bindings from the backup file.
Syntax
dhcp server database update stop
Views
System view
Predefined user roles
network-admin
Usage guidelines
The DHCP server does not provide services during the binding download process. If the connection disconnects during the process, the waiting timeout timer is 60 minutes. When the timer expires, the DHCP server stops waiting and starts providing address allocation services.
To enable the DHCP server to provide services without waiting for the connection to be repaired, use this command to terminate the download immediately. The IP addresses associated with the undownloaded bindings will be assigned to clients. Address conflicts might occur.
Examples
# Terminate the download of the backup DHCP bindings.
<Sysname> system-view
[Sysname] dhcp server database update stop
Related commands
dhcp server database filename
dhcp server database update interval
dhcp server database update now
dhcp server forbidden-ip
Use dhcp server forbidden-ip to exclude IP addresses from DHCP allocation globally.
Use undo dhcp server forbidden-ip to remove IP addresses from the forbidden IP list.
Syntax
dhcp server forbidden-ip start-ip-address [ end-ip-address ] [ vpn-instance vpn-instance-name ]
undo dhcp server forbidden-ip start-ip-address [ end-ip-address ] [ vpn-instance vpn-instance-name ]
Default
No IP addresses are excluded from DHCP allocation globally.
Views
System view
Predefined user roles
network-admin
Parameters
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address, which cannot be lower than the start IP address. To exclude a range of IP addresses from DHCP allocation, you must specify the end IP address. If you do not specify this argument, only the start IP address is excluded from DHCP allocation.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the excluded IP addresses belong to the public network, do not specify this option.
Usage guidelines
The IP addresses of some devices such as the gateway and FTP server cannot be assigned to clients. Use this command to exclude such addresses from DHCP allocation.
You cannot exclude an IP address from DHCP allocation if it has been specified in a static binding by using the static-bind command.
The address or address range specified for the undo dhcp server forbidden-ip command must be the same as that specified for the dhcp server forbidden-ip command. To remove an IP address from the specified address range, you must remove the entire address range.
You can execute this command multiple times to exclude multiple IP address ranges from DHCP allocation.
Examples
# Exclude the IP addresses of 10.110.1.1 through 10.110.1.63 from DHCP allocation globally.
<Sysname> system-view
[Sysname] dhcp server forbidden-ip 10.110.1.1 10.110.1.63
forbidden-ip
static-bind
dhcp server multi-ip per-mac enable
Use dhcp server multi-ip per-mac enable to enable allocation of different IP addresses to DHCP clients with the same MAC address.
Use undo dhcp server multi-ip per-mac enable to disable allocation of different IP addresses to DHCP clients with the same MAC address.
Syntax
dhcp server multi-ip per-mac enable
undo dhcp server multi-ip per-mac enable
Default
Views
System view
Predefined user roles
network-admin
Usage guidelines
If the DHCP server has assigned IP addresses to DHCP clients, you cannot enable or disable this feature. If you do so, the system displays an error message.
This command is mutually exclusive with the dhcp session-mismatch action command.
Examples
# Enable allocation of different IP addresses to DHCP clients with the same MAC address.
<Sysname> system-view
[Sysname] dhcp server multi-ip per-mac enable
dhcp server ping packets
Use dhcp server ping packets to set the maximum number of ping packets.
Use undo dhcp server ping packets to restore the default.
Syntax
dhcp server ping packets number
undo dhcp server ping packets
Default
The maximum number of ping packets is 1.
Views
System view
Predefined user roles
network-admin
Parameters
number: Sets the maximum number of ping packets, in the range of 0 to 10. To disable the address conflict detection, set the value to 0.
Usage guidelines
To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client.
If a ping attempt succeeds, the server determines that the IP address is in use and picks a new IP address. If all the ping attempts fail, the server assigns the IP address to the requesting DHCP client.
Examples
# Set the maximum number of ping packets to 10.
<Sysname> system-view
[Sysname] dhcp server ping packets 10
dhcp server ping timeout
display dhcp server conflict
reset dhcp server conflict
dhcp server ping timeout
Use dhcp server ping timeout to set the ping response timeout time on the DHCP server.
Use undo dhcp server ping timeout to restore the default.
Syntax
dhcp server ping timeout milliseconds
undo dhcp server ping timeout
Default
The ping response timeout time is 500 milliseconds.
Views
System view
Predefined user roles
network-admin
Parameters
milliseconds: Specifies the timeout time in the range of 0 to 10000 milliseconds. To disable the ping operation for address conflict detection, set the value to 0 milliseconds.
Usage guidelines
To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client.
If a ping attempt succeeds, the server determines that the IP address is in use and picks a new IP address. If all the ping attempts fail, the server assigns the IP address to the requesting DHCP client.
Examples
# Set the response timeout time to 1000 milliseconds.
<Sysname> system-view
[Sysname] dhcp server ping timeout 1000
dhcp server ping packets
display dhcp server conflict
reset dhcp server conflict
dhcp server policy-first enable
Use dhcp server policy-first enable to enable policy-first IP pool selection for IPoE users.
Use undo dhcp server policy-first enable to restore the default.
Syntax
dhcp server policy-first enable
undo dhcp server policy-first enable
Default
The device uses the AAA authorized IP pool for IPoE users.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
Predefined user roles
network-admin
Usage guidelines
This feature enables the DHCP server to preferentially select the IP pool specified for the DHCP policy for IPoE users.
You must determine the IP pool selection method before IPoE users come online. If you modify the IP pool selection method after IPoE users come online, IPoE users that have obtained addresses cannot correctly extend the lease duration. When an address lease expires, the IPoE user goes offline, and the IPoE session is deleted.
Example
# Enable policy-first IP pool selection for IPoE users on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp server policy-first enable
Related commands
authorization-attribute (BRAS Services Command Reference)
dhcp server relay information enable
Use dhcp server relay information enable to enable the DHCP server to handle Option 82.
Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82.
Syntax
dhcp server relay information enable
undo dhcp server relay information enable
Default
The DHCP server handles Option 82.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Upon receiving a DHCP request that contains Option 82, the server copies the original Option 82 into the response. If the server is configured to ignore Option 82, the response will not contain Option 82.
Examples
# Configure the DHCP server to ignore Option 82.
[Sysname] undo dhcp server relay information enable
dhcp server reply-exclude-option60
Use dhcp server reply-exclude-option60 to disable the DHCP server from encapsulating Option 60 in DHCP replies.
Use undo dhcp server reply-exclude-option60 to restore the default.
Syntax
dhcp server reply-exclude-option60
undo dhcp server reply-exclude-option60
Default
The DHCP server can encapsulate Option 60 in DHCP replies.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If you do not disable the capability, the DHCP server encapsulates Option 60 in a DHCP reply in the following situations:
· The received DHCP packet contains Option 60.
· Option 60 is configured for the IP pool.
If you disable the capability, the DHCP server does not encapsulate Option 60 in DHCP replies.
Examples
# Disable the DHCP server from encapsulating Option 60 in DHCP replies.
<Sysname> system-view
[Sysname] dhcp server reply-exclude-option60
dhcp server request-ip-address check
Use dhcp server request-ip-address check to enable the DHCP server to return a DHCP-NAK message if the client notions of their IP addresses are incorrect.
Use undo dhcp server request-ip-address check to restore the default.
Syntax
dhcp server request-ip-address check
undo dhcp server request-ip-address check
Default
The DHCP server does not return a DHCP-NAK message if the client notions of their IP addresses are incorrect.
Views
System view
Predefined user roles
network-admin
Usage guidelines
A DHCP client can send a DHCP-REQUEST message directly or upon receiving a DHCP-OFFER message. Upon receiving the request, the DHCP server will check if the client notion of its IP address is correct. If the requested IP address is different from the allocated one or has no matching lease record, the DHCP server remains silent by default. After the allocated IP address lease for the client expires, the DHCP server will make response to request from the client.
This feature enables the DHCP server to return DHCP-NAK messages if the client notions of their IP addresses are incorrect. After receiving the DHCP-NAK message, the DHCP client will request an IP address again.
Examples
# Enable the DHCP server to return a DHCP-NAK message if the client notions of their IP addresses are incorrect.
<Sysname> system-view
[Sysname] dhcp server request-ip-address check
Related commands
dhcp select server
display dhcp gateway-route
Use display dhcp gateway-route to display information about the gateway routes that the UP received from the CP.
Syntax
display dhcp gateway-route [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays information about the gateway routes issued by the CP on the public network.
Usage guidelines
Use this command on a UP to view information about gateway routes received from the CP.
After you specify a gateway in a BAS or ODAP IP pool on the CP by using the gateway command, the CP issues a gateway route for the pool to UPs as follows:
· If the IP pool type is BAS, the CP issues the gateway route to the following UPs:
¡ UPs in the UP backup profile bound to the IP pool.
¡ UPs bound to the IP pool.
¡ UPs whose remote interfaces or subinterfaces are bound to the IP pool.
· If the IP pool type is ODAP, the CP issues the gateway route to all UPs connected to the CP.
Examples
# Display information about the gateway routes received from the CP on the public network.
<Sysname> display dhcp gateway-route
Gateway route count: 1
IP address: 100.100.100.100
VPN instance:
Virtual MAC: 1122-3344-5566
Timeout: 100(sec)
Valid flag: 1
Creation time: Apr 20 13:18:22 2021
Update time: Apr 20 14:18:22 2021
# Display information about the gateway routes received from the CP in VPN instance a.
<Sysname> display dhcp gateway-route vpn-instance a
Gateway route count: 1
IP address: 100.100.100.100
VPN instance: a
Virtual MAC: 1122-3344-5566
Timeout: 100(sec)
Valid flag: 1
Creation time: Apr 20 13:18:22 2021
Update time: Apr 20 14:18:22 2021
Table 4 Command output
|
Field |
Description |
|
|
Gateway route count |
Number of gateway routes. |
|
|
IP address |
IP address of the gateway. |
|
|
VPN instance |
Name of the VPN instance. If the route is issued on the public network, this field is empty. |
|
|
Virtual MAC |
Virtual MAC address bound to the gateway IP address. |
|
|
Timeout |
Aging time of the gateway route, in seconds. If the route will never age out, this field displays 0. |
|
|
Valid flag |
Whether the route is effective: · 0—Ineffective. The route has not issued to the RIB. · 1—Effective. The route has issued to the RIB. |
|
|
Creation time |
Date and time when the route was created. The format is MM DD hh:mm:ss YYYY. · MM—Represents the month. · DD—Represents the day. · hh—Represents the hours. · mm—Represents the minutes. · ss—Represents the seconds. · YYYY—Represents the year. |
|
|
Update time |
Date and time when the route was updated. The format is MM DD hh:mm:ss YYYY. · MM—Represents the month. · DD—Represents the day. · hh—Represents the hours. · mm—Represents the minutes. · ss—Represents the seconds. · YYYY—Represents the year. |
|
display dhcp network-route
Use display dhcp network-route to display information about the subnet routes that the UP received from the CP.
Syntax
display dhcp network-route [ ipv4-address mask-length ] [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv4-address mask-length: Specifies a subnet by subnet address and mask length. The ipv4-address argument represents the IPv4 subnet address in dotted decimal notation. The mask-length argument represents the mask length for the subnet in the range of 1 to 30. If you do not specify a subnet, this command displays all subnet route information issued by the CP.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays subnet route information issued by the CP on the public network.
Usage guidelines
Use this command on a UP to view information about subnet routes received from the CP.
When a DHCP client comes online through a UP, the CP issues a route message for the subnet on which the client resides to the UP. The route message carries the tag for the subnet route and information about the client-attached interface on the UP.
The UP processes a subnet route message as follows:
· If the UP is a physical UP, it directly adds the message to the RIB.
· If the UP is a vUP, it performs the following tasks:
a. Replace the original route tag in the message with that configured for the auto scaling group. For more information about route tag configuration for vUP auto scaling groups, see vUP auto scaling configuration in CP and UP Separation Configuration Guide.
b. Add the new message to the RIB.
Examples
# Display information about the subnet routes received from the CP on the public network.
<VUP8>display dhcp network-route
Network route count: 1
IP address: 10.50.0.0
Mask length: 24
VPN instance:
Cost: 10, Preference: 0, Tag: 0
Tunnel source: 0.0.0.0, destination: 0.0.0.0
Interface: N/A, Scale-group: N/A, Tag-vUP: N/A
Valid flag: 1
Creation time: May 13 01:58:56 2021
Update time: May 13 01:58:56 2021
# Display information about the subnet routes received from the CP in VPN instance a.
<Sysname> display dhcp network-route 1.1.1.0 24 vpn-instance a
Network route count: 1
IP address: 1.1.1.0
Mask length: 24
VPN instance: a
Cost: 10, Preference: 255, Tag: 10
Tunnel source: 10.0.0.1, destination: 10.0.0.2
Interface: VSI-Interface1, Scale-group: 100, Tag-vUP: 20
Valid flag: 1
Creation time: Apr 20 13:18:22 2021
Update time: Apr 20 14:18:22 2021
Table 5 Command output
|
Field |
Description |
|
|
Network route count |
Number of subnet routes. |
|
|
IP address |
IP address of the subnet. |
|
|
Mask length |
Mask length for the subnet. |
|
|
VPN instance |
Name of the VPN instance. If the route is issued on the public network, this field is empty. |
|
|
Cost |
Routing cost. |
|
|
Preference |
Priority value for the route. |
|
|
Tag |
Tag value for the route. |
|
|
Tunnel source |
||
|
destination |
Destination address of the VSRP protection tunnel. |
|
|
Interface |
User access interface on the vUP. Only VSI interface is supported. If the user does not come online through any vUP, this field displays N/A. |
|
|
Scale-group |
ID of the auto scaling group. |
|
|
Tag-vUP |
Route tag for the auto scaling group. |
|
|
Valid flag |
Whether the route is effective: · 0—Ineffective. The route has not issued to the RIB. · 1—Effective. The route has issued to the RIB. |
|
|
Creation time |
Date and time when the route was created. The format is MM DD hh:mm:ss YYYY. · MM—Represents the month. · DD—Represents the day. · hh—Represents the hours. · mm—Represents the minutes. · ss—Represents the seconds. · YYYY—Represents the year. |
|
|
Update time |
Date and time when the route was updated. The format is MM DD hh:mm:ss YYYY. · MM—Represents the month. · DD—Represents the day. · hh—Represents the hours. · mm—Represents the minutes. · ss—Represents the seconds. · YYYY—Represents the year. |
|
display dhcp pool-group-usage
Use display dhcp pool-group-usage to display address usage information for an IP pool group.
Syntax
display dhcp pool-group-usage [ pool-group pool-group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool-group pool-group-name: Specifies an IP pool group by its name. The pool-group-name argument is a case-insensitive string of 1 to 63 characters. If you do not specify this option, this command displays address usage information for all IP pool groups.
Examples
# Display address usage information for all IP pool groups.
<Sysname> display dhcp pool-group-usage
Pool group name Total Used Utilization(%)
poolgroup1 91 1 1.10%
poolgroup2 245 1 0.41%
# Display address usage information for pool group poolgroup1.
<Sysname> display dhcp pool-group-usage pool-group poolgroup1
Pool group name Total Used Utilization(%)
poolgroup1 91 1 1.10%
Table 6 Command output
|
Field |
Description |
|
|
Pool group name |
Name of the IP pool group. |
|
|
Total |
Number of IP addresses in the IP pool group. |
|
|
Used |
Number of assigned IP addresses in the IP pool group. |
|
|
Utilization(%) |
Address usage of the IP pool group, in percentage. |
|
display dhcp pool-usage
Use display dhcp pool-usage to display address usage information for an IP pool.
Syntax
display dhcp pool-usage [ peak ] [ pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
peak: Displays peak address usage information for an IP pool. The displayed value is the highest address usage of the IP pool before you execute this command. If you do not specify this keyword, this command displays the real-time address usage of the IP pool.
pool pool-name: Specifies an IP pool by its name. The pool-name argument is a case-insensitive string of 1 to 63 characters. If you do not specify this option, this command displays address usage information for all IP pools.
Usage guidelines
To calculate the address usage of an IP address pool, use the following formula:
(Total number of IP addresses – number of free IP addresses)/total number of IP addresses
To obtain the number of free IP addresses in an IP address pool, see the Free IP addresses field in the output of the display dhcp server statistics command.
If the peak address usage of an IP pool appeared multiple times, this command displays the peak address usage that appeared earliest.
Examples
# Display address usage information for all IP pools.
<Sysname> display dhcp pool-usage
Pool name Total Used Utilization(%)
pool1 91 1 1.10%
pool2 245 1 0.41%
# Display address usage information for pool pool1.
<Sysname> display dhcp pool-usage pool pool1
Pool name Total Used Utilization(%)
pool1 91 1 1.10%
# Display peak address usage information for all IP pools.
<Sysname> display dhcp pool-usage peak
Pool name Peak utilization(%) Time
pool1 1.10% Mar 11 07:22:43 2021
pool2 0.41% Mar 11 07:22:43 2021
# Display peak usage information for pool pool1.
<Sysname> display dhcp pool-usage peak pool pool1
Pool name Peak utilization(%) Time
pool1 1.10% Mar 11 07:23:02 2021
Table 7 Command output
|
Field |
Description |
|
|
Pool name |
Name of the IP pool. |
|
|
Total |
Number of IP addresses in the IP pool. |
|
|
Used |
Number of assigned IP addresses in the IP pool. |
|
|
Utilization(%) |
Address usage of the IP pool, in percentage. |
|
|
Peak utilization(%) |
Peak address usage of the IP pool, in percentage. |
|
|
Time |
Date and time when the address usage of the IP pool reached the peak, in the format of MM DD hh:mm:ss YYYY. · MM—Represents the month. · DD—Represents the day. · hh—Represents the hours. · mm—Represents the minutes. · ss—Represents the seconds. · YYYY—Represents the year. |
|
Related commands
reset dhcp pool-usage peak
display dhcp server conflict
Use display dhcp server conflict to display information about IP address conflicts.
Syntax
display dhcp server conflict [ interface interface-type interface-number | ip ip-address | vxlan vxlan-id ] [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number.
ip ip-address: Specifies an IP address.
vxlan vxlan-id: Specifies a VXLAN by its ID in the range of 0 to 16777215.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays information about IP address conflicts for the public network.
Usage guidelines
The DHCP server generates IP address conflict information in the following situations:
· Before assigning an IP address to a DHCP client, the DHCP server pings the IP address and discovers that another host is using the address.
· The DHCP client sends a DECLINE packet to the DHCP server to inform the server of an IP address conflict.
· The DHCP server discovers that the only assignable address in the IP pool is its own IP address.
If you do not specify any parameters, this command displays information about all IP address conflicts.
Examples
# Display information about all IP address conflicts.
<Sysname> display dhcp server conflict
IP address Detect time
4.4.4.1 Apr 25 16:57:20 2019
4.4.4.2 Apr 25 17:00:10 2019
Table 8 Command output
|
Field |
Description |
|
|
IP address |
Conflicted IP address. If the IP address is reusable, the command displays an asterisk (*) in parentheses next to it. |
|
|
Detect time |
Time when the conflict was detected. |
|
reset dhcp server conflict
display dhcp server database
Use display dhcp server database to display information about DHCP binding auto backup.
Syntax
display dhcp server database
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about DHCP binding auto backup.
<Sysname> display dhcp server database
File name : database.dhcp
Username :
Password :
Update interval : 600 seconds
Latest write time : Feb 8 16:09:53 2014
Status : Last write succeeded.
Table 9 Command output
|
Field |
Description |
|
|
File name |
Name of the DHCP binding backup file. |
|
|
Username |
Username for accessing the URL of the remote backup file. |
|
|
Password |
Password for accessing the URL of the remote backup file. This field displays ****** if a password is configured. |
|
|
Update interval |
Waiting time in seconds after a DHCP binding change for the DHCP server to update the backup file. |
|
|
Latest write time |
Time of the latest update. |
|
|
Status |
Update state: · Writing—The backup file is being updated. · Last write succeeded—The backup file was successfully updated. · Last write failed—The backup file failed to be updated. |
|
display dhcp server expired
Use display dhcp server expired to display information about expired leases.
Syntax
display dhcp server expired [ [ interface interface-type interface-number | ip ip-address | mac mac-address | vxlan vxlan-id ] [ vpn-instance vpn-instance-name ] | pool pool-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number.
ip ip-address: Specifies an IP address.
mac mac-address: Specifies a MAC address.
vxlan vxlan-id: Specifies a VXLAN by its ID in the range of 0 to 16777215.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays the lease expiration information for the public network.
pool pool-name: Displays lease expiration information about the specified IP pool. The pool name is a case-insensitive string of 1 to 63 characters.
verbose: Displays detailed lease expiration information. If you do not specify this keyword, the command displays brief lease expiration information about all IP addresses.
Usage guidelines
DHCP assigns these expired IP addresses to DHCP clients when all available addresses have been assigned.
If you do not specify any parameters, this command displays information about all expired leases.
Examples
# Display information about all expired leases.
<Sysname> display dhcp server expired
IP address Client-identifier/Hardware address Lease expiration
4.4.4.6 3030-3066-2e65-3230-302e-3130-3234 Apr 25 17:10:47 2019
-2d45-7468-6572-6e65-7430-2f31
Table 10 Command output
|
Field |
Description |
|
IP address |
Expired IP address. |
|
Client-identifier/Hardware address |
Client ID or MAC address. |
|
Lease expiration |
Time when the lease expired. |
# Display detailed information about all expired leases.
<Sysname> display dhcp server expired verbose
IP address: 192.168.56.3
Pool name: 1
Client-identifier: N/A
Hardware address type: Ethernet
Hardware address: 0000-0000-0002
Lease expiration: Mar 16 16:00:22 2017
Remaining reservation time: 136 years 2 months 6 hours 28 minutes 11 seconds
IP address reservation mode: Based on client MAC
IP address: 5.5.5.5
Pool name: 2
Client-identifier: 0061-6161-612e-6161-6161-2e61-6161-612d-4745-302f-302f-33
Hardware address type: Ethernet
Hardware address: 0000-0000-0003
Lease expiration: Mar 16 16:00:33 2017
Remaining reservation time: 136 years 2 months 6 hours 28 minutes 22 seconds
IP address reservation mode: Based on client ID
IP address: 3.3.3.5
Pool name: abc
Client-identifier: 0100-0000-0000-05
Hardware address type: Ethernet
Hardware address: 0000-0000-0005
Lease expiration: Mar 16 16:10:33 2017
Remaining reservation time: 2 months 6 hours 27 minutes 22 seconds
IP address reservation mode: Based on client MAC
Table 11 Command output
|
Field |
Description |
|
IP address |
Expired IP address. |
|
Pool name |
IP pool to which the expired IP address belongs. |
|
Client-identifier |
Client ID. If the request does not contain Option 61, this field displays N/A. |
|
Hardware address type |
Hardware address type of the client: Ethernet, Token ring, or Unknown. |
|
Lease expiration |
Time when the lease expired. |
|
Remaining reservation time |
Remaining time for reserving the expired IP address. If the reservation time expires, this field displays 0, and the expired IP address is deleted. |
|
IP address reservation mode |
Reservation mode of the expired IP address: · Based on client ID—Reserve an expired IP address based on the client ID. · Based on client MAC—Reserve an expired IP address based on the client MAC address. |
reserve expired-ip enable
reset dhcp server expired
display dhcp server free-ip
Use display dhcp server free-ip to display information about assignable IP addresses.
Syntax
display dhcp server free-ip [ pool pool-name | vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool pool-name: Displays assignable IP addresses in the specified IP pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an IP pool, this command displays all assignable IP addresses for all IP pools.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays assignable IP addresses in IP pools for the public network.
Examples
# Display assignable IP addresses in all IP pools.
<Sysname> display dhcp server free-ip
Pool name: 1
Network: 10.0.0.0 mask 255.0.0.0
IP ranges from 10.0.0.10 to 10.0.0.100
IP ranges from 10.0.0.105 to 10.0.0.255
Secondary networks:
10.1.0.0 mask 255.255.0.0
IP ranges from 10.1.0.0 to 10.1.0.255
10.2.0.0 mask 255.255.0.0
IP Ranges from 10.2.0.0 to 10.2.0.255
Pool name: 2
Network: 20.1.1.0 mask 255.255.255.0
IP ranges from 20.1.1.0 to 20.1.1.255
Table 12 Command output
|
Field |
Description |
|
Pool name |
Name of the IP pool. |
|
Network |
Assignable network. |
|
IP ranges |
Assignable IP address ranges. |
|
Secondary networks |
Assignable secondary networks. |
Related commands
address range
ip pool
network
display dhcp server ip-in-use
Use display dhcp server ip-in-use to display binding information about assigned IP addresses.
Syntax
display dhcp server ip-in-use [ [ interface interface-type interface-number | ip ip-address | subnet network-address mask-length | vxlan vxlan-id ] [ vpn-instance vpn-instance-name ] | pool pool-name | pool-group pool-group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number.
ip ip-address: Specifies an IP address.
subnet network-address mask-length: Specifies a subnet by the network address and subnet mask length.
vxlan vxlan-id: Specifies a VXLAN by its ID in the range of 0 to 16777215.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays binding information about assigned IP addresses for the public network.
pool pool-name: Displays binding information about assigned IP addresses in the specified IP pool. The pool name is a case-insensitive string of 1 to 63 characters.
pool-group pool-group-name: Specifies an IP pool group by its name. The pool-group-name argument is a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameters, this command displays binding information about all assigned IP addresses.
The binding information can be used by other security modules only when the DHCP server is configured on the gateway of DHCP clients.
If the lease deadline exceeds the year 2100, the lease expiration time is displayed as After 2100.
If you do not specify any parameters, this command displays binding information about all assigned IP addresses.
Examples
# Display binding information about all assigned DHCP addresses.
<Sysname> display dhcp server ip-in-use
IP address Client-identifier/ Lease expiration Type
Hardware address
10.1.1.1 4444-4444-4444 Not used Static(F)
10.1.1.2 0030-3030-2e30-3030- May 1 14:02:49 2015 Auto(C)
662e-3030-3033-2d45-
7468-6572-6e65-74
10.1.1.3 0133-3037-392e-3933- May 1 14:18:22 2016 Auto(C)
3037-2e39-3030-32
10.1.1.4 1111-1111-1111 After 2100 Static(C)
# Display binding information about the IP address 10.1.1.2.
<Sysname> display dhcp server ip-in-use ip 10.1.1.2
IP address: 10.1.1.2/24
Giaddr: 10.1.1.10
Gateway: 10.1.1.1
Client identifier/Hardware address: 3030-3030-2e30-3030-662e-3030-3033-2d45-7468
-6572-6e65-74
Lease expiration: May 1 14:02:49 2015
Type: Auto(C)
Client access interface: XGE3/1/1
Outer VLAN: N/A
Inner VLAN: N/A
User ID: 0x3fffff
|
Field |
Description |
|
|
IP address |
IP address and mask length assigned. |
|
|
Giaddr |
IP address of the first DHCP relay agent that the DHCP request passes through. |
|
|
Gateway |
Default gateway address. |
|
|
Client-identifier/Hardware address |
Client ID or hardware address. Client ID is specified as a string of hexadecimal numbers, in which the first two characters represents the hardware type value. · If an ASCII string is used, the hardware type value is 00, which means no type. · If the hardware type is Ethernet, the type value is 01. · If the hardware type is token ring, the type value is 06. If the DHCP server acts as an access server, the client ID recorded in a lease is not the real client ID. It is a value generated based on the user type and the client MAC address. |
|
|
Lease expiration |
Lease expiration time: · Exact time (May 1 14:02:49 2015 in this example)—Time when the lease will expire. · Not used—The IP address of the static binding has not been assigned to the specific client. · Unlimited—Infinite lease expiration time. · After 2100—The lease will expire after 2100. |
|
|
Type |
Binding types: · Static(F)—A free static binding whose IP address has not been assigned. · Static(O)—An offered static binding whose IP address has been selected and sent by the DHCP server in a DHCP-OFFER packet to the client. · Static(C)—A committed static binding whose IP address has been assigned to the DHCP client. · Auto(O)—An offered dynamic binding whose IP address has been dynamically selected by the DHCP server and sent in a DHCP-OFFER packet to the DHCP client. · Auto(C)—A committed dynamic binding whose IP address has been dynamically assigned to the DHCP client. |
|
|
Client access interface |
Interface that connects to the DHCP client. |
|
|
Outer VLAN |
Outer VLAN tag contained in the DHCP request. If the request does not contain an outer VLAN tag, this field displays N/A. |
|
|
Inner VLAN |
Inner VLAN tag contained in the DHCP request. If the request does not contain an inner VLAN tag, this field displays N/A. |
|
|
User ID |
ID of the DHCP user. If no user ID is configured, this field displays N/A. |
|
Related commands
reset dhcp server ip-in-use
display dhcp server packet statistics
Use display dhcp server packet statistics to display packet statistics on the DHCP server.
Syntax
display dhcp server packet statistics [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays DHCP server packet statistics for the public network.
Examples
# Display packet statistics on the DHCP server.
<Sysname> display dhcp server packet statistics
Messages received: 0
DHCPDISCOVER: 0
DHCPREQUEST: 0
DHCPDECLINE: 0
DHCPRELEASE: 0
DHCPINFORM: 0
BOOTPREQUEST: 0
ODAP DHCPOFFER: 0
ODAP DHCPACK: 0
ODAP DHCPNAK: 0
ODAP DHCPDISCOVER: 0
ODAP DHCPREQUEST: 0
ODAP DHCPRELEASE: 0
ODAP DHCPDECLINE: 0
ODAP DHCPFORCERENEW: 0
ODAP CPADDRESS: 0
Messages sent: 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY: 0
ODAP DHCPOFFER: 0
ODAP DHCPACK: 0
ODAP DHCPNAK: 0
ODAP DHCPDISCOVER: 0
ODAP DHCPREQUEST: 0
ODAP DHCPRELEASE: 0
ODAP DHCPDECLINE: 0
ODAP DHCPFORCERENEW: 0
Bad Messages: 0
Table 14 Command output
|
Field |
Description |
|
Messages received |
DHCP messages received from clients: · DHCPDISCOVER. · DHCPREQUEST. · DHCPDECLINE. · DHCPRELEASE. · DHCPINFORM. · BOOTPREQUEST. · ODAP DHCPOFFER · ODAP DHCPACK · ODAP DHCPNAK · ODAP DHCPDISCOVER · ODAP DHCPREQUEST · ODAP DHCPRELEASE · ODAP DHCPDECLINE · ODAP DHCPFORCERENEW |
|
Messages sent |
DHCP messages sent to clients: · DHCPOFFER. · DHCPACK. · DHCPNAK. · BOOTPREPLY. · ODAP DHCPOFFER · ODAP DHCPACK · ODAP DHCPNAK · ODAP DHCPDISCOVER · ODAP DHCPREQUEST · ODAP DHCPRELEASE · ODAP DHCPDECLINE · ODAP DHCPFORCERENEW |
|
Bad Messages |
Number of error messages. |
display dhcp server statistics
Use display dhcp server statistics to display the DHCP server statistics.
Syntax
display dhcp server statistics [ pool pool-name | vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool pool-name: Specifies an IP pool by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, this command displays information about all IP pools.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays DHCP server statistics for the public network.
Examples
# Display the DHCP server statistics.
<Sysname> display dhcp server statistics
Pool number: 10
Pool utilization: 0.08%
Bindings:
Automatic: 300
Manual: 1
Expired: 0
Reserve: 0
Conflicts: 0
# Display statistics about IP pool pool1.
<Sysname> display dhcp server statistics pool pool1
Total IP addresses: 256
Free IP addresses: 100
Used: 155
Pool utilization: 60.78%
Bindings:
Automatic: 155
Manual: 1
Expired: 0
Reserve: 0
Conflicts: 0
|
Field |
Description |
|
|
Pool number |
Total number of IP pools. This field is not displayed when you display statistics for a specific IP pool. |
|
|
Total IP addresses |
Total number of IP addresses in the IP pool. |
|
|
Free IP addresses |
Total number of free addresses in the IP pool. |
|
|
Total number of IP addresses that have been assigned. |
||
|
IP address usage of the IP pool. |
||
|
Bindings |
Bindings of the following types: · Automatic—Number of dynamic bindings. · Manual—Number of static bindings. · Expired—Number of expired bindings. |
|
|
Conflicts |
Total number of conflicting addresses. |
|
reset dhcp server statistics
display dhcp-access count
Use display dhcp-access count to display the number of DHCP access users.
Syntax
display dhcp-access count
Any view
Predefined user roles
network-admin
network-operator
To display DHCP access user information, use the display dhcp-access user-table command.
Examples
# Display the number of DHCP access users on the device.
<Sysname> display dhcp-access count
Total access-user count: 20
Table 16 Command output
|
Field |
Description |
|
Total access-user count |
Number of DHCP access users. |
Related commands
display dhcp-access user-table
display dhcp-access packet statistics
Use display dhcp-access packet statistics to display packet statistics for the DHCP access module.
Syntax
display dhcp-access packet statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display packet statistics for the DHCP access module.
<Sysname> display dhcp-access packet statistics
Received packets
Received from clients : 0
DHCPDISCOVER : 0
DHCPREQUEST : 0
DHCPDECLINE : 0
DHCPRELEASE : 0
DHCPINFORM : 0
Received from servers : 0
DHCPOFFER : 0
DHCPACK : 0
DHCPNAK : 0
Sent packets
Send to clients : 0
DHCPOFFER : 0
DHCPACK : 0
DHCPNAK : 0
Send to servers : 0
DHCPDISCOVER : 0
DHCPREQUEST : 0
DHCPDECLINE : 0
DHCPRELEASE : 0
Table 17 Command output
|
Field |
Description |
|
Received packets |
Statistics about received packets. |
|
Received from clients |
Number of packets received from DHCP clients. |
|
DHCPDISCOVER |
Number of received DHCP-DISCOVER packets. |
|
DHCPREQUEST |
Number of received DHCP-REQUEST packets. |
|
DHCPDECLINE |
Number of received DHCP-DECLINE packets. |
|
DHCPRELEASE |
Number of received DHCP-RELEASE packets. |
|
DHCPINFORM |
Number of received DHCP-INFORM packets. |
|
Received from servers |
Number of packets received from DHCP servers. |
|
DHCPOFFER |
Number of received DHCP-OFFER packets. |
|
DHCPACK |
Number of received DHCP-ACK packets. |
|
DHCPNAK |
Number of received DHCP-NAK packets. |
|
Sent packets |
Statistics about sent packets. |
|
Send to clients |
Number of packets sent to DHCP clients. |
|
DHCPOFFER |
Number of sent DHCP-OFFER packets. |
|
DHCPACK |
Number of sent DHCP-ACK packets. |
|
DHCPNAK |
Number of sent DHCP-NAK packets. |
|
Send to servers |
Number of packets sent to DHCP servers. |
|
DHCPDISCOVER |
Number of sent DHCP-DISCOVER packets. |
|
DHCPREQUEST |
Number of sent DHCP-REQUEST packets. |
|
DHCPDECLINE |
Number of sent DHCP-DECLINE packets. |
|
DHCPRELEASE |
Number of sent DHCP-RELEASE packets. |
Related commands
reset dhcp-access packet statistics
display dhcp-access user-table
Use display dhcp-access user-table to display information about DHCP access users.
Syntax
display dhcp-access user-table [ index index-value | mac-address mac-address | user-id user-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
index index-value: Specifies a DHCP user index in the range of 1 to 4294967294.
mac-address mac-address: Specifies the MAC address of a user, in the format of H-H-H.
user-id user-id: Specifies a user ID, in the range of 1 to fffffffe. The user ID is case insensitive.
Usage guidelines
If you do not specify any parameters, this command displays information about all DHCP access users on the device.
Examples
# Display information about all DHCP users on the device.
<Sysname> display dhcp-access user-table
DHCP-ACCESS-USER-INFO-BRIEF(Total:3)
User ID : 0x40000001
User index : 1
Interface : Ten-GigabitEthernet3/1/1
SVLAN : N/A
CVLAN : N/A
User MAC address : 0050-ba50-7349
User state : ONLINE
VPN instance : N/A
User IP address : 10.1.1.254/24
Renew time : 43200 seconds
Rebind time : 75600 seconds
Gateway : 10.1.1.1
Primary DNS server : 10.1.1.2
Second DNS server : N/A
Address pool name : test_dhcp
Option60 string : N/A
Client ID : 0032387
User ID : 0x40000002
User index : 2
Interface : Ten-GigabitEthernet3/1/1
SVLAN : N/A
CVLAN : N/A
User MAC address : 0000-0000-0008
User state : ONLINE
VPN instance : N/A
User IP address : 10.1.1.200/24
Renew time : 43200 seconds
Rebind time : 75600 seconds
Gateway : 10.1.1.1
Primary DNS server : 10.1.1.2
Second DNS server : N/A
Address pool name : test_dhcp
Option60 string : N/A
Client ID : 003238671
User ID : 0x13
User index : 13
Interface : Ten-GigabitEthernet3/1/1
SVLAN : N/A
CVLAN : N/A
User MAC address : 0010-9400-0005
User state : WAIT-SERVER-OFFER
VPN instance : N/A
User IP address : 0.0.0.0
Renew time : 43200 seconds
Rebind time : 75600 seconds
Gateway : N/A
Primary DNS server : N/A
Second DNS server : N/A
Address pool name : ipoe
Option60 string : N/A
Client ID : 003238612
User entry aging time : Mar 4 15:38:14 2021
# Display information about the DHCP user with MAC address 0050-ba50-7349.
<Sysname> display dhcp-access user-table mac-address 0050-ba50-7349
User ID : 0x40000001
User index : 2
Interface : Ten-GigabitEthernet3/1/1
SVLAN : N/A
CVLAN : N/A
User MAC address : 0000-0000-0008
User state : ONLINE
VPN instance : N/A
User IP address : 10.1.1.200/24
Renew time : 43200 seconds
Rebind time : 75600 seconds
Gateway : N/A
Primary DNS server : N/A
Second DNS server : N/A
Address pool name : 1
Option60 String : N/A
Client ID : 010050ba507349
Table 18 Command output
|
Field |
Description |
|
DHCP-ACCESS-USER-INFO-BRIEF (Total:x) |
Brief information about a DHCP user, and the number of DHCP users. |
|
User ID |
ID of the DHCP user, in hexadecimal notation. |
|
User index |
Index of the DHCP user, in decimal notation. |
|
Interface |
Interface from which the DHCP user comes online. |
|
SVLAN |
SVLAN to which the DHCP user belongs. If the user does not belong to any SVLAN, this field displays N/A. |
|
CVLAN |
CVLAN to which the DHCP user belongs. If the user does not belong to any CVLAN, this field displays N/A. |
|
User MAC address |
MAC address of the DHCP user. |
|
User state |
Status of the DHCP user: · INIT—Initial state. · WAIT_UCM_REQ_ACK—Expecting an acknowledgment from UCM. · WAIT_SERVER_OFFER—Expecting a DHCP-OFFER from the DHCP server. · WAIT_CLIENT_REQ—Expecting a DHCP-REQUEST from the DHCP client. · WAIT_UCM_UP_ACK—Expecting a lease acknowledgment from UCM. · ONLINE—The user is online. · WAIT_UCM_DOWN_ACK—Expecting an acknowledgment for lease release from UCM. · RENEW_WAIT_SERVER_REPLY—Expecting a DHCP-ACK for a lease renewal request from the DHCP server. · WAIT_SERVER_ACK—Expecting a DHCP-ACK from the DHCP server. |
|
VPN instance |
VPN instance to which the DHCP user belongs. If the user is on the public network, this field displays N/A. |
|
User IP address |
IP address and mask length that the DHCP user has obtained. |
|
Renew time |
Lease renewal time. |
|
Rebind time |
Lease rebind time. |
|
Gateway |
Default gateway. |
|
Primary DNS server |
IP address of the primary DNS server. |
|
Second DNS server |
IP address of the secondary DNS server. |
|
Address pool name |
Name of the IP pool to which the user IP address belongs. |
|
User entry aging time |
Date and time when the user entry will age out, in the format of MM DD hh:mm:ss YYYY. · MM—Represents the month. · DD—Represents the day. · hh—Represents the hours. · mm—Represents the minutes. · ss—Represents the seconds. · YYYY—Represents the year. When the aging timer expires, the DHCP server deletes the user entry. If the DHCP user is online, the command does not display this field. |
|
Option60 String |
Vendor information string. If Option 60 is not contained in user packets, this field displays N/A. |
|
Client ID |
DHCP client ID. |
display ip pool
Use display ip pool to display information about IP pools.
Syntax
display ip pool [ all | name pool-name | pool-group pool-group-name | [ vpn-instance vpn-instance-name ] [ bas { local | remote } ] ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays information about all IP pools for the public network and VPN instances.
name pool-name: Specifies an IP pool by its name. The pool-name argument is a case-insensitive string of 1 to 63 characters.
pool-group pool-group-name: Specifies an IP pool group by its name. The pool-group-name argument is a case-insensitive string of 1 to 63 characters.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays IP pool information for the public network.
bas{ local | remote }: Displays information about BAS IP pools. The local keyword represents local BAS IP pools. The remote keyword represents remote BAS IP pools.
verbose: Displays detailed IP pool information. If you do not specify this keyword, the command displays brief IP pool information.
Usage guidelines
If you do not specify the bas keyword, this command displays information about common IP pools.
Examples
# Display brief information about all common IP pools.
<Sysname> display ip pool
Pool name: 0 (lock strict)
Pool index: 1
network 20.1.1.0 mask 255.255.255.0
undo exhaustion log enable
exhaustion trap enable
route-log enable
dhcp-server nak-count 10
class a range 20.1.1.50 20.1.1.60
bootfile-name abc.cfg
dns-list 20.1.1.66 20.1.1.67 20.1.1.68
domain-name www.aabbcc.com
bims-server ip 192.168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=
option 2 ip-address 1.1.1.1
expired day 1 hour 2 minute 3 second 0
reserve expired-ip enable
reserve expired-ip mode client-id time 4294967295 limit 256000
ip-in-use threshold 100
Pool name: 1
Pool index: 2
network 20.1.1.0 mask 255.255.255.0
undo exhaustion log enable
exhaustion trap enable
route-log enable
dhcp-server nak-count 10
secondary networks:
20.1.2.0 mask 255.255.255.0
20.1.3.0 mask 255.255.255.0
bims-server ip 192.168.0.51 port 50 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=
forbidden-ip 20.1.1.22 20.1.1.36 20.1.1.37
forbidden-ip 20.1.1.22 20.1.1.23 20.1.1.24
forbidden-ip-range 20.1.1.50 20.1.2.55
gateway-list 1.1.1.1 2.2.2.2 4.4.4.4
nbns-list 5.5.5.5 6.6.6.6 7.7.7.7
netbios-type m-node
option 2 ip-address 1.1.1.1
expired day 1 hour 0 minute 0 second 0 allow-hint
reserve expired-ip disable
reserve expired-ip mode client-id time 4294967295 limit 256000
ip-in-use threshold 100
Pool name: 2
Pool index: 3
network 20.1.1.0 mask 255.255.255.0
exhaustion log enable
undo exhaustion trap enable
route-log enable
dhcp-server nak-count 10
address range 20.1.1.1 to 20.1.1.15
class departmentA range 20.1.1.20 to 20.1.1.29
class departmentB range 20.1.1.30 to 20.1.1.40
next-server 20.1.1.33
tftp-server domain-name www.example.org.cn
tftp-server ip-address 192.168.0.120
voice-config ncp-ip 10.1.1.2
voice-config as-ip 10.1.1.5
voice-config voice-vlan 3 enable
voice-config fail-over 10.1.1.1 123*
option 2 ip-address 1.1.1.3
expired day 1 hour 0 minute 0 second 0
reserve expired-ip enable
reserve expired-ip mode mac time 100 limit 100
ip-in-use threshold 100
Pool name: 3
Pool index: 4
undo exhaustion log enable
exhaustion trap enable
route-log enable
expired unlimited
reserve expired-ip disable
reserve expired-ip mode client-id time 4294967295 limit 256000
static bindings:
ip-address 10.10.1.2 mask 255.0.0.0
hardware-address 00e0-00fc-0001 ethernet
ip-address 10.10.1.3 mask 255.0.0.0
client-identifier aaaa-bbbb
ip-in-use threshold 100
# Display brief information about local BAS IP pools.
<Sysname> display ip pool bas local
Pool name: 10
Pool index: 5
undo exhaustion log enable
exhaustion trap enable
route-log enable
gateway 11.1.1.0 mask 255.255.255.0
dhcp-server nak-count 10
class a range 11.1.1.50 20.1.1.60
bootfile-name abc.cfg
dns-list 11.1.1.66 20.1.1.67 11.1.1.68
domain-name www.aabbcc.com
bims-server ip 192.168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=
unr tag 100
option 2 ip-address 1.1.1.1
expired day 1 hour 2 minute 3 second 0
reserve expired-ip enable
reserve expired-ip mode client-id time 4294967295 limit 256000
ip-in-use threshold 100
|
Field |
Description |
|
Pool name (lock strict) |
Name of the IP pool. The field in parentheses represents the lock state of the IP pool. · lock—Locked in loose mode. The server responds to the lease renewal requests from online DHCP clients for IP addresses in the pool, but it does not assign IP addresses from the pool to new DHCP clients. · lock strict—Locked in strict mode. The server does not respond to the lease renewal requests from online DHCP clients for IP addresses in the pool or assign IP addresses from the pool to new DHCP clients. If you do not lock the IP pool, this command will not display lock state information. |
|
Pool index |
Index of the IP pool. |
|
gateway |
Gateway IP address and network mask of the BAS IP pool. |
|
network |
Network segment used to assign subnets. |
|
exhaustion log enable |
IP resource exhaustion logging is enabled to record IP resource exhaustion events and recoveries from the IP resource exhaustion state. If this feature is disabled, this field displays undo exhaustion log enable. |
|
undo exhaustion trap enable |
IP resource exhaustion alarming is disabled. If this feature is enabled, this field displays exhaustion trap enable. |
|
Route logging is enabled for the IP address pool. If route logging is disabled, this field displays undo route-log enable. |
|
|
dhcp-server nak-count |
Maximum number of DHCP-NAK packets that the DHCP relay agent can receive from a DHCP server. |
|
secondary networks |
Assignable secondary network segments. |
|
ip-address mask mask |
Secondary network segment information: · IP address. · Mask. |
|
address range |
Assignable address range. |
|
class class-name range |
DHCP user class and its address range. |
|
static bindings |
Static IP-to-MAC/client ID bindings. |
|
unr tag |
Tag value of the network route. |
|
option |
Customized DHCP option. |
|
Lease duration. For example, expired day 1 hour 2 minute 3 second 4 indicates a lease of 1 day, 2 hours, 3 minutes, and 4 seconds. If the lease never expires, this field displays unlimited. If the DHCP server is allowed to use the DHCP client-suggested lease duration, allow-hint is displayed after the lease duration. |
|
|
remote server |
DHCP server address in the remote BAS IP pool. If you create a remote BAS IP pool on the DHCP relay agent and execute the remote-server command, this field is displayed. |
|
active remote server |
Active DHCP server address. If you create a remote BAS IP pool on the DHCP relay agent and execute the remote-server command, this field is displayed. The displayed value depends on the DHCP server selection algorithm configuration. · If the polling algorithm is used, this field displays all. The DHCP relay agent forwards DHCP requests to all DHCP servers. · If the master-backup algorithm is used, this field displays the IP address of the active DHCP server. The DHCP relay agent forwards DHCP requests to the master DHCP server first. |
|
remote server pool status |
Status of the remote BAS IP pool. · Available—The pool has assignable IP addresses. · Unavailable—The pool has no assignable IP addresses. |
|
bootfile-name |
Boot file name. |
|
dns-list |
DNS server IP address. |
|
domain-name |
Domain name suffix. |
|
bims-server |
BIMS server information. |
|
forbidden-ip |
IP addresses excluded from DHCP allocation in an address pool. |
|
forbidden-ip-range |
IP range excluded from DHCP allocation in an address pool. |
|
gateway mask |
IP address and mask of the gateway in the IP pool. |
|
ip-in-use threshold |
IP address usage threshold for the IP address pool, in percentage. |
|
Whether IP address reservation is enabled. |
|
|
reserve expired-ip mode client-id time 4294967295 limit 256000 |
IP address reservation mode, reservation time for expired IP addresses, and the maximum number of IP addresses that can be reserved in the IP pool. In this example, the reservation mode is client ID, the reservation time is 4294967295 seconds, and the maximum number of IP addresses is 256000. |
|
sub-networks |
Subnets. |
|
export-route |
Advertise the network route. |
|
preference |
Preference for the network route to be advertised. |
|
tag |
Tag value for the network route to be advertised. |
# Display detailed information about all common IP pools.
<Sysname> display ip pool verbose
Pool name: pool1 (lock strict)
Pool index: 1
Pool-group-name:
group1
Network: 10.1.1.0 mask 255.255.255.0
undo exhaustion log enable
exhaustion trap enable
dhcp-server nak-count 10
expired day 1 hour 0 minute 0 second 0
reserve expired-ip enable
reserve expired-ip mode client-id time 4294967295 limit 256000
route-log enable
ip-in-use threshold 100
IP address statistics
Total IP addresses: 254
Free IP addresses: 254
Used: 0
Pool utilization: 0.00%
Bindings:
Automatic: 0
Manual: 0
Expired: 0
Reserve: 0
Conflicts: 0
Total sub-networks: 0
Pool name: pool2
Pool-group-name:
group1
Network: 10.2.1.0 mask 255.255.255.0
undo exhaustion log enable
exhaustion trap enable
dhcp-server nak-count 10
expired day 1 hour 0 minute 0 second 0
reserve expired-ip enable
reserve expired-ip mode client-id time 4294967295 limit 256000
route-log enable
ip-in-use threshold 100
IP address statistics
Total IP addresses: 254
Free IP addresses: 254
Used: 0
Pool utilization: 0.00%
Bindings:
Automatic: 0
Manual: 0
Expired: 0
Reserve: 0
Conflicts: 0
|
Field |
Description |
|
Pool name (lock strict) |
Name of the IP pool. The field in parentheses represents the lock state of the IP pool. · lock—Locked. The server responds to the lease renewal requests from online DHCP clients for IP addresses in the pool, but it does not assign IP addresses from the pool to new DHCP clients. · lock strict—Strictly locked. The server does not respond to the lease renewal requests from online DHCP clients for IP addresses in the pool or assign IP addresses from the pool to new DHCP clients. If you do not lock the IP pool, this command will not display lock state information. |
|
Pool index |
Index of the IP pool. |
|
Pool-group-name |
Name of the IP pool group. |
|
Network |
Assignable network segment. |
|
IP resource exhaustion logging is enabled to record IP resource exhaustion events and recoveries from the IP exhaustion resource state. If this feature is disabled, this field displays undo exhaustion log enable. |
|
|
undo exhaustion trap enable |
IP resource exhaustion alarming is disabled. If this feature is enabled, this field displays exhaustion trap enable. |
|
dhcp-server nak-count |
Maximum number of DHCP-NAK packets that the DHCP relay agent can receive from a DHCP server. |
|
expired |
Lease duration. If the lease never expires, this field displays unlimited. If the DHCP server is allowed to use the DHCP client-suggested lease duration, allow-hint is displayed next to the lease duration. |
|
reserve expired-ip enable |
Whether IP address reservation is enabled. |
|
reserve expired-ip mode client-id time 4294967295 limit 256000 |
IP address reservation mode, amount of time for expired IP addresses to be reserved, and the maximum number of IP addresses that can be reserved in the IP pool. In this example, the reservation mode is client ID, the amount of reservation time is 4294967295 seconds, and the maximum number of IP addresses is 256000. |
|
route-log enable |
Route logging is enabled for the IP address pool. If route logging is disabled, this field displays undo route-log enable. |
|
ip-in-use threshold |
IP address usage threshold for the IP address pool. |
|
Total IP addresses |
|
|
Free IP addresses |
Total number of free IP addresses in the pool. |
|
Used |
Total number of IP addresses that have been assigned. |
|
Pool utilization |
IP address usage of the IP address pool. |
|
Bindings |
Number of bindings by binding type: · Automatic—Number of dynamic bindings. · Manual—Number of static bindings. · Expired—Number of expired bindings. · Reserve—Number of reserved bindings. |
|
Conflicts |
Total number of conflicting IP addresses in the pool. |
Related commands
gateway
ip pool
display ip pool-group
Use display ip pool-group to display information about IP pool groups.
Syntax
display ip pool-group [ all | [ name pool-group-name ] [ vpn-instance vpn-instance-name ] ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays information about all IP pool groups for the public network and VPN instances.
name pool-group-name: Specifies an IP pool group name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all IP pool groups.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays information about IP pool groups on the public network.
verbose: Displays detailed information about an IP pool group and its IP pools. If you do not specify this keyword, the command displays brief information about the IP pool group and its IP pools.
Examples
# Display brief information about IP pool group group1.
<Sysname> display ip pool-group name group1
Pool-group: group1
VPN instance name: abc
IP-in-use threshold: 100
Exhaustion trap enable
Undo exhaustion log enable
Discover-nak-count: 3 10(sec)
Total IP addresses: 100
Used IP addresses: 0
Conflicting IP addresses: 0
Free IP addresses: 0
Static bindings: 0
Excluded IP addresses: 0
Current pool: pool1
Pool group usage: 0.00%
Bound pools: 2
pool1 priority 1
pool2 priority 2
# Display brief information about all IP pool groups on the public network.
<Sysname> display ip pool-group
Pool-group: group1
VPN instance name: N/A
IP-in-use threshold: 100
Exhaustion trap enable
Undo exhaustion log enable
Discover-nak-count: 3 10(sec)
Total IP addresses: 200
Used IP addresses: 0
Conflicting IP addresses: 0
Free IP addresses: 0
Static bindings: 0
Excluded IP addresses : 0
Current pool: pool2
Pool group usage: 0.00%
Bound pools: 2
Pool2 priority 1
Pool3 priority 3
Pool-group: group2
VPN-instance name: N/A
IP-in-use threshold: 100
Exhaustion trap enable
Undo exhaustion log enable
Total IP addresses: 300
Used IP addresses: 0
Conflicting IP addresses: 0
Free IP addresses: 0
Static bindings: 0
Excluded IP addresses: 0
Current pool: pool3
Pool group usage: 0.00%
Bound pools: 3
pool3 priority 2
pool4 priority 3
pool5 priority 4
Table 21 Command output
|
Field |
Description |
|
Pool-group |
Name of the IP pool group. |
|
VPN instance name |
Name of the VPN instance to which the IP pool group is applied. This field displays N/A if the IP pool group is on the public network. |
|
IP address usage threshold for the IP address pool group, in percentage. |
|
|
Exhaustion trap enable |
IP resource exhaustion alarming is enabled for the IP address pool group. If this feature is disabled, this field displays Undo exhaustion trap enable. |
|
Undo exhaustion log enable |
IP resource exhaustion logging is disabled for the IP address pool group. If this feature is enabled, this field displays Exhaustion log enable. |
|
Discover-nak-count: xx yy(sec) |
If the relay agent has received more than xx DHCP-NAK messages from a DHCP server in response to DHCP-DISCOVER messages within yy seconds, the relay agent forwards DHCP-DISCOVER messages to the DHCP server in the next remote BAS IP pool. |
|
Total IP addresses |
Total number of IP addresses in the IP pool group. |
|
Used IP addresses |
Number of allocated IP addresses in the IP pool group. |
|
Conflicting IP addresses |
Number of conflicting IP addresses in the IP pool group. |
|
Free IP addresses |
Number of free IP addresses in the IP pool group. |
|
Static bindings |
Number of statically bound IP addresses in the IP pool group. |
|
Excluded IP addresses |
Number of IP addresses excluded from dynamic allocation in the IP pool group. |
|
Current pool |
IP pool in use. If the IP pool group does not have any IP pools, this field displays N/A. |
|
Pool group usage |
Address usage of the IP pool group. |
|
Bound pools |
Number of bound IP pools and their names. Each line displays one IP pool name and its priority. |
# Display detailed information about all IP pool groups on the public network.
<Sysname> display ip pool-group verbose
Pool-group: group1
VPN instance name: N/A
IP-in-use threshold: 100
Exhaustion trap enable
Undo exhaustion log enable
Discover-nak-count: 3 10(sec)
Total IP addresses: 508
Used IP addresses: 0
Conflicting IP addresses: 0
Free IP addresses: 508
Static bindings: 0
Excluded IP addresses: 0
Current pool: pool1
Pool group usage: 0.00%
Bound pools: 2
pool1
Pool name: pool1
Pool index: 1
Pool-group-name:
group1
Network: 10.1.1.0 mask 255.255.255.0
dhcp-server nak-count 10
expired day 1 hour 0 minute 0 second 0
reserve expired-ip enable
reserve expired-ip mode client-id time 4294967295 limit 256000
ip-in-use threshold 100
IP address statistics
Total IP addresses: 254
Free IP addresses: 254
Used: 0
Pool utilization: 0.00%
Bindings:
Automatic: 0
Manual: 0
Expired: 0
Reserve: 0
Conflicts: 0
Total sub-networks: 0
pool2
Pool name: pool2
Pool index: 2
Pool-group-name:
group1
Network: 10.2.1.0 mask 255.255.255.0
dhcp-server nak-count 10
expired day 1 hour 0 minute 0 second 0
reserve expired-ip enable
reserve expired-ip mode client-id time 4294967295 limit 256000
undo route-log enable
ip-in-use threshold 100
IP address statistics
Total IP addresses: 254
Free IP addresses: 254
Used: 0
Pool utilization: 0.00%
Bindings:
Automatic: 0
Manual: 0
Expired: 0
Reserve: 0
Conflicts: 0
Table 22 Command output
|
Field |
Description |
|
Pool-group |
Name of the IP pool group. |
|
VPN instance name |
Name of the VPN instance to which the IP pool group is applied. This field displays N/A if the IP pool group is on the public network. |
|
IP-in-use threshold |
IP address usage threshold for the IP address pool group, in percentage. |
|
Exhaustion trap enable |
IP resource exhaustion alarming is enabled for the IP address pool group. If this feature is disabled, this field displays Undo exhaustion trap enable. |
|
Undo exhaustion log enable |
IP exhaustion logging is disabled for the IP address pool group. If this feature is enabled, this field displays Exhaustion log enable. |
|
Discover-nak-count: xx yy(sec) |
If the relay agent has received more than xx DHCP-NAK messages from a DHCP server in response to DHCP-DISCOVER messages within yy seconds, the relay agent forwards DHCP-DISCOVER messages to the DHCP server in the next remote BAS IP pool. |
|
Total IP addresses |
Total number of IP addresses in the IP pool group. |
|
Used IP addresses |
Number of allocated IP addresses in the IP pool group. |
|
Conflicting IP addresses |
Number of conflicting IP addresses in the IP pool group. |
|
Free IP addresses |
Number of free IP addresses in the IP pool group. |
|
Static bindings |
Number of statically bound IP addresses in the IP pool group. |
|
Excluded IP addresses |
Number of IP addresses excluded from dynamic allocation in the IP pool group. |
|
Current pool |
IP pool in use. If the IP pool group does not have any IP pools, this field displays N/A. |
|
Pool group usage |
Address usage of the IP pool group. |
|
Bound pools |
Number of bound IP pools and their names. Each line displays one IP pool name and its priority. |
|
Pool name |
Name of an IP pool in the IP pool group. For more information about IP pool fields, see Table 20. |
Related commands
ip pool-group
dns-list
Use dns-list to specify DNS server addresses in an IP pool.
Use undo dns-list to remove DNS server addresses from an IP pool.
Syntax
dns-list ip-address&<1-8>
undo dns-list [ ip-address&<1-8> ]
Default
No DNS server address is specified.
Views
IP pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies a space-separated list of up to eight DNS servers.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
If you do not specify any parameters, the undo dns-list command deletes all DNS server addresses in the IP pool.
Examples
# Specify DNS server address 10.1.1.254 in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] dns-list 10.1.1.254
Related commands
display ip pool
domain-name
Use domain-name to specify a domain name in an IP pool.
Use undo domain-name to restore the default.
Syntax
domain-name domain-name
undo domain-name
Default
No domain name is specified.
Views
IP pool view
Predefined user roles
network-admin
Parameters
domain-name: Specifies the domain name, a case-sensitive string of 1 to 50 characters.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify domain name example.com in IP pool 0.
<Sysname> system-view
[Sysname-ip-pool-0] domain-name example.com
Related commands
display ip pool
exhaustion log enable
Use exhaustion log enable to enable IP resource exhaustion logging for an IP pool or IP pool group.
Use undo exhaustion log enable to restore the default.
Syntax
exhaustion log enable
undo exhaustion log enable
Default
The DHCP module does not generate logs for IP resource exhaustion events that occur in an IP address pool or IP address pool group.
Views
IP pool view
IP pool group view
Predefined user roles
network-admin
Usage guidelines
This feature enables the DHCP module to send IP resource exhaustion logs to the information center.
IP resource exhaustion events include IP resource exhaustion alarms and recoveries from IP resource exhaustion alarm conditions.
An IP resource exhaustion log message is generated for an IP pool or IP pool group when one of the following events occurs:
· The IP pool or IP pool group does not have assignable IP addresses or subnets.
· In a non-CUPS scenario, the IP address usage of the IP pool or IP pool group drops below 90% after IP address exhaustion. The IP address usage is calculated by using the following formula:
(Total number of IP addresses – number of free IP addresses)/total number of IP addresses
For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations. For information about the information center configuration, see Network Management and Monitoring Configuration Guide.
Examples
# Enable IP resource exhaustion logging for IP pool pool1.
<Sysname> system-view
[Sysname] ip pool pool1
[Sysname-ip-pool-pool1] exhaustion log enable
# Enable IP resource exhaustion logging for IP pool group group1.
<Sysname> system-view
[Sysname] ip pool-group group1
[Sysname-ip-group-group1] exhaustion log enable
exhaustion trap enable
Use exhaustion trap enable to enable IP resource exhaustion alarming for an IP pool or IP pool group.
Use undo exhaustion trap enable to disable IP resource exhaustion alarming for an IP pool or IP pool group.
Syntax
exhaustion trap enable
undo exhaustion trap enable
Default
IP resource exhaustion alarming is enabled for IP pools.
IP resource exhaustion alarming is disabled for IP pool groups.
Views
IP pool view
BAS IP pool view
IP pool group view
Predefined user roles
network-admin
Usage guidelines
With this feature enabled, the device generates a notification when all assignable IP resources in an IP pool or IP pool group are used up.
· In a non-CUPS scenario, you can calculate the IP address usage of an IP pool or IP pool group by using the following formula:
(Total number of IP addresses – number of free IP addresses)/total number of IP addresses
This feature can take effect only after you enable SNMP notifications for the DHCP server by using the snmp-agent trap enable dhcp server address-exhaust or snmp-agent trap enable dhcp server pool-group-exhaust command first.
The snmp-agent trap enable dhcp server address-exhaust command takes effect on all IP address pools on the DHCP server. The DHCP server might generate too many IP resource exhaustion notifications. To reduce the number of alarm notifications, disable IP resource exhaustion alarming for some IP pools by using the undo exhaustion trap enable command.
Examples
# Disable IP resource exhaustion alarming for IP pool pool1.
<Sysname> system-view
[Sysname] ip pool pool1
[Sysname-pool-pool1] undo exhaustion trap enable
# Disable IP resource exhaustion alarming for IP pool group group1.
<Sysname> system-view
[Sysname] ip pool-pool group1
[Sysname-pool-group-group1] exhaustion trap enable
Related commands
display ip pool
snmp-agent trap enable dhcp server
expired
Use expired to set the lease duration in an IP pool.
Use undo expired to restore the default lease duration for an IP pool.
Syntax
expired { allow-hint | { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } [ allow-hint ] }
undo expired
Default
The lease duration of a dynamic IP pool is 1 day.
Views
IP pool view
Predefined user roles
network-admin
Parameters
allow-hint: Allows the DHCP server to use the DHCP client-suggested lease duration. The DHCP server uses the DHCP client-suggested lease duration if the DHCP client-suggested lease duration is shorter than the lease duration in the IP pool. If you do not specify this keyword, the DHCP server always uses the lease duration in the IP pool.
day day: Specifies the number of days, in the range of 0 to 365.
hour hour: Specifies the number of hours, in the range of 0 to 23. The default is 0.
minute minute: Specifies the number of minutes, in the range of 0 to 59. The default is 0.
second second: Specifies the number of seconds, in the range of 0 to 59. The default is 0.
unlimited: Specifies the unlimited lease duration, which is actually 136 years.
Usage guidelines
The DHCP server assigns an IP address together with the lease duration to the DHCP client. Before the lease expires, the DHCP client must extend the lease duration.
· If the lease extension operation succeeds, the DHCP client can continue to use the IP address.
· If the lease extension operation does not succeed, both of the following events occur:
¡ The DHCP client cannot use the IP address after the lease duration expires.
¡ The DHCP server will label the IP address as expired.
Examples
# Set the lease duration to 1 day, 2 hours, 3 minutes, and 4 seconds in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] expired day 1 hour 2 minute 3 second 4
# Set the lease duration to 1 day, 2 hours, 3 minutes, and 4 seconds in IP pool 0. Allow the DHCP server to use the DHCP client-suggested lease duration.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] expired day 1 hour 2 minute 3 second 4 allow-hint
display dhcp server expired
display ip pool
reset dhcp server expired
export host-route
Use export host-route to enable host route advertisement.
Use undo export host-route to disable host route advertisement.
Syntax
export host-route
undo export host-route
Default
Host route advertisement is disabled.
Views
IP pool view
Predefined user roles
network-admin
Usage guidelines
Application scenarios
The network export-route command enables the DHCP server to advertise the network route for each assigned IP address in the pool. If multiple pools share the same segment, the same network route will be advertised for assigned IP addresses in these pools. This will make the clients using these IP addresses inaccessible to external devices. To resolve this issue, enable host route advertisement for each IP pool to advertise a host route for each assigned IP address.
Operating mechanism
This command does not affect the generation of host routes. When the DHCP server assigns an IP address in an address pool, it generates a host route for that IP address. However, this route cannot be advertised to other devices through routing protocols (such as BGP) by default. To resolve this issue, enable host route advertisement for the address pool:
· The device will delete the UNRs generated after the network export-route or gateway command is executed.
· After the device generates host routes for assigned IP addresses in the address pool, routing protocols can advertise those routes to other devices.
Restrictions and guidelines
Before you enable host route advertisement for an IP pool, make sure this pool has not assigned any IP addresses.
Examples
# Enable host route advertisement for IP pool 1.
<Sysname> system-view
[Sysname] ip pool 1
[Sysname-ip-pool-1] export host-route
Related commands
ip pool
forbidden-ip
Use forbidden-ip to exclude IP addresses from dynamic allocation in an IP pool.
Use undo forbidden-ip to remove the configuration.
Syntax
forbidden-ip ip-address&<1-8>
undo forbidden-ip [ ip-address&<1-8> ]
Default
Except for the DHCP server IP address, all IP addresses in the IP pool are assignable.
Views
IP pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies a space-separated list of up to eight excluded IP addresses.
Usage guidelines
The excluded IP addresses in an IP pool are still assignable in other IP pools.
You can exclude multiple IP addresses in an IP pool by executing this command multiple times.
If you do not specify any parameters, the undo forbidden-ip command removes all excluded IP addresses.
Examples
# Exclude IP addresses 192.168.1.3 and 192.168.1.10 from dynamic allocation in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] forbidden-ip 192.168.1.3 192.168.1.10
dhcp server forbidden-ip
display ip pool
forbidden-ip-range
Use forbidden-ip-range to exclude an IP address range from DHCP allocation in an address pool.
Use undo forbidden-ip-range to remove an IP address range from the forbidden IP range list.
Syntax
forbidden-ip-range start-ip-address [ end-ip-address ]
undo forbidden-ip-range [ start-ip-address [ end-ip-address ] ]
Default
No IP address ranges are excluded from DHCP allocation in an address pool.
Views
IP address pool view
Predefined user roles
network-admin
Parameters
start-ip-address: Specifies a start IP address.
end-ip-address: Specifies an end IP address. The end IP address cannot be lower than the start IP address. If you do not specify this argument, the excluded IP range includes only the start IP address.
Usage guidelines
The forbidden IP ranges in an address pool are still assignable in other address pools.
To specify multiple forbidden IP ranges, execute the forbidden-ip-range command multiple times. The forbidden IP ranges can overlap.
When you execute the undo form of this command to remove forbidden IP ranges, follow these guidelines:
· To remove all forbidden IP ranges, execute the undo forbidden-ip-range command without specifying any parameters.
· To remove a subrange of IP addresses from a forbidden IP range, specify only that subrange of IP addresses.
· To remove a forbidden IP range as a whole, specify that IP range or an IP range broader than it.
Examples
# Exclude IP address range from 192.168.1.3 to 192.168.1.10 from DHCP allocation in IP address pool 1.
<Sysname> system-view
[Sysname] ip pool pool1
[Sysname-ip-pool-pool1] forbidden-ip-range 192.168.1.3 192.168.1.10
Related commands
display ip pool
gateway
Use gateway to specify the gateway IP address and the network mask for an IP pool.
Use undo gateway to restore the default
Syntax
gateway ip-address { mask | mask-len }
undo gateway
Default
No gateway IP address or network mask is specified for an IP pool.
Views
Local BAS IP pool view
Remote BAS IP pool view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of the gateway.
mask: Specifies the network mask in dotted decimal notation.
mask-len: Specifies the network mask length in the range of 1 to 30.
Usage guidelines
In a BAS network, execute this task on the DHCP server. When the DHCP server receives a DHCP request from an authenticated access user, the server selects an IP address from the IP pool and assigns it to the user.
A BAS IP pool supports only one gateway IP address and its network mask. If you execute this command multiple times, the most recent configuration takes effect.
The gateway IP address and mask settings cannot be modified or deleted for an IP pool if the pool has leases of assigned IP addresses.
Examples
# In local BAS IP pool p1, specify gateway IP address 1.1.1.1 and network mask length 24.
<Sysname> system-view
[Sysname] ip pool p1 bas local
[Sysname-ip-pool-p1] gateway 1.1.1.1 24
Related commands
display ip pool
network
gateway-list
Use gateway-list to specify gateway addresses to be assigned to DHCP clients.
Use undo gateway-list to remove the specified gateway addresses.
Syntax
gateway-list ip-address&<1-64> [ export-route ]
undo gateway-list [ ip-address&<1-64> ] [ export-route ]
Default
No gateway addresses are specified in an IP pool or a DHCP secondary network segment.
Views
Common IP address pool view
DHCP secondary network segment view
Predefined user roles
network-admin
Parameters
ip-address&<1-64>: Specifies a space-separated list of up to 64 gateway addresses. Gateway addresses must reside on the same subnet as the assignable IP addresses.
export-route: Binds the gateways to the device's MAC address in the address management module. The ARP module will use the entries to reply to ARP requests from the DHCP clients. If you do not specify this keyword, the gateways will not be bound to the device's MAC address.
Usage guidelines
|
|
CAUTION: To avoid forwarding failure, do not delete a gateway address from a gateway list if that gateway address is being used by online clients. |
The DHCP server assigns gateway addresses to clients on a secondary network segment in the following ways:
· If gateways are specified in both IP pool view and secondary network segment view, DHCP assigns those specified in the secondary network segment view.
· If gateways are specified in IP pool view but not in secondary network segment view, DHCP assigns those specified in IP pool view.
If you do not specify any parameters, the undo gateway-list command deletes all gateway addresses.
Examples
# Specify gateway address 10.1.1.1 in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] gateway-list 10.1.1.1
display ip pool
if-match
Use if-match to configure a match rule for a DHCP user class.
Use undo if-match to delete a match rule for a DHCP user class.
Syntax
if-match rule rule-number { hardware-address hardware-address mask hardware-address-mask | option option-code [ ascii ascii-string [ offset offset | partial ] | hex hex-string [ mask mask | offset offset length length | partial ] ] | relay-agent gateway-address }
undo if-match rule rule-number
Default
No match rules are configured for the DHCP user class.
Views
DHCP user class view
Predefined user roles
network-admin
Parameters
rule rule-number: Assigns the match rule an ID in the range of 1 to 16. A smaller ID represents a higher match priority.
hardware-address hardware-address: Specifies a hardware address, a string of 4 to 39 characters. The string contains hyphen-separated hexadecimal numbers. The last hexadecimal number can be a two-digit or four-digit number, and the other hexadecimal numbers must be four-digit numbers. For example, aabb-ccdd-ee is valid, and aabb-c-dddd or aabb-cc-dddd is invalid.
mask hardware-address-mask: Specifies the mask to be ANDed with the specified hardware address for the match operation. The length of the mask must be the same as that of the hardware address.
option option-code: Specifies a DHCP option by its number in the range of 1 to 254.
ascii ascii-string: Specifies an ASCII string of 1 to 128 characters.
offset offset: Specifies the offset in bytes after which the match operation starts. The value range is 0 to 254. If you do not specify an offset value, the match starts from the first byte of the option content. If you specify an ASCII string, a packet matches the rule if the option after the offset has the same length and content as the ASCII string. If you specify a hexadecimal number, a packet matches the rule if the option after the offset has the same length and content as the hexadecimal number.
partial: Enables partial match. A packet matches a rule if the specified option in the packet contains the ASCII string or hexadecimal number specified in the rule. For example, if you specify abc in the rule, option content xabc, xyzabca, xabcyz, and abcxyz all match the rule.
hex hex-string: Specifies a hexadecimal number. The length of the hexadecimal number must be an even number in the range of 2 to 256.
mask mask: Specifies a hexadecimal mask for the match operation. The mask length must be an even number in the range of 2 to 256 and be the same as the hex-string length. The DHCP server selects option content of the mask length from the start and ANDs the selected option content and the specified hexadecimal number with the mask. The packet matches the rule if the two AND operation results are the same.
length length: Specifies the length of the option content to be matched, in the range of 1 to 128 bytes. The length must be the same as the hex-string length.
relay-agent gateway-address: Specifies a giaddr field value. The value is an IPv4 address in the dotted decimal notation. A packet matches the rule if its giaddr field value is the same as that in the rule.
Usage guidelines
If a DHCP request sent by a DHCP client matches a rule in a DHCP user class, the DHCP client matches the user class.
You can configure multiple match rules for a DHCP user class. Each match rule is uniquely identified by a rule ID within its type (hardware address, option, or relay agent address).
· If the rule that you are configuring has the same ID and type as an existing rule, the new rule overwrites the existing rule.
· If the rule that you are configuring has the same ID as an existing rule but a different type, the new rule takes effect and coexists with the existing rule. As a best practice, do not assign the same ID to rules of different types.
· Rules of different IDs cannot have the same rule content.
When you configure an if-match hardware-address rule, follow these guidelines:
· The hardware address type supports only the MAC address. A rule does not match clients with hardware addresses of other types.
· The specified hardware address must be of the same length as the client hardware addresses to be matched. To match MAC addresses, the specified hardware address must be six bytes long.
· The fs and 0s in the mask for the hardware match operation can be noncontiguous. For example, the rule if-match rule 1 hardware-address 0094-0000-1100 mask ffff-0000-ff00 matches hardware addresses in which the first two bytes are 0094 and the fifth byte is 11.
When you configure an if-match option rule, follow these guidelines:
· To match packets that contain an option, specify only the option-code argument.
· To match a hexadecimal number by AND operations, specify the option option-code hex hex-string mask mask options.
· To match a hexadecimal number directly, specify the option option-code hex hex-string [ offset offset length length | partial ] options. If you do not specify the offset, length, or partial parameter, a packet matches a rule if the option has the same length and content as the hexadecimal number.
· To match an ASCII string, specify the option option-code ascii ascii-string [ offset offset | partial ] options. If you do not specify the offset or partial parameter, a packet matches a rule if the option has the same length and content as the ASCII string.
Examples
# Configure match rule 1 for DHCP user class exam to match DHCP requests in which the hardware address is six bytes long and begins with 0094.
<Sysname> system-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 1 hardware-address 0094-0000-0101 mask ffff-0000-0000
# Configure match rule 2 for DHCP user class exam to match DHCP requests that contain Option 82.
<Sysname> system-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 2 option 82
# Configure match rule 3 for DHCP user class exam. The rule matches DHCP requests in which the highest bit of the fourth byte in Option 82 is the hexadecimal number 1.
<Sysname> system-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 3 option 82 hex 00000080 mask 00000080
# Configure match rule 4 for DHCP user class exam. The rule matches DHCP requests in which the first three bytes of Option 82 are the hexadecimal number 13ae92.
<Sysname> system-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 4 option 82 hex 13ae92 offset 0 length 3
# Configure match rule 5 for DHCP user class exam. The rule matches DHCP requests in which the Option 82 contains the hexadecimal number 13ae.
<Sysname> system-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 5 option 82 hex 13ae partial
# Configure match rule 6 for DHCP user class exam. The rule matches DHCP requests in which Option 61 contains the ASCII string abcd.
<Sysname> system-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 6 option 61 ascii abcd
# Configure match rule 7 for DHCP user class exam to match DHCP requests in which the giaddr field is 10.1.1.1.
<Sysname> system-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 7 relay-agent 10.1.1.1
Related commands
dhcp class
ip pool
Use ip pool to create an IP pool and enter its view, or enter the view of an existing IP pool.
Use undo ip pool to delete the specified IP pool.
Syntax
ip pool pool-name [ bas { local | remote } ]
undo ip pool pool-name
Default
No IP pools exist.
Views
System view
Predefined user roles
network-admin
Parameters
pool-name: Specifies an IP pool name, a case-insensitive string of 1 to 63 characters.
bas { local | remote }: Creates the pool as a BAS IP pool. To create a local BAS IP pool, specify the local keyword. To create a remote BAS IP pool, specify the remote keyword.
Usage guidelines
On some networks (such as an IPoE network), users must pass authentication before they can obtain an IP address from a DHCP server. On such a network, configure a BAS IP pool depending on the location of the BAS device and the DHCP server:
· If the DHCP server is configured on the BAS device, configure a local BAS IP pool on the BAS device.
· If the BAS device relays requests to the DHCP server, perform the following tasks:
a. On the BAS device, configure a remote BAS IP pool and execute the remote-server command to specify the DHCP server.
b. On the DHCP server, configure a local BAS IP pool.
If you do not specify the bas keyword this command creates a common IP pool.
IP pool names must be unique on one device.
You can create multiple IP pools of the same type on one device.
Examples
# Create a local BAS IP pool and enter its view.
<Sysname> system-view
[Sysname] ip pool p1 bas local
[Sysname-ip-pool-p1]
Related commands
display ip pool
ip pool-group
Use ip pool-group to create an IP pool group and enter its view, or enter the view of an existing IP pool group.
Use undo ip pool-group to delete an IP pool group.
Syntax
ip pool-group pool-group-name
undo ip pool-group pool-group-name
Default
No IP pool groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
pool-group-name: Specifies an IP pool group name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
For a user that matches an IP pool group, the DHCP server selects an IP address from an available IP pool in the matching group.
If both an IP pool and an IP pool group exist in AAA authorized user attributes, authenticated users can only obtain IP addresses from the IP pool. The users cannot obtain IP addresses from the IP pool group even if the authorized IP pool has no assignable IP addresses.
If a DHCP client matches a remote BAS IP pool in an IP pool group, the relay agent cannot determine whether the DHCP server in the remote BAS IP pool has assignable IP addresses. To resolve this issue, perform the following tasks for the remote pool:
· Execute the gateway command to specify the IP address resources configured on the remote DHCP server.
· Execute the dhcp server forbidden-ip, forbidden-ip, and forbidden-ip-range commands to specify the excluded IP addresses configured on the remote DHCP server.
Upon receiving an IP address from the remote DHCP server, the relay agent considers that IP address as assigned in the remote BAS IP pool. This mechanism ensures that the relay agent and the DHCP server have the same free address information. The relay agent can then determine whether the DHCP server has free addresses by examining free addresses in the remote BAS IP pool.
Examples
# Create an IP pool group named poolgroup1 and enter its view.
<Sysname> system-view
[Sysname] ip pool-group poolgroup1
[Sysname-ip-pool-group-poolgroup1]
Related commands
display ip pool-group
pool
ip-pool algorithm round-robin
Use ip-pool algorithm round-robin to enable round-robin IP pool selection in an IP pool group for address allocation.
Use undo ip-pool algorithm round-robin to restore the default.
Syntax
ip-pool algorithm round-robin { local | remote } *
undo ip-pool algorithm round-robin { local | remote } *
Default
The DHCP server moves from one IP pool to the next only when that IP pool does not have assignable IP addresses.
Views
IP pool group view
Predefined user roles
network-admin
Parameters
local: Selects local IP pools for address allocation in a round-robin manner.
remote: Selects remote BAS IP pools for address allocation in a round-robin manner.
Usage guidelines
The default pool selection mechanism leads to uneven address resource distribution among IP pools. To balance resource usage across the IP pools in a pool group, enable the round-robin algorithm on that pool group.
The round-robin IP pool selection mechanism operates as follows:
1. On receipt of the first DHCP request, the DHCP server selects the first available IP pool for address allocation from the pool group.
2. When a new DHCP request arrives, the DHCP server selects the next available IP pool for address allocation.
3. After the DHCP server iterates through all the IP pool in the group, the server starts over again from the first IP pool.
When you use this command, follow these guidelines:
· If you specify only the local keyword, the server will first select local IP pools in a round-robin manner. If none of the local IP pools has assignable IP addresses, the DHCP server selects remote BAS IP pools by using the default pool selection mechanism.
· If you specify only the remote keyword, the server will first select local IP pools by using the default pool selection mechanism. It moves to remote BAS IP pools for round-robin selection only if none of the local IP pools has assignable IP addresses.
· If you specify both the local and remote keywords, the server will first select local IP pools in a round-robin manner. It moves to remote BAS IP pools for round-robin selection only if none of the local IP pools has assignable IP addresses.
Examples
# Enable round-robin selection of local IP pools in IP pool group 1.
<Sysname> system-view
[Sysname] ip pool-group 1
[Sysname-ip-pool-group-1] ip-pool algorithm round-robin local
ip unr
Use ip unr to set an IPv4 user network route (UNR) tag.
Use undo ip unr to restore the default.
ip unr { framed-ip-address-tag tag-value | framed-ip-netmask-tag tag-value | framed-route-tag tag-value | local-pool-tag tag-value | remote-pool-tag tag-value } *
undo ip unr { framed-ip-address-tag | framed-ip-netmask-tag | framed-route-tag | local-pool-tag | remote-pool-tag } *
Default
No IPv4 UNR tag is set.
Views
System view
Predefined user roles
network-admin
Parameters
framed-ip-address-tag tag-value: Sets a tag value for host routes that are generated based on the Framed-IP-Address attribute assigned by the RADIUS server. The tag value range is 1 to 4294967295.
framed-ip-netmask-tag tag-value: Sets a tag value for network routes that are generated based on the Framed-IP-Netmask attribute assigned by the RADIUS server. The tag value range is 1 to 4294967295.
framed-route-tag tag-value: Sets a tag value for network routes that are generated based on the Framed-Routing attribute assigned by the RADIUS server. The tag value range is 1 to 4294967295.
local-pool-tag tag-value: Sets a UNR tag value for common IP pools and local BAS IP pools. The tag value range is 1 to 4294967295.
remote-pool-tag tag-value: Sets a UNR tag value for remote BAS IP pools. The tag value range is 1 to 4294967295.
Usage guidelines
When the DHCP server assigns an IP address, it adds the network route for the IP address to the route management module. In a BAS network, you can classify user network routes based on their UNR tag values for route redistribution.
The tag value modification does not affect the tag values for network routes that have been advertised.
You can set a route tag value in system view or in IP pool view. For BAS access users, the value set in IP pool view has higher priority than the one set in system view.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the UNR tag value to 1 for local BAS IP pools.
<Sysname> system-view
[Sysname] ip unr local-pool-tag 1
Related commands
ip-in-use threshold
Use ip-in-use threshold to set the IP address usage threshold for an IP address pool or IP address pool group.
Use undo ip-in-use threshold to restore the default.
Syntax
ip-in-use threshold threshold-value
undo ip-in-use threshold
Default
The IP address usage threshold for an IP address pool or IP address pool group is 100%.
Views
IP pool view
IP pool group view
Predefined user roles
network-admin
Parameters
threshold-value: Specifies an IP address usage threshold, in percentage. The value range for this argument is 0 to 100.
Usage guidelines
If the IP address usage of an IP address pool or IP address pool group reaches or exceeds the threshold, the DHCP module sends an SNMP notification and a log message to report the event. You can optimize the IP pool configuration accordingly. When the IP address usage drops below 90% of the threshold after the threshold violation, DHCP also sends an SNMP notification and a log message to the information center. If the threshold value is set to 100% for an IP address pool or IP address pool group, the DHCP module generates only an SNMP notification when the IP address usage reaches 100% or drops below 90%.
For DHCP notifications to be sent correctly, you must configure SNMP on the device. For log messages to be sent correctly, you must configure the information center. For more information about SNMP configuration and the information center configuration, see Network Management and Monitoring Configuration Guide.
If you execute this command multiple times in the same IP pool view, the most recent configuration takes effect.
Examples
# Set the IP address usage threshold to 75% for IP address pool pool1.
<Sysname> system-view
[Sysname] ip pool pool1
[Sysname-ip-pool-pool1] ip-in-use threshold 75
# Set the IP address usage threshold to 75% for IP address pool group group1.
<Sysname> system-view
[Sysname] ip pool-group group1
[Sysname-ip-pool-group-group1] ip-in-use threshold 75
Related commands
snmp-agent trap enable dhcp server
lock
Use lock to lock an IP pool.
Use undo lock to restore the default.
Syntax
lock [ strict ]
undo lock
Default
IP pools are not locked.
Views
IP pool view
Predefined user roles
network-admin
Parameters
strict: Locks the IP pool in strict mode. If an IP pool is locked in strict mode, the server does not respond to the lease renewal requests from online DHCP clients for IP addresses in the pool or assign IP addresses from the pool to new DHCP clients. If you do not specify this keyword, the IP pool is locked in loose mode. When the IP pool is locked in loose mode, the server responds to the lease renewal requests from online DHCP clients for IP addresses in the pool. However, it does not assign IP addresses from the pool to new DHCP clients.
Usage guidelines
Lock an IP pool in loose mode or strict mode depending on the IP pool management requirements.
· Lock an IP pool in loose mode if you are using that pool only to assign addresses to existing DHCP clients on the network.
· Lock an IP pool in strict mode if you are deleting or changing the IP space assigned to the IP pool. You can delete or change the IP space for an IP pool only when the IP pool does not contain assigned IP addresses. Locking the IP pool in strict mode ensures that you can perform the delete or change operation as soon as all assigned IP addresses in the pool are reclaimed.
Examples
# Lock IP pool 1 in loose mode.
<Sysname> system-view
[Sysname] ip pool 1
[Sysname-ip-pool-1] lock
The IP pool will answer only renewal requests of online users but will not assign addresses to new users. Continue? [Y/N]:
# Lock IP pool 1 in strict mode.
<Sysname> system-view
[Sysname] ip pool 1
[Sysname-ip-pool-1] lock strict
The IP pool will not answer renewal requests of online users or assign addresses to new users. Continue? [Y/N]:
Related commands
display ip pool
nbns-list
Use nbns-list to specify WINS server addresses in an IP pool.
Use undo nbns-list to remove the specified WINS server addresses.
Syntax
nbns-list ip-address&<1-8>
undo nbns-list [ ip-address&<1-8> ]
Default
No WINS server address is specified.
Views
IP pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies a space-separated list of up to eight WINS server IP addresses.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
If you do not specify any parameters, the undo nbns-list command deletes all WINS server addresses.
Examples
# Specify WINS server address 10.1.1.1 in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] nbns-list 10.1.1.1
display ip pool
netbios-type
netbios-type
Use netbios-type to specify the NetBIOS node type in an IP pool.
Use undo netbios-type to restore the default.
Syntax
netbios-type { b-node | h-node | m-node | p-node }
undo netbios-type
Default
No NetBIOS node type is specified.
Views
IP pool view
Predefined user roles
network-admin
Parameters
b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server.
h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server.
m-node: Specifies the mixed node. An m-node client broadcasts the destination name. If it does not receive a response, the m-node client unicasts the destination name to the WINS server to get the mapping.
p-node: Specifies the peer-to-peer node. A p-node client sends the destination name in a unicast message to get the mapping from the WINS server.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the NetBIOS node type as p-node in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] netbios-type p-node
Related commands
display ip pool
nbns-list
network
Use network to specify a network segment for dynamic allocation in an IP pool.
Use undo network to remove the specified network segment.
Syntax
network network-address [ mask-length | mask mask ] [ secondary ] [ export-route [ preference preference | tag tag ] * ]
undo network network-address [ mask-length | mask mask ] [ secondary ]
Default
No network segment is specified in an IP pool.
Views
Common IP pool view
Predefined user roles
network-admin
Parameters
network-address: Specifies the network segment for dynamic allocation. If no mask length or mask is specified, the natural mask will be used.
mask-length: Specifies the mask length for the network segment. The value range for this argument is 1 to 30.
mask mask: Specifies the mask in dotted decimal notation.
secondary: Specifies the network segment as a secondary network segment. If you do not specify this keyword, this command specifies the primary network segment. If the addresses in the primary network segment are used up, the DHCP server can select addresses from a secondary network segment for clients.
export-route: Advertises the network route assigned to DHCP clients. If you do not specify this keyword, the network route will not be advertised.
preference preference: Sets a preference for the network route to be advertised, in the range of 1 to 255. The default preference is 70.
tag tag: Sets a tag value for the network route to be advertised, in the range of 0 to 4294967295. The default tag value is 0. Tags are route identifications for routing policies to filter routes. For more information about routing policies, see Layer 3—IP Routing Configuration Guide.
Usage guidelines
You can use the secondary keyword to specify a secondary network segment and enter its view. In secondary network segment view, you can specify gateways by using the gateway-list command for DHCP clients in the secondary network segment.
You can specify only one primary network segment for an IP pool. If you execute the network command multiple times, the most recent configuration takes effect.
You can specify up to 96 secondary network segments for a common IP pool.
The primary network segment and secondary network segments in an IP pool must not have the same network address and mask.
If you have used the address range or class command in an IP pool, you cannot specify a secondary network segment in the same IP pool.
If the IP pool has assigned IP addresses, you cannot use the network command to modify or remove the network segments in the IP pool.
If you execute the network export-route command multiple times, the most recent configuration takes effect.
Examples
# Specify primary network segment 192.168.8.0/24 and secondary network segment 192.168.10.0/24 in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] network 192.168.8.0 mask 255.255.255.0
[Sysname-ip-pool-0] network 192.168.10.0 mask 255.255.255.0 secondary
[Sysname-ip-pool-0-secondary]
Related commands
display ip pool
gateway-list
next-server
Use next-server to specify the IP address of a server in an IP pool.
Use undo next-server to restore the default.
Syntax
next-server ip-address
undo next-server
Default
No server's IP address is specified in an IP pool.
Views
IP pool view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a server.
Usage guidelines
Upon startup, the DHCP client obtains an IP address and the specified server IP address. Then it contacts the specified server, such as a TFTP server, to get other boot information.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify a server's IP address 10.1.1.254 in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] next-server 10.1.1.254
display ip pool
option
Use option to customize a DHCP option.
Use undo option to remove a customized DHCP option.
option code { ascii ascii-string | hex hex-string | ip-address ip-address&<1-8> }
undo option code
Default
No DHCP option is customized.
Views
IP pool view
DHCP option group view
Predefined user roles
network-admin
Parameters
code: Specifies the number of the customized option, in the range of 2 to 254, excluding 50 through 54, 56, 58, 59, 61, and 82.
ascii ascii-string: Specifies a case-sensitive ASCII string of 1 to 255 characters as the option content.
hex hex-string: Specifies a hexadecimal number as the option content. The length of the hexadecimal number must be an even number in the range of 2 to 256.
ip-address ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses as the option content.
Usage guidelines
The DHCP server fills the customized option with the specified ASCII string, hexadecimal number, or IP addresses, and sends it in a response to the client.
You can customize options for the following purposes:
· Add newly released options.
· Add options for which the vendor defines the contents, for example, Option 43.
· Add options for which the CLI does not provide a dedicated configuration command. For example, you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients.
· Add all option values if the actual requirement exceeds the limit for a dedicated option configuration command. For example, the dns-list command can specify up to eight DNS servers. To specify more than eight DNS server, you must use the option 6 command to define all DNS servers.
DHCP options specified by dedicated commands take precedence over those specified by the option commands. For example, if a DNS server address is specified by both the dns-list command and the option 6 command, the server uses the address specified by the dns-list command.
DHCP options specified in DHCP option groups take precedence over those specified in IP pools.
If multiple DHCP option groups have the same option, the server selects the option in the DHCP option group first matching the user class.
If you execute this command multiple times with the same code specified, the most recent configuration takes effect.
Examples
# Configure Option 7 to specify log server address 2.2.2.2 in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] option 7 ip-address 2.2.2.2
Related commands
display ip pool
pool
Use pool to add an IP pool to the IP pool group.
Use undo pool to remove an IP pool from the IP pool group.
Syntax
pool pool-name [ priority priority-value ]
undo pool [ pool-name ]
Default
No IP pools exist in an IP pool group.
Views
IP pool group view
Predefined user roles
network-admin
Parameters
pool-name: Specifies an IP pool name, a case-insensitive string of 1 to 63 characters. The undo pool command removes all IP pools from the IP pool group if you do not specify this argument.
priority priority-value: Specifies the priority of the IP pool, The value range is 0 to 65535, and the default value is 0. A smaller value represents a higher priority.
Usage guidelines
For a user that matches an IP pool group, the DHCP server selects an IP address from an available IP pool in the IP pool group according to the descending order of the pool priority. If multiple IP pools share the same priority, the server selects the pool displayed first in the output from the display ip pool-group command.
An IP pool supports a maximum of 1024 IP pools. An IP pool can be added to multiple IP pool groups.
Before you add an IP pool to an IP pool group, make sure the IP pool is on the public network or in the same VPN instance as the IP pool group.
Before you remove an IP pool from an IP pool group, make sure the IP pool has not assigned any IP addresses.
Examples
# Create an IP pool named poolgroup1, and assign IP pool pool1 to the IP pool group.
<Sysname> system-view
[Sysname] ip pool-group poolgroup1
[Sysname-ip-pool-group-poolgroup1] pool pool1
Related commands
ip pool-group
reserve expired-ip enable
Use reserve expired-ip enable to enable IP address reservation in an IP pool.
Use undo reserve expired-ip enable to disable IP address reservation in an IP pool.
reserve expired-ip enable
undo reserve expired-ip enable
Default
IP address reservation is enabled.
Views
IP pool view
Predefined user roles
network-admin
Usage guidelines
This feature enables the DHCP server to reserve IP addresses for clients that are going offline. When a client goes offline, the DHCP server reserves the client IP address as an expired lease. When the client comes online again, the DHCP server assigns the IP address in the reserved lease to the client.
Disable the IP address reservation feature if you want the DHCP server to reclaim IP addresses immediately after clients go offline.
Examples
# Disable IP address reservation in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] undo reserve expired-ip enable
Related commands
reserve expired-ip mode
display dhcp server expired
reserve expired-ip mode
Use reserve expired-ip enable to configure the IP address reservation mode in an IP pool.
Use undo reserve expired-ip enable to restore the default.
Syntax
reserve expired-ip mode { client-id | mac } [ limit limit-number | time time ] *
undo reserve expired-ip mode
Default
With IP address reservation enabled, a DHCP server reserves IP addresses based on client IDs.
Views
IP pool view
Predefined user roles
network-admin
Parameters
client-id: Reserves IP addresses based on client IDs.
mac: Reserves IP addresses based on client MAC addresses.
limit limit-number: Specifies the maximum number of IP addresses that can be reserved in an IP pool. The value range is 1 to 2560000, and the default value is 256000.
time time: Specifies the reservation time for expired IP addresses, in the range of 60 to 4294967295 seconds. If you do not specify this option, the reserved time is unlimited (about 136 years defined by the system).
Usage guidelines
With IP address reservation enabled, the DHCP server reserves IP addresses for DHCP clients in the following modes:
· Reservation based on client IDs—The DHCP server records the IP-to-client ID bindings for online clients. When these clients come online again, the server assigns them the IP addresses in the bindings based on their client IDs.
· Reservation based on client MAC addresses—The DHCP server records the IP-to-MAC bindings for online clients. When these clients come online again, the server assigns them the IP addresses in the bindings based on their MAC addresses.
When you change the IP address reservation mode, the device deletes all expired leases that are saved in the old reservation mode.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the DHCP server to reserve IP addresses based on client IDs in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] reserve expired-ip enable
[Sysname-ip-pool-0] reserve expired-ip mode client-id
reset dhcp pool-usage peak
Use reset dhcp pool-usage peak to clear peak address usage information for an IP pool.
Syntax
reset dhcp pool-usage peak [ pool pool-name ]
Views
User view
Predefined user roles
network-admin
Parameters
pool pool-name: Specifies an IP pool by its name. The pool-name argument is a case-insensitive string of 1 to 63 characters. If you do not specify this option, this command clears peak address usage information for all IP pools.
Usage guidelines
To clear peak address usage information for all IP pools, execute the reset dhcp pool-usage peak command without specifying an IP pool. Then, if you execute the display dhcp pool-usage peak command again, the command displays the new peak address usage data collected for each IP pool after you executed the reset command.
Examples
# Clear peak address usage information for all IP pools.
<Sysname> reset dhcp pool-usage peak
Related commands
display dhcp pool-usage
reset dhcp server conflict
Use reset dhcp server conflict to clear IP address conflict information.
Syntax
reset dhcp server conflict [ ip start-ip-address [ end-ip-address ] ] [ vpn-instance vpn-instance-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ip start-ip-address [ end-ip-address ]: Clears conflict information for IP addresses in the specified IP address range. If you do not specify this option, this command clears all address conflict information.
· start-ip-address: Specifies a start IP address.
· end-ip-address: Specifies an end IP address. The end IP address cannot be lower than the start IP address. If you do not specify this argument, this command clears conflict information for the start IP address (if any).
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears conflict information about IP addresses for the public network.
Usage guidelines
If you do not specify any parameter, this command clears all IP address conflict information for the public network.
Address conflicts occur when dynamically assigned IP addresses have been statically configured for other hosts. After you modify the IP pool configuration, the conflicted addresses might become assignable. To assign these addresses, use the reset dhcp server conflict command to clear the conflict information first.
Examples
# Clear all IP address conflict information for the public network.
<Sysname> reset dhcp server conflict
Related commands
display dhcp server conflict
reset dhcp server expired
Use reset dhcp server expired to clear binding information about lease-expired IP addresses.
Syntax
reset dhcp server expired [ [ ip start-ip-address [ end-ip-address ] ] [ vpn-instance vpn-instance-name ] | pool pool-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ip start-ip-address [ end-ip-address ]: Clears binding information for lease-expired IP addresses in the specified IP address range. If you do not specify an IP address, this command clears binding information for all lease-expired IP addresses.
· start-ip-address: Specifies a start IP address.
· end-ip-address: Specifies an end IP address. The end IP address cannot be lower than the start IP address. If you do not specify this argument, this command clears binding information for the start IP address (if lease-expired).
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears lease expiration information about IP addresses for the public network.
pool pool-name: Clears binding information about the expired IP addresses in the specified IP pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an IP pool, this command clears binding information for lease-expired IP addresses in all IP pools.
Usage guidelines
If you do not specify any parameter, this command clears binding information for all lease-expired IP addresses on the public network.
Examples
# Clear binding information for all lease-expired IP addresses on the public network.
<Sysname> reset dhcp server expired
Related commands
display dhcp server expired
reset dhcp server ip-in-use
Use reset dhcp server ip-in-use to clear binding information about assigned IP addresses.
Syntax
reset dhcp server ip-in-use [ [ ip start-ip-address [ end-ip-address ] | relay-address ip-address ] [ vpn-instance vpn-instance-name ] | pool pool-name [ relay-address ip-address ] ]
Views
User view
Predefined user roles
network-admin
Parameters
ip start-ip-address [ end-ip-address ]: Clears binding information for assigned IP addresses in the specified IP address range. If you do not specify an IP address, this command clears binding information for all assigned IP addresses.
· start-ip-address: Specifies a start IP address.
· end-ip-address: Specifies an end IP address. The end IP address cannot be lower than the start IP address. If you do not specify this argument, this command clears binding information for the start IP address (if any).
relay-address ip-address: Specifies the IP address of a relay interface that connects to the DHCP clients. This command clears the bindings that use this address as the gateway address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears binding information for the public network.
pool pool-name: Clears binding information about assigned IP addresses in the specified IP pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify an IP pool, this command clears binding information for assigned IP addresses in all IP pools.
relay-address ip-address: Specifies the IP address of a relay interface that connects to the DHCP clients. This command clears the bindings that use this address as the gateway address in the IP pool.
Usage guidelines
If no parameters are specified, this command clears all address bindings for the public network on the device.
If you use this command to clear information about an assigned static binding, the static binding becomes a free static binding.
Examples
# Clear binding information for IP address 10.110.1.1.
<Sysname> reset dhcp server ip-in-use ip 10.110.1.1
display dhcp server ip-in-use
reset dhcp server packet statistics
Use reset dhcp server packet statistics to clear DHCP server packet statistics.
Syntax
reset dhcp server packet statistics [ vpn-instance vpn-instance-name ]
Views
User view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears DHCP server packet statistics for the public network.
Examples
# Clear packet statistics for all DHCP servers on the public network.
<Sysname> reset dhcp server packet statistics
reset dhcp-access packet statistics
Use reset dhcp-access packet statistics to clear packet statistics for the DHCP access module.
Syntax
reset dhcp-access packet statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear packet statistics for the DHCP access module.
<Sysname> reset dhcp-access packet statistics
Related commands
display dhcp-access packet statistics
route-log enable
Use route-log enable to enable route logging for an IP address pool.
Use undo route-log enable to disable route logging for an IP address pool.
Syntax
route-log enable
undo route-log enable
Default
Route logging is disabled for an IP address pool.
Views
IP pool view
Predefined user roles
network-admin
Usage guidelines
After you enable this feature for an IP address pool, the DHCP server generates log messages for route events that occur in the IP address pool. Route events include network route adding or deletion.
To enable route logging for IP address pools, use one of the following commands:
· dhcp route-log enable
This command enables route logging for all types of IP address pools on the DHCP server.
· route-log enable
This command enables route logging for a single IP address pool on the DHCP server. To enable route logging for only one IP address pool, perform the following task:
a. Verify that route logging is disabled for all IP address pools on the DHCP server.
You can use the undo dhcp route-log enable command to disable route logging for all IP address pools.
b. Use the route-log enable command in the view of the target IP address pool.
Enabling global route logging might cause a large number of unnecessary route log messages. To resolve this issue, use the undo route-log enable command to disable route logging for some IP address pools.
Examples
# Enable route logging for IP address pool 1.
<Sysname> system-view
[Sysname] ip pool 1
[Sysname-ip-pool-1] route-log enable
Related commands
dhcp route-log enable
snmp-agent trap enable dhcp server
Use snmp-agent trap enable dhcp server to enable SNMP notifications for the DHCP server.
Use undo snmp-agent trap enable dhcp server to disable SNMP notifications for the DHCP server.
Syntax
snmp-agent trap enable dhcp server [ address-exhaust | allocated-ip | ip-alloc-failed | ip-in-use | pool-group-exhaust | pool-group-threshold ] *
undo snmp-agent trap enable dhcp server [ address-exhaust | allocated-ip | ip-alloc-failed | ip-in-use | pool-group-exhaust | pool-group-threshold ] *
Default
SNMP notifications are enabled for the DHCP server.
Views
System view
Predefined user roles
network-admin
Parameters
address-exhaust: Generates alarm notifications for address exhaustion events. This type of alarm notifications is generated when the IP address usage of an IP pool has reached 100% or an IP pool has recovered from an IP exhaustion alarm condition.
allocated-ip: Generates IP allocation alarm notifications. This type of alarm notifications occurs when the IP allocation success rates of all IP pools on the server are lowered than the IP allocation success rate threshold. The threshold is set by using the dhcp server allocated-ip threshold command.
ip-alloc-failed: Generates alarm notifications for IP allocation failure.
ip-in-use: Generates IP address usage alarm notifications. This type of alarm notifications is generated when the IP address usage of an IP pool reaches or exceeds the threshold, or an IP pool has recovered from an IP usage alarm condition. The threshold is set by using the ip-in-use threshold command.
pool-group-exhaust: Generates alarm notifications for address exhaustion events. This type of alarm notifications is generated when the IP address usage of an IP pool group has reached 100% or an IP pool group has recovered from an IP exhaustion alarm condition.
pool-group-threshold: Generates IP address usage alarm notifications. This type of alarm notifications is generated when the IP address usage of an IP pool group reaches or exceeds the threshold, or an IP pool group has recovered from an IP usage alarm condition. The threshold is set by using the ip-in-use threshold command.
Usage guidelines
If you do not specify any parameters, this command enables SNMP notifications for all types of DHCP server events.
To report critical DHCP server events to an NMS, enable SNMP notifications for the DHCP server. For DHCP server event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.
Examples
# Disable SNMP notifications of all types of DHCP server events.
<Sysname> system-view
[Sysname] undo snmp-agent trap enable dhcp server
# Disable SNMP IP exhaustion notifications.
<Sysname> system-view
[Sysname] undo snmp-agent trap enable dhcp server address-exhaust
# Disable SNMP IP allocation alarm notifications.
<Sysname> system-view
[Sysname] undo snmp-agent trap enable dhcp server allocated-ip
# Disable SNMP IP usage alarm notifications.
<Sysname> system-view
[Sysname] undo snmp-agent trap enable dhcp server ip-in-use
# Disable SNMP IP exhaustion notifications for IP pool groups.
<Sysname> system-view
[Sysname] undo snmp-agent trap enable dhcp server pool-group-exhaust
Related commands
dhcp server allocated-ip threshold
ip-in-use threshold
snmp-agent target-host (Network Management and Monitoring Command Reference)
static-bind
Use static-bind to statically bind a client ID or MAC address to an IP address.
Use undo static-bind to remove a static binding.
Syntax
static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier | hardware-address hardware-address [ ethernet | token-ring ] }
undo static-bind ip-address ip-address
Default
No static binding is specified in an IP pool.
Views
IP pool view
Predefined user roles
network-admin
Parameters
ip-address ip-address: Specifies the IP address of the static binding. The natural mask is used if no mask length or mask is specified.
mask-length: Specifies the mask length in the range of 1 to 30.
mask mask: Specifies the mask, in dotted decimal format.
client-identifier client-identifier: Specifies the client ID of the static binding, a string of 4 to 254 characters. The string can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…. The last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is correct, and aabb-c-dddd and aabb-cc-dddd are not correct. IPoE users do not support this option.
hardware-address hardware-address: Specifies the client hardware address of the static binding, a string of 4 to 39 characters. The string can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…. The last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is correct, and aabb-c-dddd and aabb-cc-dddd are not correct. PPPoE users do not support this option.
ethernet: Specifies the client hardware address type as Ethernet. The default type is Ethernet.
token-ring: Specifies the client hardware address type as token ring.
Usage guidelines
The IP address of a static binding must not be an interface address of the DHCP server. Otherwise, an IP address conflict occurs, and the bound client cannot obtain the IP address.
You cannot specify an IP address in a static binding if you have excluded it from DHCP allocation by using the dhcp server forbidden-ip command.
You can repeat this command to specify multiple static bindings in an IP pool.
An IP address can be bound to only one DHCP client. To modify the binding for a DHCP client, first execute the undo form of the command to delete the existing binding and then create a new binding.
The command is not available for remote BAS IP pools.
Examples
# Bind IP address 10.1.1.1/24 to client ID 00aa-aabb in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0 client-identifier 00aa-aabb
Related commands
display ip pool
tftp-server domain-name
Use tftp-server domain-name to specify a TFTP server name in an IP pool.
Use undo tftp-server domain-name to restore the default.
Syntax
tftp-server domain-name domain-name
undo tftp-server domain-name
Default
No TFTP server name is specified.
Views
IP pool view
Predefined user roles
network-admin
Parameters
domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify TFTP server name aaa in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] tftp-server domain-name aaa
display ip pool
tftp-server ip-address
tftp-server ip-address
Use tftp-server ip-address to specify a TFTP server address in an IP pool.
Use undo tftp-server ip-address to restore the default.
Syntax
tftp-server ip-address ip-address
undo tftp-server ip-address
Default
No TFTP server address is specified.
Views
IP pool view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a TFTP server.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify TFTP server address 10.1.1.1 in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] tftp-server ip-address 10.1.1.1
display ip pool
tftp-server domain-name
unr preference
Use unr preference to set a UNR preference value for a BAS IP pool.
Use undo unr preference to restore the default.
Syntax
unr preference preference-value
undo unr preference
Default
The UNR preference value is 65 for a BAS IP pool.
Views
Local BAS IP pool view
Remote BAS IP pool view
Predefined user roles
network-admin
Parameters
preference-value: Sets a UNR preference value. The value range for this argument is 1 to 255.
Usage guidelines
When the DHCP server assigns an IP address, it adds the network route for the IP address to the route management module. A smaller UNR preference value indicates a higher priority.
The preference value modification does not affect the preference value for network routes that have been advertised.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the UNR preference value to 1 for local BAS IP pool p1.
<Sysname> system-view
[Sysname] ip pool p1 bas local
[Sysname-ip-pool-p1] unr preference 1
unr tag
Use unr tag to set a UNR tag value for a BAS IP pool.
Use undo unr tag to restore the default.
Syntax
unr tag tag-value
undo unr tag
Default
No UNR tag value is set for a BAS IP pool.
Views
Local BAS IP pool view
Remote BAS IP pool view
Predefined user roles
network-admin
Parameters
tag-value: Sets a UNR tag value. The value range for this argument is 0 to 4294967294.
Usage guidelines
When the DHCP server assigns an IP address, it adds the network route for the IP address to the route management module. In a BAS network, you can classify user network routes based on their UNR tag values for route redistribution.
The tag value modification does not affect the tag value for network routes that have been advertised.
This command takes effect only on BAS IP pools.
You can set a UNR tag value in system view or in IP pool view. For BAS access users, the value set in BAS IP pool view has higher priority than the one set in system view.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the UNR tag value to 1 for local BAS IP pool p1.
<Sysname> system-view
[Sysname] ip pool p1 bas local
[Sysname-ip-pool-p1] unr tag 1
Related commands
ip unr
valid class
Use valid class to add DHCP user classes to the whitelist.
Use undo valid class to remove DHCP user classes from the whitelist.
Syntax
valid class class-name&<1-8>
undo valid class class-name&<1-8>
Default
No DHCP user class is listed on the whitelist.
Views
IP pool view
Predefined user roles
network-admin
Parameters
class-name&<1-8>: Specifies a space-separated list of up to eight DHCP user classes by their names, a case-insensitive string of 1 to 63 characters.
Usage guidelines
For this command to take effect, you must enable the DHCP user class whitelist.
Examples
# Add DHCP user classes test1 and test2 to the whitelist in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] valid class test1 test2
Related commands
dhcp class
verify class
verify class
Use verify class to enable the DHCP user class whitelist.
Use undo verify class to disable the DHCP user class whitelist.
Syntax
verify class
undo verify class
Default
The DHCP user class whitelist is disabled.
Views
IP pool view
Predefined user roles
network-admin
Usage guidelines
After you enable the DHCP user class whitelist, the DHCP server processes requests only from clients on the DHCP user class whitelist.
The DHCP user class whitelist does not take effect on clients that request static IP addresses, and the server always processes their requests.
Examples
# Enable the DHCP user class whitelist in IP pool 0.
[Sysname] system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] verify class
Related commands
valid class
voice-config
Use voice-config to configure the content for Option 184 in an IP pool.
Use undo voice-config to remove the Option 184 content from an IP pool.
Syntax
voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } }
undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ]
Default
No Option 184 content is configured in an IP pool.
Views
IP pool view
Predefined user roles
network-admin
Parameters
as-ip ip-address: Specifies the IP address of the backup network calling processor.
fail-over ip-address dialer-string: Specifies the failover IP address and dialer string. The dialer-string is a string of 1 to 39 characters. Valid characters are digits and asterisk (*).
ncp-ip ip-address: Specifies the IP address of the primary network calling processor.
voice-vlan vlan-id: Specifies the voice VLAN ID in the range of 2 to 4094.
· disable: Disables the specified VLAN. DHCP clients will not take this VLAN as their voice VLAN.
· enable: Enables the specified VLAN. DHCP clients will take this VLAN as their voice VLAN.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure Option 184 in IP pool 0. The primary and backup network calling processors are at 10.1.1.1 and 10.2.2.2, respectively. The voice VLAN 3 is enabled. The failover IP address is 10.3.3.3. The dialer string is 99*.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] voice-config ncp-ip 10.1.1.1
[Sysname-ip-pool-0] voice-config as-ip 10.2.2.2
[Sysname-ip-pool-0] voice-config voice-vlan 3 enable
[Sysname-ip-pool-0] voice-config fail-over 10.3.3.3 99*
Related commands
display ip pool
vpn-instance (IP pool view)
Use vpn-instance to apply an IP pool to a VPN instance.
Use undo vpn-instance to restore the default.
Syntax
vpn-instance vpn-instance-name
undo vpn-instance
Default
The IP pool is not applied to any VPN instance.
Views
IP pool view
Predefined user roles
network-admin
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
If an IP pool is applied to a VPN instance, the DHCP server assigns IP addresses in this IP pool to clients in the specified VPN instance.
The DHCP server identifies the VPN instance to which a DHCP client belongs according to the following information:
· The client's VPN information stored in authentication modules.
· The VPN information of the DHCP server's interface that receives DHCP packets from the client.
The VPN information from authentication modules takes priority over the VPN information of the receiving interface.
Examples
# Apply IP pool 0 to VPN instance abc.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] vpn-instance abc
vpn-instance (IP pool group view)
Use vpn-instance to apply an IP pool group to a VPN instance.
Use undo vpn-instance to restore the default.
Syntax
vpn-instance vpn-instance-name
undo vpn-instance
Default
The IP pool group is not applied to any VPN instance.
Views
IP pool group view
Predefined user roles
network-admin
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
If an IP pool group is applied to a VPN instance, the IP pool group provides DHCP services for DHCP clients in the specified VPN instance.
If an IP pool group is not applied to a VPN instance, the IP pool group provides DHCP services for DHCP clients on the public network.
Examples
# Apply IP pool group g1 to VPN instance abc.
<Sysname> system-view
[Sysname] ip pool-group g1
[Sysname-ip-pool-group-g1] vpn-instance abc
DHCP relay agent commands
dhcp-proxy enable
Use dhcp-proxy enable to enable DHCP proxy.
Use undo dhcp-proxy enable to disable DHCP proxy.
Syntax
dhcp-proxy enable
undo dhcp-proxy enable
Default
DHCP proxy is enabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
When DHCP proxy is enabled on the device, the proxy forwards packets between DHCP clients and DHCP servers.
· When receiving DHCP requests from DHCP clients, the proxy forwards them to DHCP servers.
· When receiving DHCP responses from DHCP servers, the proxy performs the following task:
a. Changes the DHCP server's IP address in these responses to the IP address of the output interface or the IP address in the giaddr field.
b. Sends the responses to the DHCP clients.
Examples
# Enable DHCP proxy on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp-proxy enable
dhcp relay always-unicast
Use dhcp relay always-unicast to enable the DHCP relay agent to always unicast relayed DHCP responses.
Use undo dhcp relay always-unicast to restore the default.
Syntax
dhcp relay always-unicast
undo dhcp relay always-unicast
Default
The DHCP relay agent reads the broadcast flag in a DHCP response to decide whether to broadcast or unicast the relayed response.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the DHCP server to ignore the broadcast flag in DHCP responses and always unicast all relayed responses.
Examples
# Enable the DHCP relay agent to always unicast relayed DHCP responses.
<Sysname> system-view
[Sysname] dhcp relay always-unicast
Related commands
dhcp select relay
dhcp relay check mac-address
Use dhcp relay check mac-address to enable MAC address check on the relay agent.
Use undo dhcp relay check mac-address to disable MAC address check on the relay agent.
Syntax
dhcp relay check mac-address
undo dhcp relay check mac-address
Default
The MAC address check feature is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This feature enables the DHCP relay agent to compare the chaddr field of a received DHCP request with the source MAC address in the frame header. If they are the same, the DHCP relay agent forwards the request to the DHCP server. If they are not the same, the DHCP relay agent discards the request.
The MAC address check feature takes effect only when the dhcp select relay command has already been configured on the interface.
Enable the MAC address check feature only on the DHCP relay agent directly connected to the DHCP clients. A DHCP relay agent changes the source MAC address of DHCP packets before sending them.
Examples
# Enable MAC address check on the DHCP relay agent.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay check mac-address
dhcp select relay
dhcp relay client-information record
Use dhcp relay client-information record to enable recording client information in relay entries.
Use undo dhcp relay client-information record to disable the feature.
Syntax
dhcp relay client-information record
undo dhcp relay client-information record
Default
The DHCP relay agent does not record client information in relay entries.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Client information is recorded only when the DHCP relay agent is configured on the gateway of DHCP clients. A relay entry contains information about a client such as the client's IP and MAC addresses.
Disabling the recording of client information deletes all recorded relay entries.
The following information applies to WAN access users (for example, IPoE and PPPoE):
· The relay agent does not record client information for WAN access users if it has an authorized IP pool.
· The relay agent always records client information for WAN access users if it does not have an authorized IP pool. You cannot disable the relay agent from doing so.
Examples
# Enable the recording of relay entries on the relay agent.
<Sysname> system-view
[Sysname] dhcp relay client-information record
Related commands
dhcp conflict-ip-address offline
dhcp relay client-information refresh
dhcp relay client-information refresh enable
dhcp relay client-information refresh
Use dhcp relay client-information refresh to set the interval at which the DHCP relay agent refreshes relay entries.
Use undo dhcp relay client-information refresh to restore the default.
Syntax
dhcp relay client-information refresh { auto | interval interval }
undo dhcp relay client-information refresh
Default
The refresh interval is automatically calculated based on the number of relay entries.
Views
System view
Predefined user roles
network-admin
Parameters
auto: Automatically calculates the refresh interval. The more the entries, the shorter the refresh interval. The shortest interval is 50 ms.
interval interval: Specifies the refresh interval in the range of 1 to 120 seconds.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
This command does not take effect on WAN access users (for example, IPoE and PPPoE).
Examples
# Set the refresh interval to 100 seconds.
<Sysname> system-view
[Sysname] dhcp relay client-information refresh interval 100
Related commands
dhcp relay client-information record
dhcp relay client-information refresh enable
dhcp relay client-information refresh enable
Use dhcp relay client-information refresh enable to enable the DHCP relay agent to periodically refresh dynamic relay entries.
Use undo dhcp relay client-information refresh enable to disable the DHCP relay agent to periodically refresh dynamic relay entries.
Syntax
dhcp relay client-information refresh enable
undo dhcp relay client-information refresh enable
Default
The DHCP relay agent periodically refreshes relay entries.
Views
System view
Predefined user roles
network-admin
Usage guidelines
A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client.
With this feature, the DHCP relay agent uses a client's IP address and the relay interface's MAC address to periodically send a DHCP-REQUEST message to the DHCP server.
· If the server returns a DHCP-ACK message or does not return any message within an interval, the DHCP relay agent performs the following operations:
¡ Removes the relay entry.
¡ Sends a DHCP-RELEASE message to the DHCP server to release the IP address.
· If the server returns a DHCP-NAK message, the relay agent keeps the entry.
With this feature disabled, the DHCP relay agent does not remove relay entries automatically. After a DHCP client releases its IP address, you must use the reset dhcp relay client-information command on the relay agent to remove the corresponding relay entry.
This feature does not take effect on WAN access users (for example, IPoE and PPPoE). If the relay agent does not have an authorized IP pool, the relay agent removes the relay entry for a WAN access user after the lease for that user expires.
Examples
# Disable periodic refresh of relay entries.
<Sysname> system-view
[Sysname] undo dhcp relay client-information refresh enable
Related commands
dhcp relay client-information record
dhcp relay client-information refresh
reset dhcp relay client-information
dhcp relay dhcp-server timeout
Use dhcp relay dhcp-server timeout to set the DHCP server response timeout time for DHCP server switchover.
Use undo dhcp relay dhcp-server timeout to restore the default.
Syntax
dhcp relay dhcp-server timeout time
undo dhcp relay dhcp-server timeout
Default
The DHCP server response timeout time is 30 seconds.
Views
Interface view
Predefined user roles
network-admin
Parameters
time: Specifies the DHCP server response timeout time in the range of 1 to 65535 seconds.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the DHCP server response timeout time to 60 seconds for DHCP server switchover on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay dhcp-server timeout 60
Related commands
dhcp relay server-address algorithm
dhcp relay forward reply by-option82
Use dhcp relay forward reply by-option82 to configure the DHCP relay agent to forward DHCP replies based on Option 82.
Use undo dhcp relay forward reply by-option82 to restore the default.
Syntax
dhcp relay forward reply by-option82
undo dhcp relay forward reply by-option82
Default
The DHCP relay agent does not forward DHCP replies based on Option 82.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only after you execute the dhcp relay information enable and dhcp relay information circuit-id commands.
Examples
# Configure the DHCP relay agent to forward DHCP replies based on Option 82.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay forward reply by-option82
Related commands
dhcp relay information circuit-id
dhcp relay information enable
dhcp relay gateway
Use dhcp relay gateway to specify the DHCP relay agent address to be padded to DHCP requests.
Use undo dhcp relay gateway to restore the default.
Syntax
dhcp relay gateway ip-address
undo dhcp relay gateway
Default
The primary IP address of the interface is padded to DHCP requests as the DHCP relay agent address.
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the DHCP relay agent address. It must be an IP address of the interface.
Usage guidelines
The DHCP relay agent uses the specified IP address instead of the primary IP address of the relay interface as the DHCP relay agent address.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify 10.1.1.1 as the DHCP relay agent address to be padded to DHCP requests on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay gateway 10.1.1.1
Related commands
gateway-list
dhcp relay information circuit-id
Use dhcp relay information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option of Option 82.
Use undo dhcp relay information circuit-id to restore the default.
Syntax
dhcp relay information circuit-id { bas [ sub-interface-vlan ] [ with-vxlan ] | string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] [ interface [ vlan-in-vlan ] ] } [ sub-interface-vlan ] [ format { ascii | hex } ] }
undo dhcp relay information circuit-id
Default
The padding mode is normal and the padding format is hex.
Views
Interface view
Predefined user roles
network-admin
Parameters
bas: Specifies the bas mode that uses the interface and VLAN information to pad the Circuit ID sub-option. The device encapsulates the information in the format of interface-type slot/subslot/port vxlan_id.vlan_id.subvlan_id.
sub-interface-vlan: Specifies the VLAN ID of the L2VE subinterface as the content for the Circuit ID sub-option. If you do not specify this keyword, the VLAN ID of the interface on which you configure this command is written to the sub-option. This keyword is available only for L3VE interfaces.This keyword is not supported by the device.
with-vxlan: Specifies the bas mode with VXLAN ID. If you do not specify this keyword, you specify the bas mode without VXLAN ID.
string circuit-id: Specifies the string mode that uses a case-sensitive string of 3 to 63 characters as the content of the Circuit ID sub-option.
normal: Specifies the normal mode, in which the padding content consists of the VLAN ID and port number.
verbose: Specifies the verbose mode. The padding content includes the node identifier, interface information, and VLAN ID. The default node identifier is the MAC address of the access node. The default interface information consists of the Ethernet type (fixed to eth), chassis number, slot number, sub-slot number, and interface number.
node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier.
· mac: Uses the MAC address of the access node as the node identifier.
· sysname: Uses the device name as the node identifier. You can set the device name by using the sysname command in system view. The padding format for the device name is always ASCII regardless of the specified padding format. If you specify this keyword, do not include any spaces when you set the device name. Otherwise, the DHCP relay agent fails to add or replace Option 82.
· user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node identifier. The padding format for the specified character string is always ASCII regardless of the specified padding format.
interface: Uses the interface name as the interface information. If you specify this keyword, the padding format for the interface name and VLAN ID is always ASCII regardless of what padding format is specified.
vlan-in-vlan: Pads the Circuit ID sub-option with the inner and outer VLAN information of request packets. The padding format for the VLAN information is always ASCII. This field is supported only when sysname is specified as the node identifier.
format: Specifies the padding format for the Circuit ID sub-option.
ascii: Specifies the ASCII padding format.
hex: Specifies the hex padding format.
Usage guidelines
The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For more information about interface splitting and subinterfaces, see Interface Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
The padding format for the string mode, the normal mode, or the verbose mode varies by command configuration. Table 23 shows how the padding format is determined for different modes.
Table 23 Padding format for different modes
|
Keyword (mode) |
If no padding format is set |
If the padding format is ascii |
If the padding format is hex |
|
string circuit-id |
The padding format is ASCII, and is not configurable. |
N/A |
N/A |
|
normal |
Hex. |
ASCII. |
Hex. |
|
verbose |
Hex for the VLAN ID. ASCII for the node identifier, Ethernet type, chassis number, slot number, sub-slot number, and interface number. |
ASCII. |
ASCII for the node identifier and Ethernet type. Hex for the chassis number, slot number, sub-slot number, interface number, and VLAN ID. |
Examples
# Specify the content mode as verbose, node identifier as the device name, and the padding format as ASCII for the Circuit ID sub-option.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay information enable
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay information strategy replace
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay information circuit-id verbose node-identifier sysname format ascii
Related commands
dhcp relay forward reply by-option82
dhcp relay information enable
dhcp relay information strategy
display dhcp relay information
dhcp relay information enable
Use dhcp relay information enable to enable the DHCP relay agent to support Option 82.
Use undo dhcp relay information enable to disable Option 82 support.
Syntax
dhcp relay information enable
undo dhcp relay information enable
Default
The DHCP relay agent does not support Option 82.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp relay information circuit-id and dhcp relay information remote-id commands. If the DHCP requests contain Option 82, the relay agent handles the requests according to the strategy configured with the dhcp relay information strategy command.
If this feature is disabled, the relay agent forwards requests that contain or do not contain Option 82 to the DHCP server.
Examples
# Enable Option 82 support on the relay agent.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay information enable
Related commands
dhcp relay forward reply by-option82
dhcp relay information circuit-id
dhcp relay information remote-id
dhcp relay information strategy
display dhcp relay information
dhcp relay information remote-id
Use dhcp relay information remote-id to configure the padding mode and padding format for the Remote ID sub-option of Option 82.
Use undo dhcp relay information remote-id to restore the default.
Syntax
dhcp relay information remote-id { normal [ format { ascii | hex } ] | string remote-id | sysname }
undo dhcp relay information remote-id
Default
The padding mode is normal and the padding format is hex.
Views
Interface view
Predefined user roles
network-admin
Parameters
normal: Specifies the normal mode in which the padding content is the MAC address of the receiving interface.
format: Specifies the padding format for the Remote ID sub-option. The default padding format is hex.
ascii: Specifies the ASCII padding format.
hex: Specifies the hex padding format.
string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option.
sysname: Specifies the sysname mode that uses the device name as the content of the Remote ID sub-option. You can set the device name by using the sysname command.
Usage guidelines
The padding format for the specified character string (string) or the device name (sysname) is always ASCII. The padding format for the normal mode is determined by the command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the padding content for the Remote ID sub-option of Option 82 as device001.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay information enable
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay information strategy replace
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay information remote-id string device001
Related commands
dhcp relay information enable
dhcp relay information strategy
display dhcp relay information
dhcp relay information strategy
Use dhcp relay information strategy to configure the strategy for the DHCP relay agent to handle messages containing Option 82.
Use undo dhcp relay information strategy to restore the default handling strategy.
Syntax
dhcp relay information strategy { drop | keep | replace }
undo dhcp relay information strategy
Default
The handling strategy for messages that contain Option 82 is replace.
Views
Interface view
Predefined user roles
network-admin
Parameters
drop: Drops DHCP messages that contain Option 82 messages.
keep: Keeps the original Option 82 intact and forwards the DHCP messages.
replace: Replaces the original Option 82 with the configured Option 82 before forwarding the DHCP messages.
Usage guidelines
This command takes effect only on DHCP requests that contain Option 82.
For DHCP requests that do not contain Option 82, the DHCP relay agent always adds Option 82 to the requests before forwarding the requests to the DHCP server.
If the handling strategy is replace, configure a padding mode and padding format for Option 82. If the handling strategy is keep or drop, you do not need to configure any padding mode or padding format. The settings do not take effect even if you configure them.
Examples
# Specify the handling strategy for Option 82 as keep.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay information enable
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay information strategy keep
Related commands
dhcp relay information enable
display dhcp relay information
dhcp relay master-server switch-delay
Use dhcp relay master-server switch-delay to enable the switchback to the master DHCP server and set the switchback delay time.
Use undo dhcp relay master-server switch-delay to restore the default.
Syntax
dhcp relay master-server switch-delay delay-time
undo dhcp relay master-server switch-delay
Default
The DHCP relay agent does not switch back to the master DHCP server.
Views
Interface view
Predefined user roles
network-admin
Parameters
delay-time: Specifies the delay time in the range of 1 to 65535 minutes.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the DHCP relay agent to switch back to the master DHCP server 3 minutes after it switches to a backup DHCP server on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay master-server switch-delay 3
Related commands
dhcp relay server-address algorithm
dhcp relay non-first-hop enable
Use dhcp relay non-first-hop enable to enable the non-first-hop DHCP relay agent feature.
Use undo dhcp relay non-first-hop enable to disable the non-first-hop DHCP relay agent feature.
Syntax
dhcp relay non-first-hop enable
undo dhcp relay non-first-hop enable
Default
The non-first-hop DHCP relay agent feature is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
Multiple DHCP relay agents might exist between a DHCP client and the DHCP server. By default, only the first DHCP relay agent that the DHCP request passes through processes the request and the subsequent DHCP relay agents only forward the request. If access authentication is enabled on a non-first DHCP relay agent, execute this command on this relay agent for the relay agent to deliver the packet to the authentication module for authentication and authorization.
Enable this feature only on the non-first-hop DHCP relay agent where access authentication is enabled.
To have this feature function correctly:
· Enable the DHCP relay agent on the downstream interface of the non-first-hop DHCP relay device towards clients.
· Enable the non-first-hop DHCP relay agent on both the upstream and downstream interfaces of the device.
To ensure correct forwarding of DHCP messages, do not use either of the following commands to change the giaddr field in DHCP messages:
· dhcp relay gateway
· dhcp relay source-address
Examples
# Enable the non-first-hop DHCP relay agent feature on Ten-GigabitEthernet3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay non-first-hop enable
Related commands
dhcp select relay
dhcp relay release ip
Use dhcp relay release ip to release a client IP address.
Syntax
dhcp relay release ip ip-address [ vpn-instance vpn-instance-name ]
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address to be released.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the specified IP address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command releases the IP address on the public network.
Usage guidelines
After you execute this command, the relay agent sends a DHCP-RELEASE packet to the DHCP server and removes the relay entry of the IP address. Upon receiving the packet, the server removes binding information about the specified IP address to release the IP address.
Examples
# Release IP address 1.1.1.1.
<Sysname> system-view
[Sysname] dhcp relay release ip 1.1.1.1
dhcp relay release-agent
Use dhcp relay release-agent to enable lease release notification.
Use undo dhcp relay release-agent to disable lease release notification.
Syntax
dhcp relay release-agent
undo dhcp relay release-agent
Default
Lease release notification is enabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This command enables the DHCP relay agent to send a Release message to the DHCP server after it deletes a DHCP relay entry. After the DHCP server receives the message, it reclaims the IP address and marks the lease as expired.
This command does not take effect on the users that do not come online through access devices. The DHCP relay agent does not send Release messages to the DHCP server after it deletes the relay entries for such users.
This command does not take effect on PPPoE users after you use the cut access-user command to forcibly log out users. The DHCP relay agent will always send Release messages to the DHCP server. For more information about the cut access-user command, see UCM commands in BRAS Services Command Reference.
Examples
# Disable lease release notification on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp select relay
[Sysname-Ten-GigabitEthernet3/1/1] undo dhcp relay release-agent
Related commands
cut access-user (BRAS Services Command Reference)
dhcp select relay
dhcp relay server-address
Use dhcp relay server-address to specify DHCP servers on the DHCP relay agent.
Use undo dhcp relay server-address to remove DHCP servers.
Syntax
dhcp relay server-address ip-address [ public | vpn-instance vpn-instance-name ]
undo dhcp relay server-address [ ip-address [ public | vpn-instance vpn-instance-name ] ]
Default
No DHCP server is specified on the DHCP relay agent.
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a DHCP server. The DHCP relay agent forwards DHCP packets received from DHCP clients to this DHCP server.
public: Specifies this option if the specified DHCP server is on the public network.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the specified DHCP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 32 characters.
Usage guidelines
To ensure a successful address allocation, the DHCP server must be located on a different subnet from the DHCP relay agent interface.
The DHCP relay agent forwards the packets from clients to the specified DHCP server in the specified virtual network (MPLS L3VPN instance or the public network). If you do not specify an MPLS L3VPN instance or the public network, the DHCP relay agent forwards the packets from a client in the same virtual network as the client.
You can specify a maximum of eight DHCP servers on an interface. The DHCP relay agent forwards the packets from the clients to all the specified DHCP servers.
If you do not specify an IP address, the undo dhcp relay server-address command removes all DHCP servers on the interface.
Examples
# Specify DHCP server address 1.1.1.1 on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay server-address 1.1.1.1
Related commands
dhcp select relay
display dhcp relay remote-server-info
dhcp relay server-address algorithm
Use dhcp relay server-address algorithm to specify the DHCP server selection algorithm.
Use undo dhcp relay server-address algorithm to restore the default.
Syntax
dhcp relay server-address algorithm { master-backup | polling }
undo dhcp relay server-address algorithm
Default
The polling algorithm is used. The DHCP relay agent forwards DHCP requests to all DHCP servers at the same time.
Views
Interface view
Predefined user roles
network-admin
Parameters
master-backup: Forwards DHCP requests to the master DHCP server first. If the master server is not available or does not have assignable IP addresses, the relay agent forwards DHCP requests to backup DHCP servers in the order they are specified.
polling: Forwards DHCP requests to all DHCP servers at the same time.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify master-backup as the DHCP server selection algorithm on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay server-address algorithm master-backup
Related commands
dhcp relay dhcp-server timeout
dhcp relay master-server switch-delay
dhcp relay server-address
remote-server algorithm
dhcp relay source-address
Use dhcp relay source-address to specify the source IP address for DHCP requests.
Use undo dhcp relay source-address to restore the default.
Syntax
dhcp relay source-address { ip-address [ option code [ option-text ] ] | gateway | relay-interface }
undo dhcp relay source-address { ip-address [ option code [ option-text ] ] | gateway | relay-interface }
Default
The relay agent chooses the default source IP address for relayed requests depending on whether its server-side interface and the DHCP server belong to the same VPN instance:
· If they belong to the same VPN instance, the relay agent uses the IP address of the output interface for relayed requests as the default source IP address.
· If they belong to different VPN instances, the relay agent uses the lowest IP address that is in the same VPN instance as the DHCP server as the default source address.
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the source IP address for DHCP requests. This IP address will also be filled in the giaddr field.
option code [ option-text ]: Changes the source IP address and the giaddr field of a DHCP request if the DHCP request carries the specified option. If you do not specify any option, this command changes the source IP address and the giaddr field of all DHCP requests that the interface receives.
· The code argument represents the option code and the value range for this argument is 1 to 254.
· To match DHCP requests by the content of Option 60, specify the option-text argument. This argument is available only when the value for the code argument is 60. The value for this argument is a case-sensitive string of 1 to 128 characters.
gateway: Uses the IP address in the giaddr field as the source IP address of the DHCP requests. If the giaddr field is empty, the relay agent follows the default rule to specify the source IP address for DHCP requests.
relay-interface: Uses the primary IP address of the relay interface as the source IP address. If this interface does not have an IP address, the relay agent follows the default rule to specify the source IP address for DHCP requests.
Usage guidelines
|
|
CAUTION: Do not configure this command together with the dhcp smart-relay enable command. |
If you specify the ip-address argument, the relay agent changes not only the source IP address but also the giaddr field of a DHCP request. The DHCP server assigns the client an IP address on the same subnet as the specified IP address in the giaddr field. As a result, the DHCP client might not be on the same subnet as the DHCP relay interface (the gateway). To avoid this problem, you must configure Option 82 on the relay agent before specifying the ip-address argument. This configuration enables the DHCP relay agent to insert the primary IP address of the relay interface in Option 82. Based on this option, the DHCP server assigns an IP address on the same subnet as the IP address of the relay interface. The DHCP relay agent looks up the MAC address table for the output interface to forward the DHCP reply.
If you do not specify any options, the undo dhcp relay source-address command removes all configured source IP addresses for DHCP requests on the interface.
The source IP addresses specified by the following commands overwrite each other and only the source IP address configured at last can take effect.
· The dhcp relay source-address ip-address command without any DHCP options specified.
· The dhcp relay source-address gateway command.
· The dhcp relay source-address relay-interface command.
The dhcp relay source-address ip-address option code [ option-text ] and dhcp relay source-address { gateway | relay-interface } commands do not overwrite each other.
If multiple sources IP addresses are specified on an interface, their match order is as follows:
1. Source IP addresses specified with DHCP options.
The relay agent matches these IP addresses against the DHCP options of a DHCP request in descending order of option values. The first matching IP address will be used as the source IP address for the DHCP request.
When the relay agent matches source IP addresses against Option 60, the source IP addresses with the option-text argument take precedence over those without the option-text argument.
2. Source IP address specified by the dhcp relay source-address relay-interface command.
3. Source IP address specified by the dhcp relay source-address gateway command.
4. Source IP address specified by the dhcp relay source-address ip-address command without any DHCP option specified.
Examples
# Specify 1.1.1.1 as the source IP address for DHCP requests on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp relay source-address 1.1.1.1
dhcp server
Use dhcp server to configure DHCP server liveness detection.
Use undo dhcp server to restore the default.
Syntax
dhcp server [ ip-address [ vpn-instance vpn-instance-name ] ] { dead-count dead-count-value | dead-time dead-time | nak-count nak-count-value | timeout timeout } *
undo dhcp server [ ip-address [ vpn-instance vpn-instance-name ] ] { dead-count | dead-time | nak-count | timeout } *
Default
If the DHCP relay agent does not receive a reply from a DHCP server within 25 seconds, the DHCP relay agent determines that the DHCP server is down or has no free addresses.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an IP address of the DHCP server. If you do not specify this keyword, the criteria apply to all DHCP servers.
vpn-instance vpn-instance name: Specifies an MPLS L3VPN instance to which DHCP servers belongs. The vpn-instance-name argument specifies a VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify this keyword, the criteria apply to DHCP servers on the public network.
dead-count dead-count-value: Specifies a maximum number of consecutive communication failures before the relay agent marks a DHCP server as down. The value range for the dead-count-value argument is 1 to 64, and the default value is 0.
dead-time dead-time: Specifies a time period in seconds for the relay agent to wait before communicating with the DHCP server. The value range for the dead-time augment is 1 to 65536, and the default value is 3.
nak-count nak-count-value: Specifies the maximum number of DHCP-NAK packets that the relay agent can receive. The value range for the nak-count-value argument is 0 to 255, and the default value is 10.
timeout timeout: Specifies a communication failure check timer in seconds. The value range for the argument is 1 to 60, and the default value is 25.
Usage guidelines
Application scenarios
The command is applicable to a network where a DHCP server is selected from a remote BAS IP pool in an IP pool group.
Operating mechanism
The liveness detection settings specific to a DHCP server have a higher priority than the shared settings. If no DHCP server-specific settings are configured, the shared ones apply.
This feature enables the relay agent to detect the liveness of the DHCP servers. Upon relaying the first DHCP request to a DHCP server, the DHCP relay agent starts the timeout timer and the request counter. The DHCP relay agent starts the timeout timer each time it relays a DHCP request. If a reply is received within the timeout time, the relay agent marks the DHCP server available, resets packet counter, and disables the timeout timer. The relay agent starts the timer and counter again if it relays a new request. A communication failure occurs if the relay agent does not receive a reply.
The relay agent uses the following principles to mark the DHCP server as down ("dead") or has no assignable IP addresses:
· At the end of every timeout period, the agent checks the total number of consecutive communication failures.
¡ If the failure count exceeds the dead-count-value value, the DHCP server is marked as dead.
¡ If the failure count does not exceed the dead-count-value value, the relay agent continues counting the number of requests. The DHCP server is marked as dead if the dead-count-value value is reached at next check.
· The total number of consecutively received DHCP-NAK for the relayed lease renewal packets reaches the nak-count value.
When a DHCP server is marked as dead, the relay agent starts the dead time for the server. Within the dead period, the relay agent does not relay any packets to this DHCP server. After the dead period expires, the relay agent determines that the DHCP server becomes alive, and starts forwarding packets to this server.
If all DHCP servers are marked as dead, the DHCP relay agent treats all DHCP servers as alive if it receives a new DHCP request.
If the DHCP server selection algorithm is set to polling:
· If different liveness detection settings are configured for different DHCP servers in the remote BAS IP pool, the relay agent uses the liveness detection settings that include the longest timeout value. The relay agent detects only the liveness of the DHCP server corresponding to the used liveness detection settings. If the DHCP server is marked as dead, the other DHCP servers in the remote BAS IP pool are also marked as dead.
· If multiple DHCP servers are configured with the longest timeout value, the relay agent detects the liveness of DHCP servers by using the liveness detection settings that include the longest timeout value and are deployed earliest.
Restrictions and guidelines
You can specify multiple server liveness detection rules for different DHCP server addresses. If you do not specify a DHCP server for the command, you are creating a shared detection rule. The DHCP server-specific detection rule or the shared rule takes effect as follows:
· If you specify the same rule keyword but with different values in each command execution, the most recent configuration takes effect.
· If you specify different rule keywords in each command execution, all configurations take effect.
Examples
# Configure DHCP server liveness detection for DHCP server at 1.1.1.1. Set the maximum number of consecutive communication failures to 10, set the communication failure check timer to 20 seconds, and set the DHCP server dead period to 3 minutes.
<Sysname> system-view
[Sysname] dhcp server 1.1.1.1 dead-count 10 timeout 20 dead-time 3
Related commands
display dhcp relay remote-server-info
remote-server algorithm
dhcp-server nak-count
Use dhcp-server nak-count to set the maximum number of DHCP-NAK packets that the DHCP relay agent can receive from one DHCP server.
Use undo dhcp-server nak-count to restore the default.
Syntax
dhcp-server nak-count nak-count-value [ gateway-only ]
undo dhcp-server nak-count
Default
The DHCP relay agent can receive a maximum of 10 DHCP-NAK packets from one DHCP server.
Views
Remote BAS IP pool view
Common IP pool view
Predefined user roles
network-admin
Parameters
nak-count-value: Specifies the maximum number of DHCP-NAK packets, in the range of 0 to 255.
gateway-only: Disables the DHCP relay agent from sending a lease renew request to the next DHCP server. If you do not specify this keyword, the DHCP relay agent will turn to the next DHCP server when the maximum number of DHCP-NAK packets is reached.
Usage guidelines
This feature is applicable to a network where the DHCP relay agent uses the master-backup server selection in the remote BAS IP pool. In such a network, you can use the gateway-list command to specify gateway addresses for users that match the remote BAS IP pool. When the relay agent receives a lease renew request from a DHCP client, the relay agent forwards the request to the currently selected DHCP server. When the number of DHCP-NAK packets from the DHCP server reaches the upper limit, the DHCP relay agent performs one of the following operations, depending on the configuration:
· If the gateway-only keyword is not configured, the DHCP relay agent forwards the request to the next DHCP server.
· If the gateway-only keyword is configured and smart relay is enabled, the relay agent uses the next gateway address configured in the gateway-list command to fill the giaddr field.
· If the gateway-only keyword is not configured and smart relay is enabled, the relay agent performs the following operations:
a. Uses the next gateway address in the gateway-list command to fill the giaddr field.
b. Forwards the request to the next DHCP server.
If the value for the nak-count-value argument is set to 0, both the master/backup DHCP server selection algorithm setting and the smart relay feature do not take effect.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Allow the DHCP relay agent can receive the maximum number of 20 DHCP-NAK packets from a DHCP server.
<Sysname> system-view
[Sysname] ip poo1 1 bas remote
[Sysname-ip-pool-1] dhcp-server nak-count 20
Related commands
dhcp smart-relay enable
remote-server algorithm master-backup
dhcp-server source-address
Use dhcp-server source-address to specify the source IP address of the packets that the relay agent forwards to the DHCP server.
Use undo dhcp-server source-address to restore the default.
Syntax
dhcp-server source-address { ip-address | gateway | interface interface-type interface-number }
undo dhcp-server source-address
Default
The relay agent chooses the default source IP address for relayed requests depending on whether its server-side interface and the DHCP server belong to the same VPN instance:
· If they belong to the same VPN instance, the relay agent uses the IP address of the output interface for relayed requests as the default source IP address.
· If they belong to different VPN instances, the relay agent uses the lowest IP address that is in the same VPN instance as the DHCP server as the default source address.
Views
Remote BAS IP pool view
Common IP pool view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the source IP address for DHCP requests.
gateway: Uses the IP address in the giaddr field as the source IP address of the DHCP requests. If the giaddr field is empty, the relay agent follows the default rule to specify the source IP address for DHCP requests.
interface interface-type interface-number: Uses the IP address of the specified interface as the source IP address. The interface-type interface-number argument specifies the interface type and the interface number.
Usage guidelines
This command is required if multiple relay interfaces share the same IP address or if a relay interface does not have routes to DHCP servers. You can use this command to specify the IP address of another interface, typically a loopback interface, on the DHCP relay agent as the source IP address for relayed DHCP requests.
If multiple relay interfaces share the same IP address, the DHCP relay agent cannot locate the output interface for DHCP reply packets based on the destination IP address. To avoid this problem, configure the DHCP relay agent to support Option 82 before executing dhcp-server source-address command. This configuration enables the DHCP relay agent to insert the subnet information in sub-option 5 in Option 82 for the received DHCP request. The DHCP server then assigns an IP address according to sub-option 5. The DHCP relay agent looks up the output interface in the MAC address table to forward the DHCP reply packets.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# In remote BAS IP pool 0, specify 1.1.1.1 as the source IP address for DHCP requests.
<Sysname> system-view
[Sysname] ip pool 0 bas remote
[Sysname-ip-pool-0] dhcp-server source-address 1.1.1.1
dhcp-server timeout
Use dhcp-server timeout to set the DHCP server response timeout time for DHCP server switchover.
Use undo dhcp-server timeout to restore the default.
Syntax
dhcp-server timeout time
undo dhcp-server timeout
Default
The DHCP server response timeout time is 30 seconds.
Views
Remote BAS IP pool view
Common IP pool view
Predefined user roles
network-admin
Parameters
time: Specifies the DHCP server response timeout time in the range of 1 to 65535 seconds.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the DHCP server response timeout time to 60 seconds for DHCP server switchover in remote BAS IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0 bas remote
[Sysname-ip-pool-0] dhcp-server timeout 60
Related commands
remote-server algorithm
discover-nak-count
Use discover-nak-count to set the DHCP-NAK threshold and statistic period for DHCP-NAK-triggered remote BAS IP pool switchover in an IP pool group.
Use undo discover-nak-count to restore the default.
Syntax
discover-nak-count nak-count seconds
undo discover-nak-count
Default
The relay agent forwards DHCP-DISCOVER messages to the server in the current remote BAS IP pool, regardless of how many DHCP-NAK messages it has received from that server.
Views
IP pool group view
Predefined user roles
network-admin
Parameters
nak-count: Sets the threshold on the number of DHCP-NAK responses to DHCP-DISCOVER messages. The value range for this argument is 1 to 255. If you set this argument to 1, the relay agent forwards DHCP-DISCOVER messages to the server in the next remote BAS IP pool after it receives one DHCP-NAK message from the current server.
seconds: Sets the statistic period in seconds. The value range for this argument is 1 to 180.
Usage guidelines
Some DHCP servers respond with DHCP-NAK messages to the DHCP-DISCOVER messages from clients when they have no assignable IP addresses. By default, the relay agent continues to forward DHCP-DISCOVER messages to the server, regardless of how many DHCP-NAK messages it has received from that server. If the server is in one remote BAS IP pool in an IP pool group, the relay agent does not move to the next remote BAS IP pool, if any.
For clients to obtain an IP address as soon as possible from one of the remote BAS IP pools in an IP pool group, set the DHCP-NAK threshold and statistic period to trigger remote BAS IP pool switchover.
Examples
# Set the DHCP-NAK threshold and the statistic period for triggering remote BAS IP pool switchover in IP pool group poolgroup1 to 3 and 10, respectively. If a DHCP server has returned more than three DHCP-NAK messages to DHCP-DISCOVER messages within 10 seconds, the relay agent moves to the next remote BAS IP pool.
<Sysname> system-view
[Sysname] ip pool-group poolgroup1
[Sysname-ip-pool-group-poolgroup1] discover-nak-count 3 10
dhcp smart-relay enable
Use dhcp smart-relay enable to enable the DHCP smart relay feature.
Use undo dhcp smart-relay enable to disable the DHCP smart relay feature.
Syntax
dhcp smart-relay enable
undo dhcp smart-relay enable
Default
The DHCP smart relay feature is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
|
|
CAUTION: Do not configure this command together with the dhcp relay source-address command. |
The smart relay feature allows the relay agent to use secondary IP addresses as the gateway address when the DHCP server does not reply the DHCP-OFFER message. The relay agent initially encapsulates its primary IP address to the giaddr field before forwarding a request to the DHCP server. If no DHCP-OFFER is returned after two retries, the relay agent switches to secondary IP addresses.
Without this feature, the relay agent always uses the primary IP address as the gateway address.
Examples
# Enable the DHCP smart relay feature.
<Sysname> system-view
[Sysname] dhcp smart-relay enable
Related commands
dhcp select
gateway-list
display dhcp relay client-information
Use display dhcp relay client-information to display relay entries on the relay agent.
Syntax
display dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays relay entries on the specified interface. If you do not specify an interface, this command displays relay entries on all interfaces.
ip ip-address: Displays the relay entry for the specified IP address. If you do not specify an IP address, this command displays relay entries for all IP addresses.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the specified IP address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays the relay entry for the specified IP address on the public network.
Usage guidelines
Support for the relay entry recording feature varies by user type, as follows:
· For non-WAN access users (for example, IPoE and PPPoE), the DHCP relay agent generates relay entries only after you configure the dhcp relay client-information record command.
· For WAN access users, the DHCP relay agent generates relay entries as follows:
¡ Without an authorized IP pool, the relay agent generates relay entries for WAN access users (for example, IPoE and PPPoE) automatically, which cannot be disabled.
¡ Having an authorized IP pool, the relay agent does not generate relay entries for WAN access users (for example, IPoE and PPPoE). To display the client address information for such users, execute the display dhcp server ip-in-use command on the DHCP server.
Examples
# Display all relay entries on the relay agent.
<Sysname> display dhcp relay client-information
Total number of client-information items: 2
Total number of dynamic items: 1
Total number of temporary items: 1
IP address MAC address Type Interface VPN name
10.1.1.1 00e0-0000-0001 Dynamic XGE3/1/1 N/A
10.1.1.5 00e0-0000-0000 Temporary XGE3/1/1 N/A
# Display relay entries for the specified IP address.
<Sysname> display dhcp relay client-information ip 10.1.1.1
Total number of client-information items: 1
Total number of dynamic items: 1
Total number of temporary items: 0
IP address : 10.1.1.1
MAC address : 00e0-0000-0000
Type : Dynamic
Port index : N/A
Interface : Vlan2
VPN name : N/A
Server address : 12.1.1.2
Access type : CommonV4
Outer VLAN : N/A
Inner VLAN : N/A
PPP index : 0
User ID : 0x40000001
Table 24 Command output
|
Field |
Description |
|
Total number of client-information items |
Total number of relay entries. |
|
Total number of dynamic items |
Total number of dynamic relay entries. |
|
Total number of temporary items |
Total number of temporary relay entries. |
|
IP address |
IP address of the DHCP client. |
|
MAC address |
MAC address of the DHCP client. |
|
Type |
Relay entry type: · Dynamic—The relay agent creates a dynamic relay entry upon receiving an ACK response from the DHCP server. · Temporary—The relay agent creates a temporary relay entry upon receiving a REQUEST packet from a DHCP client. |
|
Interface |
Layer 3 interface connected to the DHCP client. N/A is displayed for relay entries without interface information. |
|
VPN name |
Name of the VPN instance to which the DHCP client belongs. If the DHCP client does not belong to any VPN, this field displays N/A. |
|
Port index |
Layer 2 port that receives the DHCP request. If the request is not received through a Layer 2 port, this field displays N/A. |
|
Server address |
IP address of the DHCP server. |
|
Access type |
Access type of the DHCP client: · Commonv4—DHCP. · IPoEv4—IPoE. · PPPv4—PPP. |
|
Outer VLAN |
Outer VLAN tag contained in the DHCP request. If the request does not contain an outer VLAN tag, this field displays N/A. |
|
Inner VLAN |
Inner VLAN tag contained in the DHCP request. If the request does not contain an inner VLAN tag, this field displays N/A. |
|
PPP index |
PPP session index. If no PPP session index exists, this field displays N/A. |
|
User ID |
ID of the access user, in hexadecimal notation. |
Related commands
dhcp relay client-information record
reset dhcp relay client-information
display dhcp relay information
Use display dhcp relay information to display Option 82 configuration information for the DHCP relay agent.
Syntax
display dhcp relay information [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays Option 82 configuration information for the specified interface. If you do not specify an interface, this command displays Option 82 configuration information about all interfaces.
Examples
# Display Option 82 configuration information for all interfaces.
<Sysname> display dhcp relay information
Interface: Ten-GigabitEthernet3/1/1
Status: Enable
Strategy: Replace
Circuit ID Pattern: Verbose
Remote ID Pattern: Sysname
Circuit ID format: Undefined
Remote ID format: ASCII
Node identifier: aabbcc
Interface: Ten-GigabitEthernet3/1/2
Status: Enable
Strategy: Replace
Circuit ID Pattern: User Defined
Remote ID Pattern: User Defined
Circuit ID format: ASCII
Remote ID format: ASCII
User defined:
Circuit ID: vlan100
Remote ID: device001
Table 25 Command output
|
Field |
Description |
|
|||
|
Interface |
Interface name. |
|
|||
|
Status |
Option 82 states: · Enable—DHCP relay agent support for Option 82 is enabled. · Disable—DHCP relay agent support for Option 82 is disabled. |
||||
|
Strategy |
Handling strategy for request messages containing Option 82, Drop, Keep, or Replace. |
||||
|
Circuit ID Pattern |
Padding content mode of the Circuit ID sub-option, Verbose, Normal, or User Defined. |
||||
|
Remote ID Pattern |
Padding content mode of the Remote ID sub-option, Sysname, Normal, or User Defined. |
||||
|
Circuit ID format-type |
Padding format of the Circuit ID sub-option, ASCII, Hex, or Undefined. |
||||
|
Remote ID format-type |
Padding format of the Remote ID sub-option, ASCII, Hex, or Undefined. |
||||
|
Node identifier |
Access node identifier. |
||||
|
User defined |
Content of the user-defined sub-options. |
||||
|
Circuit ID |
User-defined content of the Circuit ID sub-option. |
||||
|
Remote ID |
User-defined content of the Remote ID sub-option. |
||||
display dhcp relay packet statistics
Use display dhcp relay packet statistics to display DHCP packet statistics on the DHCP relay agent.
Syntax
display dhcp relay packet statistics [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays DHCP packet statistics on the specified interface. If you do not specify an interface, this command displays all DHCP packet statistics on the DHCP relay agent.
Examples
# Display all DHCP packet statistics on the DHCP relay agent.
<Sysname> display dhcp relay packet statistics
DHCP packets dropped: 0
DHCP packets received from clients: 0
DHCPDISCOVER: 0
DHCPREQUEST: 0
DHCPINFORM: 0
DHCPRELEASE: 0
DHCPDECLINE: 0
BOOTPREQUEST: 0
DHCP packets received from servers: 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY: 0
DHCP packets relayed to servers: 0
DHCPDISCOVER: 0
DHCPREQUEST: 0
DHCPINFORM: 0
DHCPRELEASE: 0
DHCPDECLINE: 0
BOOTPREQUEST: 0
DHCP packets relayed to clients: 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY: 0
DHCP packets sent to servers: 0
DHCPDISCOVER: 0
DHCPREQUEST: 0
DHCPINFORM: 0
DHCPRELEASE: 0
DHCPDECLINE: 0
BOOTPREQUEST: 0
DHCP packets sent to clients: 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY: 0
Table 26 Command output
|
Field |
Description |
|
DHCP packets dropped |
Number of DHCP messages dropped by the relay agent. |
|
DHCP packets received from clients |
Number of DHCP messages received from clients. |
|
DHCP packets received from servers |
Number of DHCP messages received from servers. |
|
DHCP packets relayed to servers |
Number of DHCP messages forwarded to servers. |
|
DHCP packets relayed to clients |
Number of DHCP messages forwarded to clients. |
|
DHCP packets sent to servers |
Number of DHCP messages sent by the relay agent to servers upon periodic dynamic relay entry refreshing. |
|
DHCP packets sent to clients |
Number of unsolicited DHCP messages sent by the relay agent to clients. In the current software version, the device does not send unsolicited DHCP packets to clients when it acts as a DHCP relay agent. |
Related commands
reset dhcp relay packet statistics
display dhcp relay remote-server-info
Use display dhcp relay remote-server-info command to display the DHCP server configuration and status in the remote BAS IP pool on the DHCP relay agent.
Syntax
In standalone mode:
display dhcp relay remote-server-info [ vpn-instance vpn-name ] [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
display dhcp relay remote-server-info [ vpn-instance vpn-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. To specify DHCP servers on the public network, do not specify this option.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays DHCP server information on the active MPU. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays DHCP server information on the global active MPU. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Examples
# Display the DHCP server configuration and status in the remote BAS IP pool on the DHCP relay agent.
<Sysname> display dhcp relay remote-server-info
Remote server count: 2
Remote server: 1.1.1.1 *
RemoteSrvRefCnt: 2 State: Up
CfgNakCount: 10 CfgTimeOut: 25(s) CfgDeadCount: 0 CfgDeadTime: 3(m)
RunDeadCnt: 0 RunNakCnt: 0 RunDeadTime: 1622(s)
Remote server: 1.1.1.2
RemoteSrvRefCnt: 3 State: Up
CfgNakCount: 10 CfgTimeOut: 25(s) CfgDeadCount: 0 CfgDeadTime: 3(m)
RunDeadCnt: 0 RunNakCnt: 0 RunDeadTime: 1622(s)
Table 27 Command output
|
Field |
Description |
|
Remote server count |
Number of the DHCP servers. |
|
Remote server |
IP address of the DHCP server. The asterisk * represents the DHCP server liveness detection is configured for the DHCP server. If the detection is not configured, no asterisk is displayed. |
|
RemoteSrvRefCnt |
Number of times that the DHCP server is referenced by remote BAS IP pools. |
|
State |
State of the DHCP server: · Up—The server is available. · Down—The server is not available. · UnKnown |
|
CfgNakCount |
Maximum number of DHCP-NAK that the DHCP relay agent can receive. |
|
CfgTimeOut |
Communication failure check timer in seconds. |
|
CfgDeadCount |
Maximum number of consecutive communication failures before the relay agent marks a DHCP server as down. |
|
CfgDeadTime |
Time period in minutes for the relay agent to wait before communicating with the DHCP server. |
|
RunDeadCnt |
Number of consecutive communication failures. |
|
RunNakCnt |
Number of DHCP-NAK messages that the DHCP relay agent receives. |
|
RunDeadTime |
Dead time in seconds of the DHCPv6 server. |
Related commands
dhcp server
remote-server algorithm
remote-server
display dhcp relay server-address
Use display dhcp relay server-address to display DHCP server addresses configured on an interface.
Syntax
display dhcp relay server-address [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays DHCP server addresses on the specified interface. If you do not specify an interface, this command displays DHCP server addresses on all interfaces.
Examples
# Display DHCP server addresses on all interfaces.
<Sysname> display dhcp relay server-address
Interface name Server IP address Public/VRF name
XGE3/1/1 2.2.2.2 Y/--
# Display DHCP server addresses on Ten-GigabitEthernet 3/1/1.
<Sysname> display dhcp relay server-address interface ten-gigabitethernet 3/1/1
Active server address: 2.2.2.2
Interface name Server IP address Public/VRF name
XGE3/1/1 2.2.2.2 Y/--
Table 28 Command output
|
Field |
Description |
|
Active server address |
Active DHCP server address. The displayed value depends on the DHCP server selection algorithm configuration. · If the polling algorithm is used, this field displays all. The DHCP relay agent forwards DHCP requests to all DHCP servers. · If the master-backup algorithm is used, this field displays the IP address of the active DHCP server. The DHCP relay agent forwards DHCP requests to the master DHCP server first. |
|
Interface name |
Interface name. |
|
Server IP address |
DHCP server IP address. |
|
Public/VRF name |
Virtual network on which the DHCP server is located. The displayed value depends on the setting for the dhcp relay server-address command. · If you do not specify an MPLS L3VPN instance or the public network, this field displays --/--. · If you specify the public network, this field displays Y/--. · If you specify an MPLS L3VPN instance, this field displays --/VPN-instance-name. |
Related commands
dhcp relay server-address
gateway-list
Use gateway-list to specify gateway addresses for DHCP clients in an IP pool.
Use undo gateway-list to remove gateway addresses from an IP pool.
Syntax
gateway-list ip-address&<1-64> [ export-route ]
undo gateway-list [ ip-address&<1-64> ] [ export-route ]
Default
No gateway address is specified in an IP pool.
Views
Common IP pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-64>: Specifies a space-separated list of up to 64 addresses.
export-route: Binds the gateways to the device's MAC address in the address management module. The ARP module will use the entries to reply to ARP requests from the DHCP clients. If you do not specify this keyword, the gateways will not be bound to the device's MAC address.
Usage guidelines
|
|
CAUTION: To avoid forwarding failure, do not delete a gateway address from a gateway list if that gateway address is being used by online clients. |
DHCP clients of the same access type can be classified into different types by their locations. In this case, the relay interface typically has no IP address configured. You can use the gateway-list command to specify gateway addresses for clients matching the same IP pool and bind the gateway addresses to the device's MAC address.
Upon receiving a DHCP DISCOVER or REQUEST from a client that matches an IP pool, the relay agent processes the packet as follows:
1. Fills the giaddr field of the packet with a specified gateway address.
2. Forwards the packet to all DHCP servers in the matching IP pool.
The DHCP servers select an IP pool according to the gateway address.
Examples
# Specify gateway address 10.1.1.1 in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0
[Sysname-ip-pool-0] gateway-list 10.1.1.1
Related commands
dhcp smart-relay enable
master-server switch-delay
Use master-server switch-delay to enable the switchback to the master DHCP server and set the switchback delay time.
Use undo master-server switch-delay to restore the default.
Syntax
master-server switch-delay delay-time
undo master-server switch-delay
Default
The DHCP relay agent does not switch back to the master DHCP server.
Views
Remote BAS IP pool view
Common IP pool view
Predefined user roles
network-admin
Parameters
delay-time: Specifies the delay time in the range of 1 to 65535 minutes.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the DHCP relay agent to switch back to the master DHCP server 3 minutes after it switches to a backup DHCP server in IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0 bas remote
[Sysname-ip-pool-0] master-server switch-delay 3
Related commands
remote-server algorithm
remote-server algorithm
Use remote-server algorithm to specify the DHCP server selection algorithm.
Use undo remote-server algorithm to restore the default.
Syntax
remote-server algorithm { master-backup | polling }
undo remote-server algorithm
Default
The polling algorithm is used. The DHCP relay agent forwards DHCP requests to all DHCP servers at the same time.
Views
Remote BAS IP pool view
Common IP pool view
Predefined user roles
network-admin
Parameters
master-backup: Forwards DHCP requests to the master DHCP server first. If the master server is not available or does not have assignable IP addresses, the relay agent forwards DHCP requests to backup DHCP servers in the order they are specified.
polling: Forwards DHCP requests to all DHCP servers at the same time.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify master-backup as the DHCP server selection algorithm in remote BAS IP pool 0.
<Sysname> system-view
[Sysname] ip pool 0 bas remote
[Sysname-ip-pool-0] remote-server algorithm master-backup
Related commands
dhcp relay server-address algorithm
dhcp server
dhcp-server timeout
display dhcp relay remote-server-info
master-server switch-delay
remote-server
reset dhcp relay client-information
Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent.
Syntax
reset dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Clears relay entries on the specified interface. If you do not specify an interface, this command clears relay entries on all interfaces.
ip ip-address: Clears the relay entry for the specified IP address. If you do not specify an IP address, this command clears relay entries for all IP addresses.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the specified IP address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears the relay entry for the specified IP address on the public network.
Examples
# Clear all relay entries on the DHCP relay agent for the public network.
<Sysname> reset dhcp relay client-information
Related commands
display dhcp relay client-information
reset dhcp relay packet statistics
Use reset dhcp relay packet statistics to clear packet statistics on the DHCP relay agent.
Syntax
reset dhcp relay packet statistics [ interface interface-type interface-number ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears packet statistics on all DHCP relay agents.
Examples
# Clear DHCP relay agent packet statistics.
<Sysname> reset dhcp relay packet statistics
Related commands
display dhcp relay packet statistics
DHCP client commands
dhcp client dad enable
Use dhcp client dad enable to enable duplicate address detection.
Use undo dhcp client dad enable to disable duplicate address detection.
Syntax
dhcp client dad enable
undo dhcp client dad enable
Default
Duplicate address detection is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply. This makes the client unable to use the IP address assigned by the server. As a best practice, disable duplicate address detection when ARP attacks exist on the network.
Examples
# Enable the duplicate address.
<Sysname> system-view
[Sysname] dhcp client dad enable
dhcp client dscp
Use dhcp client dscp to set the DSCP value for DHCP packets sent by the DHCP client.
Use undo dhcp client dscp to restore the default.
Syntax
dhcp client dscp dscp-value
undo dhcp client dscp
Default
The DSCP value is 56 in DHCP packets sent by the DHCP client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value to 30 for DHCP packets sent by the DHCP client.
<Sysname> system-view
[Sysname] dhcp client dscp 30
dhcp client identifier
Use dhcp client identifier to configure a DHCP client ID for an interface.
Use undo dhcp client identifier to restore the default.
Syntax
dhcp client identifier { ascii ascii-string | hex hex-string | mac interface-type interface-number }
undo dhcp client identifier
Default
An interface generates the DHCP client ID based on its MAC address. If the interface has no MAC address, it uses the MAC address of the first Ethernet interface to generate its client ID.
Views
Interface view
Predefined user roles
network-admin
Parameters
ascii ascii-string: Specifies a case-sensitive ASCII string of 1 to 63 characters as the client ID.
hex hex-string: Specifies a hexadecimal number of 4 to 64 characters as the client ID.
mac interface-type interface-number: Uses the MAC address of the specified interface as a DHCP client ID. The interface-type interface-number argument specifies an interface by its type and number.
Usage guidelines
A DHCP client ID is added to the DHCP option 61. A DHCP server can specify IP addresses for clients based on the DHCP client ID. You can specify a DHCP client ID by performing one of the following operations:
· Naming an ASCII string or hexadecimal number as the client ID.
· Using the MAC address of an interface to generate a client ID.
Whichever method you use, make sure the IDs for different DHCP clients are unique.
Examples
# Use the MAC address of Ten-GigabitEthernet 3/1/2 as the DHCP client ID for Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp client identifier mac ten-gigabitethernet 3/1/2
Related commands
display dhcp client
display dhcp client
Use display dhcp client to display DHCP client information.
Syntax
display dhcp client [ verbose ] [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays detailed DHCP client information. If you do not specify this keyword, the command displays brief DHCP client information.
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays DHCP client information on all interfaces.
Examples
# Display brief DHCP client information on all interfaces.
<Sysname> display dhcp client
Ten-GigabitEthernet3/1/1 DHCP client information:
Current state: BOUND
Allocated IP: 40.1.1.20 255.255.255.0
Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds
DHCP server: 40.1.1.2
# Display detailed DHCP client information on all interfaces.
<Sysname> display dhcp client verbose
Ten-GigabitEthernet3/1/1 DHCP client information:
Current state: BOUND
Allocated IP: 40.1.1.20 255.255.255.0
Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds
Lease from May 21 19:00:29 2012 to May 31 19:00:29 2012
DHCP server: 40.1.1.2
Transaction ID: 0x1c09322d
Default router: 40.1.1.2
Classless static routes:
Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16
Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16
DNS servers: 44.1.1.11 44.1.1.12
Domain name: example.com
Boot servers: 200.200.200.200 1.1.1.1
ACS parameter:
URL: https://192.168.1.1:7547/acs
Username: bims
Password: ******
Client ID type: acsii(type value=00)
Client ID value: 000c.29d3.8659-XGE3/1/1
Client ID (with type) hex: 0030-3030-632e-3239-
6433-2e38-3635-392d-
4574-6830-2f30-2f32
T1 will timeout in 1 day 11 hours 58 minutes 52 seconds.
Table 29 Command output
|
Field |
Description |
|
DHCP client information |
Information about the interface that acts as the DHCP client. |
|
Current state |
Current state of the DHCP client: · HALT—The client stops applying for an IP address. · INIT—The initialization state. · SELECTING—The client has sent out a DHCP-DISCOVER message in search for a DHCP server and is waiting for the response from DHCP servers. · REQUESTING—The client has sent out a DHCP-REQUEST message requesting for an IP address and is waiting for the response from DHCP servers. · BOUND—The client has received the DHCP-ACK message from a DHCP server and obtained an IP address successfully. · RENEWING—The T1 timer expires. · REBOUNDING—The T2 timer expires. |
|
Allocated IP |
IP address allocated by the DHCP server. |
|
Allocated lease |
Allocated lease time. |
|
T1 |
1/2 lease time (in seconds) of the DHCP client IP address. |
|
T2 |
7/8 lease time (in seconds) of the DHCP client IP address. |
|
Lease from….to…. |
Start and end time of the lease. |
|
DHCP server |
DHCP server IP address that assigned the IP address. |
|
Transaction ID |
Transaction ID, a random number chosen by the client to identify an IP address allocation. |
|
Default router |
Gateway address assigned to the client. |
|
Classless static routes |
Classless static routes assigned to the client. |
|
Static routes |
Classful static routes assigned to the client. |
|
DNS servers |
DNS server address assigned to the client. |
|
Domain name |
Domain name suffix assigned to the client. |
|
Boot servers |
PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43. |
|
ACS parameter |
Parameters about the ACS. |
|
URL |
URL of the ACS. |
|
Username |
Username for logging in to the ACS. |
|
Password |
Password for logging in to the ACS. If a password is configured, this field displays ******. If no password is configured, this field is not displayed. |
|
Client ID type |
DHCP client ID type: · If an ASCII string is used as the client ID value, the type value is 00. · If the MAC address of a specific interface is used as the client ID value, the type value is 01. · If a hexadecimal number is used as the client ID value, the type value is the first two characters in the string. |
|
Client ID value |
Value of the DHCP client ID. |
|
Client ID (with type) hex |
DHCP client ID with the type field, a hexadecimal number. |
|
T1 will timeout in 1 day 11 hours 58 minutes 52 seconds. |
How long the T1 (1/2 lease time) timer will timeout. |
Related commands
dhcp client identifier
ip address dhcp-alloc
ip address dhcp-alloc
Use ip address dhcp-alloc to configure an interface to use DHCP for IP address acquisition.
Use undo ip address dhcp-alloc to cancel an interface from using DHCP.
Syntax
ip address dhcp-alloc
undo ip address dhcp-alloc
Default
An interface does not use DHCP for IP address acquisition.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. This situation can occur when a subinterface obtained an IP address through DHCP, and the shutdown command is executed on its primary interface. The subinterface will fail to send a DHCP-RELEASE message.
Examples
# Configure Ten-GigabitEthernet 3/1/1 to use DHCP for IP address acquisition.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] ip address dhcp-alloc
DHCP snooping commands
DHCP snooping works between the DHCP client and the DHCP server or between the DHCP client and the relay agent. DHCP snooping does not work between the DHCP server and the DHCP relay agent.
dhcp snooping binding database filename
Use dhcp snooping binding database filename to configure the DHCP snooping device to back up DHCP snooping entries to a file.
Use undo dhcp snooping binding database filename to restore the default.
Syntax
dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } string ] ] }
undo dhcp snooping binding database filename
Default
The DHCP snooping device does not back up DHCP snooping entries.
Views
System view
Predefined user roles
network-admin
Parameters
filename: Specifies the name of a local backup file. For information about the filename argument, see Fundamentals Configuration Guide.
url url: Specifies the URL of a remote backup file, a case-sensitive string of 1 to 255 characters. Do not include a username or password in the URL. Supported path format type varies by server.
username username: Specifies the username for accessing the URL of the remote backup file, a case-sensitive string of 1 to 32 characters. Do not specify this option if a username is not required for accessing the URL.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters. Do not specify this argument if a password is not required for accessing the URL of the remote backup file.
Usage guidelines
This command automatically creates the file if you specify a nonexistent file.
With this command executed, the DHCP snooping device backs up DHCP snooping entries immediately and runs auto backup. The DHCP snooping device, by default, waits 300 seconds after a DHCP snooping entry change to update the backup file. To change the waiting period, use the dhcp snooping binding database update interval command. If no DHCP snooping entry changes, the backup file is not updated.
As a best practice, back up the DHCP snooping entries to a remote file. If you use the local storage medium, the frequent erasing and writing might damage the medium and then cause the DHCP snooping device to malfunction.
When the file is on a remote device, follow these restrictions and guidelines to specify the URL, username, and password:
· If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file path, where the port number is optional.
· If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file path, where the port number is optional.
· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.
· If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[1::1]/database.dhcp.
· You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp.
Examples
# Configure the DHCP snooping device to back up DHCP snooping entries to file database.dhcp.
<Sysname> system-view
[Sysname] dhcp snooping binding database filename database.dhcp
# Configure the DHCP snooping device to back up DHCP snooping entries to file database.dhcp in the working directory of the FTP server at 10.1.1.1.
<Sysname> system-view
[Sysname] dhcp snooping binding database filename url ftp://10.1.1.1/database.dhcp username 1 password simple 1
# Configure the DHCP snooping device to back up DHCP snooping entries to file database.dhcp in the working directory of the TFTP server at 10.1.1.1.
<Sysname> system-view
[Sysname] dhcp snooping binding database filename url tftp://10.1.1.1/database.dhcp
dhcp snooping binding database update interval
dhcp snooping binding database update interval
Use dhcp snooping binding database update interval to set the waiting time for the DHCP snooping device to update the backup file after a DHCP snooping entry change.
Use undo dhcp snooping binding database update interval to restore the default.
Syntax
dhcp snooping binding database update interval interval
undo dhcp snooping binding database update interval
Default
The DHCP snooping device waits 300 seconds to update the backup file after a DHCP snooping entry change. If no DHCP snooping entry changes, the backup file is not updated.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the waiting time in seconds, in the range of 60 to 864000.
Usage guidelines
When a DHCP snooping entry is learned, updated, or removed, the waiting period starts. The DHCP snooping device updates the backup file when the waiting period is reached. All changed entries during the period will be saved to the backup file.
The waiting time takes effect only after you configure the DHCP snooping entry auto backup by using the dhcp snooping binding database filename command.
Examples
# Set the waiting time to 600 seconds for the DHCP snooping device to update the backup file.
<Sysname> system-view
[Sysname] dhcp snooping binding database update interval 600
Related commands
dhcp snooping binding database filename
dhcp snooping binding database update now
Use dhcp snooping binding database update now to manually save DHCP snooping entries to the backup file.
Syntax
dhcp snooping binding database update now
Views
System view
Predefined user roles
network-admin
Usage guidelines
Each time this command is executed, the DHCP snooping entries are saved to the backup file.
This command takes effect only after you configure the DHCP snooping auto backup by using the dhcp snooping binding database filename command.
Examples
# Manually save DHCP snooping entries to the backup file.
<Sysname> system-view
[Sysname] dhcp snooping binding database update now
Related commands
dhcp snooping binding database filename
dhcp snooping binding record
Use dhcp snooping binding record to enable recording of client information in DHCP snooping entries.
Use undo dhcp snooping binding record to disable recording of client information in DHCP snooping entries.
Syntax
dhcp snooping binding record
undo dhcp snooping binding record
Default
DHCP snooping does not record client information.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This command enables DHCP snooping on the port directly connecting to the clients to record client information in DHCP snooping entries.
Examples
# Enable the recording of client information in DHCP snooping entries on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping binding record
dhcp snooping check mac-address
Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping.
Use undo dhcp snooping check mac-address to disable MAC address check for DHCP snooping.
Syntax
dhcp snooping check mac-address
undo dhcp snooping check mac-address
Default
MAC address check for DHCP snooping is disabled.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Layer 3 Ethernet interface/Layer 3 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server. If they are not the same, DHCP snooping discards the DHCP request.
Examples
# Enable MAC address check for DHCP snooping.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping check mac-address
dhcp snooping check request-message
Use dhcp snooping check request-message to enable DHCP-REQUEST check for DHCP snooping.
Use undo dhcp snooping check request-message to disable DHCP-REQUEST check for DHCP snooping.
Syntax
dhcp snooping check request-message
undo dhcp snooping check request-message
Default
DHCP-REQUEST check for DHCP snooping is disabled.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This feature prevents unauthorized clients that forge DHCP-REQUEST packets from attacking the DHCP server.
With this feature enabled, DHCP snooping looks for a matching DHCP snooping entry for each received DHCP-REQUEST message.
· If a match is found, DHCP snooping compares the entry with the message. If they have consistent information, DHCP snooping considers the packet valid and forwards it to the DHCP server. If they have different information, DHCP snooping considers the message invalid and discards it.
· If no match is found, DHCP snooping forwards the message to the DHCP server.
Examples
# Enable DHCP-REQUEST check for DHCP snooping.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping check request-message
dhcp snooping deny
Use dhcp snooping deny to configure a port as DHCP packet blocking port.
Use undo dhcp snooping deny to restore the default.
Syntax
dhcp snooping deny
undo dhcp snooping deny
Default
A port does not block DHCP requests.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
|
|
CAUTION: To avoid IP address acquisition failure, configure a port to block DHCP packets only if no DHCP clients are attached to it. |
To enable a port on the snooping device to drop all incoming DHCP requests, configure that port as a DHCP packet blocking port.
Examples
# Configure Ten-GigabitEthernet 3/1/1 as a DHCP packet blocking port.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping deny
dhcp snooping enable
Use dhcp snooping enable to enable DHCP snooping.
Use undo dhcp snooping enable to disable DHCP snooping.
Syntax
dhcp snooping enable
undo dhcp snooping enable
Default
DHCP snooping is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use the DHCP snooping feature together with the trusted port configuration. Trusted ports forward responses from DHCP servers and untrusted ports discard responses from DHCP servers. This mechanism ensures that DHCP clients obtain IP addresses from authorized DHCP servers.
When DHCP snooping is disabled, all ports on the device forward responses from DHCP servers.
Examples
# Enable DHCP snooping.
<Sysname> system-view
[Sysname] dhcp snooping enable
dhcp snooping information circuit-id
Use dhcp snooping information circuit-id to configure the padding mode and padding format for the Circuit ID sub-option.
Use undo dhcp snooping information circuit-id to restore the default.
Syntax
dhcp snooping information circuit-id { [ vlan vlan-id ] string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }
undo dhcp snooping information circuit-id [ vlan vlan-id ]
Default
The padding mode is normal and the padding format is hex.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan vlan-id: Pads the Circuit ID sub-option for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the Circuit ID sub-option for packets received from the default VLAN.
string circuit-id: Specifies the string mode, in which the padding content for the Circuit ID sub-option is a case-sensitive string of 3 to 63 characters.
normal: Specifies the normal mode. The padding content includes the VLAN ID and interface number.
verbose: Specifies the verbose mode. The padding content includes the node identifier, interface information, and VLAN ID. The default node identifier is the MAC address of the access node. The default interface information consists of the Ethernet type (fixed to eth), chassis number, slot number, sub-slot number, and interface number.
node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier.
· mac: Uses the MAC address of the access node as the node identifier.
· sysname: Uses the device name as the node identifier. You can set the device name by using the sysname command in system view. The padding format for the device name is always ASCII regardless of the specified padding format. If you specify this keyword, do not include any spaces when you set the device name. Otherwise, the DHCP snooping device fails to add or replace Option 82.
· user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node identifier. The padding format for the specified character string is always ASCII regardless of the specified padding format.
format: Specifies the padding format for the Circuit ID sub-option.
ascii: Specifies the ASCII padding format.
hex: Specifies the hex padding format.
Usage guidelines
The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For more information about interface splitting and subinterfaces, see Interface Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
The padding format for the string mode, the normal mode, or the verbose mode varies by command configuration. Table 30 shows how the padding format is determined for different modes.
Table 30 Padding format for different modes
|
Keyword (mode) |
If no padding format is set |
If the padding format is ascii |
If the padding format is hex |
|
string circuit-id |
The padding format is always ASCII, and is not configurable. |
N/A |
N/A |
|
normal |
Hex. |
ASCII. |
Hex. |
|
verbose |
Hex for the VLAN ID. ASCII for the node identifier, Ethernet type, chassis number, slot number, sub-slot number, and interface number. |
ASCII. |
ASCII for the node identifier and Ethernet type. Hex for the chassis number, slot number, sub-slot number, interface number, and VLAN ID. |
Examples
# Configure verbose as the padding mode, device name as the node identifier, and ASCII as the padding format for the Circuit ID sub-option.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping information enable
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping information strategy replace
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping information circuit-id verbose node-identifier sysname format ascii
Related commands
dhcp snooping information enable
dhcp snooping information strategy
display dhcp snooping information
dhcp snooping information enable
Use dhcp snooping information enable to enable DHCP snooping to support Option 82.
Use undo dhcp snooping information enable to disable this feature.
Syntax
dhcp snooping information enable
undo dhcp snooping information enable
Default
DHCP snooping does not support Option 82.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This command enables DHCP snooping to add Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp snooping information circuit-id and dhcp snooping information remote-id commands. If the received DHCP request packets contain Option 82, DHCP snooping handles the packets according to the strategy configured by the dhcp snooping information strategy command.
Examples
# Enable DHCP snooping to support Option 82.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping information enable
Related commands
dhcp snooping information circuit-id
dhcp snooping information remote-id
dhcp snooping information strategy
dhcp snooping information remote-id
Use dhcp snooping information remote-id to configure the padding mode and padding format for the Remote ID sub-option.
Use undo dhcp snooping information remote-id to restore the default.
Syntax
dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { string remote-id | sysname } }
undo dhcp snooping information remote-id [ vlan vlan-id ]
Default
The padding mode is normal and the padding format is hex.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan vlan-id: Pads the Remote ID sub-option for packets received from the specified VLAN. If you do not specify a VLAN, the device pads the Remote ID sub-option for packets received from the default VLAN.
string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as the content of the Remote ID sub-option.
sysname: Specifies the sysname mode that uses the device name as the Remote ID sub-option. You can configure the device name by using the sysname command in system view.
normal: Specifies the normal mode. The padding content is the bridge MAC address of the device. For more information about the bridge MAC address, see IRF in Virtual Technologies Configuration Guide.
format: Specifies the padding format for the Remote ID sub-option. The default padding format is hex.
ascii: Specifies the ASCII padding format.
hex: Specifies the hex padding format.
Usage guidelines
DHCP snooping uses ASCII to pad the specified string or device name for the Remote ID sub-option. The padding format for the normal padding mode is determined by the command configuration.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Pad the Remote ID sub-option with a character string of device001.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping information enable
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping information strategy replace
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping information remote-id string device001
Related commands
dhcp snooping information enable
dhcp snooping information strategy
display dhcp snooping information
dhcp snooping information strategy
Use dhcp snooping information strategy to configure the handling strategy for Option 82 in request messages.
Use undo dhcp snooping information strategy to restore the default.
Syntax
dhcp snooping information strategy { drop | keep | replace }
undo dhcp snooping information strategy
Default
The handling strategy for Option 82 in request messages is replace.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
drop: Drops DHCP messages that contain Option 82.
keep: Keeps the original Option 82 intact and forwards the DHCP messages.
replace: Replaces the original Option 82 with the configured Option 82 before forwarding the DHCP messages.
Usage guidelines
This command takes effect only on DHCP requests that contain Option 82. For DHCP requests that do not contain Option 82, the DHCP snooping device always adds Option 82 into the requests before forwarding them to the DHCP server.
If the handling strategy is replace, configure a padding mode and a padding format for Option 82. If the handling strategy is keep or drop, you do not need to configure a padding mode or padding format for Option 82.
Examples
# Specify the handling strategy for Option 82 in request messages as keep.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping information enable
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping information strategy keep
Related commands
dhcp snooping information circuit-id
dhcp snooping information remote-id
dhcp snooping log enable
Use dhcp snooping log enable to enable DHCP snooping logging.
Use undo dhcp snooping log enable to disable DHCP snooping logging.
Syntax
dhcp snooping log enable
undo dhcp snooping log enable
Default
DHCP snooping logging is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the DHCP snooping device to generate DHCP snooping logs and send them to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.
As a best practice, disable this feature if the log generation affects the device performance.
Examples
# Enable DHCP snooping logging.
<Sysname> system-view
[Sysname] dhcp snooping log enable
dhcp snooping max-learning-num
Use dhcp snooping max-learning-num to set the maximum number of DHCP snooping entries that an interface can learn.
Use undo dhcp snooping max-learning-num to restore the default.
Syntax
dhcp snooping max-learning-num max-number
undo dhcp snooping max-learning-num
Default
The maximum number of DHCP snooping entries for an interface to learn is unlimited.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Layer 3 Ethernet interface/Layer 3 aggregate interface view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of DHCP snooping entries for an interface to learn. The value range for this argument is 1 to 4294967295.
Usage guidelines
When an interface learns the maximum number of DHCP snooping entries, the interface stops learning DHCP snooping entries. This does not affect the operating of the DHCP snooping feature.
Examples
# Allow Layer 2 Ethernet interface Ten-GigabitEthernet 3/1/1 to learn a maximum of 10 DHCP snooping entries.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping max-learning-num 10
dhcp snooping trust
Use dhcp snooping trust to configure a port as a trusted port.
Use undo dhcp snooping trust to restore the default state of a port.
Syntax
dhcp snooping trust
undo dhcp snooping trust
Default
After you enable DHCP snooping, all ports are untrusted.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Layer 3 Ethernet interface/Layer 3 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
Specify the ports facing the DHCP server as trusted ports and specify the other ports as untrusted ports so DHCP clients can obtain valid IP addresses.
Examples
# Specify Layer 2 Ethernet interface Ten-GigabitEthernet 3/1/1 as a trusted port.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] dhcp snooping trust
display dhcp snooping trust
display dhcp snooping binding
Use display dhcp snooping binding to display DHCP snooping entries.
Syntax
display dhcp snooping binding [ ip ip-address [ vlan vlan-id ] ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip ip-address: Displays the DHCP snooping entry for the specified IP address. If you do not specify an IP address, this command displays DHCP snooping entries for all IP addresses.
vlan vlan-id: Specifies the VLAN ID where the IP address resides. If you do not specify a VLAN, this command displays DHCP snooping entries for the IP address in all VLANs.
verbose: Displays detailed information about DHCP snooping entries. If you do not specify this keyword, the command displays brief information about DHCP snooping entries.
Examples
# Display brief information about DHCP snooping entries.
<Sysname> display dhcp snooping binding
2 DHCP snooping entries found
IP address MAC address Lease VLAN SVLAN Interface
=============== ============== ============ ===== ===== =================
1.1.1.7 0000-0101-0107 16907533 2 3 XGE3/1/1
1.1.1.11 0000-0101-010b 16907537 2 3 XGE3/1/3
# Display detailed information about DHCP snooping entries.
<Sysname> display dhcp snooping binding verbose
IP address: 1.1.1.7
MAC address: 0000-0101-0107
Lease: 16907553 seconds
VLAN: 2
SVLAN: 3
Interface: Ten-GigabitEthernet3/1/1
Parameter request list: 03 06 21
IP address: 1.1.1.104
MAC address: 0000-0101-010b
Lease: 16907537 seconds
VLAN: 2
SVLAN: 3
Interface: Ten-GigabitEthernet3/1/3
Parameter request list: 37 0B 01 0F 03 06 2C 2E 2F 1F 21 F9 2B
Table 31 Command output
|
Field |
Description |
|
DHCP snooping entries found |
Number of DHCP snooping entries. |
|
IP address |
IP address assigned to the DHCP client. |
|
MAC address |
MAC address of the DHCP client. |
|
Lease |
Remaining lease duration in seconds. |
|
VLAN |
When both DHCP snooping and QinQ are enabled or the DHCP packet contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCP client resides. |
|
SVLAN |
When both DHCP snooping and QinQ are enabled or the DHCP packet contains two VLAN tags, this field identifies the inner VLAN tag. Otherwise, it displays N/A. |
|
Interface |
Port connected to the DHCP client. |
|
Parameter request list |
Parameters requested by the DHCP client. |
dhcp snooping enable
reset dhcp snooping binding
display dhcp snooping binding database
Use display dhcp snooping binding database to display information about DHCP snooping entry auto backup.
Syntax
display dhcp snooping binding database
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about DHCP snooping entry auto backup.
<Sysname> display dhcp snooping binding database
File name : database.dhcp
Username :
Password :
Update interval : 600 seconds
Latest write time : Feb 27 18:48:04 2012
Status : Last write succeeded.
Table 32 Command output
|
Field |
Description |
|
File name |
Name of the DHCP snooping entry backup file. |
|
Username |
Username for accessing the URL of the remote backup file. |
|
Password |
Password for accessing the URL of the remote backup file. This field displays ****** if a password is configured. |
|
Update interval |
Waiting time in seconds after a DHCP snooping entry change for the DHCP snooping device to update the backup file. |
|
Latest write time |
Time of the latest update. |
|
Status |
Update state: · Writing—The backup file is being updated. · Last write succeeded—The backup file was successfully updated. · Last write failed—The backup file failed to be updated. |
display dhcp snooping information
Use display dhcp snooping information to display Option 82 configuration on the DHCP snooping device.
Syntax
display dhcp snooping information { all | interface interface-type interface-number }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays Option 82 configuration on all Layer 2 Ethernet interfaces.
interface interface-type interface-number: Specifies an interface by its type and number.
Examples
# Display Option 82 configuration on all interfaces.
<Sysname> display dhcp snooping information all
Interface: Bridge-Aggregation1
Status: Disable
Strategy: Drop
Circuit ID:
Padding format: User Defined
User defined: abcd
Format: ASCII
Remote ID:
Padding format: Normal
Format: ASCII
VLAN 10:
Circuit ID: abcd
Remote ID: company
Table 33 Command output
|
Field |
Description |
|
Interface |
Interface name. |
|
Status |
Option 82 status, Enable or Disable. |
|
Strategy |
Handling strategy for DHCP requests that contain Option 82, Drop, Keep, or Replace. |
|
Circuit ID |
Content of the Circuit ID sub-option. |
|
Padding format |
Padding format of Option 82: · For Circuit ID sub-option, the padding format can be Normal, User Defined, Verbose (sysname), Verbose (MAC), or Verbose (user defined). · For Remote ID sub-option, the padding format can be Normal, Sysname, or User Defined. |
|
Node identifier |
Access node identifier. |
|
User defined |
Content of the user-defined sub-option. |
|
Format |
Code type of Option 82 sub-option: · For Circuit ID sub-option, the code type can be ASCII, Default, or Hex. · For Remote ID sub-option, the code type can be ASCII or Hex. |
|
Remote ID |
Content of the Remote ID sub-option. |
|
VLAN |
Pads Circuit ID sub-option and Remote ID sub-option in the DHCP packets received in the specified VLAN. |
display dhcp snooping packet statistics
Use display dhcp snooping packet statistics to display DHCP packet statistics for DHCP snooping.
Syntax
In standalone mode:
display dhcp snooping packet statistics [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
display dhcp snooping packet statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by the slot number. If you do not specify a card, this command displays DHCP packet statistics on the active MPU. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays DHCP packet statistics on the global active MPU. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Examples
# Display DHCP packet statistics for DHCP snooping.
<Sysname> display dhcp snooping packet statistics
DHCP packets received : 100
DHCP packets sent : 200
Invalid DHCP packets dropped : 0
reset dhcp snooping packet statistics
display dhcp snooping trust
Use display dhcp snooping trust to display information about trusted ports.
Syntax
display dhcp snooping trust
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about trusted ports.
<Sysname> display dhcp snooping trust
DHCP snooping is enabled.
Interface Trusted
========================= ============
Ten-GigabitEthernet3/1/1 Trusted
dhcp snooping trust
reset dhcp snooping binding
Use reset dhcp snooping binding to clear DHCP snooping entries.
Syntax
reset dhcp snooping binding { all | ip ip-address [ vlan vlan-id ] }
Views
User view
Predefined user roles
network-admin
Parameters
all: Clears all DHCP snooping entries.
ip ip-address: Clears the DHCP snooping entry for the specified IP address.
vlan vlan-id: Clears DHCP snooping entries for the specified VLAN. If you do not specify a VLAN, this command clears DHCP snooping entries for the default VLAN.
Usage guidelines
This command applies to all slots on a distributed device.
Examples
# Clear all DHCP snooping entries.
<Sysname> reset dhcp snooping binding all
display dhcp snooping binding
reset dhcp snooping packet statistics
Use reset dhcp snooping packet statistics to clear DHCP packet statistics for DHCP snooping.
Syntax
In standalone mode:
reset dhcp snooping packet statistics [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
reset dhcp snooping packet statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by the slot number. If you do not specify a card, this command clears DHCP packet statistics on the active MPU. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears DHCP packet statistics on the global active MPU. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Examples
# Clear DHCP packet statistics for DHCP snooping.
<Sysname> reset dhcp snooping packet statistics
Related commands
display dhcp snooping packet statistics
BOOTP client commands
display bootp client
Use display bootp client to display information about a BOOTP client.
Syntax
display bootp client [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays BOOTP client information on all interfaces.
Examples
# Display BOOTP client information on Ten-GigabitEthernet 3/1/1.
<Sysname> display bootp client interface ten-gigabitethernet 3/1/1
Ten-GigabitEthernet3/1/1 BOOTP client information:
Allocated IP: 169.254.0.2 255.255.0.0
Transaction ID: 0x3d8a7431
MAC Address: 00e0-fc0a-c3ef
Table 34 Command output
|
Field |
Description |
|
BOOTP client information |
Information about the interface that acts as a BOOTP client. |
|
Allocated IP |
BOOTP client's IP address allocated by the BOOTP server. |
|
Transaction ID |
Value of the XID field in a BOOTP message. The BOOTP client chooses a random number for the XID field when sending a BOOTP request to the BOOTP server. It is used to match a response message from the BOOTP server. If the values of the XID field are different in the BOOTP response and request, the BOOTP client drops the BOOTP response. |
|
Mac Address |
MAC address of a BOOTP client. |
ip address bootp-alloc
ip address bootp-alloc
Use ip address bootp-alloc to configure an interface to use BOOTP for IP address acquisition.
Use undo ip address bootp-alloc to cancel an interface from using BOOTP.
Syntax
ip address bootp-alloc
undo ip address bootp-alloc
Default
An interface does not use BOOTP for IP address acquisition.
Views
Interface view
Predefined user roles
network-admin
Examples
# Configure Ten-GigabitEthernet 3/1/1 to use BOOTP for IP address acquisition.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] ip address bootp-alloc
Related commands
display bootp client
