DHCP Security Configuration 137
Customizing DHCP
Service
With the evolution of DHCP, new options are constantly coming into being. You can
add the new options as the properties of DHCP servers by performing the following
configuration.
DHCP Security Configuration
DHCP security configuration is needed to ensure the security of DHCP service.
Prerequisites Before configuring DHCP security, you should first complete the DHCP server
configuration (either global address pool-based or interface address pool-based DHCP
server configuration).
Configuring Private
DHCP Server Detecting
A private DHCP server on a network also answers IP address request packets and
assigns IP addresses to DHCP clients. However, the IP addresses they assigned may
conflict with those of other hosts and cause users cannot normally access networks.
This kind of DHCP servers are known as private DHCP servers.
With the private DHCP server detecting function enabled, a DHCP server tracks the
information (such as the IP addresses and interfaces) of DHCP servers to enable the
administrator to detect private DHCP servers in time and take proper measures.
Configuring IP Address
Detecting
To avoid IP address conflicts caused by assigning the same IP address to multiple
DHCP clients simultaneously, you can configure a DHCP server to detect an IP address
before it assigns the address to a DHCP client.
IP address detecting is achieved by performing ping operations. To detect whether or
not an IP address is currently in use, the DHCP server sends an ICMP (Internet Control
Message Protocol) packet with the IP address to be assigned as the destination and
waits for a response. If the DHCP server receives no response within a specified time,
it resends an ICMP packet. This procedure repeats on and on until the DHCP server
Table126 Customize DHCP service
Operation Command Description
Enter system view system-view -
Configure customized
options
Configure for
the current
interface
interface interface-type
interface-number
Required
By default, no
customized option
is configured.
dhcp server option code { ascii
ascii-string | hex
hex-string&<1-10> | ip-address
ip-address&<1-8> }
quit
Configure for
multiple
interfaces
dhcp server option code { ascii
ascii-string | hex
hex-string&<1-10> | ip-address
ip-address&<1-8> } { interface
interface-type interface-number [
to interface-type
interface-number ] | all }
Table127 Enable private DHCP server detecting
Operation Command Description
Enter system view system-view -
Enable the private DHCP
server detecting function
dhcp server
detect
Required
By default, the private DHCP server detecting
function is disabled.