288 CHAPTER 17: NETWORK PROTOCOL OPERATION
to DHCP servers by DHCP clients through unicast when the DHCP clients release IP
addresses, the user address entries maintained by the DHCP cannot be updated in
time. The dynamic user address entry updating function is developed to resolve this
problem.
The dynamic user address entry updating function works as follows: at regular
intervals, the DHCP relay sends a DHCP-REQUEST packet that carries the IP address
assigned to a DHCP client and its own MAC address to the corresponding DHCP
server. If the DHCP server answers with a DHCP-ACK packet, the IP address is
available (it can be assigned again) and the DHCP relay ages out the corresponding
entry in the user address table. If the DHCP server answers with a DHCP-NAK packet,
the IP address is still in use (the lease is not expired) and the DHCP relay remains the
corresponding user address entry unchanged.
Enabling/Disabling the DHCP Security Feature on the VLAN interface
Enabling DHCP security features will start the address validity check on the VLAN
interface; disabling DHCP security features will cancel the address validity check.
Perform the following configuration in VLAN Interface View.
By default, the DHCP security feature is disabled on the VLAN interface.
Option 82 Supporting
Configuration
This section contains supporting configuration information for Option 82.
Prerequisites Before configuring option 82 supporting on a DHCP relay, make sure that:
The DHCP relay is configured and operates properly.
The DHCP server operates properly. Address allocation policy-related
configurations (such as address pools and the lease time) are performed.
The routes between the DHCP relay and the DHCP server are reachable.
Enabling Option 82
Supporting on a DHCP
Relay
The following operations are expected to be performed on a DHCP relay-enabled
network device.
Table285 Configure the dynamic user address entry updating function
Operation Command Description
Enter system view system-view -
Set the interval to
update DHCP user
address entries
dhcp-security tracker
{ interval | auto }
Optional
By default, the update interval is automatically
determined by the number of DHCP user
address entries.
Only S5500-EI series switches among S5500
series switches support this configuration.
Table286 Enabling/Disabling DHCP Security Feature on the VLAN Interface
Operation Command
Enable DHCP security feature on VLAN interface address-check enable
Disable DHCP security feature on VLAN interface address-check disable
Table287 Enable option 82 supporting on a DHCP relay
Operation Command Description
Enter system view system-view -