To do…

Use the command…

Remarks

Set the interval at which the

 

Optional

DHCP relay agent dynamically

dhcp-security tracker

By default, auto is adopted, that

updates the client address

{ interval auto }

is, the interval is automatically

entries

 

calculated.

 

 

 

Enabling unauthorized DHCP server detection

If there is an unauthorized DHCP server in the network, when a client applies for an IP address, the unauthorized DHCP server may assign an incorrect IP address to the DHCP client.

With this feature enabled, upon receiving a DHCP message with the siaddr field (IP addresses of the servers offering IP addresses to the client) not being 0 from a client, the DHCP relay agent will record the value of the siaddr field and the receiving interface. The administrator can use this information to check out any DHCP unauthorized servers.

Follow these steps to enable unauthorized DHCP server detection:

 

 

To do…

 

Use the command…

 

Remarks

 

 

 

Enter system view

 

system-view

 

 

 

 

 

 

 

 

 

 

 

 

Enable unauthorized DHCP server

 

dhcp-server detect

 

Required

 

 

 

detection

 

 

Disabled by default.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

With the unauthorized DHCP server detection enabled, the relay agent will log all DHCP servers, including authorized ones, and each server is recorded only once until such information is removed and is recorded again. The administrator needs to find unauthorized DHCP servers from the system log information.

Configuring the DHCP Relay Agent to Support Option 82

Prerequisites

Before configuring Option 82 support on a DHCP relay agent, you need to:

z

z

z

Configure network parameters and relay function of the DHCP relay device.

Perform assignment strategy-related configurations, such as network parameters of the DHCP server, address pool, and lease time.

The routes between the DHCP relay agent and the DHCP server are reachable.

Configuring the DHCP relay agent to support Option 82

Follow these steps to configure the DHCP relay agent to support Option 82:

2-7

Page 323
Image 323
3Com WX3000 Configuring the Dhcp Relay Agent to Support Option, Enabling unauthorized Dhcp server detection, Prerequisites