Configuring IP Routing
Configuring system-level routing policies
MAX 6000/3000 Network Configuration Guide 9-21
Enable and configure DHCP spoofing
Configuring DHCP spoofing assigns a temporary IP address for a host in order for a
security-card user to acquire a current password from a security server to bring up an
authenticated dial-up session. Set the following parameters:
Enable dynamic IP addressing
To enable DHCP to respond to requests to borrow IP addresses, you need to configure address
pools for dynamic assignment of IP addresses. Proceed as follows:
1Set the IP Group 1 parameter to the first address for the IP address pool.
2Set the Group 1 Count parameter to the number of addresses in the pool. The pool can
contain up to 20 addresses.
3To define an additional address pool for dynamic address assignment, set the IP Group 2
parameter to the first address for the second IP-address pool.
4Set the Group 2 Count parameter to the number of addresses in the pool. The second pool,
which can also contain up to 20 addresses, is used only if there are no addresses available
in the first pool.
Parameter Specifies
Dial If Link Down Used with DHCP spoofing in conjunction with BOOTP Relay. This
parameter applies when both DHCP spoofing and BOOTP relay are
enabled. If no Wide Area Network links are active, the MAX performs
DHCP spoofing. If the parameter is set to Yes, as soon as the dialed
link is established, the MAX stops DHCP spoofing and acts as a
BOOTP relay agent.
Always Spoof The Yes setting enables the DHCP server. A DHCP server always sup-
plies an IP address for every request, until all IP addresses are
exhausted.
The No setting enables DHCP spoofing. DHCP spoofing only supplies
an IP address for a single host on the network. It does not respond to
all requests.
Validate IP If set to Yes, determines whether a spoofed address that is about to be
assigned is already in use, and if it is, automatically assigns another
address.
Maximum No-Reply
Wait Set only if you are validating IP addresses . To validate the IP address,
DHCP sends an ICMP echo (Ping) to determine whether the address is
in use. The maximum time it waits for a reply depends on this setting.
The default is 10 seconds.