Enabling unauthorized DHCP server detection
Unauthorized DHCP servers on a network may assign wrong IP addresses to DHCP clients.
With unauthorized DHCP server detection enabled, the DHCP server checks whether a DHCP request
contains Option 54 (Server Identifier Option). If yes, the DHCP server records the IP address of each
detected DHCP server that assigned an IP address to a requesting DHCP client. It also records the
receiving interface. The administrator can use this information to check for unauthorized DHCP servers.
Follow these steps to enable unauthorized DHCP server detection:
To do...
Enter system view
Enable unauthorized DHCP server
detection
NOTE:
With the unauthorized DHCP server detection enabled, the switch logs each detected DHCP server
once. The administrator can use the log information to find unauthorized DHCP servers.
Configuring IP address conflict detection
With IP address conflict detection enabled, before assigning an IP address, the DHCP server pings that IP
address by using ICMP. If the server receives a response within the specified period, the server selects
and pings another IP address. If it receives no response, the server continues to ping the IP address until
the ping packets of a specified number are sent. If still no response is received, the server assigns the IP
address to the requesting client. (The DHCP client probes the IP address by sending gratuitous ARP
packets.)
Follow these steps to configure IP address conflict detection:
To do...
Enter system view
Specify the number of ping
packets
Configure a timeout waiting for
ping responses
Enabling Option 82 handling
With Option 82 handling enabled, when the DHCP server receives a client request with Option 82, it
adds Option 82 into the response.
If the server is configured to ignore Option 82, it will assign an IP address to the client without adding
Option 82 in the response message.
Use the command...
system-view
dhcp server detect
Use the command...
system-view
dhcp server ping packets
number
dhcp server ping timeout
milliseconds
42
Remarks
—
Required
Disabled by default.
Remarks
—
Optional
One ping packet by default.
The value 0 indicates that no ping
operation is performed.
Optional
500 ms by default.
The value 0 indicates that no ping
operation is performed.