Configuring The Dhcp Relay Agent Security Functions; Configuring Address Check - HP 830 Series Configuration Manual

Poe+ unified wired-wlan switch switching engine

Hide thumbs Also See for 830 Series:

Configuration manual (530 pages)

Command reference manual (136 pages)

Installation manual (58 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

Table of Contents

You can specify up to 20 DHCP server groups on the relay agent.

•

You can specify up to eight DHCP server addresses for each DHCP server group.

The IP addresses of DHCP servers and those of relay agent's interfaces that connect DHCP clients

•

cannot be on the same subnet. Otherwise, the client cannot obtain an IP address.

A DHCP server group can correlate with one or multiple DHCP relay agent interfaces, while a relay

•

agent interface can only correlate with one DHCP server group. Using the dhcp relay server-select

command repeatedly overwrites the previous configuration. However, if the specified DHCP server

group does not exist, the interface still uses the previous correlation.

•

The group-id argument in the dhcp relay server-select command is configured by using the dhcp

relay server-group command.

Configuration procedure

To correlate a DHCP server group with a relay agent interface:

Step

Enter system view.

Create a DHCP server group

and add a server into the group.

Enter interface view.

Correlate the DHCP server

group with the current interface.

Configuring the DHCP relay agent security

functions

Configuring address check

Address check can block illegal hosts from accessing external networks.

With this feature enabled, the DHCP relay agent can dynamically record clients' IP-to-MAC bindings

after they obtain IP addresses through DHCP. You can also configure static IP-to-MAC bindings on the

DHCP relay agent so that users can access external networks by using fixed IP addresses.

Upon receiving a packet from a host, the DHCP relay agent checks the source IP and MAC addresses in

the packet against the recorded dynamic and static bindings. If no match is found, the DHCP relay agent

does not learn the ARP entry of the host, and does not forward any reply to the host, which therefore

cannot access external networks through the DHCP relay agent.

Configuration guidelines

Follow these guidelines when you configure address check:

The dhcp relay address-check command can be executed only on VLAN interfaces.

•

Before enabling address check on an interface, you must enable the DHCP service, and enable the

•

DHCP relay agent on the interface. Otherwise, the address check configuration is ineffective.

Command

system-view

dhcp relay server-group group-id ip

ip-address

interface interface-type

interface-number

dhcp relay server-select group-id

Remarks

N/A

Not created by default.

N/A

By default, no interface is

correlated with any DHCP

server group.

Table of Contents

Configuring The Dhcp Relay Agent Security Functions; Configuring Address Check - HP 830 Series Configuration Manual

Configuring address check

Troubleshooting

Related Manuals for HP 830 Series

Related Content for HP 830 Series

Table of Contents