H3C S5120-SI Series Configuration Manual page 37

With this feature enabled, the DHCP relay agent can dynamically record clients' IP-to-MAC bindings after
the clients obtain IP addresses through DHCP. The feature also supports static bindings, so you can
configure static IP-to-MAC bindings on the DHCP relay agent, enabling users to access external networks
using fixed IP addresses.
Upon receiving an ARP packet, the DHCP relay agent checks the sender's IP and MAC addresses in the
packet against the recorded dynamic and static bindings. If no match is found, the DHCP relay agent
does not learn the ARP entry, which stops the requesting client (sending host) from accessing external
networks via the DHCP relay agent.
To create a static binding and enable IP address check:
To do...
1. Enter system view
2. Create a static binding
3. Enter interface view
4. Enable invalid IP
address check
The dhcp relay address-check enable command is independent of other commands of the DHCP relay
•
agent. That is, the invalid address check takes effect when this command is executed, regardless of whether
other commands are used.
Before enabling IP address check on an interface, you need to enable the DHCP service, and enable the DHCP
•
relay agent on the interface. Otherwise, the IP address check configuration is ineffective.
The dhcp relay address-check enable command only checks IP and MAC addresses of clients.
•
When using the dhcp relay security static command to bind an interface to a static binding entry, make
•
sure that the interface is configured as a DHCP relay agent; otherwise, address entry conflicts may occur.
Configuring dynamic binding update interval
Via the DHCP relay agent, a DHCP client unicasts a DHCP-RELEASE message to the DHCP server when
releasing its dynamically obtained IP address. This can cause a problem because the DHCP relay agent
records the client's IP-to-MAC binding and does not remove the binding from its records when it conveys
the release message to the DHCP server, so the client entries of the DHCP relay agent are no longer
current.
Periodic refresh of dynamic client entries was introduced to address this problem. With this feature:
•
The DHCP relay agent uses the IP address of a client and the MAC address of the DHCP relay
interface to periodically send a DHCP-REQUEST message to the DHCP server.
•
If the server returns a DHCP-ACK message or does not return any message within a specified
interval, which means the IP address is assignable now, the DHCP relay agent ages out the binding.
•
If the server returns a DHCP-NAK message, which means the IP address is still in use, the relay agent
will not age it out.
Use the command...
system-view
dhcp relay security static ip-address
mac-address [ interface interface-type
interface-number ]
interface interface-type interface-number
dhcp relay address-check { disable |
enable }
37
Remarks
—
Optional
No static binding is created by
default.
—
Required
Disabled by default.