Configuring The Dhcp Server To Support Authorized Arp; Configuring The Handling Mode For Option 82 - 3Com MSR 50 Series Configuration Manual

584 C 33: DHCP S
HAPTER
Configuring the DHCP
Server to Support
Authorized ARP
Configuring the
Handling Mode for
Option 82
C
ERVER ONFIGURATION
A DHCP server can work in cooperation with authorized ARP to block illegal
clients, avoid learning incorrect ARP entries and guard against attacks such as
MAC address spoofing. Only the clients that have valid leases on the DHCP server
are considered legal clients.
When authorized ARP is enabled, the ARP automatic learning function is disabled.
ARP entries can only be added by the authentication module, the DHCP server,
which notifies authorized ARP to add/delete/change authorized ARP entries when
adding/deleting/changing IP address leases. Thus, only the clients that have
obtained IP addresses from the DHCP server can access the network normally,
while other clients are considered illegal clients and are unable to access the
network.
Follow these steps to configure the DHCP server to support authorized ARP:
To do...
Enter system view
Enter interface view
Configure the DHCP server to
support authorized ARP
n
Authorized ARP can only be configured on Layer 3 interfaces.
■
When the working mode of the interface is changed from DHCP server to
■
DHCP relay agent, neither the IP address leases nor the authorized ARP entries
will be deleted. However, these ARP entries may conflict with the new static
entries generated on the DHCP relay agent; therefore, you are recommended
to delete the existing IP address leases when changing the interface working
mode to DHCP relay agent.
Disabling the DHCP server to support authorized ARP will not delete the IP
■
address leases, but will notify authorized ARP to delete the corresponding
authorized ARP entries.
For more information about authorized ARP, refer to
■
ARP" on page
When the DHCP server receives a message with Option 82, if the server is
configured to handle Option 82, it will return a response message carrying Option
82 to assign an IP address to the requesting client.
If the server is configured to ignore Option 82, it will assign an IP address to the
client without adding Option 82 in the response message.
Configuration prerequisites
Before performing this configuration, complete the following configuration on the
DHCP server:
Enable DHCP
■
Configure the DHCP address pool
■
Use the command...
system-view
interface interface-type
interface-number
dhcp update arp
555.
Remarks
-
-
Required
Not supported by default.
"Configuring Authorized