Configuring The Dhcp Relay Agent Security Functions; Creating Static Bindings And Enabling Address Check; Configuring Periodic Refresh Of Dynamic Client Entries - HP A5120 EI Series Configuration Manual
Hide thumbs
Also See for A5120 EI Series:
- Command reference manual (225 pages) ,
- Configuration manual (197 pages) ,
- Installation manual (91 pages)
Table of Contents
Advertisement
Configuring the DHCP relay agent security functions
Creating static bindings and enabling address check
To avoid invalid IP address configuration, you can configure the DHCP relay agent to check whether a
requesting client's IP and MAC addresses match a binding (dynamic or static) on the DHCP relay agent.
With this feature enabled, the DHCP relay agent can dynamically record clients' IP-to-MAC bindings after
the clients obtain IP addresses through DHCP. This feature also supports static bindings. You can
configure static IP-to-MAC bindings on the DHCP relay agent, so users can access external networks
using fixed IP addresses.
Upon receiving a packet from a host, the DHCP relay agent checks the source IP and MAC addresses in
the packet against the recorded dynamic and static bindings. If no match is found, the DHCP relay agent
does not learn the ARP entry of the host, and will not forward any reply to the host, so the host cannot
access external networks via the DHCP relay agent.
Follow these steps to create a static binding and enable address check:
To do...
Enter system view
Create a static binding
Enter interface view
Enable address check
NOTE:
The dhcp relay address-check command can be executed only on VLAN interfaces.
You must enable the DHCP service and the DHCP relay agent on the interface before enabling address check on
an interface. Otherwise, the address check configuration is ineffective.
The dhcp relay address-check enable command only checks IP and MAC addresses of clients.
When using the dhcp relay security static command to bind an interface to a static binding entry, make sure
that the interface is configured as a DHCP relay agent; otherwise, address entry conflicts may occur.
Configuring periodic refresh of dynamic client entries
Periodic refresh of dynamic client entries refreshes the client entries of the DHCP relay agent. This is useful
when a DHCP client unicasts a DHCP-RELEASE message to the DHCP server when releasing its
dynamically obtained IP address and the DHCP relay agent records the client's IP-to-MAC binding.
When periodic refresh of dynamic client entries is enabled, the DHCP relay agent uses the IP address of a
client and the MAC address of the DHCP relay interface to send a DHCP-REQUEST message to the DHCP
server at specified intervals.
If the IP address is still in use, the server returns a DHCP-NAK message and the relay agent keeps
the client entry.
Use the command...
system-view
dhcp relay security static ip-address
mac-address [ interface interface-type
interface-number ]
interface interface-type interface-
number
dhcp relay address-check { disable |
enable }
54
Remarks
—
Optional
No static binding is created by
default.
—
Required
Disabled by default.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
