Step
3.
Apply an extended address
pool on the interface.
Configuring the DHCP server security functions
Configuration prerequisites
Before you perform this configuration, complete the following configurations on the DHCP server:
1.
Enable DHCP.
2.
Configure the DHCP address pool.
Enabling unauthorized DHCP server detection
Unauthorized DHCP servers on a network may assign wrong IP addresses to DHCP clients.
With unauthorized DHCP server detection enabled, the DHCP server checks whether a DHCP request
contains Option 54 (Server Identifier Option). If yes, the DHCP server records in the option the IP address
of the DHCP server that assigned an IP address to a requesting DHCP client and records the receiving
interface. The administrator can use this information to check for unauthorized DHCP servers.
To enable unauthorized DHCP server detection:
Step
1.
Enter system view.
2.
Enable unauthorized DHCP
server detection.
With the unauthorized DHCP server detection enabled, the device logs each detected DHCP server once.
The administrator can use the log information to find unauthorized DHCP servers.
Configuring IP address conflict detection
Before assigning an IP address, the DHCP server pings that IP address.
•
If the server receives a response within the specified period, it selects and pings another IP address.
If it receives no response, the server continues to ping the IP address until a specific number of ping
•
packets are sent. If still no response is received, the server assigns the IP address to the requesting
client. (The DHCP client probes the IP address by sending gratuitous ARP packets.)
To configure IP address conflict detection:
Step
1.
Enter system view.
Command
dhcp server apply ip-pool
pool-name
Command
system-view
dhcp server detect
Command
system-view
31
Remarks
Optional.
By default, the DHCP server has no
extended address pool applied on its
interface, and assigns an IP address
from a common address pool to a
requesting client.
Remarks
N/A
Disabled by default.
Remarks
N/A