Configuring the DHCP server security functions
Configuration prerequisites
Before you configure the DHCP server security functions, complete the following tasks on the DHCP
server:
Enable DHCP.
1.
Configure the DHCP address pool.
2.
Enabling unauthorized DHCP server detection
Unauthorized DHCP servers on a network may assign wrong IP addresses to DHCP clients.
With unauthorized DHCP server detection enabled, the DHCP server checks whether a DHCP request
contains Option 54 (Server Identifier Option). If yes, the DHCP server records the IP address of each
detected DHCP server that assigned an IP address to a requesting DHCP client in the option, and records
the receiving interface. The administrator can use this information to check for unauthorized DHCP
servers.
With the unauthorized DHCP server detection enabled, the switch logs each detected DHCP server once.
The administrator can use the log information to find unauthorized DHCP servers.
To enable unauthorized DHCP server detection:
Step
1.
Enter system view.
2.
Enable unauthorized DHCP
server detection.
Configuring IP address conflict detection
With IP address conflict detection enabled, before assigning an IP address, the DHCP server pings that
IP address by using ICMP. If the server receives a response within the specified period, it selects and
pings another IP address. If it receives no response, the server continues to ping the IP address until the
specified number of ping packets are sent. If still no response is received, the server assigns the IP
address to the requesting client. (The DHCP client probes the IP address by sending gratuitous ARP
packets.)
To configure IP address conflict detection:
Step
1.
Enter system view.
2.
Specify the number of ping
packets.
Command
system-view
dhcp server detect
Command
system-view
dhcp server ping packets
number
50
Remarks
N/A
Disabled by default
Remarks
N/A
Optional.
One ping packet by default.
The value 0 indicates that no ping
operation is performed.