Enabling Offline Detection; Configuring The Dhcp Relay Agent To Release An Ip Address - HP 3600 v2 Series Configuration Manual

Hide thumbs Also See for 3600 v2 Series:

Command reference manual (510 pages)

Configuration manual (449 pages)

Security configuration manual (398 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

Table of Contents

To prevent a DHCP starvation attack that uses DHCP requests encapsulated with the same source

•

MAC address, enable MAC address check on the DHCP relay agent. With this function enabled,

the DHCP relay agent compares the chaddr field of a received DHCP request with the source MAC

address field of the frame. If they are the same, the DHCP relay agent decides this request as valid

and forwards it to the DHCP server. If not, it discards the DHCP request.

To enable MAC address check:

Step

Enter system view.

Enter interface view.

Enable MAC address

check.

NOTE:

DHCP relay agents change the source MAC addresses when forwarding DHCP packets. Therefore, you

can enable MAC address check only on a DHCP relay agent directly connected to DHCP clients.

Otherwise, valid DHCP packets may be discarded and clients cannot obtain IP addresses.

Enabling offline detection

The DHCP relay agent checks whether a user is online by learning the ARP entry. When an ARP entry is

aged out, the corresponding client is considered to be offline.

With this function enabled on an interface, the DHCP relay agent removes a client's IP-to-MAC entry

when it is aged out, and sends a DHCP-RELEASE message to the DHCP server to release the IP address

of the client. Removing an ARP entry manually does not remove the corresponding client's IP-to-MAC

binding. When the client goes offline, use the undo dhcp relay security command to remove the

IP-to-MAC binding manually.

To enable offline detection:

Step

Enter system view.

Enter interface view.

Enable offline detection.

Configuring the DHCP relay agent to release an IP

address

You can configure the relay agent to release a client's IP address. The relay agent sends a

DHCP-RELEASE message that contains the IP address. Upon receiving the DHCP-RELEASE message, the

DHCP server releases the IP address. Meanwhile, the client entry is removed from the DHCP relay agent.

Dynamic client entries can be generated after you enable address check or IP source guard on the DHCP

relay agent. For more information about IP source guard, see Security Configuration Guide.

Command

system-view

interface interface-type

interface-number

dhcp relay check mac-address

Command

system-view

interface interface-type

interface-number

dhcp relay client-detect enable

Remarks

N/A

Disabled by default

Remarks

N/A

Disabled by default

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Troubleshooting

Need help?

Do you have a question about the 3600 v2 Series and is the answer not in the manual?

Enabling Offline Detection; Configuring The Dhcp Relay Agent To Release An Ip Address - HP 3600 v2 Series Configuration Manual

Enabling offline detection

Hide quick links:

Troubleshooting

Need help?

Subscribe to Our Youtube Channel

Related Manuals for HP 3600 v2 Series

Related Content for HP 3600 v2 Series

Table of Contents