Configuring The Dhcp Relay Agent Security Functions - 3Com S7906E Configuration Manual
S7900e family release 6600 series
Hide thumbs
Also See for S7906E:
- Command reference manual (2327 pages) ,
- Getting started manual (155 pages) ,
- Datasheet (8 pages)
Table of Contents
Advertisement
Configuring the DHCP Relay Agent Security Functions
Creating static bindings and enabling IP address check
The DHCP relay agent can dynamically record clients' IP-to-MAC bindings after clients get IP
addresses. It also supports static bindings, that is, you can manually configure IP-to-MAC bindings on
the DHCP relay agent, so that users can access external network using fixed IP addresses.
For avoidance of invalid IP address configuration, you can configure the DHCP relay agent to check
whether a requesting client's IP and MAC addresses match a binding (dynamic or static) on the DHCP
relay agent. If not, the client cannot access outside networks via the DHCP relay agent.
Follow these steps to create a static binding and enable IP address check:
To do...
Enter system view
Create a static binding
Enter interface view
Enable invalid IP address check
The dhcp relay address-check enable command is independent of other commands of the
DHCP relay agent. That is, the invalid address check takes effect when this command is executed,
regardless of whether other commands are used.
The dhcp relay address-check enable command only checks IP and MAC addresses of clients.
You are recommended to configure IP address check on the interface enabled with the DHCP relay
agent; otherwise, valid DHCP clients may be denied from accessing networks.
When using the dhcp relay security static command to bind an interface to a static binding entry,
make sure that the interface is configured as a DHCP relay agent; otherwise, address entry
conflicts may occur.
Configuring periodic refresh of dynamic client entries
Via the DHCP relay agent, a DHCP client sends a DHCP-RELEASE unicast message to the DHCP
server to relinquish its IP address. In this case the DHCP relay agent simply conveys the message to
the DHCP server, thus it does not remove the IP address from dynamic client entries. To solve this
problem, the periodic refresh of dynamic client entries feature is introduced.
With this feature, the DHCP relay agent uses the IP address of a client and the MAC address of the
DHCP relay interface to periodically send a DHCP-REQUEST message to the DHCP server.
Use the command...
system-view
dhcp relay security static
ip-address mac-address
[ interface interface-type
interface-number ]
interface interface-type
interface-number
dhcp relay address-check
{ disable | enable }
3-5
Remarks
—
Optional
No static binding is created
by default.
—
Required
Disabled by default.
- Quick Links:
- Configuration Guide
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
