Configuring the DHCP Server Security Functions 807
Configuration
Prerequisites
Before performing this configuration, complete the following configuration on the
DHCP server:
■ Enable DHCP
■ Configure the DHCP address pool
Enabling Unauthorized
DHCP Server Detection
There are unauthorized DHCP servers on networks, which reply DHCP clients with
wrong IP addresses.
With this feature enabled, upon receiving a DHCP request, the DHCP server will
record the IP address of the DHCP server which assigned an IP address to the
DHCP client and the receiving interface. The administrator can use this
information to check out any unauthorized DHCP servers.
Follow these steps to enable unauthorized DHCP server detection:
n
With the unauthorized DHCP server detection enabled, the device puts a record
once for each DHCP server. The administrator needs to find unauthorized DHCP
servers from the log information.
Configuring IP Address
Conflict Detection
To avoid IP address conflicts, the DHCP server checks whether the address to be
assigned is in use via sending ping packets.
The DHCP server pings the IP address to be assigned using ICMP. If the server gets
a response within the specified period, the server will ping another IP address;
otherwise, the server will ping the IP addresses once again until the specified
number of ping packets are sent. If still no response, the server will assign the IP
address to the requesting client (The DHCP client probes the IP address by sending
gratuitous ARP packets).
Follow these steps to configure IP address conflict detection:
To do… Use the command… Remarks
Enter system view system-view -
Enable unauthorized DHCP
server detection
dhcp server detect Required
Disabled by default.
To do… Use the command… Remarks
Enter system view system-view -
Specify the number
of ping packets
dhcp server ping
packets number
Optional
One ping packet by default.
The value 0 indicates that no ping
operation is performed.
Configure a timeout
waiting for ping
responses
dhcp server ping
timeout milliseconds
Optional
500 ms by default.
The value 0 indicates that no ping
operation is performed.
To Next Page
Loading...
