1-5
user end and the MAC address of the user end do not match any entries (including the entries
dynamically tracked by the DHCP relay agent and the manually configured static entries) in the user
address table on the DHCP relay agent.
Follow these steps to configure address checking:
To do… Use the command… Remarks
Enter system view
system-view
—
Create a static
IP-to-MAC binding
dhcp-security static
ip-address mac-address
Optional
Not created by default.
Enter interface view
interface interface-type
interface-number
—
Enable the address
checking function
address-check enable
Required
Disabled by default.
z The address-check enable command is independent of other commands of the DHCP relay
agent. That is, the invalid address check takes effect when this command is executed, regardless
of whether other commands (such as the command to enable DHCP) are used.
z Before executing the address-check enable command on the interface connected to the DHCP
server, you need to configure the static binding of the IP address to the MAC address of the DHCP
server. Otherwise, the DHCP client will fail to obtain an IP address.
Enabling unauthorized DHCP server detection
If there is an unauthorized DHCP server in the network, when a client applies for an IP address, the
unauthorized DHCP server may assign an incorrect IP address to the DHCP client.
With this feature enabled, upon receiving a DHCP message with the siaddr field (IP addresses of the
servers offering IP addresses to the client) not being 0 from a client, the DHCP relay agent will record
the value of the siaddr field and the receiving interface. The administrator can use this information to
check out any DHCP unauthorized servers.
Follow these steps to enable unauthorized DHCP server detection:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable unauthorized DHCP
server detection
dhcp-server detect
Required
Disabled by default.
To Next Page
Loading...
