2-6
z
Before enabling IP address check on an interface, you need to enable the DHCP service, and
enable the DHCP relay agent on the interface; otherwise, the IP address check configuration is
ineffective.
z
The
dhcp relay address-check enable
command only checks IP and MAC addresses of clients.
z
When using the
dhcp relay security static
command to bind an interface to a static binding entry,
make sure that the interface is configured as a DHCP relay agent; otherwise, address entry
conflicts may occur.
Configuring dynamic binding update interval
Via the DHCP relay agent, a DHCP client unicasts a DHCP-RELEASE message to the DHCP server
when releasing its dynamically obtained IP address. If the DHCP relay agent records the bindings of the
client’s IP and MAC addresses, the client entries of the DHCP relay agent cannot be refreshed in time.
To solve this problem, the periodic refresh of dynamic client entries feature is introduced.
With this feature, the DHCP relay agent uses the IP address of a client and the MAC address of the
DHCP relay interface to periodically send a DHCP-REQUEST message to the DHCP server.
z
If the server returns a DHCP-ACK message or does not return any message within a specified
interval, which means the IP address is assignable now, the DHCP relay agent will update its
bindings by aging out the binding entry of the IP address.
z
If the server returns a DHCP-NAK message, which means the IP address is still in use, the relay
agent will not age it out.
Follow these steps to configure dynamic binding update interval:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable periodic
refresh of dynamic
client entries
dhcp relay security
refresh enable
Optional
Enabled by default.
Configure binding
update interval
dhcp relay security
tracker
{
interval
|
auto
}
Optional
auto
by default. (
auto
interval is calculated by
the relay agent according to the number of
bindings.)
Enabling unauthorized DHCP servers detection
There are unauthorized DHCP servers on networks, which reply DHCP clients with wrong IP
addresses.
With this feature enabled, upon receiving a DHCP request, the DHCP relay agent will record the IP
address of the DHCP server which assigned an IP address to the DHCP client and the receiving
interface. The administrator can use this information to check out any DHCP unauthorized servers.