The fast expansion and growing complexity of networks result in scarce IP addresses assignable to hosts. Meanwhile, with the wide application of wireless networks, the frequent movements of laptops across networks require that the IP addresses be changed accordingly. Therefore, related configurations on hosts become more complex. Dynamic Host Configuration Protocol (DHCP) was introduced to solve these problems.

DHCP is built on a client-server model, in which the client sends a configuration request and then the server returns a reply to send configuration parameters such as an IP address to the client.

A typical DHCP implementation comprises a DHCP server and multiple DHCP clients

(PCs or laptops).

Figure 1-1 illustrates a network that employs DHCP.

DHCP client DHCP client

DHCP server

DHCP client DHCP client

Figure 1-1 Network diagram for DHCP

I. IP address assignment

1) IP address assignment policy

Different types of clients have different requirements for IP addresses. Servers usually require long-term fixed IP addresses, some hosts may require automatically assigned long-term fixed IP addresses, and some hosts may only require dynamically assigned temporary IP addresses.

A DHCP server provides three policies to meet these requirements. z Manual IP address assignment. The administrator assigns fixed IP addresses to special DHCP clients, such as a WWW server.

1-1

Operation Manual – DHCP

H3C S9500 Series Routing Switches z

Chapter 1 DHCP Overview

Automatic IP address assignment. The DHCP server automatically assigns fixed

IP addresses to DHCP clients when they are connected to the network for the first time. After that, the IP addresses are always occupied by the DHCP clients. z Dynamic IP address assignment. The DHCP server leases IP addresses to DHCP clients for a specified period of time and reclaims them at the expiration of the period. In this case, a DHCP client must reapply for an IP address regularly. This is the common case for normal users.

2) IP address assignment order

The DHCP server assigns IP addresses except the forbidden ones to clients in the following orders. z z z

IP addresses in the address pool of the DHCP server that are statically bound to the MAC addresses of the DHCP clients.

IP addresses that are reclaimed by the DHCP server. That is, those in the

Requested IP Addr Option field of DHCP Discover packets sent by DHCP clients. z z

The first available IP address in the address pool the DHCP server finds.

The first expired or once conflicted IP address it finds. A DHCP server returns an error if it cannot find any available IP address from all these types of IP addresses when assigning an IP address.

3) Types of address pools of DHCP server z Global address pool, valid for the entire switch. An address pool of this type is created using the dhcp server ip-pool command in system view.

VLAN interface address pool, valid for a specific VLAN interface. An address pool of this type is created when the VLAN interface is configured with a legal unicast IP address and with the dhcp select interface command. The range of the address pool is the network segment where the VLAN interface resides.

II. Communications between DHCP clients and DHCP server

To obtain valid dynamic IP addresses, the DHCP clients exchange different information with the DHCP server in different phases. Usually, three phases are involved:

1) First round registration

A DHCP client goes through the following four steps when it accesses the network for the first time: z z z

Discovery. The DHCP client tries to find a DHCP server by broadcasting a

DHCP_Discover packet in the network. (Only DHCP servers respond to this type of packet.)

Provision. Each DHCP server that receives the DHCP_Discover packet selects an available IP address from an address pool and sends a DHCP_Offer packet that carries the selected IP address and other configuration information to the DHCP client.

Selection. The DHCP client only accepts the first arriving DHCP_Offer packet if there are DHCP_Offer packets from several DHCP servers. Then, it broadcasts a

1-2

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 1 DHCP Overview

DHCP_Request packet. The packet contains the IP address carried in the z accepted DHCP_Offer packet.

Acknowledgement. Upon receiving the DHCP_Request packet, the DHCP server that owns the IP address the DHCP_Request packet carries sends a DHCP_ACK packet to the DHCP client. And then the DHCP client binds TCP/IP protocol components to its network adapter. z IP addresses offered by other DHCP servers (if any) in DHCP_Offer packets but not selected by the DHCP client are still available for other clients.

2) Second round registration

A second round registration goes through the following steps: z After going through the first round registration successfully and logging out, when the DHCP client logs on to the network again, it directly broadcasts a

DHCP_Request packet that contains the IP address assigned to it in the first z z round registration instead of a DHCP_Discover packet.

Upon receiving the DHCP_Request packet, if the IP address carried in the packet is still available, the DHCP server owning the IP address answers with a

DHCP_ACK packet to enable the DHCP client to use the IP address again.

If the IP address is not available (for example, it is occupied by another DHCP client), the DHCP server answers with a DHCP_NAK packet, which enables the

DHCP client to go through steps in the first round registration.

3) Prolonging the lease time of the IP address

An IP address assigned dynamically is valid for a specified lease time and will be reclaimed by the DHCP server when the time expires. So the DHCP client must update the lease to prolong the lease time if it is to use the IP address for a longer time.

By default, a DHCP client updates its IP address lease automatically by sending a

DHCP_Request packet to the DHCP server when half the lease time elapses. The

DHCP server, in turn, answers with a DHCP_ACK packet to notify the DHCP client of the new lease.

1.1.1 BOOTP Relay Agent

The Bootstrap protocol (BOOTP) relay agent is an Internet host or router that forwards

DHCP messages between the DHCP server and DHCP clients. BOOTP is designed for remote boot, mainly to notify the connected client about the location of the boot file.

DHCP is an extension of the BOOTP mechanism. This feature enables an existing

BOOTP client to interoperate with the DHCP server without changing the installed software. RFC 1542 describes in detail the interactions among BOOTP, DHCP client and DHCP server.

1-3

Operation Manual – DHCP

H3C S9500 Series Routing Switches

1.1.2 DHCP and BOOTP Relay Agent

Chapter 1 DHCP Overview

Like BOOTP, DHCP also works in the Client/Server mode. A DHCP client can obtain the configuration information dynamically from a DHCP server, including important parameters such as an IP address and mask.

DHCP provides a framework about how to set a host on a TCP/IP network. DHCP is derived from BOOTP, and provides more functions such as automatic allocation of reusable network addresses and additional configuration options. DHCP can act as a

BOOTP relay agent, so a DHCP user and a BOOTP user can interact with each other.

The message format of DHCP is based on the message format of BOOTP, so that it can work as a relay agent and allow the interoperability between existing BOOTP clients and the DHCP server. The use of a BOOTP relay agent avoids employing a DHCP server for every physical network segment.

DHCP differs from BOOTP in that: z z

DHCP defines a mechanism through which a client can be allocated with a network address valid for a fixed lease period. In addition, it allows for continuous reallocation of network addresses to different clients.

DHCP provides a mechanism through which a client is allowed to obtain all IP configuration parameter for subsequent operations.

1.2 General DHCP Configuration

z z z

General DHCP configuration refers to those that are applicable to both DHCP server and DHCP relay agent.

The following sections describe the general DHCP configuration tasks:

Enabling/Disabling DHCP

Configuring Processing Method of DHCP Packets

Enabling/Disabling Unauthorized DHCP Server Detection

1.2.1 Enabling/Disabling DHCP

For both DHCP server and DHCP relay agent, you need to enable DHCP before performing other DHCP configurations. The other related DHCP configurations take effect only after DHCP is enabled.

Perform the following configuration in system view to enable/disable DHCP:

To do…

Enable DHCP

Disable DHCP

Use the command… dhcp enable undo dhcp enable

DHCP is disabled by default.

1-4

Operation Manual – DHCP

H3C S9500 Series Routing Switches

1.2.2 Configuring Processing Method of DHCP Packets

Chapter 1 DHCP Overview

You can perform the configurations listed in the following tables on your switch. After these configurations, the switch processes the DHCP packets it receives from DHCP clients in the methods you have configured.

Perform the following configuration in VLAN interface view to configure the processing method for the current VLAN interface:

To do…

Specify to forward DHCP packets to local DHCP server and let the local server assign IP addresses in global address pools to DHCP clients

Use the command… dhcp select global

Specify to forward DHCP packets to local DHCP server and let the local server assign IP addresses in VLAN interface address pool to DHCP clients dhcp select interface

Specify to forward DHCP packets to remote DHCP servers. In this case, the current switch operates as a

DHCP relay agent, and IP addresses are assigned by

DHCP servers located in other networks

Restore the default dhcp select relay undo dhcp select

Caution:

The dhcp select interface command cannot be used together with the ip relay address or dhcp relay security address-check enable command.

Perform the following configurations in system view to configure the processing method for multiple VLAN interfaces:

To do…

Specify to forward DHCP packets to local

DHCP server and let the local server assign IP addresses in global address pools to DHCP clients

Use the command… dhcp select global { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all }

Specify to forward DHCP packets to local

DHCP server and let the local server assign IP addresses in VLAN interface address pool to

DHCP clients dhcp select interface { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all }

Specify to forward DHCP packets to remote

DHCP servers. In this case, the current switch operates as a DHCP relay agent, and IP addresses are assigned by DHCP servers located in other networks dhcp select relay { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all }

1-5

Operation Manual – DHCP

H3C S9500 Series Routing Switches

To do…

Chapter 1 DHCP Overview

Restore the default

Use the command… undo dhcp select { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all }

By default, DHCP packets are processed in global method. That is, DHCP packets are forwarded to the local DHCP server and IP addresses in global address pools are assigned.

1.2.3 Enabling/Disabling Unauthorized DHCP Server Detection

If an unauthorized DHCP server exists in a network, it may assign incorrect IP addresses to DHCP clients, and thus the users cannot access networks.

With unauthorized DHCP server detection enabled, the switch can record information

(such as the IP addresses) about the DHCP servers. This helps the administrator to detect unauthorized DHCP servers in time and take proper measures.

Perform the following configuration in system view to enable/disable unauthorized

DHCP server detection:

To do…

Enable unauthorized DHCP server detection

Use the command… dhcp server detect

Disable unauthorized DHCP server detection undo dhcp server detect

By default, unauthorized DHCP server detection is disabled.

1-6

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 2 DHCP Server Configuration

Chapter 2 DHCP Server Configuration

z z z

When configuring the DHCP server, go to these sections for information you are interested in:

Configuring the DHCP Server

Displaying and Debugging the DHCP Server

DHCP Server Configuration Example

2.1 Configuring the DHCP Server

z z z z z z z z z z z

The following sections describe the DHCP server configuration tasks:

Creating a Global DHCP IP Address Pool

Configuring the IP Address Assignment Mode

Excluding Specified IP Addresses from Assignment

Configuring a Lease Time for a DHCP Address Pool

Configuring a Domain Name for DHCP Clients

Configuring DNS Servers for DHCP Clients

Configuring NetBIOS Server Addresses for DHCP Clients

Configuring a NetBIOS Node Type for DHCP Clients

Configuring Custom DHCP Options

Configuring Gateways for DHCP Clients

Configuring Parameters for DHCP Server to Send Ping Packets

Note:

Some of the above DHCP configurations can be performed for global IP address pools,

IP address pool of the current VLAN interface, or IP address pools of multiple specified

VLAN interfaces respectively, including: z z

Configuring the lease time for a DHCP address pool

Configuring DHCP client domain names z z z z

Configuring DNS server addresses for DHCP clients

Configuring a NetBIOS server address for DHCP clients

Configuring a NetBIOS node type for DHCP clients

Configuring DHCP custom options

2-1

Operation Manual – DHCP

H3C S9500 Series Routing Switches

Note:

Chapter 2 DHCP Server Configuration

In a VRRP network, z A global address pool is recommended. z You are recommended to configure the virtual IP address of the VRRP group as either the gateway in the global address pool or a reserved address, because some

DHCP clients (for example, Linux devices serving as clients) do not perform address collision detection after obtaining addresses through DHCP. In such cases, the virtual VRRP address may be assigned to a DHCP client, thereby causing communication failures.

2.1.1 Creating a Global DHCP IP Address Pool

An IP address pool contains IP addresses that can be assigned to DHCP clients. In response to a DHCP request sent by a DHCP client, the DHCP server selects an appropriate IP address pool based on your configuration, choose an available IP address from the pool, and sends the IP address and other parameters (such as the lease time of the IP address) to the DHCP client. At present, you can configure up to

128 global DHCP address pools for a DHCP server.

The address pools of a DHCP server are hierarchically grouped like a tree. The root holds the IP address of the network segment, the branches hold the subnet IP addresses, and finally, the leaves hold the IP addresses of DHCP clients, which are manually bound to the corresponding network adapters. Such a structure enables configurations to be inherited. That is, configurations of the network segment can be inherited by its subnets, whose configurations in turn can be inherited by their clients.

So, you can configure the parameters (such as domain name) that are common to all levels in the address pool structure or some subnets only for the network segment or for corresponding subnets.

The display dhcp server tree command displays the tree-like structure of address pools, and address pools on the same level are sorted by the time they are created.

The dhcp server ip-pool command can be used to create a global DHCP address pool and enter the corresponding address pool view. If the address pool already exists, this command brings you to the address pool view directly.

Perform the following configuration in system view to create a global DHCP address pool:

To do…

Create a DHCP address pool and enter the corresponding DHCP address pool view

Use the command… dhcp server ip-pool pool name

2-2

Operation Manual – DHCP

H3C S9500 Series Routing Switches

To do…

Chapter 2 DHCP Server Configuration

Remove a DHCP address pool

Use the command… undo dhcp server ip-pool pool name

By default, no global DHCP address pool is created.

Note that a VLAN interface address pool is created by the system after you assign a legal unicast IP address to the VLAN interface and configure the dhcp select interface command in VLAN interface view.

2.1.2 Configuring the IP Address Assignment Mode

IP addresses can be assigned in two modes: static binding and dynamic assignment.

You can statically bind an IP address in an address pool to the MAC address of a client or configure a address range to allow the DHCP server to dynamic allocate the addresses in the range to DHCP clients. The two modes cannot coexist in a global

DHCP address pool, but they can coexist in a VLAN interface address pool

(dynamically assigned addresses are on the same network segment as the IP address of the VLAN interface).

For the dynamic assignment mode, you must specify the range of the addresses to be dynamically assigned. A global DHCP address pool whose IP addresses are statically bound to DHCP clients is actually a special kind of DHCP address pool.

I. Configuring a static address binding for a global DHCP address pool

You can bind an IP address to the MAC address of a DHCP client who needs fixed IP address. After that, when the client requests an IP address, the DHCP server finds

(according to the MAC address) and assigns the fixed IP address to the client. At present, only one MAC-IP static binding is supported in a global DHCP address pool.

Perform the following configuration in DHCP address pool view to configure a static binding for a global DHCP address pool:

To do…

Specify the IP address to be statically bound

Delete the statically bound IP address

Specify the MAC address to be statically bound

Delete the statically bound MAC address

Use the command… static-bind ip-address ip-address

[ { mask netmask } | mask-length ] undo static-bind ip-address static-bind mac-address mac address undo static-bind mac-address

No static IP-MAC binding is configured in a global address pool.

2-3

Operation Manual – DHCP

H3C S9500 Series Routing Switches

Note:

Chapter 2 DHCP Server Configuration

The static-bind ip-address command and the static-bind mac-address command must be used together to configure a static binding. The new configuration overwrites the previous one.

II. Configuring a static address binding for a VLAN interface address pool

At present, a VLAN interface DHCP address pool supports multiple MAC-IP address bindings.

Perform the following configuration in VLAN interface view to configure a static address binding for a VLAN interface address pool:

To do…

Configure a static IP-MAC binding for the current VLAN interface address pool

Remove a static binding

Use the command… dhcp server static-bind ip-address ip address mac-address mac address undo dhcp server static-bind

{ ip-address ip address | mac-address mac address }

No static IP-MAC binding is configured in an interface address pool.

Caution:

A binding in a VLAN interface address pool cannot be overwritten directly. If an

IP-to-MAC address binding entry is configured and you want to modify it, you must remove it and redefine a new one.

III. Configuring dynamic IP address assignment

To assign IP addresses dynamically, that is, IP addresses are leased permanently or temporarily, you need to configure an address range.

Perform the following configuration in DHCP address pool view to configure an address range for dynamic IP address assignment:

To do… Use the command…

Configure an address range for dynamic

IP address assignment network ip address [ mask netmask | mask length ]

2-4

Operation Manual – DHCP

H3C S9500 Series Routing Switches

To do…

Remove an dynamic assignment address range

Chapter 2 DHCP Server Configuration

Use the command… undo network

By default, no IP address range is configured for dynamic IP address assignment.

Each DHCP address pool can be configured with only one address range. If you execute the network command multiple times, then only the last configured address range works.

Caution:

When addresses are obtained through a DHCP relay agent, the involved address pool, global address pool with a static binding and the Relay agent’s address must have the same subnet mask. Otherwise, the binding will fail, or the addresses assigned to clients will not be in the same network segment as the Relay agent.

2.1.3 Excluding Specified IP Addresses from Assignment

You can use the following command to prevent the DHCP server from assigning IP addresses that are already occupied by such network devices as gateways and file transfer protocol (FTP) servers to other DHCP clients to avoid IP address conflicts.

Perform the following configuration in system view to exclude specified IP addresses from assignment:

To do…

Exclude specified IP addresses from assignment

Cancel the forbiddance

Use the command… dhcp server forbidden-ip low ip address [ high ip address ] undo dhcp server forbidden-ip low ip address [ high ip address ]

All IP addresses in a DHCP address pool can be automatically assigned by default.

You can set multiple IP address ranges that cannot be assigned automatically by executing the dhcp server forbidden-ip command multiple times.

2.1.4 Configuring a Lease Time for a DHCP Address Pool

You can configure different lease times for different DHCP address pools. But you can configure only one lease time for one DHCP address pool and all the address in the same pool will have the same lease time.

2-5

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 2 DHCP Server Configuration

I. Configuring a lease time for a global DHCP address pool

Perform the following configuration in DHCP address pool view to configure a lease time for a global DHCP address pool:

To do…

Configure a lease time for a global

DHCP address pool

Restore the default

Use the command… expired { day day [ hour hour [ minute minute ] ] | unlimited } undo expired

II. Configuring a lease time for a VLAN interface address pool

Perform the following configuration in VLAN interface view to configure a lease time for the current VLAN interface:

To do…

Configure a lease time for the current

VLAN interface DHCP address pool

Restore the default

Use the command… dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } undo dhcp server expired

III. Configuring a lease time for multiple VLAN interface address pools

Perform the following configuration in system view to configure a lease time for multiple

VLAN interface address pools:

To do…

Restore the default

Use the command…

Configure a lease time for

DHCP address pools of multiple VLAN interfaces dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all } undo dhcp server expired { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all }

The default lease times for global address pools and VLAN interface address pools are all one day.

2.1.5 Configuring a Domain Name for DHCP Clients

You can configure a domain name used by DHCP clients for each address pool on a

DHCP server.

I. Configuring a domain name in a global DHCP address pool

Perform the following configuration in DHCP address pool view to configure a DHCP client domain name for a global DHCP address pool:

2-6

Operation Manual – DHCP

H3C S9500 Series Routing Switches

To do…

Configure a DHCP client domain name for the global DHCP address pool

Remove the DHCP client domain name from the global DHCP address pool

Chapter 2 DHCP Server Configuration

Use the command… domain-name domain name undo domain-name

II. Configuring a DHCP client domain name for a VLAN interface address pool

Perform the following configuration in VLAN interface view to configure a DHCP client domain name for the VLAN interface address pool:

To do…

Remove the DHCP client domain name from the VLAN interface address pool

Use the command…

Configure a DHCP client domain name for the DHCP address pool of the current

VLAN interface dhcp server domain-name domain name undo dhcp server domain-name

III. Configuring a DHCP client domain name for multiple VLAN interface address pools

Perform the following configuration in system view to configure a DHCP client domain name for multiple VLAN interface address pools:

To do…

Configure a DHCP client domain name for DHCP address pools of multiple

VLAN interfaces

Remove the DHCP client domain name from DHCP address pools of multiple

VLAN interfaces

Use the command… dhcp server domain-name domain name { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all } undo dhcp server domain-name domain name { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all }

By default, global address pools and VLAN interface address pools are not configured with any DHCP client domain name.

If you execute the dhcp server domain-name command multiple times, the newly configured DHCP client domain name overwrites the existing one.

2.1.6 Configuring DNS Servers for DHCP Clients

When a host uses a domain name to access the Internet, the domain name must be translated into an IP address. Domain name system (DNS) is responsible for the translation. Therefore, when a DHCP server assigns an IP address to a DHCP client, it

2-7

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 2 DHCP Server Configuration must also send a DNS server address to the client. At present, you can configure up to eight DNS server addresses for one DHCP address pool.

I. Configuring DNS server addresses for a global DHCP address pool

Perform the following configuration in DHCP address pool view to configure DNS server addresses for a global DHCP address pool:

To do…

Configure one or more DNS server addresses for the global DHCP address pool

Use the command… dns-list ip address [ ip address ]

Remove one or all DNS server addresses from the global DHCP address pool

Undo dns-list { ip address | all }

II. Configuring DNS server addresses for a VLAN interface address pool

Perform the following configuration in VLAN interface view to configure DNS server addresses for the VLAN interface address pool:

To do… Use the command…

Configure one or more DNS server addresses for the

DHCP address pool of the current VLAN interface dhcp server dns-list ip address [ ip address ]

Remove one or all DNS server addresses from the

DHCP address pool of the current VLAN interface undo dhcp server dns-list

{ ip address | all }

III. Configuring DNS server addresses for multiple VLAN interface address pools

Perform the following configuration in system view to configure DNS server addresses for multiple VLAN interface address pools:

To do…

Configure one or more DNS server addresses for the DHCP address pools of multiple VLAN interfaces

Remove one or all DNS server addresses from the DHCP address pools of multiple VLAN interfaces

Use the command… dhcp server dns-list ip address

[ ip address ] { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all } undo dhcp server dns-list { ip address

| all } { interface vlan-interface vlan id

[ to vlan-interface vlan id ] | all }

By default, no DNS server address is configured for global and VLAN interface address pools.

If you execute the dhcp server dns-list command multiple times, the newly configured

IP addresses overwrite the existing ones.

2-8

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 2 DHCP Server Configuration

2.1.7 Configuring NetBIOS Server Addresses for DHCP Clients

For clients running a Windows operating system and communicating through the

NetBIOS protocol, the translation between host name and IP address are carried out by

Windows Internet Naming Service (WINS) servers. So you need to perform configurations concerning WINS for these clients. At present, you can configure up to eight NetBIOS server addresses for a DHCP address pool.

I. Configuring NetBIOS server addresses for a global DHCP address pool

Perform the following configuration in DHCP address pool view to configure NetBIOS server addresses for a global DHCP address pool:

To do…

Configure one or more NetBIOS server addresses for a global DHCP address pool

Remove one or all NetBIOS server addresses from a global DHCP address pool

Use the command… nbns-list ip address

[ ip address ] undo nbns-list { ip address | all }

II. Configuring NetBIOS server addresses for a VLAN interface address pool

Perform the following configuration in VLAN interface view to configure NetBIOS server addresses for the VLAN interface address pool:

To do…

Configure one or more NetBIOS server addresses for the DHCP address pool of the current VLAN interface

Use the command… dhcp server nbns-list ip address [ ip address ]

Remove one or all NetBIOS server addresses from the

DHCP address pool of the current VLAN interface undo dhcp server nbns-list { ip address | all }

III. Configuring NetBIOS server addresses for multiple VLAN interface address pools

Perform the following configuration in system view to configure NetBIOS server addresses for multiple VLAN interface address pools:

To do…

Configure one or more NetBIOS server addresses for the DHCP address pools of multiple VLAN interfaces

Use the command… dhcp server nbns-list ip address

[ ip address ] { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all }

2-9

Operation Manual – DHCP

H3C S9500 Series Routing Switches

To do…

Remove one or all NetBIOS server addresses from specified DHCP address pools of multiple VLAN interfaces

Chapter 2 DHCP Server Configuration

Use the command… undo dhcp server nbns-list

{ ip address | all } { interface vlan-interface vlan id [ to vlan-interface vlan id ] | all }

By default, no NetBIOS server address is configured for global and VLAN interface address pools.

If you execute the dhcp server nbns-list command multiple times, the new configuration overwrites the previous one.

2.1.8 Configuring a NetBIOS Node Type for DHCP Clients

For DHCP clients communicating in a wide area network (WAN) through NetBIOS protocol, the mappings between their host names and IP addresses must be established. According to the ways they establish their mappings, NetBIOS nodes fall into the following four types: z z z z b (broadcast)-node: The b-node client sends the destination name in a broadcast message. The destination returns its IP address to the client after receiving the message. p (peer-to-peer)-node: The p-node client sends the destination name in a unicast message to the WINS server, and the WINS server returns the destination IP address. m (mixed)-node: A combination of broadcast and peer-to-peer. The m-node client broadcasts the destination name, upon no response, then unicasts the destination name to the WINS server to get the destination IP address. h (hybrid)-node: A combination of peer-to-peer and broadcast. The h-node client unicasts the destination name to the WINS server, upon no response, then broadcasts it to get the destination IP address.

I. Configuring a NetBIOS node type in a global DHCP address pool

Perform the following configuration in DHCP address pool view to configure a NetBIOS node type for a global DHCP address pool:

To do…

Configure a NetBIOS node type for a global DHCP address pool

Remove the configuration

Use the command… netbios-type { b-node | h-node | m-node | p-node } undo netbios-type

2-10

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 2 DHCP Server Configuration

II. Configuring a NetBIOS node type in a VLAN interface address pool

Perform the following configuration in VLAN interface view to configure a NetBIOS node type in the VLAN interface address pool:

Use the command… To do…

Configure a NetBIOS node type in the current VLAN interface DHCP address pool

Remove the configuration dhcp server netbios-type h-node | m-node | p-node

{

} b-node undo dhcp server netbios-type

III. Configuring a NetBIOS node type for multiple VLAN interface address pools

Perform the following configuration in system view to configure a NetBIOS node type for multiple VLAN interface address pools:

To do…

Configure a NetBIOS node type in multiple VLAN interface DHCP address pools

Remove the NetBIOS node type from multiple VLAN interface DHCP address pools

Use the command… dhcp server netbios-type { b-node | h-node | m-node | p-node } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } undo dhcp server netbios-type

{ interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }

By default, the DHCP clients of global and VLAN interface address pools are all of h-node type.

2.1.9 Configuring Custom DHCP Options

With the evolvement of DHCP, new options come forth continuously. To utilize these options, you can manually add them to the attribute list of a DHCP server.

I. Configuring a custom DHCP option in a global DHCP address pool

Perform the following configuration in DHCP address pool view to configure a custom

DHCP option in the global DHCP address pool:

To do…

Configure a custom DHCP option in the global DHCP address pool

Use the command…

option code { ascii ascii string | hex hex string | ip-address ip address

[ ip address ] }

Remove the custom DHCP option from the global DHCP address pool undo option code

2-11

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 2 DHCP Server Configuration

II. Configuring a custom DHCP option in a VLAN interface address pool

Perform the following configuration in VLAN interface view to configure a custom DHCP option in the VLAN interface address pool:

To do… Use the command…

Configure a custom DHCP option in the

DHCP address pool of the current VLAN interface

dhcp server option code { ascii ascii string | hex hex string | ip-address ip address [ ip address ] }

Remove a custom DHCP option from the

DHCP address pool of the current VLAN interface undo dhcp server option code

III. Configuring a custom DHCP option in multiple VLAN interface address pools

Perform the following configuration in system view to configure a custom DHCP option in multiple VLAN interface address pools:

To do…

Configure a custom DHCP option for

DHCP address pools of multiple VLAN interfaces

Remove a custom DHCP option from

DHCP address pools of multiple VLAN interfaces

Use the command…

dhcp server option code { ascii ascii string | hex hex string | ip-address ip address [ ip address ] } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } undo dhcp server option code

{ interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all }

If you execute the dhcp server option command multiple times, the newly configured option overwrites the existing one.

2.1.10 Configuring Gateways for DHCP Clients

An outbound gateway enables DHCP clients to access external network devices. At present, you can configure up to eight IP addresses of outbound gateways in a DHCP global address pool.

Perform the following configuration in DHCP address pool view to configure outbound gateway addresses for DHCP clients:

Use the command… To do…

Configure one or more outbound gateway addresses for DHCP clients

gateway-list ip address [ ip address ]

2-12

Operation Manual – DHCP

H3C S9500 Series Routing Switches

To do…

Remove one or all outbound gateway addresses

Chapter 2 DHCP Server Configuration

Use the command… undo gateway-list { ip address | all }

By default, no outbound gateway address is configured for DHCP clients.

If you execute the gateway-list command multiple times, the newly configured IP addresses overwrite the existing ones.

2.1.11 Configuring Parameters for DHCP Server to Send Ping Packets

To avoid address conflicts caused by assigning in-use IP addresses, before assigning an IP address to a DHCP client, the DHCP server pings the IP address to ensure the IP address is not occupied. The DHCP server determines whether an IP address is reachable by sending specified number of ping packets. It waits for a response for a specified period after sending each of these packets. If the DHCP server receives no response after sending all these packets, it considers the IP address is not used by other devices in this network and assigns the IP address to this DHCP client. Otherwise, it does not assign the IP address.

Perform the following configuration in system view to configure parameters for DHCP server to send ping packets:

To do… Use the command…

Set the maximum number of ping packets to be sent at a time dhcp server ping packets number

Restore the default

Set the maximum duration for the DHCP server to wait for a response to a ping packet

Restore the default maximum duration undo dhcp server ping packets dhcp server ping timeout milliseconds undo dhcp server ping timeout

By default, the DHCP server sends up to 2 ping packets to test an IP address and waits for a response for up to 500 milliseconds.

Note that the DHCP server detects address conflicts through ping packets, whereas a

DHCP client does this through ARP.

2-13

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 2 DHCP Server Configuration

2.2 Displaying and Debugging the DHCP Server

Displaying the DHCP server:

To do…

Display the statistics about IP address conflicts

Use the command… display dhcp server conflict { all | ip ip address }

Remarks

Display information about lease-expired addresses in DHCP address pool(s).

The lease-expired IP addresses in an address pool are assigned to other

DHCP clients as needed if the address pool runs out of its available IP addresses display dhcp server expired { ip ip address | pool [ pool name ] | interface [ vlan-interface vlan-id ] | all }

Available in any view

Display the ranges of available (unassigned) IP addresses in DHCP address pools

Display the forbidden IP addresses in the DHCP address pools display dhcp server free-ip display dhcp server forbidden-ip

Display the information about IP address bindings in DHCP address pool(s) display dhcp server ip-in-use { ip ip address | pool [ pool name ] | interface [ vlan-interface vlan-id ] | all }

Display the statistics about the DHCP server

Display information about the tree-like structure of

DHCP address pool(s) display dhcp server statistics display dhcp server tree { pool

[ pool name ] | interface

[ vlan-interface vlan-id ] | all }

Available in any view

Note:

The information of some dynamic entries may be lost due to frequent switchovers between the active and standby cards in the Switch, which however will cause no influence on network performance.

2-14

Operation Manual – DHCP

H3C S9500 Series Routing Switches

Debugging the DHCP server:

Chapter 2 DHCP Server Configuration

To do… Use the command… Remarks

Disable debugging for the

DHCP server

Enable debugging for the

DHCP server undo debugging dhcp server { all | error | event | packet } debugging dhcp server { all | error | event | packet }

Available in user view

Clearing the specified information of the DHCP server:

To do…

Clear the statistics about

DHCP address conflicts

Clear the information about dynamically bound addresses

Clear the statistics about the DHCP server

Use the command… reset dhcp server conflict { ip ip address | all }

Remarks reset dhcp server ip-in-use { all | interface [ vlan-interface vlan-id ] | ip ip address | pool [ pool name ] }

Available in user view reset dhcp server statistics

2.3 DHCP Server Configuration Example

I. Network requirements

As shown in

Figure 2-1

, two DHCP clients on the same network segment (10.110.0.0) are connected to the switch through a port in VLAN2. The switch, acting as a DHCP server, is supposed to assign IP addresses to the two DHCP clients without the help of any DHCP relay agent.

II. Network diagram

DHCP client DHCP client

10.110.0.0

Ethernet

10.110.1.1

Switch ( DHCP Server)

Figure 2-1 Network diagram for DHCP server

III. Configuration procedure

# Enter system view.

<H3C> system-view

2-15

Operation Manual – DHCP

H3C S9500 Series Routing Switches

# Create VLAN2.

[H3C] vlan 2

# Enter VLAN interface view.

[H3C] interface Vlan-interface 2

Chapter 2 DHCP Server Configuration

# Assign an IP address to Vlan-interface 2.

[H3C-Vlan-interface2] ip address 10.110.1.1 255.255.0.0

# Specify to assign IP addresses in the interface address pool to DHCP clients.

[H3C-Vlan-interface2] dhcp select interface

# Specify to assign IP addresses in global address pool to DHCP clients (it is also the default configuration).

[H3C-Vlan-interface2] dhcp select global

Or execute the following command to restore the default.

[H3C-Vlan-interface2] undo dhcp select

# Configure a global address pool.

[H3C] dhcp server ip-pool 1

[H3C-dhcp-1] network 10.110.0.0 mask 255.255.0.0

[H3C-dhcp-1] gateway-list 10.110.1.1

2-16

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

Chapter 3 DHCP Relay Agent Configuration

z z

When configuring the DHCP relay agent, go to these sections for information you are interested in:

Configuring the DHCP Relay Agent

DHCP Option 82 Configuration

3.1 Configuring the DHCP Relay Agent

3.1.1 Introduction to DHCP Relay Agent

DHCP adopts a client/server model, where DHCP clients send requests to the DHCP server dynamically and the DHCP server in turn returns corresponding configuration information according to the policies configured for it.

Early implementations of DHCP only work when the DHCP clients and DHCP server are in the same subnet. That is, they cannot work across networks. So, to implement dynamic host configuration, you must deploy at least one DHCP server in each subnet, and this is obviously uneconomical.

DHCP relay agent is designed to resolve this problem. Through a DHCP relay agent,

DHCP clients in a LAN can communicate with DHCP servers in other subnets to acquire IP addresses. This enables DHCP clients of multiple networks to share a common DHCP server and thus enables you to save your cost and perform centralized administration.

Figure 3-1

illustrates a typical DHCP relay application.

DHCP client DHCP client

DHCP relay

IP network

DHCP client DHCP client DHCP server

Figure 3-1 Network diagram for DHCP Relay

The dynamic host configuration procedure with the DHCP relay agent is as follows: z A DHCP client broadcasts a DHCP request packet in the local network when it starts up and initializes the configuration.

3-1

Operation Manual – DHCP

H3C S9500 Series Routing Switches z

Chapter 3 DHCP Relay Agent Configuration

If a DHCP server exists in the network, it processes the request packet directly z without the help of a DHCP relay agent.

If no DHCP server exists in the network, the network device serving as a DHCP z relay agent in the network appropriately processes the request packet and forwards it to a specified DHCP server located in another network.

After receiving the packet, the DHCP server generates configuration information accordingly and sends a reply to the DHCP client through the DHCP relay agent to complete the dynamic configuration of the DHCP client.

Note that the actual configuration procedure goes through more steps.

Note:

When forwarding BOOTP messages, the DHCP relay agent neither record user address entries, nor support Option 82.

3.1.2 Configuring the DHCP Relay Agent

z z z z z z z

The DHCP relay agent configuration includes the following:

Configuring a DHCP server for a VLAN interface

Configuring client address entries for a DHCP relay agent

Releasing the IP address of a client through the DHCP relay agent

Releasing the IP address of a client through the DHCP relay agent in system view

Releasing the IP address of a client through DHCP relay agent in interface view

Enable address check on a DHCP relay agent enabled interface

Enabling refreshing of dynamic user address entries and specifying the refreshing interval

I. Configuring a DHCP server for a VLAN interface

You can execute the ip relay address command to configure the DHCP packet processing mode as relay and a corresponding DHCP server for a VLAN interface.

Perform the following configuration in VLAN interface view to configure a corresponding DHCP server for a VLAN interface:

To do…

Configure a DHCP server for the current VLAN interface

Use the command…

ip relay address ip-address

Remove one or all DHCP servers undo ip relay address { ip-address | all }

No DHCP server is configured for a VLAN interface by default.

3-2

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

Note that when configuring a new DHCP server for a VLAN interface, the newly configured one does not overwrite the existing ones. Both the new and the old ones are valid. You can configure up to 20 DHCP server addresses for a VLAN interface.

Caution:

The IP address of a specified DHCP server cannot be the IP address of the VLAN interface where the DHCP relay agent resides.

II. Configuring client address entries for a DHCP relay agent

In a VLAN that has DHCP Relay agent configured, to enable a DHCP client using a legal fixed IP address to pass the address checking of the DHCP relay agent security feature, you must add a static address entry for the DHCP client. A static address entry is a binding between a fixed IP address and a MAC address.

Perform the following configuration in system or VLAN interface view to configure an

IP-MAC entry of a client on the DHCP relay agent:

To do…

Add a user address entry for DHCP relay

Use the command… dhcp relay security ip-address mac-address static

Remove a user address entry for DHCP relay undo dhcp relay security ip-address

3-3

Operation Manual – DHCP

H3C S9500 Series Routing Switches

Note:

Chapter 3 DHCP Relay Agent Configuration z z z

The DHCP client applies for an IP address through the DHCP relay agent. When the packet from the DHCP client arrives at the DHCP relay agent, the DHCP relay agent adds its primary IP address in the packet and forwards the packet to the DHCP server. Upon receiving the packet, the DHCP server allocates an IP address in the same segment as the IP address added by the DHCP relay agent.

If there is a local DHCP server, when the DHCP client applies for an IP address, it can be assigned with only the address which is in the same network segment with the primary IP address rather than a secondary IP address of the receiving interface of the server.

If there is no local DHCP server, when a DHCP client applies for an IP address through the relay agent, the DHCP client can be assigned with only an address which is in the same network segment with the primary IP address rather than a secondary IP address of the relay agent.

III. Releasing the IP address of a client through the DHCP relay agent

In some cases, you may have to manually release the IP address assigned to a client through the DHCP relay agent. After this function is enabled, the DHCP relay agent will actively send a release packet to the specified DHCP server. Upon receiving the packet, the DHCP server will release the lease of the specified IP address.

IV. Releasing the IP address of a client through the DHCP relay agent in system view

When configuring this function in system view: z z

If you specify no DHCP server, the DHCP relay agent will send a release packet to all DHCP servers in the DHCP server groups corresponding to all the interfaces in the DHCP relay agent mode.

If you specify a DHCP server, the DHCP relay agent will send a release packet to the DHCP server.

Follow these steps to release the IP address of a client through the DHCP relay agent in system view:

To do…

Enter system view

Use the command… system-view

Request the DHCP server to release the IP address assigned to a client dhcp relay release client-ip client-mac [ server-ip ]

Remarks

—

Required

3-4

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

V. Releasing the IP address of a client through DHCP relay agent in interface view

When you configure this function in interface view: z z

If you do not specify a DHCP server, the DHCP relay agent will send a release packet to all the DHCP servers in the DHCP server group associated with this interface.

If you specify a DHCP server, the DHCP relay agent will send a release packet to the specified DHCP server.

Follow these steps to release the IP address of a client through the DHCP relay agent in interface view:

To do…

Enter system view

Enter VLAN interface view

Use the command… system-view

interface interface-type

interface-number

—

Remarks

Request the DHCP server to release the IP address assigned to a client dhcp relay release client-mac [ server-ip client-ip

]

Required

VI. Enable address check on a DHCP relay agent enabled interface

When a client obtains an IP address from a DHCP server through a DHCP relay agent, the DHCP relay agent will record the MAC-IP mapping for the client. You can also configure static entries for clients.

The DHCP relay agent security feature is designed to prevent unauthorized users from configuring static IP addresses and accessing other networks. If you enable this feature on a VLAN interface serving as a relay agent, the switch will check the validity of the user addresses on the interface. The DHCP relay agent inhibits a user from accessing external networks if the IP address and the MAC address of the user do not match any entries (including the dynamically recorded and manually configured entries) in the user address table maintained by the DHCP relay agent.

Perform the following configuration in VLAN interface view to enable/disable DHCP address check on the VLAN interface:

To do…

Enable address check on the VLAN interface

Disable address check on the VLAN interface dhcp relay security address-check enable dhcp relay security address-check disable

Use the command…

3-5

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

The address check is disabled on a relay agent-enabled VLAN interface by default.

Caution:

After the address check feature is enabled on a DHCP relay agent enabled VLAN interface, the client that has already obtained an IP address will lose its access right and has to apply for an IP address again. Therefore, it is recommended that the administrator should conduct this configuration before any user obtains an IP address.

VII. Enabling refreshing of dynamic user address entries and specifying the refreshing interval

When a DHCP client wants to release its IP address, it sends a DHCP-RELEASE unicast to the DHCP server through the DHCP relay agent. The DHCP relay agent simply conveys the message to the server without removing the entry of the client from the client entry table. To solve this problem, the system supports refreshing dynamic user address entries at a configurable interval.

With this feature enabled, the DHCP relay agent sends DHCP-REQUEST packets periodically to the DHCP server using the recorded IP addresses and its own MAC address. z z z z

A DHCP-ACK packet returned by the DHCP server indicates that the corresponding IP address is available for being assigned and therefore the DHCP relay agent ages out the corresponding entry in the user address table.

A DHCP-NAK packet returned by the DHCP server indicates that the lease of the corresponding IP address has not expired, and therefore the DHCP relay agent does not age out the corresponding entry.

The maximum times for a DHCP relay agent to send a DHCP-REQUEST packet to the DHCP server is three. If no response from the server is received after sending a handshake packet three times, the DHCP relay agent considers the IP address is available and ages out the corresponding entry in the user address table.

If DHCP relay handshake is disabled, the DHCP relay agent does not send

DHCP-REQUEST packets to the DHCP server periodically and the entries in the user address table do not age. As a result, the expired entries are unable to be removed in time. So, you can disable DHCP relay handshake only when absolutely needed.

Follow these steps to configure the function of refreshing dynamic user address entries and the refreshing interval:

3-6

Operation Manual – DHCP

H3C S9500 Series Routing Switches

To do…

Enter system view

Chapter 3 DHCP Relay Agent Configuration

Use the command… system-view

Enable DHCP relay agent handshake function dhcp relay security tracker enable

—

Remarks

Enabled by default.

Configure the interval at which DHCP relay dynamic user address entries are refreshed dhcp relay security tracker { interval | auto }

Optional

By default, the refreshing interval is auto , that is, the agent automatically calculates the refreshing interval according to the number of entries.

3.1.3 Displaying and Maintaining the DHCP Relay Agent

To do… Use the command… Remarks

Display DHCP relay agent information on specified

VLAN interface(s) display dhcp relay address

{ interface vlan-interface vlan id | all }

Enable specified DHCP relay agent debugging

Disable specified DHCP relay agent debugging

Available in any view

Display information about legal user address entries on the DHCP relay agent display dhcprelay-security

[ ip-address ] debugging dhcp relay { all | packet | error | event }

Available in user view undo debugging dhcp relay { all | packet | error | event }

3.1.4 DHCP Relay Agent Configuration Example

I. Network requirements

As shown in

Figure 3-2

, two DHCP clients located at the same network segment

(10.110.0.0) are connected to a switch through VLAN-interface 2. The switch, acting as a DHCP relay agent, is supposed to forward DHCP packets between the two DHCP clients and the DHCP server with the IP address of 202.38.1.2.

3-7

Operation Manual – DHCP

H3C S9500 Series Routing Switches

II. Network diagram

Chapter 3 DHCP Relay Agent Configuration

DHCP client DHCP client

DHCP Ser ver

202.38.1.2

10.110.0.0

Ethernet

10.110.1.1

Internet

202.38.1.1

Ethernet

202.38.0.0

Switch ( DHCP Relay)

Figure 3-2 Network diagram for DHCP relay agent configuration

III. Configuration procedure

# Enter system view.

<H3C> system-view

# Create VLAN 2.

[H3C] vlan 2

# Enter VLAN interface view.

[H3C] interface Vlan-interface 2

# Assign an IP address to VLAN-interface 2.

[H3C-Vlan-interface2] ip address 10.110.1.1 255.255.0.0

# Enable the DHCP relay agent on the VLAN interface.

[H3C-Vlan-interface2] dhcp select relay

# Specify the DHCP server at 202.38.1.2 for the DHCP relay agent.

[H3C-Vlan-interface2] ip relay address 202.38.1.2

Note:

Besides the above configurations, you need to configure an address pool on the DHCP server and make sure the DHCP server and the switch interface connecting the two

DHCP clients are reachable to each other.

3-8

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

Caution:

Do not change or delete the IP address of the interface enabled with the DHCP Relay agent; otherwise users will be unable to obtain IP addresses.

3.2 DHCP Option 82 Configuration

3.2.1 Introduction to Option 82 Support on DHCP Relay Agent

Option 82 is the relay agent information option in the DHCP packets. With Option 82 support enabled, a DHCP relay agent adds Option 82 into a received DHCP request.

Option 82 can be composed of many sub-options, but Option 82 mentioned in this chapter only supports sub-option 1, sub-option 2 and sub-option 5. Sub-option 1 defines the agent circuit ID (that is, Circuit ID), and sub-option 2 defines the agent remote ID (that is, Remote ID). sub-option 5 is used for link selection, which includes the IP address that the DHCP relay agent adds.

With Option 82, the information about the addresses of the DHCP clients and the

DHCP relay agents can be recorded on the DHCP server. Option 82 together with other software can implement the DHCP address allocation restrictions and the accounting function.

I. Concepts z Option

A DHCP packet has a field called options, which contains part of the lease information and the packet type. The options field is length-variable and consists of one option at least and 255 options at most. z z

Option 82

Option 82 is also called relay agent information option and is part of the options field in a DHCP packet. Option 82 is defined in RFC 3046 before Option 255 and behind other options. You can define a minimum of one sub-option and a maximum of 255 sub-options for Option 82. At present, the commonly used sub-options in Option 82 include sub-option 1, sub-option 2 and sub-option 5. sub-option 1

Sub-option 1 belongs to Option 82 and defines the Circuit ID. The option identifies the

VLAN ID and Layer 2 port number of the receiving port on the relay agent. Generally, sub-option 1 and sub-option 2 are used together to identify a DHCP client. z Sub-option 2

3-9

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

Sub-option 2 also belongs to Option 82 and defines the Remote ID. This option identifies the MAC address of the relay agent. Generally, sub-option 1 and sub-option 2 are used together to identify a DHCP client. z Sub-option 5

Sub-option 5 also belongs to Option 82 and defines the link selection. It contains an IP address which is added by the DHCP relay agent, so that the DHCP server can assign to the DHCP client an IP address that is in the same network segment with this address.

II. Option 82 Structure

There is a field named options in the DHCP packets. It can be null or contains at least one feature-specific option, such as Option 82 which may comprise multiple sub-options.

Figure 3-3

illustrates the structure of Option 82.

Figure 3-3 Option 82 structure

Code: Identifies the number of the relay agent information option. It is 82 in the packet, which represents Option 82. Option 82 is before Option 255 and is behind other options in RFC 3046.

Len: Indicates the length of the Agent Information Field.

Agent Information Field: Specifies the available sub-options.

Sub-option packet structure:

Figure 3-4

shows the sub-option structure.

3-10

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

Figure 3-4 Sub-option structure

SubOpt: Indicates the number of the sub-option. Sub-options contained in this packet are sub-option 1, sub-option 2 and sub-option 5. They have the following meanings: z z z

Sub-option 1 defines the Circuit ID.

Sub-option 2 defines the Remote ID.

Sub-option 5 defines the Link Selection.

Len: Indicates the length of the Sub-option Value field.

Sub-option Value: Indicates the sub-option value. For example, the value for sub-option

1 is Circuit ID.

III. Normal mode and fixed network mode

The DHCP relay agent supports Option 82. It can add Option 82 into the request packets from the clients and forwards them to the server to identify the user location information. Only sub-option-1 and sub-option 2 can be added while sub-option 5 cannot be added currently. In the normal mode, sub-option 1 defines the layer 2 port number and VLAN ID of the receiving port, and sub-option 2 defines the MAC address of the receiving device.

In order to locate the users more exactly, we put forward the IP DSLAM user physical position location solution for DSLAM application, and define the fixed network mode of the DHCP Option 82, where the sub-option 1 of Option 82 is expressed in the form of

“Node identifier + frame number/slot number/subslot/port number + vlan”, sub-option2 still represents the MAC address of the Relay agent, and sub-option5 is not added.

3-11

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

The node identifier in the sub-option1 of Option82 is a string, which adopts the MAC address of the administration port of the device by default, in the form of

00-E0-FC-0D-DC-EC. You can modify the node identifier through configuration as needed, such as using the bridge MAC address of the relay agent, the device name

(configured through sysname), or a user-defined string.

The identifier format of sub-option1 in the fixed network mode Option 82 is:

AccessNodeIdentifier eth frame/slot/subslot/port: vlan

AccessNodeIdentifier: Access node identifier, which is a string of less than 50 characters. It is the bridge MAC address by default frame: Frame number, which is 0 if the frame is not supported eth: Ethernet port type slot: Slot number subslot: Subslot number port: Port number vlan: VLAN Identifier

IV. Protocols and Standards z z

The protocols and standards related to Option 82 support on DHCP relay agent are:

RFC 2131 Dynamic Host Configuration Protocol

RFC 3046 DHCP Relay Agent Information Option

V. Working mechanism of Option 82 support on DHCP relay agent

The process for a DHCP client to acquire an IP address from a DHCP server through a

DHCP relay agent is the same as that for a DHCP client to acquire an IP address directly from the DHCP server in the same network segment. Both the processes have four phases: discovery, offer, selection and acknowledgement. The following only introduces the working mechanism of Option 82 support on a DHCP relay agent.

1) A DHCP client broadcasts a request packet during initialization.

2) If a DHCP server exists in the local network, the DHCP client acquires an IP address from this server directly. If not, the broadcast packet is processed by the

DHCP relay agent that is connected to the local network. The DHCP relay agent will check whether Option 82 exists in the packet.

3) If Option 82 exists in the packet, the relay agent processes the packet according to the configured strategy. The DHCP relay agent may drop the packet, replace the original Option 82 with its own Option 82, or keep the original Option 82 unchanged. Then, the DHCP relay agent forwards the packet (if not dropped) to a

DHCP server.

4) If Option 82 does not exist in the request packet, the DHCP relay agent adds

Option 82 into the packet and then forwards it to the DHCP server. In this way, the

3-12

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration packet contains the MAC address and VLAN ID of the receiving port of the switch, and the MAC address of the DHCP relay agent.

5) After receiving the DHCP request packet forwarded by the DHCP relay agent, the

DHCP server records the information carried by the option. Then, the DHCP server sends to the DHCP relay agent a response packet which carries the DHCP configuration information and Option 82 information.

6) After receiving the response packet sent by the DHCP server, the DHCP relay agent strips Option 82 information in the packet. Then, it forwards the packet that carries the DHCP configuration information to the DHCP client.

Note:

The request packets sent by a DHCP client fall into four types: DHCP_DISCOVER,

DHCP_REQUEST, DHCP_RELEASE and DHCP_INFORM. The DHCP relay agent adds Option 82 into the four types of request packets. This is because the DHCP servers from different manufacturers process the request packets in different ways.

Some of them process Option 82 in the DHCP_DISCOVER packets, while others process Option 82 in the DHCP_REQUEST packets.

3.2.2 Configuring Option 82 Support on DHCP Relay Agent

I. Configuration prerequisites z z

Before enabling Option 82 support on DHCP relay agent, you should configure: z

The network parameters and the relay functions on the DHCP relay agent.

The network parameters, and the address pools and the address lease on the

DHCP server.

A route between the DHCP relay agent and the DHCP server.

3-13

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

II. Enabling Option 82 support on DHCP relay agent

Follow these steps to enable Option 82 support on the DHCP relay agent enabled

VLAN interface in VLAN interface view: view format

To do…

Enter system view

Create a VLAN interface and enter VLAN interface

Enable Option 82 support on the DHCP relay agent

Configure the strategy for the DHCP relay agent to process the request packets that carry Option

Configure the Option 82

Use the command… system-view interface vlan-interface vlan-id dhcp relay information enable dhcp relay information strategy replace }

{ drop | keep | dhcp relay information format { normal | verbose }

Configure the user identifier of Option 82 when it is in fixed network mode dhcp relay information format verbose node-identifier { mac | sysname | user-defined

string <1-50> }

Remarks

—

Required

The corresponding VLAN must exist.

Required

This feature is disabled by default.

Optional

By default, the DHCP relay agent adopts the strategy replace to process the request packets that carry Option

82. That is, the DHCP relay replaces the original

Option 82 in the packets with its own Option 82.

Optional

The format of Option 82 is normal by default.

Optional

The user identifier of

DHCP Relay Option 82 is the system bridge MAC address by default.

Follow these steps to enable Option 82 support on DHCP relay agent enabled VLAN interfaces in system view:

To do…

Enter system view

Use the command… system-view —

Remarks

Enable Option 82 support on DHCP relay agents dhcp relay information enable

{ interface vlan-interface vlan-id [ to

vlan-interface vlan-id ] | all }

Optional

Disabled by default.

3-14

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

3.2.3 Option 82 Support on DHCP Relay Agent Configuration Example

I. Network requirements

Two DHCP clients are on 10.110.0.0, and they acquire IP addresses from the DHCP server through a DHCP relay agent. The DHCP relay agent is enabled on a VLAN interface of the switch. Option 82 support is enabled on the DHCP relay agent.

II. Network diagram

Figure 3-5 Network diagram for Option 82 support on DHCP relay configuration

III. Configuration procedure

Suppose the DHCP relay agent and the DHCP server is reachable to each other. The following only introduces the configuration on the switch which serves as the DHCP relay agent.

# Enable DHCP.

<H3C> system-view

[H3C] dhcp enable

# Enter the view of the interface on which the DHCP relay agent is to be enabled.

Configure an IP address and a subnet mask for the interface so that it belongs to the same network segment with the DHCP client

[H3C] interface vlan-interface 100

[H3C-vlan-interface 100] ip address 10.110.1.1 255.255.0.0

# Enable the DHCP relay agent on the interface, and specify the DHCP server. Enable

Option 82 support on the DHCP relay agent and specify the strategy as keep . Specify the mode as fixed network mode and the system name as the node identifier.

[H3C] interface vlan-interface 100

[H3C-vlan-interface 100] dhcp select relay

[H3C-vlan-interface 100] ip relay address 202.38.1.2

[H3C-vlan-interface 100] dhcp relay information enable

[H3C-vlan-interface 100] dhcp relay information strategy keep

[H3C-vlan-interface 100] dhcp relay information format verbose

[H3C-vlan-interface 100] dhcp relay information format verbose node-identifier sysname

3-15

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 3 DHCP Relay Agent Configuration

The configuration of the DHCP server is omitted here.

3-16

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 4 DHCP Snooping Configuration

Chapter 4 DHCP Snooping Configuration

z z z z z

When configuring DHCP snooping, go to these sections for information you are interested in:

DHCP Snooping Overview

DHCP Snooping Configuration

Displaying and Maintaining DHCP Snooping

DHCP Snooping Configuration Example

Wrong DHCP Snooping Networking Examples

4.1 DHCP Snooping Overview

4.1.1 Introduction

As a DHCP security feature, DHCP snooping can implement the following:

I. Preventing DHCP clients from obtaining IP addresses from unauthorized

DHCP servers

With DHCP snooping, the ports of a device can be configured as trusted or untrusted. z z

Trusted: Ports that are connected to authorized DHCP servers or other authorized devices are configured as trusted ports, which can forward DHCP messages normally to guarantee that DHCP clients can obtain valid IP addresses.

Untrusted: An untrusted port discards DHCP-ACK and DHCP-OFFER packets received from any DHCP server to prevent DHCP clients from receiving invalid IP addresses.

II. Preventing illegal clients from accessing the external network

When a client obtains an IP address from a DHCP server, DHCP snooping records the client’s IP and MAC addresses, port name (common port or aggregate port), and VLAN

ID by reading its DHCP message and saves the information in the DHCP snooping table.

DHCP snooping prevents illegal clients from accessing the external network in cooperation with ARP. When a client wants to access the external network, it sends an

ARP request to the gateway. Then, DHCP snooping intercepts the ARP request and checks the client’s information against the DHCP snooping entries: z If the client is legal, a matching DHCP snooping entry can be found and the DHCP snooping device sends an ARP reply or forwards the ARP request. Then, the client can access the network normally.

4-1

Operation Manual – DHCP

H3C S9500 Series Routing Switches z

Chapter 4 DHCP Snooping Configuration

If the client’s IP address is manually configured, no matching DHCP snooping entry can be found. Thus, the client cannot receive any ARP reply and will fail to access the network.

Caution:

The ports of DHCP snooping entries can be manual or static aggregate ports, but cannot be dynamic aggregate ports. So, the downstream ports of DHCP snooping devices cannot be configured with dynamic aggregation.

4.1.2 DHCP Snooping and ACL

z z z z

If DHCP snooping is enabled globally, the system automatically create an ACL to filter out packets with source UDP port 67. Disabling DHCP snooping globally removes the ACL.

If DHCP snooping is enabled on a VLAN, the system automatically create an ACL to redirect packets received from the VLAN and with source UDP port 68 to the

CPU. Disabling DHCP snooping on the VLAN removes the ACL.

If you configure a port as trusted, the system automatically create an ACL to redirect packets received from the port and with source UDP port 67 to the CPU.

Disabling the trusted port function removes the ACL.

If the security check function is enabled on a port, the system uses create an ACL to redirect all ARP packets received from the port to the CPU. Disabling security check on the port removes the ACL.

4-2

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 4 DHCP Snooping Configuration

Caution: z z z z z z z z

After you configure DHCP snooping, any modification to a use-defined flow template may conflict with the DHCP snooping related ACLs, resulting in failure of implementing DHCP snooping features.

After you configure DHCP snooping on a VLAN, no flow template modification can be made on a board in the VLAN. After you configure DHCP snooping or security check on a port, no flow template modification can be made.

When performing port copying or port addition into an aggregation group for a trusted port or a security check enabled port, make sure that the same default flow template is bound to the source and destination ports; otherwise, the operation will fail.

After you enable DHCP snooping on a VLAN, the system automatically assigns a global ACL that is only supported on boards suffixed with CA, CB, DB, or DC.

After you enable DHCP snooping on a VLAN, the system assigns an ACL to all the boards. If a board has insufficient ACL resources, the system does not assign the

ACL to the board. Restarting the switch or the board may cause loss of DHCP snooping configuration or basic ACL configuration. Therefore, make sure each board has sufficient ACL resources.

On an XP4 board, make sure that the DHCP snooping trusted port and security check configurations on all the ports in a port group are the same; otherwise, unauthorized DHCP servers cannot be filtered out, or ARP packets cannot be forwarded. If the trusted port and security check configurations are performed on ports on an even-numbered XP4 board, the system does not assign any ACL to those ports.

The system will reserve an ACL for DHCP snooping. Because the number of ACLs the system assigns to a GV48 board is a multiple of 2, the system reserves two

ACLs for the board.

After global DHCP snooping is enabled, make sure user-defined ACLs do not conflict with ACLs automatically assigned by DHCP snooping.

4.1.3 DHCP Snooping Support for Option 82

The process for a DHCP client to acquire an IP address from a DHCP server through a

DHCP snooping device is the same as that for a DHCP client to acquire an IP address directly from the DHCP server in the same network segment. Both the processes have four phases: discovery, offer, selection and acknowledgement. The following only introduces the working mechanism of Option 82 support on a DHCP snooping device.

1) A DHCP client broadcasts a request packet during initialization.

4-3

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 4 DHCP Snooping Configuration

2) The DHCP snooping device which is located in the same network segment with z the DHCP client checks whether Option 82 exists in the packet.

If yes, the DHCP snooping device processes the packet according to the z configured strategy: it may drop the packet, replace the original Option 82 with its own Option 82, or keep the original Option 82 unchanged. Then, the DHCP snooping device forwards the packet (if not dropped) to a DHCP server.

If not, the DHCP snooping device adds Option 82 into the packet and then forwards it to the DHCP server. In this way, the packet contains the MAC address and VLAN ID of the receiving port of the switch, and the MAC address of the

DHCP snooping device.

3) After receiving the DHCP request, the DHCP server records the information carried by option 82. Then, the DHCP server sends to the DHCP snooping device a response packet which carries the DHCP configuration information and Option

82 information.

4) After receiving the response, the DHCP snooping device removes Option 82 information from the packet, and forwards the packet to the DHCP client.

For more information about Option 82, refer to Introduction to Option 82 Support on

DHCP Relay Agent

4.2 DHCP Snooping Configuration

Follow these steps to configure DHCP snooping: globally

To do…

Enter system view

Enable DHCP snooping

Enter VLAN view

Enable DHCP snooping on the specified VLAN

Exit VLAN view

Enter port view

Use the command… system-view dhcp-snooping enable

vlan vlan-id dhcp-snooping enable

Remarks

—

Required

Disabled by default.

—

Required

Disabled by default.

— quit

interface interface-type

interface-number

—

4-4

Operation Manual – DHCP

H3C S9500 Series Routing Switches

To do…

Specify the port as a trusted port

Chapter 4 DHCP Snooping Configuration

Enable security check on the specified port dhcp-snooping security check enable

Exit port view

Enter VLAN view quit

vlan vlan-id

Enable DHCP snooping to support Option 82

Use the command… dhcp-snooping trust dhcp-snooping information enable

Remarks

Required

You need to configure a port that is connected to an authorized DHCP server as trusted to ensure that

DHCP clients can obtain valid IP addresses.

By default, after you enable

DHCP snooping globally, all the ports on the switch are untrusted ports.

Required

Disabled by default.

—

Optional

By default, DHCP snooping

Option 82 support is disabled on all the VLANs.

Configure the handling strategy for request messages containing

Option 82 dhcp-snooping information strategy

{ drop | keep | replace }

Optional replace by default.

Configure the padding format for Option 82

Configure the node identifier of DHCP snooping Option 82

Exit VLAN view

Configure a static DHCP snooping entry dhcp-snooping information format

{ normal | verbose }

Optional normal by default. dhcp-snooping information format verbose node-identifier { mac | sysname |

user-defined string }

Optional

Use this command after you specify the fixed network mode for DHCP snooping Option 82.

By default, the bridge MAC address is adopted as the node identifier for Option

82.

— quit dhcp-snooping entry

ip ip-address mac mac-address

vlan vlan-id { interface interface-type interface-number | aggregation-group

group-id }

Optional

The aggregation group to be specified can only be a static or manual aggregation group; dynamic aggregation group is not supported.

4-5

Operation Manual – DHCP

H3C S9500 Series Routing Switches

To do…

Chapter 4 DHCP Snooping Configuration

Remove DHCP snooping entries

Use the command… reset dhcp-snooping entry { mac

mac-address | vlan

vlan-id | ip ip-address |

interface port-type port-number |

aggregation-group

group-id | dynamic | static | all }

Optional

Remarks

Available in user view

4.2.1 Configuration Guidelines

I. DHCP snooping trusted port configuration

You need to configure a port that is connected to an authorized DHCP server as trusted to ensure that DHCP clients can obtain valid IP addresses.

II. DHCP snooping security check configuration

If a port belongs to an aggregation group, the security check configuration on the port will not be automatically synchronized to other ports in the aggregation group. To do so, you need to perform certain configurations; otherwise, problems may occur.

III. DHCP snooping Option 82 support configuration z z

If the VLAN has isolate-user-vlans configured, the DHCP snooping device cannot find from packets received from the upstream device whether the corresponding secondary VLANs support Option 82. Therefore, if a secondary VLAN supports

Option 82, the DHCP snooping device removes Option 82 from DHCP responses; if no secondary VLAN supports Option 82, it does not remove Option 82 from

DHCP packets.

If isolate-user-vlans are configured on the downstream VLAN, Option 82 is not removed from DHCP responses.

IV. Static DHCP snooping entry configuration z z z

If a static/manual aggregation group is specified in a static or dynamic DHCP snooping entry, removing the static/manual aggregation group also removes the corresponding DHCP snooping entry.

If a port is specified in a static or dynamic DHCP snooping entry, adding the port into an aggregation group removes the corresponding DHCP snooping entry.

After a DHCP snooping entry is removed, the corresponding client can still access the network until the ARP entry of the client or the gateway ages out.

4-6

Operation Manual – DHCP

H3C S9500 Series Routing Switches Chapter 4 DHCP Snooping Configuration

4.3 Displaying and Maintaining DHCP Snooping

To do…

Display DHCP snooping entries

Display information about trusted ports

Enable DHCP snooping debugging

Use the command… display dhcp-snooping entry { vlan vlan-id [ to vlan-id ] | interface port-type port-number | aggregation-group group-id | ip ip-address | all }

Remarks

Available in any view display dhcp-snooping trust debugging dhcp-snooping { packet

[ interface interface-type interface-number [ to interface-type interface-number ] ] | error | event | all }

Disabled by default

4.4 DHCP Snooping Configuration Example

I. Network requirements z z z

A DHCP snooping device is connected to a DHCP server through Ethernet 1/1/1, and connected to two DHCP clients through Ethernet 1/1/2 and Ethernet 1/1/3.

On the DHCP snooping device, Ethernet 1/1/1 can forward DHCP server responses while the other two interfaces cannot.

When a DHCP client accesses the external network after obtaining an IP address from the DHCP server, the administrator can check the client’s IP-to-MAC binding, number and VLAN ID of the port that received the client’s request.

II. Network diagram

Figure 4-1 Network diagram for DHCP snooping configuration

III. Configuration procedure

# Enable DHCP snooping globally.

<H3C> system-view

4-7

Operation Manual – DHCP

H3C S9500 Series Routing Switches

[H3C] dhcp-snooping enable

Chapter 4 DHCP Snooping Configuration

# Create VLAN 100 and add Ethernet 1/1/1, Ethernet 1/1/2 and Ethernet 1/1/3 into the

VLAN.

[H3C] vlan 100

[H3C-vlan100] quit

[H3C] interface ethernet1/1/1

[H3C-Ethernet1/1/1] port link-type trunk

[H3C-Ethernet1/1/1] port trunk permit vlan 100

[H3C-Ethernet1/1/1] port trunk pvid vlan 100

[H3C-Ethernet1/1/1] interface ethernet1/1/2

[H3C-Ethernet1/1/2] port access vlan 100

[H3C-Ethernet1/1/2] interface ethernet1/1/3

[H3C-Ethernet1/1/3] port access vlan 100

[H3C-Ethernet1/1/3] quit

# Configure Ethernet 1/1/1 as a trusted port.

[H3C] interface ethernet1/1/1

[H3C-Ethernet1/1/1] dhcp-snooping trust

[H3C-Ethernet1/1/1] quit

# Enable DHCP snooping on VLAN 100.

[H3C] vlan 100

[H3C-vlan100] dhcp-snooping enable

[H3C-vlan100] quit

# Enable DHCP snooping security check on Ethernet 1/1/2.

[H3C] interface ethernet1/1/2

[H3C-Ethernet1/1/2] dhcp-snooping security check enable

[H3C-Ethernet1/1/2] quit

# Enable DHCP Snooping Option 82 support on VLAN 100.

[H3C] vlan 100

[H3C-vlan100] dhcp-snooping information enable

[H3C-vlan100] dhcp-snooping information strategy replace

[H3C-vlan100] dhcp-snooping information format verbose

[H3C-vlan100] dhcp-snooping information format verbose node-identifier sysname

4-8

Operation Manual – DHCP

H3C S9500 Series Routing Switches

Note:

Chapter 4 DHCP Snooping Configuration

To ensure the DHCP client to obtain an IP address from the DHCP server, you need to complete other configurations on the DHCP client and DHCP server. The configuration procedure is omitted because it varies depending on the device model.

4.5 Wrong DHCP Snooping Networking Examples

The DHCP snooping enabled device can work when it is between the DHCP client and server or between the DHCP client and relay agent. It does not work if it is between the

DHCP server and DHCP relay agent.

The following shows two wrong DHCP snooping networking examples.

I. Wrong DHCP networking example I

Figure 4-2 Network diagram for a wrong DHCP snooping network

In Figure 4-2 , the DHCP snooping device is between the DHCP relay agent and DHCP

server.

In this network, because the source and destination UDP port numbers in DHCP packets exchanged between the DHCP relay agent and DHCP server are both 67, the

DHCP snooping device cannot judge the sender of DHCP packets. Moreover, because the port on the DHCP snooping device that is connected to the DHCP relay agent is an untrusted port, DHCP request packets sent by the DHCP relay agent cannot be forwarded to the DHCP server. Thus, no DHCP snooping entry can be generated on the DHCP snooping device.

II. Wrong DHCP networking example II

Figure 4-3 Network diagram for a wrong DHCP snooping network

Figure 4-3 , the DHCP server is between the DHCP client and DHCP snooping

device.

In this network, the DHCP snooping device obtains DHCP request and reply packets from the port connected to the DHCP server. Thus, no DHCP snooping entry can be generated on the DHCP snooping device.

4-9

Table of Contents

Chapter 1 DHCP Overview

1.1 DHCP Principles

1.1.1 BOOTP Relay Agent

1.1.2 DHCP and BOOTP Relay Agent

1.2 General DHCP Configuration

1.2.1 Enabling/Disabling DHCP

1.2.2 Configuring Processing Method of DHCP Packets

1.2.3 Enabling/Disabling Unauthorized DHCP Server Detection

Chapter 2 DHCP Server Configuration

2.1 Configuring the DHCP Server

2.1.1 Creating a Global DHCP IP Address Pool

2.1.2 Configuring the IP Address Assignment Mode

2.1.3 Excluding Specified IP Addresses from Assignment

2.1.4 Configuring a Lease Time for a DHCP Address Pool

2.1.5 Configuring a Domain Name for DHCP Clients

2.1.6 Configuring DNS Servers for DHCP Clients

2.1.7 Configuring NetBIOS Server Addresses for DHCP Clients

2.1.8 Configuring a NetBIOS Node Type for DHCP Clients

2.1.9 Configuring Custom DHCP Options

2.1.10 Configuring Gateways for DHCP Clients

2.1.11 Configuring Parameters for DHCP Server to Send Ping Packets

2.2 Displaying and Debugging the DHCP Server

2.3 DHCP Server Configuration Example

Chapter 3 DHCP Relay Agent Configuration

3.1 Configuring the DHCP Relay Agent

3.1.1 Introduction to DHCP Relay Agent

3.1.2 Configuring the DHCP Relay Agent

3.1.3 Displaying and Maintaining the DHCP Relay Agent

3.1.4 DHCP Relay Agent Configuration Example

3.2 DHCP Option 82 Configuration

3.2.1 Introduction to Option 82 Support on DHCP Relay Agent

3.2.2 Configuring Option 82 Support on DHCP Relay Agent

3.2.3 Option 82 Support on DHCP Relay Agent Configuration Example

Chapter 4 DHCP Snooping Configuration

4.1 DHCP Snooping Overview

4.1.1 Introduction

4.1.2 DHCP Snooping and ACL

4.1.3 DHCP Snooping Support for Option 82

4.2 DHCP Snooping Configuration

4.2.1 Configuration Guidelines

4.3 Displaying and Maintaining DHCP Snooping

4.4 DHCP Snooping Configuration Example

4.5 Wrong DHCP Snooping Networking Examples

Related

H3C S9500 Series Operation Manual

H3C S9500 Series UDP Helper Manual: AI Chat & PDF

H3C S9500 Series Operation Manual

H3C S9500 Series Operation Manual

H3C S9500 Series Network Protocol Operation Manual

H3C S9500 Series Command Manual

3Com S9505, S9508 FABRIC, S9512 FABRIC Operation Manual

H3C S9500 Series Command Manual

HPE H3C S9500 Series Operation Manual

H3C S9500 Series Routing Switch Command Manual

VLAN S9500 Routing Switches Operation Manual

H3C S9500 Series Operation Manual