F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

211

212

213

214

215

216

217

218

219

220

191

Item Descri

tion

Unauthorized Server

Detect

Enable or disable unauthorized DHCP server detection.

There are unauthorized DHCP servers on networks, which reply DHCP clients with

wrong IP addresses.

With this feature enabled, the DHCP relay agent checks whether a request contains

Option 54 (Server Identifier Option). If it does, the DHCP relay agent records in the

option the IP address of the DHCP server that assigned an IP address to the client and

records the receiving interface. The administrator can use this information to check

for unauthorized DHCP servers.

With the unauthorized DHCP server detection enabled, the device records all

detected DHCP servers (including authorized DHCP servers) and saves one record

for each server. The administrator needs to find unauthorized DHCP servers from the

log information.

Dynamic Bindings

Refresh

Enable or disable periodic refresh of dynamic client entries, and set the refresh

interval.

Through the DHCP relay agent, a DHCP client sends a DHCP-RELEASE unicast

message to the DHCP server to relinquish its IP address. In this case, the DHCP relay

agent simply conveys the message to the DHCP server and does not remove the

corresponding client entry. To solve this problem, you can enable the periodic

refresh of dynamic client entries.

With this feature, the DHCP relay agent uses the IP address of a client and the MAC

address of the DHCP relay agent interface to periodically send a DHCP-REQUEST

message to the DHCP server.

• If the server returns a DHCP-ACK message or does not return any message within

a specific interval, the DHCP relay agent considers the IP address assignable now

and ages out the client entry. In addition, upon receiving a DHCP-ACK packet, the

DHCP relay agent sends a DHCP-RELEASE to release the IP address.

• If the server returns a DHCP-NAK message, which means the IP address is still in

use, the relay agent does not age it out.

If the Auto option is selected, the refresh interval is calculated by the relay agent

according to the number of client entries.

Track Timer Interval

514BCreating a DHCP server group

1. From the navigation tree, select Network > DHCP > DHCP Relay.

The DHCP relay agent configuration page appears, as shown in

2403HFigure 113.

2. In the Server Group field, click Add.

The page for creating a server group appears.

Figure 114 Creating a server group

3. Configure a DHCP server group as described in 2404HTable 28.

4. Click Apply.