R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide
44
Configuring the DHCP server security functions
Configuration prerequisites
Before you perform this configuration, complete the following configurations on the DHCP server:
1. Enable DHCP.
2. Configure the DHCP address pool.
Enabling unauthorized DHCP server detection
Unauthorized DHCP servers on a network might assign wrong IP addresses to DHCP clients.
With unauthorized DHCP server detection enabled, the DHCP server checks whether a DHCP request
contains Option 54 (Server Identifier Option). If yes, the DHCP server records in the option the IP address
of the DHCP server that assigned an IP address to a requesting DHCP client and records the receiving
interface. The administrator can use this information to check for unauthorized DHCP servers.
To enable unauthorized DHCP server detection:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable unauthorized DHCP
server detection.
dhcp server detect Disabled by default.
With the unauthorized DHCP server detection enabled, the device logs each detected DHCP server once.
The administrator can use the log information to find unauthorized DHCP servers.
Configuring IP address conflict detection
Before assigning an IP address, the DHCP server pings that IP address.
• If the server receives a response within the specified period, it selects and pings another IP address.
• If it receives no response, the server continues to ping the IP address until a specific number of ping
packets are sent. If still no response is received, the server assigns the IP address to the requesting
client. (The DHCP client probes the IP address by sending gratuitous ARP packets.)
To configure IP address conflict detection:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify the maximum number of
ping packets to be sent for
conflict detection.
dhcp server ping packets
number
Optional.
The default setting is one.
The value 0 disables IP address conflict
detection.