Manualshelf

R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
51525354555657585960
45
Ste
p
Command
Remarks
3. Configure the ping timeout time.
dhcp server ping timeout
milliseconds
Optional.
The default setting is 500 milliseconds.
The value 0 disables IP address conflict
detection.
Configuring the DHCP server to work with authorized ARP
Only the clients that obtain an IP address from the DHCP server are considered as authorized clients. If
the DHCP server also serves as the gateway, the DHCP server can work with authorized ARP to block
unauthorized clients and prevent ARP spoofing attacks.
To enable the DHCP server to work with authorized ARP, perform the following:
Configure the DHCP server to support authorized ARPThe DHCP server notifies authorized ARP
to add/delete/change authorized ARP entries when adding/deleting/changing IP address leases.
Enable authorized ARPThe ARP automatic learning function is disabled after you enable
authorized ARP. ARP entries are added according to the IP address leases specified by the DHCP
server, to avoid learning incorrect ARP entries.
The DHCP server works with authorized ARP for the following purposes:
Only the clients that have obtained IP addresses from the DHCP server and have their ARP entries
recorded on the DHCP server are authorized clients and can access the network correctly.
The clients that have not obtained IP addresses from the DHCP server are considered unauthorized
clients and are unable to access the network.
Disabling ARP automatic learning prevents network attacks such as IP/MAC address spoofing
attacks, and only authorized users can access the network.
Configuration guidelines
Follow these guidelines when you configure the DHCP server to work with authorized ARP:
Authorized ARP can only be configured on Layer 3 interfaces.
When the working mode of the interface is changed from DHCP server to DHCP relay agent,
neither the IP address leases nor the authorized ARP entries are deleted. Because these ARP entries
might conflict with new ARP entries generated on the DHCP relay agent. HP recommends that you
delete the existing IP address leases by using the reset dhcp server ip-in-use command before
changing the interface working mode to DHCP relay agent.
Disabling the DHCP server to support authorized ARP dose not delete the IP address leases, but
deletes the corresponding authorized ARP entries.
For more information about authorized ARP, see Security Configuration Guide. For more information
about the arp authorized enable command, see Security Command Reference.
Configuration procedure
To configure the DHCP server to work with authorized ARP:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A