3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

401

402

403

404

405

406

407

408

409

410

396 CHAPTER 46: DHCP RELAY CONFIGURATION

You can configure an interface to forward DHCP packets received from DHCP clients

to a group of external DHCP server(s), so that the DHCP server(s) in this group can

assign IP addresses to the DHCP clients under this interface.

You can configure up to eight external DHCP IP addresses in a DHCP server group.

You can map multiple VLAN interfaces to one DHCP server group. But one VLAN

interface can be mapped to only one DHCP server group. If you execute the

dhcp-server groupNo command repeatedly, the new configuration overwrites the

previous one.

The group number referenced in the dhcp-server groupNo command must has

already been configured by using the dhcp-server groupNo ip ipaddress1 [

ipaddress-list ] command.

Configuring DHCP Relay

Security

Configuring address checking

When a DHCP client obtain an IP address from a DHCP server with the help of a DHCP

relay, the DHCP relay creates an entry (dynamic entry) in the user address table to

track the IP-MAC address binding information about the DHCP client. You can also

configure user address entries manually (static entries) to bind an IP address and a

MAC address statically.

The purpose of the address checking function on DHCP relay is to prevent

unauthorized users from statically configuring IP addresses to access external

networks. With this function enabled, a DHCP relay inhibits a user from accessing

external networks if the IP address configured on the user end and the MAC address

of the user end do not match any entries (including the entries dynamically tracked by

the DHCP relay and the manually configured static entries) in the user address table

on the DHCP relay.

Table 339 Configure an interface to operate in DHCP relay mode

Operation Command Description

Enter system view system-view —

Configure the DHCP

server IP address(es) in

a specified DHCP server

group

dhcp-server groupNo ip

ip-address1 [ ipaddress-list ]

Required

By default, no DHCP server IP

address is configured in a DHCP

server group.

Map an interface to a

DHCP server group

interface interface-type

interface-number

Required

By default, a VLAN interface is not

mapped to any DHCP server group.

dhcp-server groupNo

Table 340 Configure address checking

Operation Command Description

Enter system view system-view —

Create a DHCP user

address entry manually

dhcp-security static

ip-address mac-address

Optional

By default, there is no manually

configured DHCP user address

entry.

Enter interface view interface interface-type

interface-number

—

Enable the address

checking function

address-check enable Required

By default, the address checking

function is disabled.