3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

581

582

583

584

585

586

587

588

589

590

DHCP Relay Configuration 581

■ When the flag field is set to 0, the DHCP relay agent unicasts the response

packets to the clients.

In actual networking, if clients have special requirements, the Switch 7750 Family

supports the following commands so as to force the DHCP relay agent to

broadcast the responses to the clients. After this function is enabled, even if the

flag field in the DHCP-DISCOVER packet is set to 0, the DHCP relay agent still

broadcasts responses to the clients.

Configuring DHCP Relay

Security

Configuring address checking

When a DHCP client obtains an IP address from a DHCP server with the help of a

DHCP relay, the DHCP relay creates an entry (dynamic entry) in the user address

table to track the IP-MAC address binding information about the DHCP client. You

can also configure user address entries manually (static entries) to bind an IP

address and a MAC address statically.

The purpose of the address checking function on DHCP relay is to prevent

unauthorized users from statically configuring IP addresses to access external

networks. With this function enabled, a DHCP relay inhibits a user from accessing

external networks if the IP address configured on the user end and the MAC

address of the user end do not match any entries (including the entries

dynamically tracked by the DHCP relay and the manually configured static entries)

in the user address table on the DHCP relay.

Configuring dynamic entries

Through this configuration task, you can validate or invalidate the dynamic

IP-to-MAC mapping entries generated by the DHCP relay agent. Only valid entries

Table 452 Configure the DHCP relay agent to broadcast responses to clients

Operation Command Description

Enter system view system-view -

Configure the DHCP relay

agent to broadcast responses

to clients

dhcp relay reply broadcast

Required

Generally, the DHCP relay

determines to broadcast or

unicast responses to the

clients according to the flag

field in the DHCP-DISCOVER

packet.

Table 453 Configure address checking

Operation Command Description

Enter system view system-view -

Create a DHCP user address

entry manually

dhcp-security static

ip-address mac-address

Optional

By default, no DHCP user

address entry is configured

Enter interface view

interface interface-type

interface-number

Enable the address checking

function

address-check enable

Required

By default, the address

checking function is disabled