3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

611

612

613

614

615

616

617

618

619

620

Configuring DHCP Relay Agent 617

However, if two equal-cost uplinks to the DHCP server exist, the packets from a

client may have different source IP addresses. As a result, some packets may fail to

pass the validity check.

Switch 7750 Ethernet switches supports specifying the source IP address of uplink

packets. With this feature enabled on the relay agent, the source IP address of a

client’s packet to be forwarded to the DHCP server is the IP address of the

receiving interface.

Configuring DHCP Relay

Agent Security

Functions

Configuring address checking

When a DHCP client obtains an IP address from a DHCP server through the DHCP

relay agent, the DHCP relay agent automatically generates the binding between

the client’s IP address, MAC address, VLAN ID, and port number. You can also

manually configure such bindings for clients on the DHCP relay agent.

The purpose of the address checking function on DHCP relay agent is to prevent

unauthorized users from statically configuring IP addresses to access external

networks. With this function enabled, a DHCP relay agent inhibits a user from

accessing external networks if the binding of the IP address, MAC address, VLAN

ID, and port number do not match any entries (including the entries dynamically

tracked by the DHCP relay agent and the manually configured static entries) in the

user address table on the DHCP relay agent.

Table 488 Specify the source IP address of uplink packets

Operation Command Description

Enter system view system-view -

Specify the source IP address of

packets on the DHCP relay

agent

dhcp relay source-ip

source-interface

Required

This feature is disabled

by default. That is, the

source IP address of the

packets sent to the

DHCP server is the IP

address of the relay

agent’s interface that

connects to the DHCP

server.

Table 489 Configure address checking

Operation Command Description

Enter system view system-view -

Configure a static user

address entry on the DHCP

relay agent

dhcp-security static

ip-address mac mac-address

[ vlan vlan-id | port

interface-type

interface-number ]*

Optional

By default, no DHCP user

address entry is configured

Enter interface view interface interface-type

interface-number

Enable the address checking

function

address-check enable Required

By default, the address

checking function is disabled