3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

611

612

613

614

615

616

617

618

619

620

618 CHAPTER 58: DHCP RELAY AGENT CONFIGURATION

Specifying address checking fields

After enabled with the address checking function, Switch 7750 Ethernet switches

default to check the IP address, MAC address, VLAN ID, and port number of a

DHCP client respectively. The DHCP client can access external networks only after

an entry matching all the four fields is found in the client address table.

You can disable some fields (MAC address, VLAN ID, or port number) from address

checking as needed. Thus, after enabled with address checking, the DHCP relay

agent will not check the disabled fields, so that the clients not matching all the

fields can also access external networks.

If you configure a static client address entry on the DHCP relay agent using the

dhcp-security static command without specifying the vlan or port keyword, the

DHCP relay agent will not check the VLAN ID or port number when performing

address checking for the client, even if the two fields are enabled for address

checking.

Configuring dynamic entries

Through this configuration task, you can validate or invalidate the dynamic

IP-to-MAC mapping entries generated by the DHCP relay agent. DHCP client

addresses are matched based on the dynamic entries generated by DHCP relay

agent only after these entries are activated; otherwise, DHCP client addresses are

matched based only on the security address entries statically configured.

Table 490 Specify address checking fields

Operation Command Description

Enter system view system-view -

Enter interface view interface interface-type

interface-number

Specify address checking

field(s)

address-check field { mac | vlan |

port } enable

Optional

By default, after

enabled with the

address checking

function, the DHCP

relay agent checks the

IP address, MAC

address, VLAN ID, and

port number of a

DHCP client

respectively.

Disable specified address

checking field(s)

address-check field { mac | vlan |

port } disable

Table 491 Configure dynamic entries generated by DHCP relay agents

Operation Command Description

Enter system view system-view -

Enter VLAN interface

view

interface interface-type

interface-number

Validate the dynamic

entries generated by

the DHCP relay agent

address-check dhcp-relay

enable

Optional

By default, the dynamic IP-to-MAC

mapping entries generated by the

DHCP relay agent are valid