3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

731

732

733

734

735

736

737

738

739

740

Configuring DHCP Relay Agent 739

Configure dynamic binding update interval

Via the DHCP relay agent, a DHCP client sends a DHCP-RELEASE unicast message

to the DHCP server to relinquish its IP address. In this case the DHCP relay agent

simply conveys the message to the DHCP server, thus it does not remove the IP

address from its bindings. To solve this, the DHCP relay agent can update dynamic

bindings at a specified interval.

The DHCP relay agent use its own MAC address and the IP address to be assigned

to a client to regularly send a DHCP-REQUEST message to the DHCP server. If the

server returns a DHCP-ACK message, which means IP address to be assigned to

the client is assignable now, the DHCP relay agent will update its bindings by

aging out the binding entry of the client’s IP address. If the server returns a

DHCP-NAK message, which means the IP address is still in use, the relay agent will

not age it out.

To configure dynamic binding update interval, use the following commands:

A large number of binding entries may result in a slow refreshing speed, so you

are recommended to use the default refreshing interval.

Enable unauthorized DHCP servers detection

There are invalid DHCP servers on networks, which reply DHCP clients with wrong

IP addresses. These invalid DHCP servers are unauthorized DHCP servers.

With this feature enabled, upon receiving a DHCP message with the siaddr field (IP

address of the server assigning IP addresses to clients) not being 0 from a client,

the DHCP relay agent will record the value of the siaddr field and the information

on the interface receiving the DHCP message. The administrator can use this

information to check out any DHCP unauthorized servers.

To enable unauthorized DHCP server detection, use the following commands:

With the unauthorized DHCP server detection enabled, the device puts a record

once for each DHCP server. The administrator needs to find unauthorized DHCP

servers from the log information. After the recorded information of a DHCP server

is cleared, a new record will be put for the DHCP server.

To do... Use the command... Remarks

Enter system view system-view -

Configure binding update

interval

dhcp relay security tracker {

interval | auto }

Optional

auto by default (auto interval

is calculated by the relay

agent according to the

number of bindings)

To do... Use the command... Remarks

Enter system view system-view -

Enable unauthorized DHCP

server detection

dhcp relay server-detect Required

Disabled by default