39-24
Be cautious when configuring self-defined DHCP options because such configuration may affect the
DHCP operation process.
Configuring DHCP Server Security Functions
DHCP security configuration is needed to ensure the security of DHCP service.
Prerequisites
Before configuring DHCP security, you should first complete the DHCP server configuration (either
global address pool-based or interface address pool-based DHCP server configuration).
Enabling Unauthorized DHCP Server Detection
If there is an unauthorized DHCP server in the network, when a client applies for an IP address, the
unauthorized DHCP server may assign an incorrect IP address to the client.
With this feature enabled, when receiving a DHCP message with the siaddr field not being 0 from a
client, the DHCP server will record the value of the siaddr field and the receiving interface. The
administrator can use such information to check out any DHCP unauthorized servers.
Follow these steps to enable unauthorized DHCP server detection:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable the unauthorized DHCP server
detecting function
dhcp server detect
Required
Disabled by default.
With the unauthorized DHCP server detection enabled, the relay agent will log all DHCP servers,
including authorized ones, and each server is recorded only once. The administrator needs to find
unauthorized DHCP servers from the system log information.
Configuring IP Address Detecting
To avoid IP address conflicts caused by assigning the same IP address to multiple DHCP clients
simultaneously, you can configure a DHCP server to detect an IP address before it assigns the address
to a DHCP client.
The DHCP server pings the IP address to be assigned using ICMP. If the server gets a response within
the specified period, the server will ping another IP address; otherwise, the server will ping the IP
addresses once again until the specified number of ping packets are sent. If still no response, the