56 CHAPTER 4: NETWORK PROTOCOL OPERATION
When associating a VLAN interface to a new DHCP server group, you can
configure the association without disassociating it from the previous group.
By default, VLAN interfaces have no associated DHCP server group.
Configuring the Address Table Entry
To check the address of users who have valid and fixed IP addresses in the VLAN
(with DHCP enabled), it is necessary to add an entry in the static address table.
Perform the following configuration in system view.
Enabling/Disabling DHCP Security Features
Enabling DHCP security features starts an address check on the VLAN interface,
while disabling DHCP security features cancels an address check.
Perform the following configuration in VLAN interface view.
By default, DHCP security features function are disabled.
Enabling/Disabling DHCP Pseudo-server Detection
Suppose there is a DHCP server placed on a network without permission. When
there is a user request for an IP address, the DHCP server will interact with the
DHCP client, leading the user to get a wrong IP address. In this case, the user will
be unable to access the network. Such a DHCP server is called DHCP
pseudo-server.
After a DHCP pseudo-server detection-enabled, switch will record the information
of the DHCP servers such as their IP addresses so that the administrator can
discover the DHCP pseudo-servers.
Perform the following configuration in system view.
By default, DHCP pseudo-server detection is disabled.
Table 10 Configure/Delete the Address Table Entry
Operation Command
Add an entry to the address table dhcp-security static ip_address mac_address
{ dynamic | static }
Delete an entry from the address table undo dhcp-security { ip_address | all |
dynamic | static }
Table 11 Enable/Disable DHCP Security on VLAN Interfaces
Operation Command
Enable DHCP security features address-check enable
Disable DHCP security features on VLAN
interface
address-check disable
Table 12 Enabling and Disabling DHCP Pseudo-server Detection
Operation Command
Enable DHCP pseudo-server detection dhcp-server detect
Disable DHCP pseudo-server detection undo dhcp-server detect