No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

S1720, S2700, S5700, and S6720 V200R012(C00 and C20)

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DHCP policy VLAN, DNS, mDNS gateway, mDNS relay, UDP Helper, IP performance optimization, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel, and IPv4 over IPv6 tunnel.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Application Scenarios of the DHCP Relay Agent

Application Scenarios of the DHCP Relay Agent

On a medium- or large-scale network, hosts are configured on different network segments to differentiate services. A DHCP relay agent and a DHCP server can be deployed to dynamically allocate network parameters including IP addresses to the hosts. This conserves server resources and facilitates unified host management.

The following describes two common application scenarios of DHCP relay agents depending on the locations of a DHCP server:

A DHCP Server and DHCP Relay Agents Are Located on the Local Network

Figure 3-10 shows an enterprise with departments A, B, and C. The egress gateway functions as a DHCP server. Hosts in the departments are not on the same network segment as the DHCP server. The enterprise requires that one DHCP server dynamically allocates the IP addresses and DNS server address to the hosts. (The DNS server is used to resolve domain names to IP addresses.) To meet this requirement, deploy DHCP relay agents between the DHCP server and hosts.

Figure 3-10  Local network where the DHCP server and DHCP relay agents are located

Normally, a host gateway functions as a DHCP relay agent, and an enterprise egress gateway functions as a DHCP server. A DHCP server can also be independently deployed.

DHCP Discover messages are broadcast on a network segment, bringing risks of DHCP attacks, such as bogus DHCP server attacks and DoS attacks. To defend against DHCP attacks and improve security, configure DHCP snooping on a user-side device (Switch_3) between the DHCP server and clients. DHCP snooping ensures that hosts obtain IP addresses only from the authorized DHCP server. In addition, the device enabled with DHCP snooping records the mapping between IP addresses and MAC addresses.

For detailed configuration of DHCP snooping, see DHCP Snooping Configuration in S1720, S2700, S5700, and S6720 V200R012(C00&C20) Configuration Guide - Security.

A DHCP Relay Agent Connects to a DHCP Server Across the Internet

In Figure 3-11, an enterprise needs to extend branch departments A and B. The branches are connected to the headquarters across the Internet through a GRE tunnel. Switch_2 is the branch egress gateway, and the DHCP server is deployed in the headquarters. The enterprise requires that the DHCP server in the headquarters dynamically allocates the IP addresses and DNS server address to the hosts. (The DNS server is used to resolve domain names to IP addresses.) Configure Switch_2 as a DHCP relay agent to allow the DHCP server to dynamically allocate network parameters including IP addresses to the hosts in the branches through the Internet.

Figure 3-11  DHCP relay agent connected to a DHCP server through the Internet
Translation
Download
Updated: 2018-12-24

Document ID: EDOC1100038342

Views: 90681

Downloads: 291

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next