No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
NetEngine AR V300R019 CLI-based Configuration Guide - IP Service
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a DHCP Relay Agent

Configuring a DHCP Relay Agent

Enabling DHCP

Context

Before enabling the DHCP relay function, enable DHCP in the system view.

  • The dhcp enable command is the prerequisite for configuring DHCP-related functions, including DHCP relay, DHCP snooping, and DHCP server. These functions take effect only after the dhcp enable command is run. After the undo dhcp enable command is run, all DHCP-related configurations of the device are deleted. After DHCP is enabled again using the dhcp enable command, all DHCP-related configurations of the device are restored to the default configurations.

  • After DHCP is enabled, if STP is also enabled, address allocation may slow down. By default, STP is enabled. To disable STP, run the undo stp enable command.

Procedure

  1. Enter the system view. 

    system-view

  2. Enable DHCP. 

    dhcp enable

    By default, DHCP is disabled.

  3. (Optional) Enable dynamic route limiting on DHCP messages. 

    dhcp speed-limit auto

    By default, dynamic rate limiting is disabled on DHCP messages.

Enabling the DHCP Relay Function

Context

Enable the DHCP relay function on an interface so that the interface functions as a DHCP relay agent.

Procedure

  1. Enter the system view.

    system-view

  2. Enter the interface view or sub-interface view.

    interface interface-type interface-number [.subinterface-number ]

  3. Configure an IP address for the interface.

    ip address ip-address { mask | mask-length }

    • The DHCP relay function is configured on the user-side gateway interface typically. The IP address of the gateway interface must be on the same network segment as the address pool configured on the DHCP server; otherwise, DHCP clients cannot obtain IP addresses.

  4. Enable the DHCP relay function on the interface.

    dhcp select relay

    By default, the DHCP relay function is disabled on an interface.

    When enabling the DHCP relay function on a sub-interface, run the arp broadcast enable command on the sub-interface to enable ARP broadcast on the VLAN tag termination sub-interface. By default, ARP broadcast is enabled on a VLAN tag termination sub-interface.

    If DHCP relay is enabled in a super-VLAN, DHCP snooping cannot be enabled in this super-VLAN.

Specifying the DHCP Server IP Address

Context

You must specify the IP address of the DHCP server so that the DHCP relay agent can forward DHCP messages between the server and clients. Two methods are available for you to specify the DHCP server IP address: in the interface view and in the DHCP server group view. The former method is recommended if you configure the DHCP relay function on individual interfaces connected to DHCP servers that have different IP addresses. The latter method is recommended if you configure the DHCP relay function on multiple interfaces that connect to one DHCP server.

A maximum of 16 DHCP relay agents are allowed between a DHCP server and a DHCP client. If there are more than 16 DHCP relay agents, DHCP messages are discarded.

Procedure

  • Specify the DHCP server IP address in the interface view.
    1. Enter the system view.

      system-view

    2. (Optional) Configure the DHCP server polling function on the DHCP relay agent.

      ip relay address cycle

      By default, DHCP server polling is disabled on a DHCP relay agent.

    3. (Optional) Set the TTL value for DHCP Discovery messages after they are forwarded by the DHCP relay agent at Layer 3.

      dhcp set ttl { unvaried | ttl-value }

      By default, the TTL value of DHCP Discovery messages decreases by 1 after they are forwarded by the DHCP relay agent at Layer 3.

      If the DHCP relay agent connects to a special client whose TTL value of DHCP Discovery messages is 1, and if there are routing devices between the DHCP relay agent and DHCP server, run the dhcp set ttl ttl-value command to specify a fixed TTL value (16 is recommended) for DHCP Discovery messages after they are forwarded by the DHCP relay agent at Layer 3.

    4. Enter the interface or sub-interface view.

      interface interface-type interface-number [.subinterface-number ]

    5. Specify the IP address of a DHCP server.

      dhcp relay server-ip ip-address

      By default, no DHCP server IP address is specified.

      You can specify up to eight DHCP server IP addresses for each interface.

    6. Enable DHCP relay gateway switching.

      dhcp relay gateway-switch enable

      By default, DHCP relay gateway switching is disabled.

      After primary and secondary IP addresses are configured on an interface, the primary IP address functions as the gateway address in most cases. If clients cannot use the primary IP address to apply for IP addresses, configure DHCP relay gateway switching to allow the clients to use secondary IP addresses to apply for IP addresses. After DHCP relay gateway switching is enabled, configure address pools on the same network segment as the secondary IP addresses on the connected DHCP server.

      • The gateway address switches from the primary IP address to a secondary IP address only when a user fails at least three times to obtain an IP address using the primary IP address and the interval between the last failure and first failure exceeds 24 seconds.
      • If a primary IP address and multiple secondary IP addresses are configured on an interface, the system tries the secondary IP addresses one by one based on the IP address configuration sequence until users successfully obtain IP addresses.

  • Specify the DHCP server IP address in the DHCP server group view.
    1. Enter the system view.

      system-view

    2. (Optional) Configure the DHCP server polling function on the DHCP relay agent.

      ip relay address cycle

      By default, DHCP server polling is disabled on a DHCP relay agent.

    3. (Optional) Set the TTL value for DHCP Discovery messages after they are forwarded by the DHCP relay agent at Layer 3.

      dhcp set ttl { unvaried | ttl-value }

      By default, the TTL value of DHCP Discovery messages decreases by 1 after they are forwarded by the DHCP relay agent at Layer 3.

      If the DHCP relay agent connects to a special client whose TTL value of DHCP Discovery messages is 1, and if there are routing devices between the DHCP relay agent and DHCP server, run the dhcp set ttl ttl-value command to specify a fixed TTL value (16 is recommended) for DHCP Discovery messages after they are forwarded by the DHCP relay agent at Layer 3.

    4. Create a DHCP server group and enter its view.

      dhcp server group group-name

      By default, no DHCP server group is configured.

      A maximum of 64 DHCP server groups can be configured on a device.

    5. Configure the DHCP server members in the DHCP server group.

      dhcp-server ip-address [ ip-address-index ]

      By default, no DHCP server member is configured in a DHCP server group.

      A maximum of 8 DHCP servers can be added to a DHCP server group.

    6. (Optional) Specify the gateway address for clients.

      gateway ip-address

      A gateway address is specified for clients.

      Skip this step if the interface connecting the DHCP relay agent to clients functions as the gateway.

      The gateway address specified in this step must be the same as the egress gateway address of clients specified on the DHCP server. If the device functions as the DHCP server, refer to (Optional) Configuring a Gateway Address for Clients for details about how to specify the egress gateway address for clients.

    7. (Optional) Bind the DHCP server group to a VPN instance.

      vpn-instance vpn-instance-name

      By default, the DHCP server group is not bound to a VPN instance.

      To ensure clients can obtain IP parameters if the DHCP relay agent is deployed on a VPN network, bind the DHCP server group to a VPN instance that is also bound to the address pool of the DHCP server.

    8. Return to the system view.

      quit

    9. Enter the interface or sub-interface view.

      interface interface-type interface-number [.subinterface-number ]

    10. Create a DHCP server group.

      dhcp relay server-select group-name

    11. Enable DHCP relay gateway switching.

      dhcp relay gateway-switch enable

      By default, DHCP relay gateway switching is disabled.

      After primary and secondary IP addresses are configured on an interface, the primary IP address functions as the gateway address in most cases. If clients cannot use the primary IP address to apply for IP addresses, configure DHCP relay gateway switching to allow the clients to use secondary IP addresses to apply for IP addresses. After DHCP relay gateway switching is enabled, configure address pools on the same network segment as the secondary IP addresses on the connected DHCP server.

      • The gateway address switches from the primary IP address to a secondary IP address only when a user fails at least three times to obtain an IP address using the primary IP address and the interval between the last failure and first failure exceeds 24 seconds.
      • If a primary IP address and multiple secondary IP addresses are configured on an interface, the system tries the secondary IP addresses one by one based on the IP address configuration sequence until users successfully obtain IP addresses.

(Optional) Configuring Strategies for Processing Option 82 Information on a DHCP Relay Agent

Context

To enable a DHCP relay agent to accept, process, and forward DHCP messages that carry Option 82 information, you must configure the DHCP relay agent to trust and process this option.

You are advised to perform the configuration on a user-side device. If the DHCP relay agent connects to a DHCP snooping-enabled device, configure the strategies for processing Option 82 information on the DHCP snooping device. When a device functions as the DHCP snooping device, for details on how to perform the configuration, see Inserting the Option 82 Field in a DHCP Message in the Huawei AR Series V300R019 Configuration Guide - Security.

If the device functions as the first-hop DHCP relay agent, it can process Option 82 information. If the device functions as the second-hop or subsequent DHCP relay agent, it cannot process Option 82 information.

Procedure

  1. Enter the system view.

    system-view

  2. Enable the DHCP relay agent to trust Option 82.

    dhcp relay trust option82

    By default, a DHCP relay agent does not trust Option 82.

    When this function is enabled, the DHCP relay agent can receive and forward DHCP messages that carry Option 82. If the DHCP relay agent is disabled from trusting Option 82 using the undo dhcp relay trust option82 command, the device discards the DHCP messages carrying Option 82.

  3. Configure strategies for processing Option 82 information on the DHCP relay agent.

    • Configure the DHCP relay agent to insert the Option 82 field to DHCP messages in a VLAN view. This configuration takes effect on all DHCP messages from this VLAN received on the interfaces of the DHCP relay agent.

      1. Enter the VLAN view.

        vlan vlan-id

      2. Enable the DHCP relay agent to insert the Option 82 field to received DHCP messages.

        dhcp option82 { insert | rebuild } enable

        By default, a DHCP relay agent is disabled from inserting the Option 82 field to received DHCP messages.

      3. Return to the system view.

        quit

    • Configure the DHCP relay agent to insert the Option 82 field to DHCP messages in an interface view. This configuration takes effect on DHCP messages received on the specified interface.

      1. Enter the interface view or sub-interface view.

        interface interface-type interface-number [.subinterface-number ]

      2. Enable the DHCP relay agent to insert the Option 82 field to received DHCP messages.

        dhcp option82 { insert | rebuild } enable

        By default, a DHCP relay agent is disabled from inserting the Option 82 field to received DHCP messages.

        DHCP messages received on the DHCP relay agent may carry the Option 82 field. Select a strategy based on network requirements.

        • When insert is configured: If a DHCP message does not carry the Option 82 field, the DHCP relay agent inserts the Option 82 field. If a DHCP message carries the Option 82 field, the DHCP relay agent checks whether the Option 82 field contains remote-id. If yes, the Option 82 field remains unchanged; if no, the DHCP relay agent inserts remote-id.
        • When rebuild is configured: If a DHCP message does not carry the Option 82 field, the DHCP relay agent inserts the Option 82 field. If a DHCP message carries the Option 82 field, the DHCP relay agent deletes the original Option 82 field and inserts the locally configured Option 82 field.

      3. Return to the system view.

        quit

  4. (Optional) Set the format of the Option 82 field.

    Configure the format of the Option 82 field in the system or interface view. If the configuration is performed in the system view, it takes effect on all interfaces of the device. If the configuration is performed in an interface view, it takes effect only on the specified interface.

    • All Option82 fields configured in the system view or in the same interface view share a length of 1-255 bytes. If their total length exceeds 255 bytes, some Option82 information will be lost.

    • There is no limit on the number of Option 82 fields configured on the device. However, a large number of Option 82 fields will occupy a lot of memory and prolong the device processing time. To ensure device performance, you are advised to configure Option 82 fields based on the service requirements and device memory size.

    • In the system view:

      Configure the format of the Option 82 field.

      dhcp option82 [ vlan vlan-id ] [ ce-vlan ce-vlan-id ] [ circuit-id | remote-id ] format { default | common | extend | user-defined text }

      By default, the Option 82 field is in the default format.

    • In the interface view:

      1. Enter the interface view.

        interface interface-type interface-number

      2. Configure the format of the Option 82 field.

        dhcp option82 [ vlan vlan-id ] [ ce-vlan ce-vlan-id ] [ circuit-id | remote-id ] format { default | common | extend | user-defined text }

        By default, the Option 82 field is in the default format.

      3. Return to the system view.

        quit

(Optional) Configuring Rate Limiting of DHCP Messages

Context

You can configure rate limiting of DHCP messages on the device to prevent DHCP message attacks. After rate limiting is configured, the device is allowed to process only a specified number of DHCP messages within a certain period and discards extra packets.

Rate limiting is configured for the DHCP messages sent by the clients, so you are advised to configure the rate limiting function on the device close to the user side. If the device functions as the DHCP relay and is connected to a DHCP snooping-enabled device, you are advised to configure the rate limiting function on the DHCP snooping-enabled device.

You can configure the rate limiting function in the system view, VLAN view, or interface view. The configuration in the interface view takes precedence over those in the VLAN view and global view; the configuration in the VLAN view takes precedence over that in the system view.

Procedure

  • Configure DHCP rate limiting in the system view.
    1. Enter the system view. 

      system-view

    2. Enable DHCP rate limiting. 

      dhcp check dhcp-rate enable [ vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ]

      By default, DHCP rate limiting is disabled.

    3. Configure the maximum rate of sending DHCP messages to the DHCP stack. 

      dhcp check dhcp-rate rate [ vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ]

      By default, DHCP messages are sent to the DHCP stack at the rate of 100 pps. Excess packets in a specified period of time are discarded.

    4. (Optional) Enable the trap function for rate limiting. 

      dhcp alarm dhcp-rate enable

      The trap function for rate limiting is enabled.

      By default, the trap function for rate limiting is disabled.

      This function allows the system to generate an alarm when the number of discarded DHCP messages reaches the threshold.

    5. (Optional) Specify the alarm threshold for checking DHCP message rates. 

      dhcp alarm dhcp-rate threshold threshold

      By default, the alarm threshold for checking DHCP message rates is 100.

      After the trap function for rate limiting is enabled, the device discards packets whose rate exceeds the rate limit. When the number of discarded packets exceeds the alarm threshold, the system generates an alarm.

  • Configure DHCP rate limiting in the VLAN view.
    1. Enter the system view. 

      system-view

    2. Enter the VLAN view. 

      vlan vlan-id

    3. Enable DHCP rate limiting. 

      dhcp check dhcp-rate enable
      By default, DHCP rate limiting is disabled.

    4. Configure the maximum rate of sending DHCP messages to the DHCP stack. 

      dhcp check dhcp-rate rate

      By default, DHCP messages are sent to the DHCP stack at the rate of 100 pps. Excess packets in a specified period of time are discarded.

  • Configure DHCP rate limiting in the interface view.
    1. Enter the system view. 

      system-view

    2. Enter the interface view or sub-interface view. 

      interface interface-type interface-number [.subinterface-number ]

    3. Enable DHCP rate limiting. 

      dhcp check dhcp-rate enable

      By default, DHCP rate limiting is disabled.

    4. Configure the maximum rate of sending DHCP messages to the DHCP stack. 

      dhcp check dhcp-rate rate

      By default, DHCP messages are sent to the DHCP stack at the rate of 100 pps. Excess packets in a specified period of time are discarded.

    5. (Optional) Enable the trap function for rate limiting. 

      dhcp alarm dhcp-rate enable

      By default, the trap function for rate limiting is disabled.

      This function allows the system to generate an alarm when the number of discarded DHCP messages on the interface reaches the threshold.

    6. (Optional) Specify the alarm threshold for checking DHCP message rates. 

      dhcp alarm dhcp-rate threshold threshold

      By default, the alarm threshold for checking DHCP message rates is 100.

      After the trap function for rate limiting is enabled, the device discards packets whose rate exceeds the rate limit. When the number of discarded packets exceeds the alarm threshold, the system generates an alarm.

(Optional) Configuring the Processing Methods of DHCP ACK and DHCP Request Messages

Context

If multiple DHCP servers are deployed on the network, the design of a server does not comply with standards, and a DHCP client requests for an IP address, the server does not provide an IP address for the DHCP client but still replies with a DHCP ACK message. Alternatively, when the server sends a DHCP Offer message, the DHCP server identifier (Option 54) carried in the message is not that of the server. As a result, the Option 54 is incorrect in the DHCP Request message. The preceding issues affect the methods in which a DHCP relay agent processes DHCP ACK and DHCP Request messages, so that the DHCP client fails to obtain an IP address. You can perform the following steps to change the methods in which a DHCP relay agent processes DHCP ACK and DHCP Request messages to ensure that DHCP clients can obtain IP addresses.

Procedure

  1. Enter the system view.

    system-view

  2. Configure the DHCP relay agent not to check the DHCP server identifier (Option 54) in a DHCP Request message to be forwarded.

    undo dhcp relay request server-match enable

    By default, a DHCP relay agent checks the DHCP server identifier (Option 54) in a DHCP Request message to be forwarded.

  3. Configure the DHCP relay agent to forward all DHCP ACK messages.

    dhcp relay reply forward all enable

    By default, a DHCP relay agent forwards only the first received DHCP ACK message.

(Optional) Configuring the Source IP Address of DHCP Request Messages

Context

By default, a DHCP relay agent encapsulates the IP address of an interface as the source IP address in DHCP request messages. However, when the DHCP relay agent cannot use the IP address of an interface to communicate with the DHCP server, you can specify the source IP address to be encapsulated in DHCP request messages by the DHCP relay agent.

This function is supported in V300R019C13 and later versions.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run dhcp relay source-ip ip-address

    The source IP address to be encapsulated in DHCP messages by the DHCP relay agent is configured.

    By default, no source IP address to be encapsulated in DHCP request messages by the DHCP relay agent is configured.

(Optional) Configuring the Gateway IP address of DHCP Clients

Context

By default, a DHCP relay agent encapsulates the IP address of an interface as the gateway address for DHCP clients in DHCP request messages. However, when the DHCP relay agent cannot use the IP address of an interface to communicate with the gateway for DHCP clients, you can specify the IP address to be encapsulated by the DHCP relay agent as the gateway address.

This function is supported in V300R019C13 and later versions.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run dhcp relay giaddr ip-address

    The IP address to be encapsulated by the DHCP relay agent as the gateway IP address is configured.

    By default, no IP address to be encapsulated by the DHCP relay agent as the gateway IP address is configured.

Verifying the DHCP Relay Agent Configuration

Procedure

  • Run the display dhcp relay { all | interface interface-type interface-number } command to view information about the DHCP server or DHCP server group on the interface functioning as a DHCP relay agent.
  • Run the display dhcp server group [ group-name ] command to view the configuration of the DHCP server group.
Translation
简体中文
Download
Updated: 2023-05-18

Document ID: EDOC1100112351

Views: 519710

Downloads: 755

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :