Configuration of address check by using DHCP relay on S3600

Configuration of address check by using DHCP Relay on S3600

1 Network Requirement

1.1 Enable validation check of user address under VLAN interface, utilize configuration of secure address table, enable legal fix IP address user in VLAN configured DHCP relay to pass address validation check of DHCP security feature by configuring secure address table of DHCP relay.

1.2 SwitchA run as DHCP server, enable DHCP relay feature and address-check feature on SwitchB, MAC address of PC2 is 0015-c50d-20cf, manually configure IP address 192.168.1.3 for PC2

 

2 Network Diagram

 

3 Configuration Procedures

3.1 Enable DHCP function globally

[Switch]dhcp enable

3.2 Specify DHCP Server IP address of DHCP group 1

[Switch]dhcp-server 1 ip 192.168.0.1

3.3 Configure VLAN2 interface address to connect DHCP server

[Switch]vlan 2

[Switch-vlan2]port e1/0/2

[Switch]int vlan 2

[Switch-Vlan-interface2]ip address 192.168.0.2 255.255.255.0

3.4 Configure VLAN3 interface address to connect PCs

[Switch]vlan 3

[Switch-vlan3]port e1/0/3 to e1/0/4

[Switch]int vlan 3

[Switch-Vlan-interface3]ip address 192.168.1.1 255.255.255.0

3.5 Enable DHCP relay function in selected VLAN interface

[Switch-Vlan-interface3] dhcp select relay

3.6 Put VLAN3 interface into DHCP Server group1

[Switch-Vlan-interface3] dhcp-server 1

3.7 Enable address-check feature on switch. PC2 (192.168.1.3) configured manually will not be able to access network.

[Switch-Vlan-interface3]dhcp relay security address-check enable

3.8 Add PC2 into security table

[Switch]dhcp relay security 192.168.1.3 0015-c50d-20cf static

Then PC2 can access network

 

4. Configuration Tips

4.1 During the process of PC obtaining DHCP IP address, switch working as DHCP Relay agent will record MAC address of client, and create a dynamic item of DHCP Relay Security table. therefore, you can prevent client without dynamically allocated IP address from accessing network by utilizing DHCP Relay Security. Of course, you can create static address bundle with IP address and mac-address of client into security table. Like this, this client is also can access this network.

4.2 Ensure the whole network is reachable during configuration.

 

*NOTICE: This case is also applicable to H3C S5600 series switch, Quidway S3500 / S3900 / S5600 / S3526 series switch.