Professional Documents
Culture Documents
01-03 DHCP Configuration PDF
01-03 DHCP Configuration PDF
3 DHCP Configuration
Definition
The Dynamic Host Configuration Protocol (DHCP) automates the assignment of
network parameters to network devices. Even in small networks, DHCP is useful
because it makes it easy to add new devices to the network.
when they are no longer in use. You can also use DHCP to deliver configuration
parameters, such as a configuration file used for startup, to clients.
DHCP is defined in RFC 2131 and enables the automatic configuration of DHCP
clients. It removes the need to configure clients individually and consists of two
components: a protocol for delivering client-specific configuration parameters
from a DHCP server to a client, and a mechanism for allocating network addresses
to clients.
DHCP supports dynamic and static allocation of IP addresses. You can use the
combination of the two mechanisms.
Benefits
DHCP offers the following benefits:
● Reduced client configurations and costs
Because DHCP is easy to configure, it minimizes operational costs associated
with device configurations, eases deployment by non-technical users, and
reduces device configuration and maintenance costs at remote sites.
● Centralized management
Because the DHCP server maintains configurations for several subnets, an
administrator only needs to update a single, central server when configuration
parameters change.
Relevant Information
Video
IP Network
DHCP Client
DHCP Client
The lease period configured for a DHCP server applies to all of the IP addresses
that a DHCP server dynamically assigns to its clients. A different DHCP server may
have a different lease term for its clients. A statically allocated IP address is not
subject to the lease terms.
A DHCP client does not wait for its lease to expire, because it may be assigned a
different IP address. Instead, when a DHCP client reaches the halfway point of its
lease period, it attempts to extend its lease so that it retains the same IP address.
Address Pools
An address pool is a set of all the IP addresses that a DHCP server has reserved for
dynamic client allocation. Along with each IP address, the server stores certain
network parameters, such as a default lease length for the IP address and other
configuration parameters (for example, a subnet mask and the address of the
default gateway) to be sent to the client when it is assigned that IP address.
Address pools are classified into interface address pools and global address pools.
A DHCP server selects address pools according to whether a DHCP relay agent is
deployed. When no relay agent is deployed, the server selects the address pool on
the same network segment as the IP address of the interface receiving DHCP
Request messages. When relay agents are deployed, the server selects the address
pool on the same network segment as the IP address specified in the giaddr field
of received DHCP Request messages.
DHCP Nak A DHCP server sends this message to reject a DHCP Request
message from a DHCP client. For example, a DHCP server will
send this message if it determines that there is no available IP
address after receiving a DHCP Request message.
DHCP A DHCP client sends this message to notify the DHCP server
Decline that the allocated IP address conflicts with another IP address.
The DHCP client then applies to the DHCP server for another IP
address.
Figure 3-2 shows the format of a DHCP message and Table 3-2 describes each of
the fields in the DHCP message. In the figure, the numbers in parentheses indicate
the size of each field in bytes.
sname (64)
file (128)
options
(variable)
htype 1 byte Hardware Type: indicates the type of hardware used for
the local network. The values of this field differ for
different hardware types. The most common value is 1,
which indicates Ethernet (10 Mb).
hops 1 byte Hops: indicates the number of DHCP relay agents through
which a DHCP message passes. This value is set to 0 by a
client and is incremented by 1 each time the message
passes through a DHCP relay agent. A DHCP message
passes through a maximum of 16 DHCP relay agents
when being transmitted between a server and a client.
That is, the number of hops between the server and client
cannot exceed 16. Otherwise, the DHCP message is
discarded.
flags 2 bytes Flags: indicates the Flags field. Only the leftmost bit in
this field is used, and the other bits are set to 0. The
leftmost bit specifies the mode a DHCP server uses to
transmit a DHCP Offer message.
The values are:
● 0: The DHCP server unicasts a DHCP Offer message.
● 1: The DHCP server broadcasts a DHCP Offer message.
file 128 Boot File: indicates the name of the startup configuration
bytes file to be obtained by a client. This field is filled in by a
DHCP server and delivered to the client when a DHCP
address is allocated to the client. The field is optional and
must be a character string that ends with 0.
options Variabl Options: indicates the DHCP Options field. This field is a
e maximum of 312 bytes in length and contains the DHCP
message type and configuration parameters allocated by
a DHCP server to a client. The configuration parameters
include the gateway IP address, DNS server IP address,
and IP address lease.
For details about the Options field, see DHCP Options.
DHCP Options
DHCP Options are tagged data items that provide control information and
parameters to a DHCP client. The options are sent in a variable-length field at the
end of a DHCP message. This field consists of Type, Length, and Value, which are
shown in Figure 3-3 and described in Table 3-3.
0 7 15
Type Length Value
The values of the Options field range from 1 to 255. Some DHCP options are
predefined and others can be user defined. Table 3-4 lists some of the common
predefined DHCP options.
DHCP client is on a different network segment from the DHCP server, a DHCP
relay agent must be deployed to forward DHCP messages between the DHCP
client and server.
Depending on whether a DHCP relay agent is used, the way in which network
parameters are allocated to a new DHCP client differs.
Figure 3-5 Message exchange between a DHCP server and a new DHCP client
when no DHCP relay agent is deployed
DHCP Client DHCP Server
expected lease with the specified lease and allocates an IP address with the
shorter of the two leases to the client.
The DHCP server selects an IP address for a client from the address pool in the
following sequence:
NOTE
1. IP address statically bound to the MAC address of the client on the DHCP
server
2. IP address specified in the Option 50 (requested IP address) in the DHCP
Discover message
3. IP addresses in Expired status in the address pool, that is, the allocated IP
addresses whose lease time expires
4. IP address in idle status that is found when the DHCP server searches IP
addresses in a random order in an address pool (In V200R009C00 and earlier
versions, the DHCP server searches IP addresses in a descending order.)
5. If no available IP address is found, the address pool automatically reclaims
the IP addresses in Expired and Conflict status. If an IP address is available
after the reclaim, the server allocates this IP address. Otherwise, the DHCP
client sends a DHCP Discover message again to request an IP address after
the timeout interval for the client to wait for a response from the server
expires.
You can specify certain IP addresses to exclude on the DHCP server. For example, if
you have statically allocated 192.168.1.100/24 to your DNS server, you can exclude
this IP address from the address pool on network segment 192.168.1.0/24 so that
it is not allocated through DHCP. This helps prevent IP address conflicts.
The IP address allocated during the offer stage may not be the final IP address
used by the client. This is because the IP address may be allocated to another
client if the DHCP server receives no response 16 seconds after the DHCP Offer
message is sent. The IP address for the client can be determined only after the
request and acknowledgment stages.
If multiple DHCP servers reply with a DHCP Offer message to the client, the client
accepts only the first DHCP Offer message it receives. The client then broadcasts a
DHCP Request message carrying the selected DHCP server identifier (Option 54)
and IP address (Option 50, with the IP address specified in the yiaddr field of the
accepted DHCP Offer message).
The DHCP Request message notifies all the DHCP servers of the IP address that
the DHCP client has selected. The unselected IP addresses offered by other DHCP
servers are then free to be allocated to other clients.
Stage 4: The Acknowledgment Stage
After receiving a DHCP Request message, the DHCP server sends to the client a
DHCP Ack message that contains the IP address specified in the Option 50 field of
the DHCP Request message.
To determine whether any other device is using this IP address, the DHCP client
broadcasts gratuitous ARP packets after receiving the DHCP Ack message. The
client can use this IP address if no response is received within the specified time.
However, if the DHCP client receives a response within the specified time, this IP
address is already in use. The client then sends a DHCP Decline message to the
DHCP server and applies for a new IP address. The server lists this IP address as a
conflicting IP address.
Occasionally, the DHCP server may not allocate the IP address specified in the
Option 50 field because, for example, an error occurs during negotiation or it
does not receive the DHCP Request message quickly enough. In this case, the
server replies with a DHCP Nak message to notify the client that the requested IP
address cannot be allocated. The client then sends a DHCP Discover message to
apply for a new IP address.
Figure 3-6 Message exchange between a DHCP server and a new DHCP client
when a DHCP relay agent is deployed
DHCP Client DHCP Relay Agent DHCP Server
1 Discovery stage: The DHCP client The DHCP relay agent unicasts
broadcasts a DHCP Discover message. a DHCP Discover message.
2 Offer stage: The DHCP relay agent The DHCP server unicasts a
replies with a DHCP Offer message. DHCP Offer message.
3 Request stage: The DHCP client The DHCP relay agent unicasts
broadcasts a DHCP Request message. a DHCP Request message.
NOTE
Not all clients can reuse IP addresses that have been allocated to them. The following uses a PC
as the DHCP client to describe how the DHCP client reuses an IP address.
Figure 3-7 Message exchange for IP address reuse between a DHCP client and a
server
DHCP Client DHCP Server
1. When the lease reaches 50% (T1) of its validity period, the DHCP client
unicasts a DHCP Request message to the DHCP server to request lease
renewal. If the server renews the lease (counted from 0), it sends a DHCP Ack
message to the client. If the server rejects the renewal request, it sends a
DHCP Nak message to the client, which must then send a DHCP Discover
message to apply for a new IP address.
2. If no response is received from the DHCP server when the lease reaches
87.5% (T2) of its validity period, the DHCP client broadcasts a DHCP Request
message to request lease renewal. Similar to T1, if the client receives a DHCP
Ack message, the server has renewed the lease; if the client receives a DHCP
Nak message, the client must send a DHCP Discover message to apply for a
new IP address.
3. If no response is received when the lease expires, the client stops using the IP
address and sends a DHCP Discover message to apply for a new IP address.
When a DHCP client no longer needs to use its allocated IP address and the lease
has not expired, the client sends a DHCP Release message to the DHCP server to
request IP address release. The server saves the configuration of this client and
records the IP address in the allocated IP address list. The IP address can then be
allocated to this client or other clients. To request a configuration update, a client
can send a DHCP Inform message to the server.
The renewal process is similar when a DHCP relay agent is used. Figure 3-9 shows
how a DHCP client renews its IP address lease when a DHCP relay agent is
deployed.
Figure 3-9 Renewing the IP address lease when a DHCP relay agent is deployed
● Plan VLANs to ensure that only one DHCP server (or a DHCP relay agent) can
receive DHCP Discovery messages in a VLAN.
● Configure DHCP snooping on client access devices to ensure that the clients
apply to the correct DHCP servers for network parameters. For details about
configuring DHCP snooping, see DHCP Snooping Configuration in the S12700
V200R011C10 Configuration Guide - Security.
Planning IP Addresses
Plan the range of IP addresses that can be allocated and the mechanisms (such as
dynamic or static) used to allocate the IP addresses.
Plan the IP addresses that cannot be allocated from an address pool. For example,
in an enterprise, a DHCP server allocates IP addresses on the network segment
192.168.1.0/24 to employee PCs. On this network segment, 192.168.1.10 has been
used by a DNS server and must be excluded from the address pool to prevent IP
address conflicts.
Planning Leases
Plan an IP address lease for a DHCP client based on the expected time that the
client will be online. By default, the IP address lease is 1 day.
● In scenarios where clients often move and stay online for a short period of
time, for example, in cafes, airports, and hotels, plan a short-term lease to
ensure that IP addresses are released quickly after the clients go offline.
● In scenarios where clients seldom move and stay online for a long period of
time, for example, in office areas of an enterprise, plan a long-term lease to
prevent services from being affected by frequent lease or address renewals.
Context
Before enabling the DHCP server function, enable DHCP in the system view.
NOTE
● The dhcp enable command is the prerequisite for configuring DHCP-related functions,
including DHCP relay, DHCP snooping, and DHCP server. These functions take effect only
after the dhcp enable command is run. After the undo dhcp enable command is run, all
DHCP-related configurations of the device are deleted. After DHCP is enabled again using
the dhcp enable command, all DHCP-related configurations of the device are restored to the
default configurations.
● After DHCP is enabled, if STP is also enabled, address allocation may slow down. By default,
STP is enabled. To disable STP, run the undo stp enable command.
Procedure
Step 1 Enter the system view.
system-view
----End
Context
Before a device can function as a DHCP server, you must enable DHCP. You can
then enable the DHCP server function to operate based on an interface address
pool or based on a global address pool.
Procedure
● Enable the DHCP server function based on an interface address pool.
a. Enter the system view.
system-view
e. Enable the interface to use the interface address pool for providing the
DHCP server function.
dhcp select interface
By default, the DHCP server function using the interface address pool is
disabled on an interface
If the device functioning as the DHCP server provides the DHCP service
for clients connected to multiple interfaces, repeat this step to enable the
DHCP server function on all the interfaces.
● Enable the DHCP server function based on a global address pool.
a. Enter the system view.
system-view
NOTE
The device can select a global address pool based on the primary and secondary
IP addresses of an interface only in scenarios where the DHCP server and DHCP
clients are on the same network segment.
▪ If the DHCP client and server are located in the same network
segment, the DHCP server selects the address pool based on the
primary and secondary interface IP addresses. It preferentially
allocates IP addresses from the address pool for the primary IP
address. If IP addresses in this address pool are used up or this
address pool is not configured, the DHCP server allocates IP
addresses from the address pool for the secondary IP address.
By default, an interface does not use the global address pool to provide
the DHCP server function.
----End
Context
Automatically saving IP address allocation information allows the DHCP server to
re-allocate the same configurations (such as IP address and lease time) to clients
in the event that the server unexpectedly restarts.
NOTE
● After this function is enabled, the DHCP server stores lease information in lease.txt and
conflicting IP addresses in conflict.txt (both data files are saved to the DHCP folder). New
data files overwrite earlier data files.
The time displayed in the lease.txt and conflict.txt files is the UTC time rather than the
system time, and you do not need to pay attention to time zone information.
● To view information about the DHCP database, run the display dhcp server database
command.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the DHCP server to automatically save IP address allocation information.
dhcp server database enable
By default, the DHCP server does not automatically save IP address allocation
information.
Step 3 Specify the interval at which the DHCP server saves IP address allocation
information.
dhcp server database write-delay interval
----End
Context
IP address conflict detection uses ICMP to determine whether an IP address to be
allocated conflicts with other IP addresses that are already allocated to clients.
After this function is configured, a DHCP server sends an ICMP Echo Request
message in which the source address is the IP address of the DHCP server and the
destination address is the pre-allocated IP address for IP address conflict detection,
before sending a DHCP Offer message to a client.
● If the DHCP server does not receive any ICMP Echo Reply message within the
detection period (Number of detections x Maximum wait time for each
conflict detection), this IP address is not used by any client. The DHCP server
allocates the IP address to the client by sending a DHCP Offer message.
● If the DHCP server receives an ICMP Echo Reply message within the detection
period (Number of detections x Maximum wait time for each conflict
detection), this IP address is being used by a client. The DHCP server lists this
IP address as a conflicting IP address and waits for the next DHCP Discover
message to select another available IP address.
NOTE
If the detection time is too long, clients may fail to obtain IP addresses. You are advised to set
the detection time to less than 8 seconds.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Specify the number of IP address conflict detections before IP address allocation.
dhcp server ping packet number
Step 3 Specify the maximum wait time for each conflict detection.
dhcp server ping timeout milliseconds
By default, the maximum wait time for each conflict detection is 500 milliseconds.
----End
Context
If you have BOOTP clients on your network and you want them to dynamically
obtain IP addresses through DHCP, configure the DHCP server to service these
clients.
Procedure
Step 1 Enter the system view.
system-view
----End
Context
Devices from different vendors may use different DHCP implementation
mechanisms. After checking the UDP header checksum or magic-cookie field in a
received DHCP message, a device may not allow the DHCP message to pass
through and discards the message. As a result, DHCP becomes unavailable. To
solve this problem, you can disable the function of checking abnormal messages
to allow the device to properly forward a DHCP message with an incorrect UDP
header checksum or an incorrect value in the magic-cookie field.
NOTE
● This function applies to DHCP servers, DHCP relay agents, DHCP clients, and DHCP
snooping-enabled devices.
● After DHCP is enabled, the device checks the IP header checksum and UDP header checksum
of DHCP messages by default, and the function of checking the IP header checksum cannot
be disabled.
Procedure
● Disable the function of checking abnormal messages in the system view.
a. Enter the system view.
system-view
Context
Create an interface address pool for IP address allocation to clients on the same
network segment as the DHCP server's interface, or create a global address pool
for IP address allocation to all clients connected to the DHCP server.
Procedure
● Create an interface address pool.
a. Enter the system view.
system-view
NOTE
The IP address segment of the interface is the interface address pool. The interface
address mask cannot be set to 31; otherwise, the interface address pool may fail to be
configured.
● Create a global address pool.
a. Enter the system view.
system-view
b. Create a global address pool and enter the global address pool view.
ip pool ip-pool-name
An address pool can be configured with only one IP address segment. The
IP address range is determined by the mask length.
NOTE
When specifying the IP address range, ensure that IP addresses within the range are
on the same network segment as the interface IP address of the DHCP server or
DHCP relay agent to avoid incorrect IP address allocation.
When configuring an address pool, ensure that IP addresses on the network address
segment must be class A, B, or C IP addresses, and the mask cannot be set to 0, 1, 31,
or 32.
d. (Optional) Configure a VPN instance for the address pool.
vpn-instance vpn-instance-name
Context
This configuration allows you to determine the scope of IP addresses that a DHCP
server can allocate.
Procedure
● Configure a range in an interface address pool:
a. Enter the system view.
system-view
NOTE
Note the following points when specifying IP address segment of the global
address pool:
● If you run the network (IP address pool view) first, ensure that the address
segment specified in the section (IP address pool view) command is
included in the address range specified in the network (IP address pool
view) command.
● If you run the section (IP address pool view) first, ensure that the address
segment specified in the network (IP address pool view) command includes
the address range specified in the section (IP address pool view) command.
----End
Context
To prevent a DHCP server from allocating specific IP addresses, exclude these IP
addresses from the address pool.
NOTE
You do not need to exclude the gateway address configured using the gateway-list or dhcp
server gateway-list command from being automatically allocated. The device automatically
adds the gateway address into the list of IP addresses that cannot be automatically allocated.
You do not need to exclude the IP address of a server's interface connecting to a client from
being automatically allocated. The device automatically sets the interface IP address to the
Conflict status during address allocation.
Procedure
● Exclude IP addresses from an interface address pool.
a. Enter the system view.
system-view
Follow-up Procedure
If you want to add more ranges of IP addresses that cannot be automatically
allocated from the address pool, run the dhcp server excluded-ip-address or
excluded-ip-address command for multiple times. If you want to delete some
configured ranges of IP addresses that cannot be automatically allocated from the
address pool, run the undo dhcp server excluded-ip-address or undo excluded-
ip-address command.
The following uses the global address pool global1 as an example. You can run
the following commands to exclude IP addresses in the range from 10.10.10.10 to
10.10.10.30 from the global address pool.
<HUAWEI> system-view
[HUAWEI] ip pool global1
[HUAWEI-ip-pool-global1] network 10.10.10.0 mask 24
[HUAWEI-ip-pool-global1] excluded-ip-address 10.10.10.10 10.10.10.30
[HUAWEI-ip-pool-global1] quit
● If you want to exclude IP addresses in the range from 10.10.10.10 to
10.10.10.40 from the global address pool, run the following commands:
[HUAWEI] ip pool global1
[HUAWEI-ip-pool-global1] excluded-ip-address 10.10.10.10 10.10.10.40
[HUAWEI-ip-pool-global1] quit
● If you want to exclude IP addresses only in the range from 10.10.10.15 to
10.10.10.20 from the global address pool, run the following commands:
[HUAWEI] ip pool global1
[HUAWEI-ip-pool-global1] undo excluded-ip-address 10.10.10.10 10.10.10.14
[HUAWEI-ip-pool-global1] undo excluded-ip-address 10.10.10.21 10.10.10.30
[HUAWEI-ip-pool-global1] quit
Context
A DHCP server leases IP addresses to clients. When the lease expires, the clients
must apply for new IP addresses. To ensure stability, certain clients require fixed IP
addresses. In this case, configure the DHCP server to allocate fixed IP addresses to
these clients. The MAC addresses of these clients are then bound to fixed IP
addresses. When such a client applies to the DHCP server for an IP address, the
DHCP server searches the binding entries for the MAC address of the client and
allocates the matched IP address to the client. DHCP static allocation prevents
manual configuration errors and facilitates unified management.
NOTE
● Ensure that the bound IP address is not configured as the IP address that cannot be
allocated and is not allocated by the DHCP server.
● You can run the display ip pool command to view the used IP addresses in the current
address pool and select an available IP address to be bound to the MAC address. To bind
used IP addresses to MAC addresses, run the reset ip pool command to reclaim used IP
addresses first.
● After an IP address is bound to a MAC address, the IP address does not expire; the binding
between the IP and MAC addresses cannot be deleted when the IP address is in use.
The binding of IP addresses and MAC addresses is used in DHCP static allocation,
IPSG (for details on how to configure IPSG, see IP source guard in the S12700
V200R011C10 Configuration Guide - Security), and static ARP. Table 3-6 lists
different usage scenarios and implementations of these functions.
Table 3-6 Differences between DHCP static allocation, IPSG, and static ARP
Function Scenario Implementation
Procedure
● Configure a fixed IP address in an interface address pool.
a. Enter the system view.
system-view
Context
The default lease time in an address pool is 1 day. An administrator can change an
address lease time based on network requirements. IP addresses in the same
address pool use the same lease time, and different address pools can have
different address leases specified. After the lease of an address pool is changed,
newly allocated IP addresses use the new lease. The IP addresses that have been
allocated before the lease is changed still use the old lease before the old lease is
updated and use the new lease after the old lease is updated.
NOTE
The BOOTP client does not support the configuration of an address lease time.
The IP addresses statically allocated to clients are always valid, without being limited by
address lease time.
Procedure
● Configure a lease time based on an interface address pool.
a. Enter the system view.
system-view
Context
When a DHCP server allocates IP addresses to clients, IP address conflict may
occur because IP addresses of some hosts have been manually configured. In this
case, the DHCP server considers these IP addresses as conflicting IP addresses, and
allocates available IP addresses from the conflicting IP addresses to clients only
after available IP addresses in the address pool are used up. To reclaim conflicting
IP addresses promptly, the administrator can enable automatic reclaim and specify
the reclaim interval.
Procedure
● Interface address pool:
a. Run system-view
The system view is displayed.
b. Enter the interface or sub-interface view.
interface interface-type interface-number[.subinterface-number ]
Context
To receive notifications about IP address exhaustion, configure the DHCP to
generate alarms for IP address exhaustion.
Procedure
● Configure the alarm function in an interface address pool.
a. Enter the system view.
system-view
Context
Configuring the DHCP server to log IP address allocation provides you with records
that may facilitate maintenance and diagnostics.
NOTE
● With this logging function enabled, if a large number of DHCP clients request IP
addresses from the DHCP server, the server frequently records logs. The server
performance may therefore be affected.
● IP address allocation logs are recorded in the AM module. To view log information, the
information center must be enabled. In addition, default settings for log output vary
depending on various factors including the log level and output direction. For details,
see Information Center Configuration.
For example, the level of logs indicating that an IP address is successfully allocated, an
IP address is successfully renewed, and an IP address is successfully released is
informational, and these logs are not recorded in the log buffer by default. You can run
the info-center source AM channel 4 log level informational command to change the
level of the logs to be recorded in the log buffer. You can then run the display
logbuffer command to check the preceding logs.
Procedure
● Configure the logging function in an interface address pool.
a. Enter the system view.
system-view
Context
If a gateway address for clients is configured on the DHCP server, clients obtain
the gateway address from the DHCP server and automatically generate a default
route to the gateway address. Then the clients can access the hosts on other
network segments. If the DHCP server is configured with Option 121 to allocate
classless static routes to clients, the clients generate routes based on only the
static routes and does not generate a default route to the gateway address. To
load balance traffic and improve network reliability, configure multiple gateway
addresses. A maximum of eight gateway addresses can be configured for each
address pool.
In the scenario where both VRRP and DHCP are configured, if a VRRP group
functions as the DHCP server, configure the gateway address of clients as the
virtual IP address of the VRRP group.
If the DHCP server and clients are on the same network segment and the DHCP
server functions as the gateway of clients, you do not need to configure a gateway
address for clients.
Procedure
● Configure a gateway address in the interface address pool view.
a. Enter the system view.
system-view
b. Create a DHCP Option template and enter the DHCP Option template
view.
dhcp option template template-name
----End
Context
DHCP can be used to deliver configuration files to clients that require them for
startup. You can save the configuration files on the DHCP server or specify the IP
address of a dedicated file server. When a configuration file exists on a dedicated
file server, the DHCP server needs to specify the IP address of the file server for
clients. You can also specify an IP address for the file server by configuring user-
defined options for clients.
NOTE
If the startup configuration file is saved on a file server, the route between the DHCP client and
file server must be reachable.
Procedure
● Configure a configuration file based on an interface address pool.
By default, the name of the startup configuration file for DHCP clients is
not configured.
d. Specify the name of the server that hosts the configuration file.
sname sname
By default, the name of the server from which a DHCP client obtains the
startup configuration file is not configured.
e. (Optional) Specify the name of the server that hosts the configuration
file.
next-server ip-address
By default, the server IP address is not configured for the client after the
client automatically obtains the IP address.
If you need to configure other items in the DHCP Option template view,
complete them first before performing the following steps.
f. (Optional) Return to the system view.
quit
----End
Context
A DHCP server can allocate user-defined options to clients using the following
methods:
● Based on the options in DHCP Discovery messages
Configure the options using the dhcp server option (based on an interface
address pool) or option (based on a global address pool) command. The
DHCP server provides options only if clients request them.
● By forcibly appending the Options field
Configure the options using the dhcp server force insert option (based on an
interface address pool) or force insert option (based on a global address
pool) command. The DHCP server inserts the Options field in a DHCP Reply
message, regardless of whether clients request the options.
Procedure
● Configure user-defined options for clients based on an interface address pool.
a. Enter the system view.
system-view
By default, a device does not check and discard DHCP messages with
duplicate options.
d. Enter the interface or sub-interface view.
interface interface-type interface-number[.subinterface-number ]
By default, the DHCP server does not forcibly insert an Option field to
DHCP Reply messages.
NOTE
Not all options can be configured using the preceding command. The
following table lists the options and their commands.
iv. (Optional) Force the DHCP server to insert an Option field into DHCP
Reply messages.
force insert option code &<1-254>
By default, the DHCP server does not forcibly insert an Option field
to DHCP Reply messages.
v. Configure DHCP options.
option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | cipher cipher-
string | ip-address ip-address &<1-8> }
By default, no option is configured.
NOTE
ii. Create a DHCP Option template and enter the DHCP Option
template view.
dhcp option template template-name
By default, the DHCP server does not forcibly insert an Option field
to DHCP Reply messages.
iv. Configure DHCP options.
option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | cipher cipher-
string | ip-address ip-address &<1-8> }
----End
Context
If DHCP clients on your network use DNS and you want them to receive DNS
configurations through DHCP, configure the DHCP server to provide DNS
configurations.
Procedure
● Based on an interface address pool
a. Enter the system view.
system-view
domain-name domain-name
----End
Context
If DHCP clients on your network use NetBIOS and you want them to receive
NetBIOS configurations through DHCP, configure the DHCP server to provide
NetBIOS configurations.
Procedure
● Based on an interface address pool
a. Enter the system view.
system-view
b. Create a DHCP Option template and enter the DHCP Option template
view.
dhcp option template template-name
----End
Context
When you configure a SIP server IP address in an address pool, the DHCP server
specifies the SIP server IP address when allocating IP addresses to DHCP clients.
Procedure
● Configure a SIP server address in an interface address pool.
a. Enter the system view.
system-view
b. Create a DHCP Option template and enter the DHCP Option template
view.
dhcp option template template-name
Option template view and global address pool view, only the
configuration in the DHCP Option template view takes effect.
To allocate only IP addresses to static clients (for details, see 3.4.3.7.4
(Optional) Configuring Fixed IP Addresses in an Address Pool), you do
not need to configure a DHCP Option template.
c. Configure the SIP server IP address to be allocated to DHCP clients.
sip-server { ip-address ip-address &<1-2> | list domain-name &<1-2> }
----End
Procedure
● Check IP address allocation information in address pools using the following
commands:
– Interface address pool:
display ip pool [ interface interface-pool-name [ start-ip-address [ end-
ip-address ] | all | conflict | expired | used ] ]
– Global address pool:
display ip pool [ name ip-pool-name [ start-ip-address [ end-ip-
address ] | all | conflict | expired | used [ user-type { dhcp | pppoe | l2tp
| ipsec | ssl-vpn | ppp } ] ] ]
● Run the display dhcp server database command to view the path for storing
the DHCP database.
● Run the display dhcp option template [ name template-name ] command
to view the configuration of a DHCP Option template.
----End
NOTE
● The dhcp enable command is the prerequisite for configuring DHCP-related functions,
including DHCP relay, DHCP snooping, and DHCP server. These functions take effect only
after the dhcp enable command is run. After the undo dhcp enable command is run, all
DHCP-related configurations of the device are deleted. After DHCP is enabled again using
the dhcp enable command, all DHCP-related configurations of the device are restored to the
default configurations.
● After DHCP is enabled, if STP is also enabled, address allocation may slow down. By default,
STP is enabled. To disable STP, run the undo stp enable command.
Procedure
Step 1 Enter the system view.
system-view
----End
Context
Enable the DHCP relay function on an interface so that the interface functions as
a DHCP relay agent.
Procedure
Step 1 Enter the system view.
system-view
Step 4 Configure an IP address for the interface or configure the interface to borrow an
IP address from another interface.
ip address ip-address { mask | mask-length } or ip address unnumbered interface interface-type interface-
number
NOTE
● The DHCP relay function is configured on the user-side gateway interface typically. The
IP address of the gateway interface must be on the same network segment as the
address pool configured on the DHCP server; otherwise, DHCP clients cannot obtain IP
addresses.
● You can configure an interface to borrow an IP address from another interface in the
scenario where clients and the DHCP relay agent are on different network segments, for
example, CPEs function as DHCP clients and need to obtain public IP addresses, but no
public IP address is configured on the DHCP relay agent to save IP address resources. To
configure an interface to borrow an IP address from another interface, you must enable
DHCP snooping on the interface or VLAN connecting to users. After DHCP snooping is
enabled, the DHCP relay agent adds user network routes (UNRs) to clients when adding
DHCP snooping binding entries and deletes UNRs to clients when deleting DHCP
snooping binding entries. The number of clients cannot exceed the maximum number of
DHCP snooping binding entries that can be learned. You can run the dhcp snooping
max-user-number command to configure the maximum number of DHCP snooping
binding entries that can be learned.
NOTE
When enabling the DHCP relay function on a sub-interface, run the arp broadcast enable
command on the sub-interface to enable ARP broadcast. By default, ARP broadcast is not
enabled on a VLAN tag termination sub-interface.
----End
NOTE
A maximum of 16 DHCP relay agents are allowed between a DHCP server and a DHCP client. If
there are more than 16 DHCP relay agents, DHCP messages are discarded.
Procedure
● Specify the DHCP server IP address in the interface view.
a. Enter the system view.
system-view
b. (Optional) Configure the DHCP server polling function on the DHCP relay
agent.
NOTE
If the DHCP relay agent connects to a special client whose TTL value of DHCP
Discovery messages is 1, and if there are routing devices between the DHCP relay
agent and DHCP server, run the dhcp set ttl ttl-value command to specify a fixed
TTL value (16 is recommended) for DHCP Discovery messages after they are
forwarded by the DHCP relay agent at Layer 3.
d. Enter the interface or sub-interface view.
interface interface-type interface-number[.subinterface-number ]
e. (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
f. Specify the IP address of a DHCP server.
dhcp relay server-ip ip-address
b. (Optional) Configure the DHCP server polling function on the DHCP relay
agent.
ip relay address cycle
NOTE
If the DHCP relay agent connects to a special client whose TTL value of DHCP
Discovery messages is 1, and if there are routing devices between the DHCP relay
agent and DHCP server, run the dhcp set ttl ttl-value command to specify a fixed
TTL value (16 is recommended) for DHCP Discovery messages after they are
forwarded by the DHCP relay agent at Layer 3.
d. Create a DHCP server group and enter its view.
dhcp server group group-name
----End
Context
To enable a DHCP relay agent to accept, process, and forward DHCP messages
that carry Option 82 information, you must configure the DHCP relay agent to
trust and process this option.
You are advised to perform the configuration on a user-side device. If the DHCP
relay agent connects to a DHCP snooping-enabled device, configure the strategies
for processing Option 82 information on the DHCP snooping device. When a
device functions as the DHCP snooping device, for details on how to perform the
configuration, see Inserting the Option 82 Field in a DHCP Message in "DHCP
Snooping Configuration" in the S12700 V200R011C10 Configuration Guide -
Security.
NOTE
If the device functions as the first-hop DHCP relay agent, it can process Option 82 information.
If the device functions as the second-hop or subsequent DHCP relay agent, it cannot process
Option 82 information.
Procedure
Step 1 Enter the system view.
system-view
– Method 2:
i. Enter the interface view or sub-interface view.
interface interface-type interface-number [.subinterface-number ]
Configure the format of the Option 82 field in the system or interface view. If the
configuration is performed in the system view, it takes effect on all interfaces of
the device. If the configuration is performed in an interface view, it takes effect
only on the specified interface.
If the strategy for processing Option 82 information is drop or keep on the DHCP
relay agent, skip this step.
NOTICE
● All Option82 fields configured in the system view or in the same interface view
share a length of 1-255 bytes. If their total length exceeds 255 bytes, some
Option82 information will be lost.
● There is no limit on the number of Option 82 fields configured on the device.
However, a large number of Option 82 fields will occupy a lot of memory and
prolong the device processing time. To ensure device performance, you are
advised to configure Option 82 fields based on the service requirements and
device memory size.
----End
Procedure
● Run the display dhcp relay { all | interface interface-type interface-number }
command to view information about the DHCP server or DHCP server group
on the interface functioning as a DHCP relay agent.
● Run the display dhcp server group [ group-name ] command to view the
configuration of the DHCP server group.
----End
Procedure
Step 1 Enter the system view.
system-view
----End
Context
Configuring attributes allows you to specify certain parameters for the DHCP
client. You can configure the Option 60 field in either the system view or the
interface view. The configuration in the interface view has a higher priority and
overrides the configuration in the system view.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure the DHCP client to send DHCP Discover messages that carry the Option
60 field.
dhcp client class-id class-id
----End
Procedure
Step 1 Enter the system view.
system-view
NOTE
This command takes effect only if an IP address is already assigned.
----End
Context
To enable a DHCP client to detect the status of the gateway, enable the gateway
detection function. A DHCP client enabled with the gateway detection function
sends an ARP Request packet to detect the gateway status after obtaining an IP
address. If the DHCP client receives no ARP Reply packet within the detection
period, it considers the gateway address incorrect or the gateway device faulty,
and then re-applies for an IP address.
Procedure
Step 1 Enter the system view.
system-view
----End
address in the static route is automatically updated when the gateway address
changes, lowering maintenance costs.
A DHCP server can allocate routing entries to DHCP clients. On a device
functioning as the DHCP client, you can set the priorities of routing entries
allocated by the DHCP server so that the DHCP client can dynamically update its
routing table.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure the DHCP client to obtain routing entries through DHCP.
ip route ip-address { mask | mask-length } interface-type interface-number dhcp [ preference-value ]
By default, a DHCP client does not obtain routing entries through DHCP.
Step 3 Enter the interface view or sub-interface view.
interface interface-type interface-number [.subinterface-number ]
The default priority of routing entries allocated by the DHCP server to DHCP
clients is 60.
----End
Procedure
Step 1 Enter the system view.
system-view
By default, the device does not configure the option to be excluded from the
DHCP client request list.
----End
Context
Before a device can function as a BOOTP client, you must enable the BOOTP client
function.
After an interface is enabled with the BOOTP client function, the interface can
obtain network parameters including the IP address from the DHCP server. If the
allocated IP address and IP addresses of other interfaces are on the same network
segment, the interface does not use the allocated IP address and does not re-
apply for an IP address. To allow the interface to re-apply for an IP address, run
the shutdown and then the undo shutdown commands on the interface.
Alternatively, run the undo ip address bootp-alloc and then the ip address
bootp-alloc commands on the interface.
Procedure
Step 1 Enter the system view.
system-view
----End
Procedure
Step 1 Enter the system view.
system-view
----End
Context
To enable a BOOTP client to detect the status of the gateway, enable the gateway
detection function. A BOOTP client enabled with the gateway detection function
sends an ARP Request packet to detect the gateway status after obtaining an IP
address. If the BOOTP client receives no ARP Reply packet within the detection
period, it considers the gateway address incorrect or the gateway device faulty,
and then re-applies for an IP address.
Procedure
Step 1 Enter the system view.
system-view
----End
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure the BOOTP client to obtain routing entries through DHCP.
ip route ip-address { mask | mask-length } interface-type interface-number dhcp [ preference-value ]
By default, a BOOTP client does not obtain routing entries through DHCP.
Step 3 Enter the interface view or sub-interface view.
interface interface-type interface-number [.subinterface-number ]
Step 5 Set the priority of routing entries allocated by the DHCP server to BOOTP clients.
dhcp client default-route preference preference-value
The default priority of routing entries allocated by the DHCP server to BOOTP
clients is 60.
----End
Procedure
● On an interface enabled with the DHCP client function, run the display this
command to view the configuration of the DHCP client.
● Run the display dhcp client command to view the status of the DHCP client.
----End
Context
Statistics about received and sent DHCP messages provide useful information for
fault locating during routine maintenance.
Procedure
● Run the display dhcp server statistics command to check statistics about
DHCP messages sent and received on a DHCP server.
● Run the display dhcp relay statistics command to check statistics about
DHCP messages sent and received on a DHCP relay agent.
● Run the display dhcp client statistics [ interface interface-type interface-
number ] command to check statistics about DHCP messages sent and
received on a DHCP client.
● Run the display dhcp statistics command to view statistics about DHCP
messages sent and received on a device.
----End
Context
Before collecting statistics about DHCP messages during routine maintenance,
clear the existing statistics.
NOTICE
DHCP statistics cannot be restored after they are cleared. Exercise caution when
performing this operation.
Procedure
● Run the reset dhcp server statistics command to clear statistics about DHCP
messages sent and received on a DHCP server.
● Run the reset dhcp relay statistics command to clear statistics about DHCP
messages sent and received on a DHCP relay agent.
● Run the reset dhcp client statistics [ interface interface-type interface-
number ] command to clear statistics about DHCP messages sent and
received on a DHCP client.
● Run the reset dhcp statistics command to clear statistics about DHCP
messages sent and received on a device.
----End
Procedure
● Run the following commands to reset address pools on the device.
– Interface address pool:
reset ip pool interface interface-name { start-ip-address [ end-ip-
address ] | all | conflict | expired | used }
– Global address pool:
reset ip pool name ip-pool-name { start-ip-address [ end-ip-address ] |
all | conflict | expired | used }
● Configure a DHCP relay agent to request a DHCP server to release IP
addresses of clients.
After a DHCP relay agent is configured to request the DHCP server to release
IP addresses of clients, it sends DHCP Release messages to the specified DHCP
server. After receiving the message, the DHCP server restores specified IP
addresses to the idle status. Released IP addresses can then be allocated to
other clients. Run the following commands to configure the DHCP relay agent
to request the DHCP server to release IP addresses of clients:
a. Enter the system view.
system-view
----End
Context
When a DHCP server is migrated, address pools on the DHCP server need to be
transferred to a DHCP server on the live network. To prevent impacting clients
that have obtained IP address from the to-be-migrated DHCP server, lock the
address pools on the DHCP server. After the migration, new users apply for IP
addresses from the new address pool.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the ip pool ip-pool-name command to enter the global address pool view.
----End
IP Network
GE1/0/1 GE1/0/2
VLANIF10 VLANIF11
10.1.1.1/24 10.1.2.1/24
Switch
DHCP Server
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the switch as a DHCP server to dynamically allocate IP addresses on
the two network segments and the DNS server IP address to enterprise
terminals.
2. Allocate IP addresses on 10.1.1.0/24 to fixed terminals and set the lease time
of these IP addresses to 30 days.
3. Statically allocate the fixed IP address 10.1.1.100/24 to DHCP Client_1.
4. Allocate IP addresses on 10.1.2.0/24 to terminals used by staff on business
trips and set the lease time of these IP addresses to two days.
Procedure
Step 1 Enable DHCP.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] dhcp enable
Step 5 Enable the device to save DHCP data to the storage device. If a fault occurs on the
device, you can run the dhcp server database recover command after the system
restarts to restore DHCP data from files on the storage device.
[Switch] dhcp server database enable
Gateway-0 : 10.1.1.1
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
Conflicted address recycle interval: -
Address Statistic: Total :253 Used :100
Idle :153 Expired :0
Conflict :0 Disabled :0
-------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------
10.1.1.1 10.1.1.254 253 100 153(0) 0 0
-------------------------------------------------------------------------------
[Switch] display ip pool interface vlanif11
Pool-name : Vlanif11
Pool-No :1
Lease : 2 Days 0 Hours 0 Minutes
Domain-name : huawei.com
DNS-server0 : 10.1.3.1
NBNS-server0 :-
Netbios-type :-
Position : Interface
Status : Unlocked
Gateway-0 : 10.1.2.1
Network : 10.1.2.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
Conflicted address recycle interval: -
Address Statistic: Total :253 Used :3
Idle :250 Expired :0
Conflict :0 Disabled :0
-------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------
10.1.1.1 10.1.1.254 253 3 250(0) 0 0
-------------------------------------------------------------------------------
Windows IP Configuration
Windows IP Configuration
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 to 11
#
dhcp enable
#
dhcp server database enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server gateway-list 10.1.1.1
dhcp server static-bind ip-address 10.1.1.100 mac-address 286e-d488-b684
dhcp server lease day 30 hour 0 minute 0
dhcp server dns-list 10.1.3.1
dhcp server domain-name huawei.com
#
interface Vlanif11
ip address 10.1.2.1 255.255.255.0
dhcp select interface
dhcp server gateway-list 10.1.2.1
dhcp server lease day 2 hour 0 minute 0
dhcp server dns-list 10.1.3.1
dhcp server domain-name huawei.com
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet1/0/2
port link-type hybrid
port hybrid pvid vlan 11
port hybrid untagged vlan 11
#
return
Networking Requirements
In Figure 3-11, the IP phone and PCs described represent typical in an office. To
uniformly manage these devices and reduce manual configuration costs, the
administrator needs to configure hosts to dynamically obtain IP addresses using
DHCP.
PCs are fixed terminals in the duty room and need to be always online and use
domain names to access network devices. PCs also require the unlimited IP
address lease time and need to obtain information about the DNS server.
The IP phone (MAC address dcd2-fc96-e4c0) needs a fixed IP address 10.1.1.4/24
and needs to dynamically obtain its startup configuration file configuration.ini
from the FTP server. There are reachable routes between the FTP server and IP
phone. The gateway address of the PCs and IP phone is 10.1.1.1/24.
GE1/0/1
SwitchB VLANIF10
10.1.1.1/24
Internet
SwitchA
IP Phone DHCP Server
10.1.1.4/24
PC PC PC FTP Server
10.1.1.3/24
Configuration Roadmap
1. Create a DHCP Option template on SwitchA.
a. In the DHCP Option template view, configure the startup configuration
file for the static client IP phone.
b. Specify the FTP server IP address for the IP phone.
2. Create a global address pool on SwitchA.
a. In the global address pool view, configure an IP address lease and DNS
server information for the dynamic client PCs.
b. Bind an IP address and the DHCP Option template to the MAC address of
the static client IP phone.
Procedure
Step 1 Create a VLAN and configure an IP address for the VLANIF interface connecting
SwitchA to SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type hybrid
[SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet1/0/1] quit
Step 6 Enable the device to save DHCP data to the storage device. If a fault occurs on the
device, you can run the dhcp server database recover command after the system
restarts to restore DHCP data from files on the storage device.
[SwitchA] dhcp server database enable
-------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------
10.1.1.1 10.1.1.254 253 4 247(0) 0 2
-------------------------------------------------------------------------------
# Run the display dhcp option template name template1 command on SwitchA
to view the DHCP Option template configuration.
[SwitchA] display dhcp option template name template1
-------------------------------------------------------------------------------
Template-Name : template1
Template-No : 0
Next-server : 10.1.1.3
Domain-name : -
DNS-server0 : -
NBNS-server0 : -
Netbios-type : -
Gateway-0 : 10.1.1.1
Bootfile : configuration.ini
----End
Configuration Files
SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10
#
dhcp enable
#
dhcp server database enable
#
dhcp option template template1
gateway-list 10.1.1.1
next-server 10.1.1.3
bootfile configuration.ini
#
ip pool pool1
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.0
excluded-ip-address 10.1.1.2 10.1.1.3
static-bind ip-address 10.1.1.4 mac-address dcd2-fc96-e4c0 option-template
template1
lease unlimited
dns-list 10.1.1.2
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
Switch Internet
GE1/0/1
GE1/0/2
IP Phone A IP Phone B
Configuration Roadmap
1. Configure a voice VLAN on the Switch to ensure that the Switch preferentially
forwards voice packets.
2. Configure the Switch as a DHCP server to dynamically allocate the voice
VLAN, startup configuration file, and IP addresses to IP phones.
Procedure
Step 1 Create VLAN 10 and add GE1/0/1 and GE1/0/2 to VLAN 10.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk
[Switch-GigabitEthernet1/0/1] port trunk pvid vlan 10
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[Switch-GigabitEthernet1/0/1] quit
NOTE
Step 3 Configure the Switch as a DHCP server to dynamically allocate the voice VLAN,
startup configuration file, and IP addresses to IP phones.
# Enable DHCP.
[Switch] dhcp enable
The DHCP server is configured to allocate Option 184, which delivers the VLAN ID
to IP phones so that packets sent by IP phones carry the same VLAN ID as that
configured on the DHCP server. IP phone vendors may define different values for
the Option field. For details about the options, see the usage guide of the IP
phones.
Step 4 Verify the configuration.
# Run the display ip pool interface vlanif10 command on the Switch to view the
address pool configuration.
-----------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-----------------------------------------------------------------------------
10.20.20.1 10.20.20.254 253 2 251(0) 0 0
-----------------------------------------------------------------------------
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10
#
dhcp enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server next-server 10.1.1.3
dhcp server option184 voice-vlan 10
dhcp server bootfile configuration.ini
#
interface GigabitEthernet1/0/1
port link-type trunk
voice-vlan 10 enable
port trunk pvid vlan 10
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/2
port link-type trunk
voice-vlan 10 enable
port trunk pvid vlan 10
port trunk allow-pass vlan 10
#
return
GE1/0/1 GE1/0/3
GE1/0/2 GE1/0/4
VLAN2 VLAN3
VLAN4
VLANIF4:10.1.1.12/24
Department A Department B
VLAN 2 VLAN 3
Configuration Roadmap
1. Configure sub-VLANs on the Switch to implement Layer 2 isolation between
users in different sub-VLANs. The sub-VLANs are on the same network
segment, which reduces the amount of required IP address resources.
2. Configure proxy ARP on the VLANIF interface of the super-VLAN to implement
Layer 3 communication among sub-VLANs.
3. Configure a DHCP server in the super-VLAN to dynamically allocate IP
addresses to terminals in departments A and B.
Procedure
Step 1 Create VLAN 2, and add GE1/0/1 and GE1/0/2 to VLAN 2. Create VLAN 3, and add
GE1/0/3 and GE1/0/4 to VLAN 3.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 2 to 4
[Switch] interface GigabitEthernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type access
[Switch-GigabitEthernet1/0/1] port default vlan 2
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface GigabitEthernet 1/0/2
[Switch-GigabitEthernet1/0/2] port link-type access
Step 4 Configure a DHCP server based on the interface address pool on VLANIF 4 to
dynamically allocate IP addresses to terminals in sub-VLANs.
[Switch] dhcp enable
[Switch] interface vlanif 4
[Switch-Vlanif4] dhcp select interface
[Switch-Vlanif4] quit
-------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 2 to 4
#
dhcp enable
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.1.1.12 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
dhcp select interface
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet1/0/4
port link-type access
port default vlan 3
#
return
Networking Requirements
In Figure 3-14, a host in an enterprise is dual-homed to SwitchA and SwitchB
through the Switch. SwitchA functions as the master DHCP server to allocate IP
addresses to clients. If the master DHCP server fails, a backup DHCP server must
allocate IP addresses to clients.
Figure 3-14 Networking diagram for configuring DHCP servers on the same
network segment based on the global address pool in VRRP networking
GE1/0/5
GE1/0/1
GE1/0/3
Switch
DHCP GE1/0/2
Client GE1/0/5
GE1/0/2
VLANIF100
10.1.1.129/24 SwitchB
Backup DHCP Server
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces connecting SwitchA and SwitchB to
implement network-layer connectivity. Configure the Switch to transparently
transmit Layer 2 packets.
2. Configure a VRRP group on SwitchA and SwitchB. SwitchA has a higher
priority and functions as the master DHCP server to allocate IP addresses to
clients. SwitchB has a lower priority and functions as a backup DHCP server.
3. Create global address pools on SwitchA and SwitchB and set attributes for the
pools.
4. Configure a loop prevention protocol (STP used as an example) on Switch,
SwitchA, and SwitchB
Procedure
Step 1 Configure network-layer connectivity among devices.
# Configure IP addresses for interfaces. The following uses SwitchA as an example.
The configuration of SwitchB is similar. For details, see the configuration file of
SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type hybrid
[SwitchA-GigabitEthernet1/0/2] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet1/0/2] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/5
[SwitchA-GigabitEthernet1/0/5] port link-type hybrid
[SwitchA-GigabitEthernet1/0/5] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet1/0/5] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet1/0/5] quit
Step 2 Create address pools and set attributes for the pools.
# Enable DHCP on SwitchA.
[SwitchA] dhcp enable
NOTE
Information about the address pool on the master DHCP server cannot be backed up to a
backup DHCP server in real time. To prevent IP address conflicts after a master/backup
switchover, the address pool ranges on the master and backup DHCP servers must be
mutually exclusive.
[SwitchA] ip pool 1
[SwitchA-ip-pool-1] network 10.1.1.0 mask 255.255.255.0
[SwitchA-ip-pool-1] gateway-list 10.1.1.111
[SwitchA-ip-pool-1] excluded-ip-address 10.1.1.1
[SwitchA-ip-pool-1] excluded-ip-address 10.1.1.129 10.1.1.254
[SwitchA-ip-pool-1] lease day 10
[SwitchA-ip-pool-1] quit
# Create VRRP group 1 on SwitchB, retain the priority (100 by default) of SwitchB
in the VRRP group, and configure clients to obtain IP addresses from a global
address pool.
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111
[SwitchB-Vlanif100] dhcp select global
[SwitchB-Vlanif100] quit
# Disable STP on GE1/0/3 of Switch, and set the path cost of GE1/0/1 to 20000.
[Switch] interface gigabitethernet 1/0/3
[Switch-GigabitEthernet1/0/3] stp disable
[Switch-GigabitEthernet1/0/3] quit
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] stp cost 20000
[Switch-GigabitEthernet1/0/1] quit
Backup-forward : disabled
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
# Run the display ip pool command on SwitchA and SwitchB. The command
output shows that SwitchA has successfully allocated an IP address to the client.
[SwitchA] display ip pool
-------------------------------------------------------------------------------
Pool-name :1
Pool-No :0
Lease : 10 Days 0 Hours 0 Minutes
Position : Local
Status : Unlocked
Gateway-0 : 10.1.1.111
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Conflicted address recycle interval: -
Address Statistic: Total :253 Used :1
Idle :125 Expired :0
Conflict :0 Disabled :127
IP address Statistic
Total :253
Used :1 Idle :125
Expired :0 Conflict :0 Disabled :127
[SwitchB] display ip pool
-------------------------------------------------------------------------------
Pool-name :1
Pool-No :0
Lease : 10 Days 0 Hours 0 Minutes
Position : Local
Status : Unlocked
Gateway-0 : 10.1.1.111
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Address Statistic: Total :253 Used :0
Idle :125 Expired :0
Conflict :0 Disabled :128
IP address Statistic
Total :253
Used :0 Idle :125
Expired :0 Conflict :0 Disabled :128
# Run the display vrrp command on SwitchB to view the VRRP status. The
command output shows that SwitchB becomes the master.
[SwitchB] display vrrp
Vlanif100 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.129
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
# Run the display ip pool command on SwitchB to view the address pool
configuration.
[SwitchB] display ip pool
-----------------------------------------------------------------------------
Pool-name :1
Pool-No :0
Lease : 10 Days 0 Hours 0 Minutes
Position : Local
Status : Unlocked
Gateway-0 : 10.1.1.111
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Address Statistic: Total :253 Used :1
Idle :124 Expired :0
Conflict :0 Disabled :128
IP address Statistic
Total :253
Used :1 Idle :124
Expired :0 Conflict :0 Disabled :128
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 100
#
dhcp enable
#
ip pool 1
gateway-list 10.1.1.111
network 10.1.1.0 mask 255.255.255.0
excluded-ip-address 10.1.1.1
excluded-ip-address 10.1.1.129 10.1.1.254
lease day 10 hour 0 minute 0
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.111
vrrp vrid 1 priority 120
dhcp select global
#
interface GigabitEthernet1/0/2
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet1/0/5
port link-type hybrid
Figure 3-15 Networking diagram for configuring a device as a DHCP relay agent
Internet
SwitchB
DHCP Server
GE1/0/1
VLANIF200
10.10.20.2/24
GE1/0/1
VLANIF200
10.10.20.1/24
SwitchA
DHCP Relay Agent
GE1/0/2
VLANIF100
10.20.20.1/24
Configuration Roadmap
The configuration roadmap is as follows:
Configure SwitchA as a DHCP relay agent to forward DHCP messages between the
DHCP server and clients.
Procedure
Step 1 Configure DHCP relay on SwitchA.
Step 3 Configure SwitchB as the DHCP server based on the global address pool.
# Enable DHCP.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] dhcp enable
# Create an address pool and set attributes for the address pool.
[SwitchB] ip pool pool1
[SwitchB-ip-pool-pool1] network 10.20.20.0 mask 24
[SwitchB-ip-pool-pool1] gateway-list 10.20.20.1
[SwitchB-ip-pool-pool1] option121 ip-address 10.10.20.0 24 10.20.20.1
[SwitchB-ip-pool-pool1] quit
# On SwitchB, run the display ip pool name pool1 command to view IP address
allocation in the address pool. The Used field displays the number of used IP
addresses in the address pool.
[SwitchB] display ip pool name pool1
Pool-name : pool1
Pool-No :0
Lease : 1 Days 0 Hours 0 Minutes
Domain-name :-
Option-code : 121
Option-subcode : --
Option-type : hex
Option-value : 18640A1414141401
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Position : Local
Status : Unlocked
Gateway-0 : 10.20.20.1
Network : 10.20.20.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
Conflicted address recycle interval: -
Address Statistic: Total :253 Used :2
Idle :251 Expired :0
Conflict :0 Disabled :0
-------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------
10.20.20.1 10.20.20.254 253 2 251(0) 0 0
-------------------------------------------------------------------------------
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 100 200
#
dhcp enable
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.10.20.2
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet1/0/2
port link-type hybrid
port hybrid pvid vlan 100
Figure 3-16 Networking diagram for configuring a device as a DHCP relay agent
DHCP Client
10.1.1.0/24
Branch 1
vpna
GE1/0/1
CE_1
DHCP Relay Agent Loopback0
GE1/0/2 10.20.20.9/32 MCE
GE2/0/0 DHCP Server
Loopback0 GE3/0/0 GE2/0/0 GE1/0/0
10.10.10.9/32 GE1/0/1
GE1/0/0 PE_1 PE_2
GE1/0/2
CE_2
DHCP Relay Agent
GE1/0/1
Branch 2
vpnb
DHCP Client
10.1.1.0/24
Configuration Roadmap
1. Configure Open Shortest Path First (OSPF) between PE_1 and PE_2 to
implement interworking between them and configure MP-IBGP to exchange
VPN routing information.
2. Configure basic MPLS capabilities and MPLS LDP on PE_1 and PE_2 to set up
an LDP LSP.
3. Create VPN instances vpna and vpnb on the MCE, PE_1, and PE_2 to isolate
services.
4. Set up EBGP peer relationships between PE_1 and its connected CEs and
import BGP routes to the VPN routing table of PE1.
5. Configure the MCE as a DHCP server to allocate IP addresses from the global
address pool to terminals in branch 1 and branch 2.
6. Configure the DHCP relay function on CE_1 and CE_2 to forward DHCP
messages between the DHCP server and terminals so that the terminals can
apply to the DHCP server for IP addresses.
Procedure
Step 1 Create VLANs, add interfaces to the VLANs, and configure IP addresses for the
VLANIF interfaces.
# Configure CE_1.
<HUAWEI> system-view
[HUAWEI] sysname CE_1
[CE_1] vlan batch 10 20
[CE_1] interface gigabitethernet 1/0/1
[CE_1-GigabitEthernet1/0/1] port link-type hybrid
[CE_1-GigabitEthernet1/0/1] port hybrid pvid vlan 10
[CE_1-GigabitEthernet1/0/1] port hybrid untagged vlan 10
[CE_1-GigabitEthernet1/0/1] quit
[CE_1] interface gigabitethernet 1/0/2
[CE_1-GigabitEthernet1/0/2] port link-type hybrid
[CE_1-GigabitEthernet1/0/2] port hybrid pvid vlan 20
[CE_1-GigabitEthernet1/0/2] port hybrid untagged vlan 20
[CE_1-GigabitEthernet1/0/2] quit
[CE_1] interface vlanif 10
[CE_1-Vlanif10] ip address 10.1.1.1 24
[CE_1-Vlanif10] quit
[CE_1] interface vlanif 20
[CE_1-Vlanif20] ip address 10.1.2.1 24
[CE_1-Vlanif20] quit
# Configure CE_2.
<HUAWEI> system-view
[HUAWEI] sysname CE_2
[CE_2] vlan batch 10 20
[CE_2] interface gigabitethernet 1/0/1
[CE_2-GigabitEthernet1/0/1] port link-type hybrid
[CE_2-GigabitEthernet1/0/1] port hybrid pvid vlan 10
[CE_2-GigabitEthernet1/0/1] port hybrid untagged vlan 10
[CE_2-GigabitEthernet1/0/1] quit
[CE_2] interface gigabitethernet 1/0/2
[CE_2-GigabitEthernet1/0/2] port link-type hybrid
[CE_2-GigabitEthernet1/0/2] port hybrid pvid vlan 20
[CE_2-GigabitEthernet1/0/2] port hybrid untagged vlan 20
[CE_2-GigabitEthernet1/0/2] quit
[CE_2] interface vlanif 10
[CE_2-Vlanif10] ip address 10.1.1.1 24
[CE_2-Vlanif10] quit
[CE_2] interface vlanif 20
[CE_2-Vlanif20] ip address 10.1.2.1 24
[CE_2-Vlanif20] quit
# Configure PE_1.
<HUAWEI> system-view
[HUAWEI] sysname PE_1
[PE_1] interface loopback 0
[PE_1-LoopBack0] ip address 10.10.10.9 32
[PE_1-LoopBack0] quit
[PE_1] interface gigabitethernet 3/0/0
[PE_1-GigabitEthernet3/0/0] ip address 10.1.3.1 24
[PE_1-GigabitEthernet3/0/0] quit
# Configure PE_2.
<HUAWEI> system-view
[HUAWEI] sysname PE_2
[PE_2] interface loopback 0
[PE_2-LoopBack0] ip address 10.20.20.9 32
[PE_2-LoopBack0] quit
[PE_2] interface gigabitethernet 2/0/0
[PE_2-GigabitEthernet2/0/0] ip address 10.1.3.2 24
[PE_2-GigabitEthernet2/0/0] quit
# Configure PE_2.
[PE_2] ospf 1
[PE_2-ospf-1] area 0
[PE_2-ospf-1-area-0.0.0.0] network 10.20.20.9 0.0.0.0
[PE_2-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[PE_2-ospf-1-area-0.0.0.0] quit
[PE_2-ospf-1] quit
# After the configuration is complete, PE_1 and PE_2 set up the OSPF neighbor
relationship. Run the display ip routing-table command on PE_1 and PE_2 to
view the routes to each other.
Step 3 Configure basic MPLS capabilities and MPLS LDP on PE_1 and PE_2 to set up an
LDP LSP.
# Configure PE_1.
[PE_1] mpls lsr-id 10.10.10.9
[PE_1] mpls
[PE_1-mpls] quit
[PE_1] mpls ldp
[PE_1-mpls-ldp] quit
[PE_1] interface gigabitethernet 3/0/0
[PE_1-GigabitEthernet3/0/0] mpls
[PE_1-GigabitEthernet3/0/0] mpls ldp
[PE_1-GigabitEthernet3/0/0] quit
# Configure PE_2.
[PE_2] mpls lsr-id 10.20.20.9
[PE_2] mpls
[PE_2-mpls] quit
[PE_2] mpls ldp
[PE_2-mpls-ldp] quit
[PE_2] interface gigabitethernet 2/0/0
[PE_2-GigabitEthernet2/0/0] mpls
[PE_2-GigabitEthernet2/0/0] mpls ldp
[PE_2-GigabitEthernet2/0/0] quit
# After the configuration is complete, PE_1 and PE_2 set up an LDP session. Run
the display mpls ldp session command on PE_1 and PE_2. The command output
shows that the Status field is Operational. Run the display mpls ldp lsp
command. Information about the established LDP LSP is displayed.
Step 4 Configure VPN instances on the MCE, PE_1, and PE_2.
# Configure PE_1.
# Configure PE_2.
[PE_2] ip vpn-instance vpna
[PE_2-vpn-instance-vpna] ipv4-family
[PE_2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[PE_2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE_2-vpn-instance-vpna-af-ipv4] quit
[PE_2-vpn-instance-vpna] quit
[PE_2] ip vpn-instance vpnb
[PE_2-vpn-instance-vpnb] ipv4-family
[PE_2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2
[PE_2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE_2-vpn-instance-vpnb-af-ipv4] quit
[PE_2-vpn-instance-vpnb] quit
[PE_2] interface gigabitethernet 1/0/0.1
[PE_2-GigabitEthernet1/0/0.1] dot1q termination vid 10
[PE_2-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna
[PE_2-GigabitEthernet1/0/0.1] ip address 10.1.4.2 24
[PE_2-GigabitEthernet1/0/0.1] arp broadcast enable
[PE_2-GigabitEthernet1/0/0.1] quit
[PE_2] interface gigabitethernet 1/0/0.2
[PE_2-GigabitEthernet1/0/0.2] dot1q termination vid 20
[PE_2-GigabitEthernet1/0/0.2] ip binding vpn-instance vpnb
[PE_2-GigabitEthernet1/0/0.2] ip address 10.1.5.2 24
[PE_2-GigabitEthernet1/0/0.2] arp broadcast enable
[PE_2-GigabitEthernet1/0/0.2] quit
# Configure PE_1.
[PE_1] bgp 100
[PE_1-bgp] peer 10.20.20.9 as-number 100
[PE_1-bgp] peer 10.20.20.9 connect-interface loopback0
[PE_1-bgp] ipv4-family vpnv4
[PE_1-bgp-af-vpnv4] peer 10.20.20.9 enable
[PE_1-bgp-af-vpnv4] quit
[PE_1-bgp] ipv4-family vpn-instance vpna
[PE_1-bgp-vpna] import-route direct
[PE_1-bgp-vpna] quit
[PE_1-bgp] ipv4-family vpn-instance vpnb
[PE_1-bgp-vpnb] import-route direct
[PE_1-bgp-vpnb] quit
[PE_1-bgp] quit
# Configure PE_2.
[PE_2] bgp 100
[PE_2-bgp] peer 10.10.10.9 as-number 100
[PE_2-bgp] peer 10.10.10.9 connect-interface loopback0
[PE_2-bgp] ipv4-family vpnv4
[PE_2-bgp-af-vpnv4] peer 10.10.10.9 enable
[PE_2-bgp-af-vpnv4] quit
[PE_2-bgp] ipv4-family vpn-instance vpna
[PE_2-bgp-vpna] import-route direct
[PE_2-bgp-vpna] quit
[PE_2-bgp] ipv4-family vpn-instance vpnb
[PE_2-bgp-vpnb] import-route direct
[PE_2-bgp-vpnb] quit
[PE_2-bgp] quit
# After the configuration is complete, run the display bgp peer command on
PE_1 and PE_2. The command output shows that an MP-IBGP peer relationship
has been set up between PEs and the relationship is in Established state.
Step 6 Configure EBGP peer relationships between CE_1 and PE_1 and between CE_2 and
PE_2.
# Configure CE_1.
[CE_1] bgp 65410
[CE_1-bgp] peer 10.1.2.2 as-number 100
[CE_1-bgp] ipv4-family unicast
[CE_1-bgp-af-ipv4] undo synchronization
[CE_1-bgp-af-ipv4] import-route direct
# Configure CE_2.
[CE_2] bgp 65411
[CE_2-bgp] peer 10.1.2.2 as-number 100
[CE_2-bgp] ipv4-family unicast
[CE_2-bgp-af-ipv4] undo synchronization
[CE_2-bgp-af-ipv4] import-route direct
# Configure PE_1.
# Configure PE_2.
To configure OSPF multi-instance between the MCE and PE2, perform the
following tasks on PE_2:
● In the OSPF view, import BGP routes and advertise VPN routes of PE_1 to the
MCE.
● In the BGP view, import routes of the OSPF processes and advertise the VPN
routes of the MCE to PE_1.
[PE_2] ospf 100 vpn-instance vpna
[PE_2-ospf-100] import-route bgp
[PE_2-ospf-100] area 0
[PE_2-ospf-100-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[PE_2-ospf-100-area-0.0.0.0] quit
[PE_2-ospf-100] quit
[PE_2] ospf 200 vpn-instance vpnb
[PE_2-ospf-200] import-route bgp
[PE_2-ospf-200] area 0
[PE_2-ospf-200-area-0.0.0.0] network 10.1.5.0 0.0.0.255
[PE_2-ospf-200-area-0.0.0.0] quit
[PE_2-ospf-200] quit
[PE_2] bgp 100
[PE_2-bgp] ipv4-family vpn-instance vpna
[PE_2-bgp-vpna] import-route ospf 100
[PE_2-bgp-vpna] quit
[PE_2-bgp] ipv4-family vpn-instance vpnb
[PE_2-bgp-vpnb] import-route ospf 200
[PE_2-bgp-vpnb] quit
[PE_2-bgp] quit
# Enable DHCP.
[MCE] dhcp enable
# Configure CE_1.
[CE_1] dhcp enable
[CE_1] interface vlanif 10
[CE_1-Vlanif10] dhcp select relay
[CE_1-Vlanif10] dhcp relay server-ip 10.1.4.1
[CE_1-Vlanif10] quit
# Configure CE_2.
[CE_2] dhcp enable
[CE_2] interface vlanif 10
[CE_2-Vlanif10] dhcp select relay
[CE_2-Vlanif10] dhcp relay server-ip 10.1.5.1
[CE_2-Vlanif10] quit
-----------------------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict Disable
-----------------------------------------------------------------------------
----End
Configuration Files
● PE_1 configuration file
#
sysname PE_1
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 10.10.10.9
mpls
#
mpls ldp
#
interface GigabitEthernet3/0/0
ip address 10.1.3.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
ip binding vpn-instance vpnb
ip address 10.1.2.2 255.255.255.0
#
interface GigabitEthernet2/0/0
ip binding vpn-instance vpna
ip address 10.1.2.2 255.255.255.0
#
interface LoopBack0
ip address 10.10.10.9 255.255.255.255
#
bgp 100
peer 10.20.20.9 as-number 100
peer 10.20.20.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.20.20.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 10.20.20.9 enable
#
ipv4-family vpn-instance vpna
import-route direct
peer 10.1.2.1 as-number 65410
#
ipv4-family vpn-instance vpnb
import-route direct
peer 10.1.2.1 as-number 65411
#
ospf 1
area 0.0.0.0
network 10.10.10.9 0.0.0.0
network 10.1.3.0 0.0.0.255
#
return
● PE_2 configuration file
#
sysname PE_2
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 10.20.20.9
mpls
#
mpls ldp
#
interface GigabitEthernet2/0/0
ip address 10.1.3.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0.1
dot1q termination vid 10
ip binding vpn-instance vpna
ip address 10.1.4.2 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet1/0/0.2
dot1q termination vid 20
ip binding vpn-instance vpnb
ip address 10.1.5.2 255.255.255.0
arp broadcast enable
#
interface LoopBack0
ip address 10.20.20.9 255.255.255.255
#
bgp 100
peer 10.10.10.9 as-number 100
peer 10.10.10.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.10.10.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 10.10.10.9 enable
#
ipv4-family vpn-instance vpna
import-route ospf 100
#
ipv4-family vpn-instance vpnb
import-route ospf 200
#
ospf 1
area 0.0.0.0
network 10.20.20.9 0.0.0.0
network 10.1.3.0 0.0.0.255
#
ospf 100 vpn-instance vpna
import-route bgp
area 0.0.0.0
#
bgp 65411
peer 10.1.2.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.2.2 enable
#
return
GE1/0/0 GE1/0/0
VLANIF10 VLANIF20
192.168.20.1/24 Tunnel Tunnel 192.168.30.2/24
192.168.40.1/24 192.168.40.2/24 Switch_3
Switch_1
GRE Tunnel DHCP Relay Agent
DHCP Server
GE2/0/0 GE2/0/0
VLANIF30 10.1.1.1/24 VLANIF30 10.2.1.1/24
LSW_1 LSW_2
Configuration Roadmap
The configuration roadmap is as follows:
1. Run OSPF between Switch_1, Switch_2, and Switch_3 to ensure their
reachability.
2. On Switch_1 and Switch_3, configure tunnel interfaces and create a GRE
tunnel.
3. Configure Switch_1 as a DHCP server based on a global address pool so that
the DHCP server can assign IP addresses from the global address pool to the
terminals in the headquarters and branch.
4. Configure Switch_3 as a DHCP relay and to function as the branch's gateway
to forward DHCP messages between the terminals and DHCP server.
Huawei S series switch functions as a DHCP server (Switch_1) in this example.
Configure the interface link types and VLANs on LSW_1 and LSW_2 to implement
Layer 2 communication.
Procedure
Step 1 Configure an IP address for each physical interface on Switch_1 through Switch_3.
# Configure Switch_1.
<HUAWEI> system-view
[HUAWEI] sysname Switch_1
[Switch_1] vlan batch 10 30
[Switch_1] interface gigabitethernet 1/0/0
[Switch_1-GigabitEthernet1/0/0] port link-type trunk
[Switch_1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[Switch_1-GigabitEthernet1/0/0] quit
[Switch_1] interface gigabitethernet 2/0/0
[Switch_1-GigabitEthernet2/0/0] port link-type trunk
[Switch_1-GigabitEthernet2/0/0] port trunk allow-pass vlan 30
[Switch_1-GigabitEthernet2/0/0] quit
[Switch_1] interface vlanif 10
[Switch_1-Vlanif10] ip address 192.168.20.1 24
[Switch_1-Vlanif10] quit
[Switch_1] interface vlanif 30
[Switch_1-Vlanif30] ip address 10.1.1.1 24
[Switch_1-Vlanif30] quit
# Configure Switch_2.
<HUAWEI> system-view
[HUAWEI] sysname Switch_2
[Switch_2] vlan batch 10 20
[Switch_2] interface gigabitethernet 1/0/0
[Switch_2-GigabitEthernet1/0/0] port link-type trunk
[Switch_2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[Switch_2-GigabitEthernet1/0/0] quit
[Switch_2] interface gigabitethernet 2/0/0
[Switch_2-GigabitEthernet2/0/0] port link-type trunk
[Switch_2-GigabitEthernet2/0/0] port trunk allow-pass vlan 20
[Switch_2-GigabitEthernet2/0/0] quit
[Switch_2] interface vlanif 10
[Switch_2-Vlanif10] ip address 192.168.20.2 24
[Switch_2-Vlanif10] quit
[Switch_2] interface vlanif 20
[Switch_2-Vlanif20] ip address 192.168.30.1 24
[Switch_2-Vlanif20] quit
# Configure Switch_3.
<HUAWEI> system-view
[HUAWEI] sysname Switch_3
[Switch_3] vlan batch 20 30
[Switch_3] interface gigabitethernet 1/0/0
[Switch_3-GigabitEthernet1/0/0] port link-type trunk
[Switch_3-GigabitEthernet1/0/0] port trunk allow-pass vlan 20
[Switch_3-GigabitEthernet1/0/0] quit
[Switch_3] interface gigabitethernet 2/0/0
[Switch_3-GigabitEthernet2/0/0] port link-type trunk
[Switch_3-GigabitEthernet2/0/0] port trunk allow-pass vlan 30
[Switch_3-GigabitEthernet2/0/0] quit
[Switch_3] interface vlanif 20
[Switch_3-Vlanif20] ip address 192.168.30.2 24
[Switch_3-Vlanif20] quit
[Switch_3] interface vlanif 30
[Switch_3-Vlanif30] ip address 10.2.1.1 24
[Switch_3-Vlanif30] quit
# Configure Switch_2.
[Switch_2] ospf 1
[Switch_2-ospf-1] area 0
[Switch_2-ospf-1-area-0.0.0.0] network 192.168.20.0 0.0.0.255
[Switch_2-ospf-1-area-0.0.0.0] network 192.168.30.0 0.0.0.255
[Switch_2-ospf-1-area-0.0.0.0] quit
[Switch_2-ospf-1] quit
# Configure Switch_3.
[Switch_3] ospf 1
[Switch_3-ospf-1] area 0
[Switch_3-ospf-1-area-0.0.0.0] network 192.168.30.0 0.0.0.255
[Switch_3-ospf-1-area-0.0.0.0] quit
[Switch_3-ospf-1] quit
# Configure Switch_3.
[Switch_3] interface tunnel 1
[Switch_3-Tunnel1] tunnel-protocol gre
[Switch_3-Tunnel1] ip address 192.168.40.2 24
[Switch_3-Tunnel1] source 192.168.30.2
[Switch_3-Tunnel1] destination 192.168.20.1
[Switch_3-Tunnel1] quit
# Configure a static route to the network segment of the terminals in the branch.
[Switch_1] ip route-static 10.2.1.0 255.255.255.0 tunnel 1
# Configure the DHCP relay function on VLANIF 30 and specifies the DHCP server
address for the relay.
[Switch_3] interface vlanif 30
[Switch_3-Vlanif30] dhcp select relay
[Switch_3-Vlanif30] dhcp relay server-ip 10.1.1.1
[Switch_3-Vlanif30] quit
-------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------
10.2.1.1 10.2.1.254 253 50 203(0) 0 0
-------------------------------------------------------------------------------
[Switch_1] display ip pool name pool2
Pool-name : pool2
Pool-No :1
Lease : 1 Days 0 Hours 0 Minutes
Domain-name :-
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Position : Local
Status : Unlocked
Gateway-0 : 10.1.1.1
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
Conflicted address recycle interval: -
Address Statistic: Total :253 Used :50
Idle :203 Expired :0
Conflict :0 Disabled :0
-------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------
10.1.1.1 10.1.1.254 253 100 153(0) 0 0
-------------------------------------------------------------------------------
----End
Configuration Files
● Switch_1 configuration file
#
sysname Switch_1
#
vlan batch 10 30
#
dhcp enable
#
ip pool pool1
gateway-list 10.2.1.1
network 10.2.1.0 mask 255.255.255.0
#
ip pool pool2
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.0
#
interface Vlanif10
ip address 192.168.20.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.1.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface Tunnel1
ip address 192.168.40.1 255.255.255.0
tunnel-protocol gre
source 192.168.20.1
destination 192.168.30.2
#
ospf 1
area 0.0.0.0
network 192.168.20.0 0.0.0.255
#
ip route-static 10.2.1.0 255.255.255.0 Tunnel1
#
return
● Switch_2 configuration file
#
sysname Switch_2
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.20.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.30.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
ospf 1
area 0.0.0.0
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
#
return
● Switch_3 configuration file
#
sysname Switch_3
#
vlan batch 20 30
#
dhcp enable
#
interface Vlanif20
ip address 192.168.30.2 255.255.255.0
#
interface Vlanif30
ip address 10.2.1.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.1.1.1
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface Tunnel1
ip address 192.168.40.2 255.255.255.0
tunnel-protocol gre
source 192.168.30.2
destination 192.168.20.1
#
ospf 1
area 0.0.0.0
network 192.168.30.0 0.0.0.255
#
ip route-static 10.1.1.0 255.255.255.0 Tunnel1
#
return
192.168.1.126/24
DNS Server Switch_2
192.168.1.2/24 DHCP Server
GE1/0/1
VLANIF10
192.168.1.1/24
GE1/0/1
VLANIF10
Switch_1
DHCP Client
Configuration Roadmap
1. Configure Switch_1 as a DHCP client to dynamically obtain an IP address from
the DHCP server.
2. Configure Switch_2 as a DHCP server to dynamically allocate network
parameters including IP addresses to Switch_1.
Procedure
Step 1 Configure Switch_1 as a DHCP client.
# Create VLAN 10 and add GE1/0/1 to VLAN 10.
<HUAWEI> system-view
[HUAWEI] sysname Switch_1
[Switch_1] vlan 10
[Switch_1-vlan10] quit
[Switch_1] interface gigabitethernet 1/0/1
[Switch_1-GigabitEthernet1/0/1] port link-type trunk
[Switch_1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[Switch_1-GigabitEthernet1/0/1] quit
Step 2 Create a global address pool on Switch_2 and set attributes for the pool.
1. Enable DHCP.
<HUAWEI> system-view
[HUAWEI] sysname Switch_2
[Switch_2] dhcp enable
# After VLANIF 10 obtains an IP address, run the display dhcp client command
on Switch_1 to view the status of the DHCP client on VLANIF 10.
[Switch_1] display dhcp client
DHCP client lease information on interface Vlanif10 :
Current machine state : Bound
Internet address assigned via : DHCP
Physical address : 0025-9efb-be55
IP address : 192.168.1.254
Subnet mask : 255.255.255.0
Gateway ip address : 192.168.1.126
DHCP server : 192.168.1.1
Lease obtained at : 2014-09-10 20:30:39
Lease expires at : 2014-09-11 20:30:39
# On Switch_2, run the display ip pool name pool1 command to view IP address
allocation in the address pool. The Used field displays the number of used IP
addresses in the address pool.
[Switch_2] display ip pool name pool1
Pool-name : pool1
Pool-No :0
Lease : 1 Days 0 Hours 0 Minutes
Domain-name :-
DNS-server0 : 192.168.1.2
NBNS-server0 :-
Netbios-type :-
Position : Local
Status : Unlocked
Gateway-0 : 192.168.1.126
Network : 192.168.1.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
Conflicted address recycle interval: -
Address Statistic: Total :253 Used :1
Idle :251 Expired :0
Conflict :0 Disabled :1
-------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------
192.168.1.1 192.168.1.254 253 1 251(0) 0 1
-------------------------------------------------------------------------------
----End
Configuration Files
● Switch_1 configuration file
#
sysname Switch_1
#
vlan batch 10
#
interface Vlanif10
ip address dhcp-alloc
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
● Switch_2 configuration file
#
sysname Switch_2
#
vlan batch 10
#
dhcp enable
#
ip pool pool1
gateway-list 192.168.1.126
network 192.168.1.0 mask 255.255.255.0
excluded-ip-address 192.168.1.2
dns-list 192.168.1.2
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
GE1/0/1
VLANIF10 GE1/0/1
192.168.1.1/24 VLANIF10
SwitchB SwitchA
DHCP Server BOOTP Client
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure SwitchA as a BOOTP client to dynamically obtain an IP address
from the DHCP server.
2. Create a global address pool on SwitchB and set corresponding attributes.
Procedure
Step 1 Configure the BOOTP client function on SwitchA.
# Create VLAN 10 and add GE1/0/1 to VLAN 10.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet1/0/1] quit
Step 2 Create a global address pool on SwitchB and set corresponding attributes.
# Enable DHCP.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] dhcp enable
[SwitchB] dhcp server bootp
[SwitchB] dhcp server bootp automatic
# After VLANIF 10 obtains an IP address, run the display dhcp client command
on SwitchA to view the status of the BOOTP client on VLANIF 10.
[SwitchA] display dhcp client
BOOTP client lease information on interface Vlanif10 :
Current machine state : Bound
Internet address assigned via : BOOTP
Physical address : 0018-8201-0987
IP address : 192.168.1.254
Subnet mask : 255.255.255.0
Gateway ip address : 192.168.1.126
Lease obtained at : 2008-11-06 23:04:47
DNS : 192.168.1.2
# Run the display ip pool command on SwitchB to view the address pool
configuration.
-----------------------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict Disabled
-----------------------------------------------------------------------------
10.20.20.1 10.20.20.254 253 1 251(0) 0 1
-----------------------------------------------------------------------------
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address bootp-alloc
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
return
Then, on the client, release the IP address and apply for a new
one.
● Change the host's manually configured IP address.
NOTE
IP address conflict detection can be configured on the DHCP server to
prevent conflicts. For details, see 3.4.3.4 (Optional) Configuring IP
Address Conflict Detection.
Verification Check whether DHCP is enabled. Enter the user view and run:
display current-configuration | include dhcp enable
Then, on the client, release the IP address and apply for a new
one.
● Change the host's manually configured IP address.
NOTE
IP address conflict detection can be configured on the DHCP server to
prevent conflicts. For details, see 3.4.3.4 (Optional) Configuring IP
Address Conflict Detection.
Verification Check statistics about packets sent to the DHCP server's CPU and
determine the MAC address at the source of the attack. Run:
display cpu-defend statistics
Solution Add the MAC address at the source of the attack to the blacklist.
For details, see "Configuring CPU Attack Defense" in S12700
V200R011C10 Configuration Guide - Security - Local Attack
Defense Configuration.
Note the following when the DHCP snooping function is configured in an AC + Fit
AP scenario:
● Configure DHCP snooping for wired users.
When the downstream wired port of the AP is directly connected to a wired
terminal, run the learn-client-address enable command in the AP wired port
profile and apply the profile to the downstream wired port of the AP. This
command enables the function of learning IPv4/IPv6 addresses of the STAs
connected to the downstream wired port. In addition, the DHCP snooping
function is associated to be enabled on the downstream wired port. By
default, the AP's upstream ports including physical ports and CAPWAP ports
are DHCP trusted ports, and you do not need to change the default
configurations of the AP's upstream ports.
You can run the display dhcp snooping configuration command on the AP
to check the ports where the dhcp snooping enable or dhcp snooping
trusted command has been configured. (The dhcp snooping enable
command cannot be directly run on the AP and needs to be delivered by the
AC.)
● DHCP snooping is enabled for wireless users by default.
By default, the function of learning IPv4/IPv6 addresses of wireless STAs and
the DHCP snooping function are enabled on the AP's wireless ports, and the
AP's upstream ports including physical ports and CAPWAP ports are DHCP
trusted ports.
When receiving DHCP packets from a DHCP client or DHCP server, a DHCP
snooping-enabled Fit AP records DHCP/6/SNP_RCV_MSG logs. You need to
configure the Fit AP to send logs to the log host before viewing the DHCP/6/
SNP_RCV_MSG logs on the log host. Ensure that the Fit AP and log host are
routable to each other.
3.11.2 When Both the DHCP Server and Relay Functions Are
Enabled on an Interface, Which Function Is Processed
Preferentially?
When both the DHCP server function and the DHCP relay function are enabled on
an interface, the DHCP server function is processed preferentially. The local DHCP
server that is on the same network segment as the interface's IP address is used
preferentially to allocate IP addresses. If the local DHCP server cannot allocate IP
addresses, a remote DHCP server allocates IP addresses through the DHCP relay
agent.