01-03 DHCP Configuration PDF

S12700 Series Agile Switches
Configuration Guide - IP Service 3 DHCP Configuration
3 DHCP Configuration
About This Chapter
3.1 Overview of DHCP

3.2 Key Concepts of DHCP
3.3 How DHCP Works
3.4 Configuring DHCP
3.5 Configuring a DHCP Relay Agent
3.6 Configuring a DHCP Client
3.7 Configuring a Device as a BOOTP Client
3.8 Maintaining DHCP
3.9 Configuration Examples for DHCP
3.10 Troubleshooting DHCP
3.11 FAQ About DHCP
3.1 Overview of DHCP
Definition
The Dynamic Host Configuration Protocol (DHCP) automates the assignment of
network parameters to network devices. Even in small networks, DHCP is useful
because it makes it easy to add new devices to the network.
DHCP is based on the Bootstrap Protocol (BOOTP), which runs in a static

environment where each client has a fixed network connection. For each client
using BOOTP, a network administrator must configure a BOOTP parameter file
that requires manual intervention to modify. DHCP improves on BOOTP by
dynamically allocating IP addresses from an address pool and reclaiming them
Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 97

when they are no longer in use. You can also use DHCP to deliver configuration
parameters, such as a configuration file used for startup, to clients.
DHCP is defined in RFC 2131 and enables the automatic configuration of DHCP
clients. It removes the need to configure clients individually and consists of two
components: a protocol for delivering client-specific configuration parameters
from a DHCP server to a client, and a mechanism for allocating network addresses
to clients.
DHCP supports dynamic and static allocation of IP addresses. You can use the
combination of the two mechanisms.
● Dynamic allocation: DHCP assigns an IP address to a client for a limited

period (or until the client releases the address).
This mechanism allows automatic reuse of an IP address that is no longer
needed by the client to which it was assigned. It is useful for assigning an IP
address to a client that connects to the network only temporarily or for
sharing a limited pool of IP addresses among a group of clients that do not
need permanent IP addresses.
● Static allocation: A network administrator assigns an IP address to a client
and uses DHCP to deliver this address to the client.
This mechanism allows you to eliminate the error-prone process of manually
configuring IP addresses for clients.
Benefits
DHCP offers the following benefits:
● Reduced client configurations and costs
Because DHCP is easy to configure, it minimizes operational costs associated
with device configurations, eases deployment by non-technical users, and
reduces device configuration and maintenance costs at remote sites.
● Centralized management
Because the DHCP server maintains configurations for several subnets, an
administrator only needs to update a single, central server when configuration
parameters change.
Relevant Information
Video
Configure a DHCP Server and a DHCP Relay Agent
3.2 Key Concepts of DHCP

3.2.1 Network Elements in DHCP
A client-server model forms the basis of DHCP and consists of two roles that a
Huawei switch can fulfill: DHCP server and DHCP client. When the DHCP server
and client are on different network segments, there is a DHCP relay agent
between them. Figure 3-1 shows the typical DHCP networking.

Figure 3-1 DHCP networking
DHCP Relay Agent DHCP Server
IP Network
DHCP Client
DHCP Client
The following describes the three roles involved in DHCP:

● DHCP server
A DHCP server assigns IP addresses from specified address pools to DHCP
clients. It can also manage these clients and provide network parameters such
as the default gateway address, Domain Name System (DNS) server address,
and Windows Internet Name Service (WINS) server address. A DHCP server
can accept broadcasts from locally attached LAN segments or DHCP requests
forwarded by DHCP relay agents within the network.
● DHCP client
A client can use BOOTP or DHCP to obtain its IP address and other network
parameters from a DHCP server. To obtain an IP address, the client sends a
BOOTP or DHCP Request message. DHCP clients can be IP phones, PCs,
mobile devices, diskless workstations, or other networked devices, and can be
connected directly or through other networks using DHCP relay agents.
● DHCP relay agent
DHCP relay agent forwards DHCP messages between a DHCP server and
DHCP clients and helps the DHCP server to dynamically allocate network
parameters to the DHCP clients.
When a DHCP client broadcasts DHCP Discovery messages with the
destination IP address 255.255.255.255, only the DHCP server on the same
network segment as the DHCP client can receive the messages. If a DHCP
server is on a different network segment from the DHCP client, a DHCP relay
agent must be deployed to forward DHCP Discovery messages to the DHCP
server. The DHCP relay agent modifies the format of a DHCP Discovery or
Offer message to generate a new DHCP message and then forwards it.
3.2.2 DHCP Leases and Address Pools

DHCP Leases
A lease is defined as the time period for which a DHCP server allocates an IP
address to a client. The lease can be extended upon subsequent requests. If the
client no longer needs the IP address, it can release the address back to the server
before the lease expires. The server is then free to assign this address to a
different client if no other idle IP address is available.

The lease period configured for a DHCP server applies to all of the IP addresses
that a DHCP server dynamically assigns to its clients. A different DHCP server may
have a different lease term for its clients. A statically allocated IP address is not
subject to the lease terms.
A DHCP client does not wait for its lease to expire, because it may be assigned a
different IP address. Instead, when a DHCP client reaches the halfway point of its
lease period, it attempts to extend its lease so that it retains the same IP address.
Address Pools
An address pool is a set of all the IP addresses that a DHCP server has reserved for
dynamic client allocation. Along with each IP address, the server stores certain
network parameters, such as a default lease length for the IP address and other
configuration parameters (for example, a subnet mask and the address of the
default gateway) to be sent to the client when it is assigned that IP address.
Address pools are classified into interface address pools and global address pools.
● Interface address pool: After an IP address is configured for an interface on a

DHCP server, you can create an address pool on the same network segment
as this interface. Addresses in the address pool can be allocated only to clients
connected to the interface. The interface address pool can allocate IP
addresses to clients on the same network segment as the DHCP server.
● Global address pool: On a DHCP server, you can create an address pool on the
specified network segment in the system view. Addresses in the address pool
can be allocated to all clients connected to the DHCP server, even if the server
and clients are on different network segments (providing that a DHCP relay
agent is used).
A DHCP server selects address pools according to whether a DHCP relay agent is
deployed. When no relay agent is deployed, the server selects the address pool on
the same network segment as the IP address of the interface receiving DHCP
Request messages. When relay agents are deployed, the server selects the address
pool on the same network segment as the IP address specified in the giaddr field
of received DHCP Request messages.
The number of IP addresses required in an address pool depends mainly on the

number of clients that will connect to the network and the frequency at which
they connect and disconnect.
IP addresses in an address pool can be in the following status based on the IP

address usage:
● Used: indicates that the IP address is in use.

● Idle: indicates that the IP address is idle.
● Static-bind: indicates that the IP address is bound to a MAC address and is
not in use.
● Static-bind used: indicates that the IP address is bound to a MAC address
and is in use.
● Disable: indicates that the IP address cannot be used.
You can run the dhcp server excluded-ip-address (interface address pool) or
excluded-ip-address (global address pool) command to exclude IP addresses
in Disable status.

● Expired: indicates that the IP address expires and is idle.

After an IP address in an address pool expires, it is in Expired status.
Allocation records of IP addresses in Expired status are retained, so that when
a user requests an IP address again, the previously associated IP address can
be directly allocated to the user, ensuring stability of user IP addresses.
When IP addresses in Idle status are exhausted, the address pool
automatically reclaims the IP addresses in Expired status and allocate the IP
addresses to the users without the need to manually clear the IP addresses.
● Conflict: indicates that the IP address conflicts with another IP address on the
network.
When an IP address in Conflict status exists in an address pool, an IP address
conflict is prevented in advance. An IP address in Conflict status will exist in
the following situations:
– When a DHCP server receives a DHCP Discover message from a client, it
sends a ping packet before allocating an IP address to the client. If the
ping operation succeeds, the server sets the IP address status to Conflict
and allocates another IP address to the client.
– After the DHCP client successfully obtains an IP address, it immediately
sends a gratuitous ARP packet. If a response packet is received, the client
sends a DHCP Decline message to the DHCP server to notify the DHCP
server that the IP address is in conflict. The DHCP server then sets the IP
address status to Conflict, and the client sends a DHCP Discover message
to request for an IP address again.
When IP addresses in Idle and Expired status in an address pool are
exhausted, the address pool automatically reclaims the IP addresses in
Conflict status. The server then allocates the IP addresses to new users
without the need to manually clear the address pool.
When sending DHCP Discover messages to apply for IP addresses, some
wireless STAs will respond to ping packets sent from the DHCP server. As a
result, IP address conflicts are reported mistakenly. In this case, you can run
the dhcp server ping packet 0 command to disable ping detection of the
address pool. By default, 2 is specified in the command. If 0 is specified in the
command, ping detection is disabled.
3.2.3 DHCP Messages

DHCP Message Types
A DHCP server and a DHCP client communicate by exchanging DHCP messages.
DHCP messages are transmitted using the User Datagram Protocol (UDP). A
DHCP client uses UDP port 68 to send messages to a DHCP server, and a DHCP
server uses UDP port 67 to send messages to a DHCP client. These messages are
classified into eight types.

Table 3-1 DHCP message types

DHCP Description
Message
DHCP A DHCP client broadcasts this message to locate a DHCP server

Discover when the client attempts to connect to a network for the first
time.
DHCP Offer A DHCP server sends this message in response to a DHCP

Discover message. A DHCP Offer message carries configuration
information.
DHCP A DHCP client sends this message in the following scenarios:

Request ● After the client starts, it broadcasts a DHCP Request message
to respond to a DHCP Offer message sent by a DHCP server.
● After the client restarts, it broadcasts a DHCP Request
message to confirm the configuration (including the
allocated IP address).
● After the client obtains an IP address, it unicasts or
broadcasts a DHCP Request message to renew the IP address
lease.
DHCP Ack A DHCP server sends this message to acknowledge a DHCP

Request message sent from a DHCP client. After receiving a
DHCP Ack message, the DHCP client obtains configuration
parameters (including an IP address).
DHCP Nak A DHCP server sends this message to reject a DHCP Request
message from a DHCP client. For example, a DHCP server will
send this message if it determines that there is no available IP
address after receiving a DHCP Request message.
DHCP A DHCP client sends this message to notify the DHCP server
Decline that the allocated IP address conflicts with another IP address.
The DHCP client then applies to the DHCP server for another IP
address.
DHCP A DHCP client sends this message to release its allocated IP

Release address. After receiving a DHCP Release message, the DHCP
server can allocate this IP address to another DHCP client.
DHCP Inform A DHCP client sends this message to obtain network

configuration parameters, such as the gateway address and DNS
server address, after it has obtained an IP address.
DHCP Message Format

The format of DHCP messages is based on the format of BOOTP messages, which
ensures support for BOOTP functionality and interoperability between BOOTP
clients and DHCP servers.

Figure 3-2 shows the format of a DHCP message and Table 3-2 describes each of
the fields in the DHCP message. In the figure, the numbers in parentheses indicate
the size of each field in bytes.
Figure 3-2 DHCP message format

0 7 15 23 31
op(1) htype (1) hlen (1) hops (1)
xid (4)
secs (2) flags (2)
ciaddr (4)
yiaddr (4)
siaddr (4)
giaddr (4)
chaddr (16)
sname (64)
file (128)
options
(variable)
Table 3-2 Fields in a DHCP message

Field Lengt Description
h
op 1 byte Operation Code: indicates the general type of message.

The values are:
● 1: DHCP Discover message
● 2: DHCP Offer message
htype 1 byte Hardware Type: indicates the type of hardware used for
the local network. The values of this field differ for
different hardware types. The most common value is 1,
which indicates Ethernet (10 Mb).
hlen 1 byte Hardware Address Length: indicates the length of a

hardware address. For Ethernet, the value is 6.


h
hops 1 byte Hops: indicates the number of DHCP relay agents through
which a DHCP message passes. This value is set to 0 by a
client and is incremented by 1 each time the message
passes through a DHCP relay agent. A DHCP message
passes through a maximum of 16 DHCP relay agents
when being transmitted between a server and a client.
That is, the number of hops between the server and client
cannot exceed 16. Otherwise, the DHCP message is
discarded.
xid 4 bytes Transaction Identifier: indicates a random number chosen

by a client for exchanging messages with a DHCP server.
secs 2 bytes Seconds: indicates the number of seconds elapsed since a

client obtained or renewed an IP address.
flags 2 bytes Flags: indicates the Flags field. Only the leftmost bit in
this field is used, and the other bits are set to 0. The
leftmost bit specifies the mode a DHCP server uses to
transmit a DHCP Offer message.
The values are:
● 0: The DHCP server unicasts a DHCP Offer message.
● 1: The DHCP server broadcasts a DHCP Offer message.
ciaddr 4 bytes Client IP Address: indicates the IP address of a DHCP

client. The IP address is either the existing IP address of
the client or an IP address allocated by a DHCP server to
the client. During the process of a client acquiring an IP
address, the value of this field is 0.0.0.0.
0.0.0.0 is an invalid destination address and is used by a
DHCP-enabled device to communicate only temporarily
with other devices during startup.
yiaddr 4 bytes Your IP Address: indicates the IP address that a DHCP

server allocates to a client.
siaddr 4 bytes Server IP Address: indicates the server IP address from

which a DHCP client obtains its startup configuration file.


h
giaddr 4 bytes Gateway Address: indicates the IP address of the first

DHCP relay agent. When a client sends a DHCP Request
message and is on a different network segment from its
DHCP server, the first DHCP relay agent forwards the
message to the DHCP server and fills its IP address in the
giaddr field. The DHCP server determines the network
segment address of the client based on this field, selects
an appropriate address pool, and assigns an IP address on
this network segment to the client.
The server also returns a DHCP reply message to the first
DHCP relay agent, which then forwards the message to
the client.
If the DHCP Request message passes through multiple
DHCP relay agents before reaching the DHCP server, the
giaddr field value is still the IP address of the first DHCP
relay agent, and the hops field value is incremented by 1
each time the message passes through a DHCP relay
agent.
chaddr 16 Client Hardware Address: indicates the Layer 2 address of

bytes a client. For Ethernet, this field must contain a 6-byte
Ethernet MAC address if the hardware type and hardware
length fields are set to 1 and 6 respectively.
sname 64 Server Hostname: indicates the name of the server from

bytes which a client obtains configuration information. This field
is optional, is filled in by the DHCP server, and must be a
character string that ends with 0.
file 128 Boot File: indicates the name of the startup configuration
bytes file to be obtained by a client. This field is filled in by a
DHCP server and delivered to the client when a DHCP
address is allocated to the client. The field is optional and
must be a character string that ends with 0.
options Variabl Options: indicates the DHCP Options field. This field is a
e maximum of 312 bytes in length and contains the DHCP
message type and configuration parameters allocated by
a DHCP server to a client. The configuration parameters
include the gateway IP address, DNS server IP address,
and IP address lease.
For details about the Options field, see DHCP Options.
DHCP Options
DHCP Options are tagged data items that provide control information and
parameters to a DHCP client. The options are sent in a variable-length field at the
end of a DHCP message. This field consists of Type, Length, and Value, which are
shown in Figure 3-3 and described in Table 3-3.

Figure 3-3 Options field format
0 7 15
Type Length Value
Table 3-3 Options field description
Field Length Description
Type 1 byte Indicates the information type.
Length 1 byte Indicates the length of the

subsequent content in the
Options field.
Value Variable Indicates the message content.

The length varies depending
on the Length field.
The values of the Options field range from 1 to 255. Some DHCP options are
predefined and others can be user defined. Table 3-4 lists some of the common
predefined DHCP options.
Table 3-4 Common predefined DHCP options
Option Code Function
1 Specifies a subnet mask.
3 Specifies a gateway address.
6 Specifies the IP address of a DNS server.
12 Specifies the device name of a DHCP client.
15 Specifies a domain name.
33 Specifies a group of classful static routes that the

DHCP client must add to its routing table. In classful
static routes, destination address masks are natural
masks and cannot be used for subnetting. If Option
121 is configured, Option 33 is ignored.
44 Specifies a NetBIOS server name.
46 Specifies a NetBIOS node type.
50 Specifies a requested IP address.
51 Specifies an IP address lease.

Option Code Function
52 Specifies an additional option.
53 Specifies a DHCP message type.
54 Specifies a server identifier.
55 Specifies a parameter request list. A DHCP client uses

this option to request specified configuration
parameters.
58 Specifies the lease renewal time (T1), which is 50% of

the lease time.
59 Specifies the lease renewal time (T2), which is 87.5%

of the lease time.
60 Specifies the vendor category, which identifies the

DHCP client type and configuration.
61 Specifies a client identifier.
66 Specifies a TFTP server name allocated to DHCP

clients.
67 Specifies a startup file name allocated to DHCP

clients.
77 Specifies a user type.
120 Specifies the IP address option of a SIP server.

NOTE
Currently, only IP addresses can be parsed and domain
names cannot be parsed.
121 Specifies a group of classless static routes that the

DHCP client must add to its routing table. In classless
static routes, destination address masks can be any
value and can be used for subnetting.
NOTE
A device functioning as a DHCP client can receive static
routes delivered from a DHCP server through Option 121.
In addition to the predefined options, you can configure user-defined options to

support a wide variety of devices, such as IP phones.
● Vendor-specific information option (Option 43)
Option 43 is called the vendor-specific information option. Figure 3-4 shows
the format of Option 43.

Figure 3-4 Option 43 format

0 7 15 23 31
Options type(0x2B) Options length Sub-option type Sub-option length
Sub-option value(variable)
......
DHCP servers and DHCP clients exchange vendor-specific information through

Option 43. When a DHCP server receives a DHCP Discover message with
parameter 43 encapsulated in Option 55, it encapsulates Option 43 in a DHCP
Offer message and sends the message to the DHCP client.
When a device functions as the DHCP server, it can deliver the AC's IP address
to connected APs (Huawei devices), which facilitates the connection setup
between the AC and APs.
Option 43 supports sub-options, as shown in Figure 3-4.
– Sub-option type: type of the sub-option. When the device delivers the
AC's IP address to APs, the value can be 0x01 (hexadecimal type), 0x02
(IP address type), or 0x03 (ASCII code type).
– Sub-option length: length of the sub-option.
– Sub-option value: value of the sub-option.
● Relay agent information option (Option 82)
Option 82 is the DHCP relay agent information option that records the
location of a DHCP client. A DHCP relay agent or a device with DHCP
snooping enabled appends the Option 82 field to a DHCP Discover message
sent from a DHCP client and then forwards the DHCP Discover message to a
DHCP server.
The administrator can use the Option 82 field to locate a DHCP client and
control the security and accounting of the DHCP client. The DHCP server that
supports the Option 82 field can determine policies to allocate IP addresses
and other parameters according to information in the Option 82 field. IP
addresses can be allocated flexibly.
The Option 82 field contains a maximum of 254 sub-options. If the Option 82
field is defined, at least one sub-option must be defined. Sub-options that are
currently supported by the device include:
– sub-option1 (Agent Circuit ID Sub-option)
– sub-option2 (Agent Remote ID Sub-option)
– sub-option6 (Subscriber-ID Suboption)
– sub-option9 (Vendor-Specific Information Suboption)
3.3 How DHCP Works

3.3.1 How a DHCP Server Allocates Network Parameters to
New DHCP Clients
When a DHCP client broadcasts DHCP Discover messages, only a DHCP server on
the same network segment as the DHCP client can receive the messages. If the

DHCP client is on a different network segment from the DHCP server, a DHCP
relay agent must be deployed to forward DHCP messages between the DHCP
client and server.
Depending on whether a DHCP relay agent is used, the way in which network
parameters are allocated to a new DHCP client differs.
Network Parameter Allocation Without a DHCP Relay Agent

Figure 3-5 shows the message exchange process between a DHCP server and a
new DHCP client when no DHCP relay agent is deployed. This process is called
four-message exchange.
Figure 3-5 Message exchange between a DHCP server and a new DHCP client
when no DHCP relay agent is deployed
DHCP Client DHCP Server
1. Discovery stage: The DHCP client

broadcasts a DHCP Discover message.
2. Offer stage: The DHCP server replies

with a DHCP Offer message.
3. Request stage: The DHCP client

broadcasts a DHCP Request message.
4. Acknowledgement stage: The DHCP

server replies with a DHCP ACK message.
Stage 1: The Discovery Stage

When a DHCP client accesses a network for the first time, it does not know the IP
address of the DHCP server. To learn this information, the client broadcasts a
DHCP Discover message in which the destination IP address is 255.255.255.255 to
all devices (including the DHCP server or relay agent) on the network segment.
The DHCP Discover message includes the client's MAC address (chaddr field),
parameter request list (Option 55), and broadcast flag (flags field).
Stage 2: The Offer Stage
The DHCP server on the same network segment as the DHCP client receives the
DHCP Discover message, selects an available IP address from the address pool
that is on the same network segment as the IP address of the interface that
receives the DHCP Discover message, and then sends a DHCP Offer message
carrying the selected IP address to the DHCP client.
In most cases, an address pool specifies the lease of the IP addresses it contains. If
the DHCP Discover message contains an expected lease, the server compares the

expected lease with the specified lease and allocates an IP address with the
shorter of the two leases to the client.
The DHCP server selects an IP address for a client from the address pool in the
following sequence:
NOTE
The IP address allocation order cannot be modified.
1. IP address statically bound to the MAC address of the client on the DHCP
server
2. IP address specified in the Option 50 (requested IP address) in the DHCP
Discover message
3. IP addresses in Expired status in the address pool, that is, the allocated IP
addresses whose lease time expires
4. IP address in idle status that is found when the DHCP server searches IP
addresses in a random order in an address pool (In V200R009C00 and earlier
versions, the DHCP server searches IP addresses in a descending order.)
5. If no available IP address is found, the address pool automatically reclaims
the IP addresses in Expired and Conflict status. If an IP address is available
after the reclaim, the server allocates this IP address. Otherwise, the DHCP
client sends a DHCP Discover message again to request an IP address after
the timeout interval for the client to wait for a response from the server
expires.
You can specify certain IP addresses to exclude on the DHCP server. For example, if
you have statically allocated 192.168.1.100/24 to your DNS server, you can exclude
this IP address from the address pool on network segment 192.168.1.0/24 so that
it is not allocated through DHCP. This helps prevent IP address conflicts.
To prevent a newly allocated IP address conflicting with existing IP addresses, the

DHCP server sends an ICMP Echo Request packet before sending a DHCP Offer
message. This ICMP packet contains the IP address to be allocated in both the
source and destination IP address fields. The server can allocate the IP address if it
receives no ICMP Echo Reply packet within the detection period (no client is using
this IP address). If the server receives an ICMP Echo Reply packet within the
detection period, the DHCP server lists this IP address as a conflicting IP address
(as it is in use by another client), and then waits for the next DHCP Discover
message to start the IP address selection process again.
The IP address allocated during the offer stage may not be the final IP address
used by the client. This is because the IP address may be allocated to another
client if the DHCP server receives no response 16 seconds after the DHCP Offer
message is sent. The IP address for the client can be determined only after the
request and acknowledgment stages.
Stage 3: The Request Stage
If multiple DHCP servers reply with a DHCP Offer message to the client, the client
accepts only the first DHCP Offer message it receives. The client then broadcasts a
DHCP Request message carrying the selected DHCP server identifier (Option 54)
and IP address (Option 50, with the IP address specified in the yiaddr field of the
accepted DHCP Offer message).

The DHCP Request message notifies all the DHCP servers of the IP address that
the DHCP client has selected. The unselected IP addresses offered by other DHCP
servers are then free to be allocated to other clients.
Stage 4: The Acknowledgment Stage
After receiving a DHCP Request message, the DHCP server sends to the client a
DHCP Ack message that contains the IP address specified in the Option 50 field of
the DHCP Request message.
To determine whether any other device is using this IP address, the DHCP client
broadcasts gratuitous ARP packets after receiving the DHCP Ack message. The
client can use this IP address if no response is received within the specified time.
However, if the DHCP client receives a response within the specified time, this IP
address is already in use. The client then sends a DHCP Decline message to the
DHCP server and applies for a new IP address. The server lists this IP address as a
conflicting IP address.
Occasionally, the DHCP server may not allocate the IP address specified in the
Option 50 field because, for example, an error occurs during negotiation or it
does not receive the DHCP Request message quickly enough. In this case, the
server replies with a DHCP Nak message to notify the client that the requested IP
address cannot be allocated. The client then sends a DHCP Discover message to
apply for a new IP address.
Network Parameter Allocation with a DHCP Relay Agent

The message exchange process between a DHCP server and a new DHCP client
when a DHCP relay agent is deployed is similar to that described in Network
Parameter Allocation without a DHCP Relay Agent. The main difference is that the
DHCP relay agent acts as an intermediary to forward DHCP messages between a
DHCP server and client that would otherwise be unable to communicate with
each other. The following describes how the DHCP relay agent functions in the
message exchange process.
Figure 3-6 shows the message exchange process between a DHCP server and a
new DHCP client when a DHCP relay agent is deployed.
Figure 3-6 Message exchange between a DHCP server and a new DHCP client
when a DHCP relay agent is deployed
DHCP Client DHCP Relay Agent DHCP Server
1 Discovery stage: The DHCP client The DHCP relay agent unicasts
broadcasts a DHCP Discover message. a DHCP Discover message.
2 Offer stage: The DHCP relay agent The DHCP server unicasts a
replies with a DHCP Offer message. DHCP Offer message.
3 Request stage: The DHCP client The DHCP relay agent unicasts
broadcasts a DHCP Request message. a DHCP Request message.
4 Acknowledgement stage: The DHCP The DHCP server unicasts a

server replies with a DHCP ACK message. DHCP ACK message.

Stage 1: The Discovery Stage

When a DHCP relay agent receives a DHCP Discover message, it performs the
following steps:
1. Check the value of the hops field. If this value exceeds 16, the relay agent
discards the message. Otherwise, the relay agent increases this value by 1 and
proceeds to the next step.
2. Check the value of the giaddr field. If this value is 0, the relay agent sets the
giaddr field to the IP address of the interface receiving the DHCP Discover
message. Otherwise, the relay agent does not change the field and proceeds
to the next step.
3. Change the destination IP address of the DHCP Discover message to the IP
address of the DHCP server or the next-hop DHCP relay agent, and change
the source IP address to the IP address of the interface connecting the DHCP
relay agent to the client. The relay agent then unicasts this message to the
DHCP server or the next-hop DHCP relay agent.
If there are multiple DHCP relay agents between the DHCP client and server, each
the DHCP relay agent processes the DHCP Discover message using the same
method.
Stage 2: The Offer Stage
After receiving a DHCP Discover message, the DHCP server selects an address pool
on the same network segment as that specified in the giaddr field and allocates
an IP address and other network parameters from the address pool. The DHCP
server then unicasts a DHCP Offer message to the DHCP relay agent specified in
the giaddr field.
When the DHCP relay agent receives a DHCP Offer message, it performs the
following steps:
1. Check the value of the giaddr field. If this value is the IP address of the
interface receiving the DHCP Offer message, the DHCP relay agent discards
the message. Otherwise, the relay agent proceeds to the next step.
2. Check the value of the flags field. If this value is 1, the DHCP relay agent
broadcasts a DHCP Offer message to the DHCP client. Otherwise, the DHCP
relay agent unicasts a DHCP Offer message.
The DHCP relay agent processes the DHCP Request message from the client in the
same manner as that described in Stage 3: The Request Stage.
The DHCP relay agent processes the DHCP Ack message from the server in the
same manner as that described in Stage 4: The Acknowledgment Stage.
3.3.2 How a DHCP Client Reuses an IP Address

If a DHCP client reconnects to a network, it may be able to reuse the IP address
that it had been previously allocated. The DHCP client exchanges DHCP messages
with a DHCP server to attempt to obtain the previously used network parameters,
including the IP address. Figure 3-7 shows this message exchange, which is called
two-message exchange.

NOTE
Not all clients can reuse IP addresses that have been allocated to them. The following uses a PC
as the DHCP client to describe how the DHCP client reuses an IP address.
Figure 3-7 Message exchange for IP address reuse between a DHCP client and a
server
1. Request stage: The DHCP client

broadcasts a DHCP Request message.
2. Acknowledgement stage: The DHCP

server replies with a DHCP ACK message.

The DHCP client broadcasts a DHCP Request message that contains the IP address
used previously by the client. The requested IP address is added in the Option 50
field.
After receiving the DHCP Request message, the DHCP server checks whether there
is a lease record based on the MAC address in the message. If there is a lease
record matching the MAC address, the DHCP server replies with a DHCP Ack
message to notify the client that it can use the requested IP address. Otherwise,
the server ignores the request and waits for a new DHCP Discover message from
the client.
3.3.3 How a DHCP Client Renews Its IP Address Lease

IP addresses that are dynamically allocated by a DHCP server have leases.
However, a DHCP client may request a specific lease term by adding information
to a DHCP Discover message. When allocating network parameters, the DHCP
server compares the expected lease with the lease specified in the address pool
and allocates an IP address with a smaller lease to the DHCP client. When the
lease expires or a client logs out and releases its IP address, the server reclaims the
IP address, which can then be allocated to other clients. To continue using this IP
address, the client must renew its IP address lease.
Figure 3-8 shows how a DHCP client renews its IP address lease.

Figure 3-8 Renewing an IP address lease

The DHCP client unicasts a

DHCP Request message.
T1
The DHCP client broadcasts
a DHCP Request message.
T2
1. When the lease reaches 50% (T1) of its validity period, the DHCP client
unicasts a DHCP Request message to the DHCP server to request lease
renewal. If the server renews the lease (counted from 0), it sends a DHCP Ack
message to the client. If the server rejects the renewal request, it sends a
DHCP Nak message to the client, which must then send a DHCP Discover
message to apply for a new IP address.
2. If no response is received from the DHCP server when the lease reaches
87.5% (T2) of its validity period, the DHCP client broadcasts a DHCP Request
message to request lease renewal. Similar to T1, if the client receives a DHCP
Ack message, the server has renewed the lease; if the client receives a DHCP
Nak message, the client must send a DHCP Discover message to apply for a
new IP address.
3. If no response is received when the lease expires, the client stops using the IP
address and sends a DHCP Discover message to apply for a new IP address.
When a DHCP client no longer needs to use its allocated IP address and the lease
has not expired, the client sends a DHCP Release message to the DHCP server to
request IP address release. The server saves the configuration of this client and
records the IP address in the allocated IP address list. The IP address can then be
allocated to this client or other clients. To request a configuration update, a client
can send a DHCP Inform message to the server.
The renewal process is similar when a DHCP relay agent is used. Figure 3-9 shows
how a DHCP client renews its IP address lease when a DHCP relay agent is
deployed.

Figure 3-9 Renewing the IP address lease when a DHCP relay agent is deployed
DHCP Client DHCP Relay Agent DHCP Server
The DHCP client unicasts a DHCP Request message.

T1
The DHCP client broadcasts The DHCP relay agent unicasts

a DHCP Request message. a DHCP Request message.
T2
3.4 Configuring DHCP

DHCP configuration includes configuration of a DHCP server, configuration of
DHCP clients, and optional configuration of DHCP relay agents and BOOTP clients.
Server configuration enables the server to send network parameters to the client,
client configuration determines how clients request network parameters, and relay
agent configuration enables a relay agent to forward DHCP messages between
clients and servers that are on different physical subnets.
3.4.1 Planning Data
Planning DHCP Servers

A DHCP client broadcasts DHCP Discover messages and all devices on the network
segment will receive these messages. When multiple DHCP servers or DHCP relay
agents are deployed on a network segment, the client accepts only the first DHCP
Offer message it receives and therefore may obtain an unexpected IP address.
Planning DHCP servers helps you ensure that clients on your network obtain
network parameters from an expected DHCP server.
When planning servers, note the following:
● Plan VLANs to ensure that only one DHCP server (or a DHCP relay agent) can
receive DHCP Discovery messages in a VLAN.
● Configure DHCP snooping on client access devices to ensure that the clients
apply to the correct DHCP servers for network parameters. For details about
configuring DHCP snooping, see DHCP Snooping Configuration in the S12700
V200R011C10 Configuration Guide - Security.
Planning IP Addresses
Plan the range of IP addresses that can be allocated and the mechanisms (such as
dynamic or static) used to allocate the IP addresses.

Plan the IP addresses that cannot be allocated from an address pool. For example,
in an enterprise, a DHCP server allocates IP addresses on the network segment
192.168.1.0/24 to employee PCs. On this network segment, 192.168.1.10 has been
used by a DNS server and must be excluded from the address pool to prevent IP
address conflicts.
Planning Leases
Plan an IP address lease for a DHCP client based on the expected time that the
client will be online. By default, the IP address lease is 1 day.
● In scenarios where clients often move and stay online for a short period of
time, for example, in cafes, airports, and hotels, plan a short-term lease to
ensure that IP addresses are released quickly after the clients go offline.
● In scenarios where clients seldom move and stay online for a long period of
time, for example, in office areas of an enterprise, plan a long-term lease to
prevent services from being affected by frequent lease or address renewals.
Planning DNS Parameters

If a DHCP client needs to communicate with other network devices through a
domain name and obtain DNS parameters using DHCP, plan the IP address of the
DNS server and domain name of the client.
3.4.2 Default Settings for DHCP
Table 3-5 Default settings for DHCP
Function Parameter Default Setting
DHCP DHCP function Disabled

server
Range of IP addresses that are Not configured
not automatically allocated from
the address pool
Allocating fixed IP addresses to Not configured

specified clients
IP address lease One day
Number of IP address conflict 2 and 500 ms

detections and maximum wait
time for each conflict detection
Interval at which DHCP data is 7200 seconds

stored
DHCP DHCP client function on Disabled

client interfaces
DHCP DHCP function Disabled

relay
agent

3.4.3 Configuring a DHCP Server
3.4.3.1 Enabling DHCP
Context
Before enabling the DHCP server function, enable DHCP in the system view.
NOTE
● The dhcp enable command is the prerequisite for configuring DHCP-related functions,
including DHCP relay, DHCP snooping, and DHCP server. These functions take effect only
after the dhcp enable command is run. After the undo dhcp enable command is run, all
DHCP-related configurations of the device are deleted. After DHCP is enabled again using
the dhcp enable command, all DHCP-related configurations of the device are restored to the
default configurations.
● After DHCP is enabled, if STP is also enabled, address allocation may slow down. By default,
STP is enabled. To disable STP, run the undo stp enable command.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable DHCP.

dhcp enable
By default, DHCP is disabled.

Step 3 (Optional) Enable dynamic route limiting on DHCP messages.
dhcp speed-limit auto
By default, dynamic rate limiting is disabled on DHCP messages.
----End
3.4.3.2 Enabling the DHCP Server Function
Context
Before a device can function as a DHCP server, you must enable DHCP. You can
then enable the DHCP server function to operate based on an interface address
pool or based on a global address pool.
Procedure
● Enable the DHCP server function based on an interface address pool.
a. Enter the system view.
system-view
b. Enter the interface or sub-interface view.

interface interface-type interface-number[.subinterface-number ]
c. (Optional) On an Ethernet interface, run undo portswitch

The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
d. Configure an IP address for the interface.
ip address ip-address { mask | mask-length }
e. Enable the interface to use the interface address pool for providing the
DHCP server function.
dhcp select interface
By default, the DHCP server function using the interface address pool is
disabled on an interface
If the device functioning as the DHCP server provides the DHCP service
for clients connected to multiple interfaces, repeat this step to enable the
DHCP server function on all the interfaces.
● Enable the DHCP server function based on a global address pool.
system-view


i. Configure a primary IP address for the interface.
ii. (Optional) Configure a secondary IP address for the interface.

ip address ip-address { mask | mask-length } sub
NOTE
The device can select a global address pool based on the primary and secondary
IP addresses of an interface only in scenarios where the DHCP server and DHCP
clients are on the same network segment.
When clients connected to the interface configured with an IP address

request IP addresses:
▪ If the DHCP client and server are located in the same network
segment, the DHCP server selects the address pool based on the
primary and secondary interface IP addresses. It preferentially
allocates IP addresses from the address pool for the primary IP
address. If IP addresses in this address pool are used up or this
address pool is not configured, the DHCP server allocates IP
addresses from the address pool for the secondary IP address.
▪ If the DHCP server and client are located in different network

segments (that is, a DHCP relay agent is used), the DHCP server
selects the address pool in the same network segment as the IP

address specified in the giaddr field of the received DHCP Request

message.
e. Enable the interface to use the global address pool for providing the
DHCP server function. (This step is optional if a DHCP relay agent is
used.)
dhcp select global
By default, an interface does not use the global address pool to provide
the DHCP server function.
----End
3.4.3.3 (Optional) Configuring DHCP Data Restoration
Context
Automatically saving IP address allocation information allows the DHCP server to
re-allocate the same configurations (such as IP address and lease time) to clients
in the event that the server unexpectedly restarts.
NOTE
● After this function is enabled, the DHCP server stores lease information in lease.txt and
conflicting IP addresses in conflict.txt (both data files are saved to the DHCP folder). New
data files overwrite earlier data files.
The time displayed in the lease.txt and conflict.txt files is the UTC time rather than the
system time, and you do not need to pay attention to time zone information.
● To view information about the DHCP database, run the display dhcp server database
command.
Procedure
system-view
Step 2 Enable the DHCP server to automatically save IP address allocation information.
dhcp server database enable
By default, the DHCP server does not automatically save IP address allocation
information.
Step 3 Specify the interval at which the DHCP server saves IP address allocation
information.
dhcp server database write-delay interval
By default, IP address allocation information is saved every 7200 seconds in data

files. The new data files overwrite the earlier data files.
Step 4 Enable the DHCP server to recover IP address allocation information from the data
files upon a restart.
dhcp server database recover
By default, the DHCP server is disabled from recovering IP address allocation

information from the data files upon a restart.
----End

3.4.3.4 (Optional) Configuring IP Address Conflict Detection
Context
IP address conflict detection uses ICMP to determine whether an IP address to be
allocated conflicts with other IP addresses that are already allocated to clients.
After this function is configured, a DHCP server sends an ICMP Echo Request
message in which the source address is the IP address of the DHCP server and the
destination address is the pre-allocated IP address for IP address conflict detection,
before sending a DHCP Offer message to a client.
● If the DHCP server does not receive any ICMP Echo Reply message within the
detection period (Number of detections x Maximum wait time for each
conflict detection), this IP address is not used by any client. The DHCP server
allocates the IP address to the client by sending a DHCP Offer message.
● If the DHCP server receives an ICMP Echo Reply message within the detection
period (Number of detections x Maximum wait time for each conflict
detection), this IP address is being used by a client. The DHCP server lists this
IP address as a conflicting IP address and waits for the next DHCP Discover
message to select another available IP address.
NOTE
If the detection time is too long, clients may fail to obtain IP addresses. You are advised to set
the detection time to less than 8 seconds.
Procedure
system-view
Step 2 Specify the number of IP address conflict detections before IP address allocation.
dhcp server ping packet number
By default, the number of IP address conflict detections before IP address

allocation is 2.
Step 3 Specify the maximum wait time for each conflict detection.
dhcp server ping timeout milliseconds
By default, the maximum wait time for each conflict detection is 500 milliseconds.
----End
3.4.3.5 (Optional) Configuring a DHCP Server to Dynamically Allocate IP

Addresses to BOOTP Clients
Context
If you have BOOTP clients on your network and you want them to dynamically
obtain IP addresses through DHCP, configure the DHCP server to service these
clients.

Procedure
system-view
Step 2 Enable the DHCP server to respond to BOOTP requests.

dhcp server bootp
By default, a DHCP server does not respond to BOOTP requests.

Step 3 Enable the DHCP server to dynamically allocate IP addresses to BOOTP clients.
dhcp server bootp automatic
By default, a DHCP server does not dynamically allocate IP addresses to BOOTP

clients.
----End
3.4.3.6 (Optional) Disabling the Function of Checking Abnormal Messages
Context
Devices from different vendors may use different DHCP implementation
mechanisms. After checking the UDP header checksum or magic-cookie field in a
received DHCP message, a device may not allow the DHCP message to pass
through and discards the message. As a result, DHCP becomes unavailable. To
solve this problem, you can disable the function of checking abnormal messages
to allow the device to properly forward a DHCP message with an incorrect UDP
header checksum or an incorrect value in the magic-cookie field.
NOTE
● This function applies to DHCP servers, DHCP relay agents, DHCP clients, and DHCP
snooping-enabled devices.
● After DHCP is enabled, the device checks the IP header checksum and UDP header checksum
of DHCP messages by default, and the function of checking the IP header checksum cannot
be disabled.
Procedure
● Disable the function of checking abnormal messages in the system view.
system-view
b. Disable the function of checking abnormal messages.
▪ Disable the function of checking the magic-cookie field in a DHCP

message.
undo dhcp anti-attack check magic-cookie
By default, a device does not check the magic-cookie field in a DHCP

message but directly forwards a DHCP message with an incorrect
value in the magic-cookie field.
▪ Disable the function of checking the UDP header checksum in a

DHCP message.
undo dhcp anti-attack check udp-checksum

By default, a device checks the UDP header checksum in a DHCP

message and discards a DHCP message with an incorrect checksum.
● Disable the function of checking abnormal messages in the VLAN view.
system-view
b. Enter the VLAN view.

vlan vlan-id
c. Disable the function of checking abnormal messages.

message.


DHCP message.

● Disable the function of checking abnormal messages in the interface view.
system-view
b. Enter the interface view.

interface interface-type interface-number
c. Disable the function of checking abnormal messages.

message.


DHCP message.

----End
3.4.3.7 Configuring an Address Pool

3.4.3.7.1 Creating an Address Pool
Context
Create an interface address pool for IP address allocation to clients on the same
network segment as the DHCP server's interface, or create a global address pool
for IP address allocation to all clients connected to the DHCP server.
Procedure
● Create an interface address pool.
system-view


NOTE
The IP address segment of the interface is the interface address pool. The interface
address mask cannot be set to 31; otherwise, the interface address pool may fail to be
configured.
● Create a global address pool.
system-view
b. Create a global address pool and enter the global address pool view.
ip pool ip-pool-name
By default, no global address pool is created on the device.
The parameter ip-pool-name uniquely specifies the name of an address

pool. For example, create a global address pool named global_f1 for
employees on the first floor as follows:
[HUAWEI] ip pool global_f1

c. Specify the range of IP addresses to be dynamically allocated from the
address pool.
network ip-address [ mask { mask | mask-length } ]
By default, the range of IP addresses that can be allocated dynamically to

clients is not specified.
An address pool can be configured with only one IP address segment. The
IP address range is determined by the mask length.

NOTE
When specifying the IP address range, ensure that IP addresses within the range are
on the same network segment as the interface IP address of the DHCP server or
DHCP relay agent to avoid incorrect IP address allocation.
When configuring an address pool, ensure that IP addresses on the network address
segment must be class A, B, or C IP addresses, and the mask cannot be set to 0, 1, 31,
or 32.
d. (Optional) Configure a VPN instance for the address pool.
vpn-instance vpn-instance-name
By default, no VPN instance is configured for an address pool.

In most cases, an address pool allocates IP addresses to clients on only
one network segment to prevent IP address conflicts. In a BGP/MPLS IP
VPN scenario, different VPNs use IP addresses on the same network
segment. If clients in different VPNs apply to the same DHCP server for IP
addresses, perform this step to use the same address pool to allocate IP
addresses on the same network segment to the clients.
----End
3.4.3.7.2 (Optional) Configuring the Range of IP Addresses in an Address Pool
Context
This configuration allows you to determine the scope of IP addresses that a DHCP
server can allocate.
Procedure
● Configure a range in an interface address pool:
system-view


d. Specify the range of IP addresses that the DHCP server can allocate.
dhcp server ip-range start-ip-address end-ip-address
e. Specify the subnet mask for the range of IP addresses.

dhcp server mask { mask | mask-length }
● Global address pool:

system-view
b. Enter the global address pool view.

c. Specify the IP address segment of the global address pool.

section section-id start-address [ end-address ]

An IP address pool can contain one or more IP address segments that

cannot overlap with each other.
NOTE
Note the following points when specifying IP address segment of the global
address pool:
● If you run the network (IP address pool view) first, ensure that the address
segment specified in the section (IP address pool view) command is
included in the address range specified in the network (IP address pool
view) command.
● If you run the section (IP address pool view) first, ensure that the address
segment specified in the network (IP address pool view) command includes
the address range specified in the section (IP address pool view) command.
----End
3.4.3.7.3 (Optional) Excluding IP Addresses from an Address Pool
Context
To prevent a DHCP server from allocating specific IP addresses, exclude these IP
addresses from the address pool.
NOTE
You do not need to exclude the gateway address configured using the gateway-list or dhcp
server gateway-list command from being automatically allocated. The device automatically
adds the gateway address into the list of IP addresses that cannot be automatically allocated.
You do not need to exclude the IP address of a server's interface connecting to a client from
being automatically allocated. The device automatically sets the interface IP address to the
Conflict status during address allocation.
Procedure
● Exclude IP addresses from an interface address pool.
system-view


d. Specify the range of IP addresses to exclude from the address pool.
dhcp server excluded-ip-address start-ip-address [ end-ip-address ]
By default, all IP addresses are automatically allocated from the address

pool.
To set multiple IP address ranges that cannot be automatically allocated
from the address pool, run this command multiple times.
For example, to exclude 192.168.1.10 from the range of IP addresses that
can be automatically allocated, run:

[HUAWEI-Vlanif100] dhcp server excluded-ip-address 192.168.1.10

● Exclude IP addresses from a global address pool.
system-view
c. Specify the range of IP addresses to exclude from the address pool.
excluded-ip-address start-ip-address [ end-ip-address ]
By default, all IP addresses are automatically allocated from the address

pool.
To set multiple IP address ranges that cannot be automatically allocated
from the address pool, run this command multiple times.
For example, to exclude 192.168.1.10 from the range of IP addresses that
can be automatically allocated, run:
[HUAWEI-ip-pool-global_f1] excluded-ip-address 192.168.1.10
----End
Follow-up Procedure
If you want to add more ranges of IP addresses that cannot be automatically
allocated from the address pool, run the dhcp server excluded-ip-address or
excluded-ip-address command for multiple times. If you want to delete some
configured ranges of IP addresses that cannot be automatically allocated from the
address pool, run the undo dhcp server excluded-ip-address or undo excluded-
ip-address command.
The following uses the global address pool global1 as an example. You can run
the following commands to exclude IP addresses in the range from 10.10.10.10 to
10.10.10.30 from the global address pool.
<HUAWEI> system-view
[HUAWEI] ip pool global1
[HUAWEI-ip-pool-global1] network 10.10.10.0 mask 24
[HUAWEI-ip-pool-global1] excluded-ip-address 10.10.10.10 10.10.10.30
[HUAWEI-ip-pool-global1] quit
● If you want to exclude IP addresses in the range from 10.10.10.10 to
10.10.10.40 from the global address pool, run the following commands:
[HUAWEI-ip-pool-global1] excluded-ip-address 10.10.10.10 10.10.10.40
● If you want to exclude IP addresses only in the range from 10.10.10.15 to
10.10.10.20 from the global address pool, run the following commands:
[HUAWEI-ip-pool-global1] undo excluded-ip-address 10.10.10.10 10.10.10.14
[HUAWEI-ip-pool-global1] undo excluded-ip-address 10.10.10.21 10.10.10.30
3.4.3.7.4 (Optional) Configuring Fixed IP Addresses in an Address Pool
Context
A DHCP server leases IP addresses to clients. When the lease expires, the clients
must apply for new IP addresses. To ensure stability, certain clients require fixed IP

addresses. In this case, configure the DHCP server to allocate fixed IP addresses to
these clients. The MAC addresses of these clients are then bound to fixed IP
addresses. When such a client applies to the DHCP server for an IP address, the
DHCP server searches the binding entries for the MAC address of the client and
allocates the matched IP address to the client. DHCP static allocation prevents
manual configuration errors and facilitates unified management.
NOTE
● Ensure that the bound IP address is not configured as the IP address that cannot be
allocated and is not allocated by the DHCP server.
● You can run the display ip pool command to view the used IP addresses in the current
address pool and select an available IP address to be bound to the MAC address. To bind
used IP addresses to MAC addresses, run the reset ip pool command to reclaim used IP
addresses first.
● After an IP address is bound to a MAC address, the IP address does not expire; the binding
between the IP and MAC addresses cannot be deleted when the IP address is in use.
The binding of IP addresses and MAC addresses is used in DHCP static allocation,
IPSG (for details on how to configure IPSG, see IP source guard in the S12700
V200R011C10 Configuration Guide - Security), and static ARP. Table 3-6 lists
different usage scenarios and implementations of these functions.
Table 3-6 Differences between DHCP static allocation, IPSG, and static ARP
Function Scenario Implementation
DHCP static allocation Some clients (such as The MAC addresses of

servers and PCs) require these clients are bound
fixed IP addresses from a to fixed IP addresses.
DHCP server. When such a client
applies to the DHCP
server for an IP address,
the DHCP server
searches the binding
entries for the MAC
address of the client and
allocates the matched IP
address to the client.

IPSG Attacks including IP The mapping between IP

address spoofing and addresses and MAC
ARP spoofing need to be addresses is set up on a
prevented: device. When receiving
● IP address spoofing: an ARP Request packet,
An attacker uses a the device searches for
forged IP address and the mapped MAC
its own MAC address address based on the
to obtain rights of the source IP address of the
attacked device and packet and compares the
intercept packets mapped MAC address
destined for the with the source MAC
attacked device. address in the packet
header. If the two MAC
● ARP spoofing: An addresses are different
attacker sends ARP from each other, the
packets using a device considers the
forged MAC address packet invalid and
to intercept packets discards it.
destined for the
attacked device or
using the MAC
address of the
gateway to intercept
all packets destined
for the gateway.

Static ARP The mapping between IP The mapping between IP

addresses and MAC addresses and MAC
addresses is manually addresses is set up on a
configured in the device. When receiving
following scenarios: an ARP Request packet,
● Packets whose the device searches for
destination IP the MAC address
addresses are not on mapped to the IP
the local network address in the packet
segment need to be and responds with an
forwarded by a ARP Reply packet.
gateway on the local Static ARP entries are
network segment. manually configured and
● Destination IP maintained. These
addresses of invalid entries are neither aged
packets need to be nor overwritten by
bound to a dynamic ARP entries,
nonexistent MAC and therefore improve
address to filter them communication security.
out.
● Critical devices need
to forward packet
securely and be
protected against
attacks, such as ARP
flooding. In this
situation, static ARP
entries can be
configured to bind
MAC addresses to
specific IP addresses.
Network attackers
cannot modify the
mapping between the
IP and MAC
addresses, which
ensures
communication
between the two
devices.
Procedure
● Configure a fixed IP address in an interface address pool.
system-view



d. Bind an IP address to a MAC address so that the DHCP server allocates
this IP address to only the device with this MAC address.
dhcp server static-bind ip-address ip-address mac-address mac-address [ description
description ]
By default, a DHCP server does not allocate fixed IP addresses to

specified clients.
● Configure a fixed IP address in a global address pool.
system-view

c. Bind an IP address to a MAC address so that the DHCP server allocates

this IP address to only the device with this MAC address.
static-bind ip-address ip-address mac-address mac-address [ option-template template-name
| description description ]
By default, a DHCP server does not allocate fixed IP addresses to

specified clients.
----End
3.4.3.7.5 (Optional) Configuring an Address Lease Time
Context
The default lease time in an address pool is 1 day. An administrator can change an
address lease time based on network requirements. IP addresses in the same
address pool use the same lease time, and different address pools can have
different address leases specified. After the lease of an address pool is changed,
newly allocated IP addresses use the new lease. The IP addresses that have been
allocated before the lease is changed still use the old lease before the old lease is
updated and use the new lease after the old lease is updated.
NOTE
The BOOTP client does not support the configuration of an address lease time.
The IP addresses statically allocated to clients are always valid, without being limited by
address lease time.
Procedure
● Configure a lease time based on an interface address pool.
system-view



d. Specify an IP address lease time.
dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited }
By default, the IP address lease is 1 day.

● Configure a lease time based on a global address pool.
system-view

c. Specify an IP address lease time.

lease { day day [ hour hour [ minute minute ] ] | unlimited }
By default, the IP address lease is 1 day.

----End
Verifying the Configuration

Run the display ip pool command to view information about the IP address lease.
The values of the lease and left fields in the command output indicate the
configured lease time and remaining lease time, respectively.
3.4.3.7.6 (Optional) Configuring Automatic Reclaim of Conflicting IP Addresses in

an Address Pool
Context
When a DHCP server allocates IP addresses to clients, IP address conflict may
occur because IP addresses of some hosts have been manually configured. In this
case, the DHCP server considers these IP addresses as conflicting IP addresses, and
allocates available IP addresses from the conflicting IP addresses to clients only
after available IP addresses in the address pool are used up. To reclaim conflicting
IP addresses promptly, the administrator can enable automatic reclaim and specify
the reclaim interval.
Procedure
● Interface address pool:
a. Run system-view
The system view is displayed.

d. Run dhcp server conflict auto-recycle interval day day [ hour hour
[ minute minute ] ]

Automatic reclaim of conflicting IP addresses in the interface address

pool is enabled and the interval for the automatic reclaim is configured.
By default, automatic reclaim of conflicting IP addresses in the interface
address pool is disabled.
● Global address pool:
a. Run system-view
The system view is displayed.
b. Run ip pool ip-pool-name
The global address pool view is displayed.
c. Run conflict auto-recycle interval day day [ hour hour [ minute
minute ] ]
Automatic reclaim of conflicting IP addresses in the global address pool is
enabled and the interval for the automatic reclaim is configured.
By default, automatic reclaim of conflicting IP addresses in the global
address pool is disabled.
----End
3.4.3.7.7 (Optional) Configuring the Alarm Function for IP Address Exhaustion
Context
To receive notifications about IP address exhaustion, configure the DHCP to
generate alarms for IP address exhaustion.
Procedure
● Configure the alarm function in an interface address pool.
system-view


d. Specify the percentage of alarms indicating the exhaustion of IP
addresses and the percentage of clear alarms.
dhcp server alarm ip-used percentage alarm-resume-percentage alarm-percentage
By default, the percentage of the alarms is 100%, and the percentage of

the clear alarms is 50%.
● Configure the alarm function in a global address pool.
system-view


c. Specify the percentage of alarms indicating the exhaustion of IP

addresses and the percentage of clear alarms.
alarm ip-used percentage alarm-resume-percentage alarm-percentage
By default, the percentage of the alarms is 100%, and the percentage of
the clear alarms is 50%.
----End
3.4.3.7.8 (Optional) Configuring the Logging Function for IP Address Allocation
Context
Configuring the DHCP server to log IP address allocation provides you with records
that may facilitate maintenance and diagnostics.
NOTE
● With this logging function enabled, if a large number of DHCP clients request IP
addresses from the DHCP server, the server frequently records logs. The server
performance may therefore be affected.
● IP address allocation logs are recorded in the AM module. To view log information, the
information center must be enabled. In addition, default settings for log output vary
depending on various factors including the log level and output direction. For details,
see Information Center Configuration.
For example, the level of logs indicating that an IP address is successfully allocated, an
IP address is successfully renewed, and an IP address is successfully released is
informational, and these logs are not recorded in the log buffer by default. You can run
the info-center source AM channel 4 log level informational command to change the
level of the logs to be recorded in the log buffer. You can then run the display
logbuffer command to check the preceding logs.
Procedure
● Configure the logging function in an interface address pool.
system-view


d. Enable the DHCP server to record IP address allocation logs.
dhcp server logging [ allocation-fail | allocation-success | release | renew-fail | renew-
success | detect-conflict | recycle-conflict ] *
By default, the logging function is disabled.

● Configure the logging function in a global address pool.
system-view


c. Enable the DHCP server to record IP address allocation logs.

logging [ allocation-fail | allocation-success | release | renew-fail | renew-success | detect-
conflict | recycle-conflict ] *
By default, the logging function is disabled.

----End
3.4.3.7.9 (Optional) Configuring a Gateway Address for Clients
Context
If a gateway address for clients is configured on the DHCP server, clients obtain
the gateway address from the DHCP server and automatically generate a default
route to the gateway address. Then the clients can access the hosts on other
network segments. If the DHCP server is configured with Option 121 to allocate
classless static routes to clients, the clients generate routes based on only the
static routes and does not generate a default route to the gateway address. To
load balance traffic and improve network reliability, configure multiple gateway
addresses. A maximum of eight gateway addresses can be configured for each
address pool.
In the scenario where both VRRP and DHCP are configured, if a VRRP group
functions as the DHCP server, configure the gateway address of clients as the
virtual IP address of the VRRP group.
If the DHCP server and clients are on the same network segment and the DHCP
server functions as the gateway of clients, you do not need to configure a gateway
address for clients.
Procedure
● Configure a gateway address in the interface address pool view.
system-view


d. Specify a gateway address that the DHCP server sends to clients.
dhcp server gateway-list ip-address &<1-8>
By default, no gateway address is configured.

● Configure a gateway address in the global address pool view.
system-view

c. Specify a gateway address that the DHCP server sends to clients.

gateway-list ip-address &<1-8>

By default, no egress gateway address is configured.

● Configure a gateway address in the DHCP Option template view.
system-view
b. Create a DHCP Option template and enter the DHCP Option template
view.
dhcp option template template-name
By default, no DHCP Option template is created.

To allocate network parameters except IP addresses to static clients,
configure a DHCP Option template. Network parameters configured in
the DHCP Option template view take effect only for static clients. For
static clients, if a network parameter is configured in both the DHCP
Option template view and global address pool view, only the
configuration in the DHCP Option template view takes effect.
To allocate only IP addresses to static clients (for details, see 3.4.3.7.4
(Optional) Configuring Fixed IP Addresses in an Address Pool), you do
not need to configure a DHCP Option template.
c. Specify a gateway address that the DHCP server sends to clients.
gateway-list ip-address &<1-8>
By default, no egress gateway address is configured.

If you need to configure other items in the DHCP Option template view,
complete them first before performing the following steps.
d. (Optional) Return to the system view.
quit
e. (Optional) Enter the global address pool view.

f. (Optional) Bind a DHCP Option template to static clients.

static-bind ip-address ip-address mac-address mac-address option-template template-name
----End
3.4.3.7.10 (Optional) Configuring a Configuration File for a DHCP Client
Context
DHCP can be used to deliver configuration files to clients that require them for
startup. You can save the configuration files on the DHCP server or specify the IP
address of a dedicated file server. When a configuration file exists on a dedicated
file server, the DHCP server needs to specify the IP address of the file server for
clients. You can also specify an IP address for the file server by configuring user-
defined options for clients.
NOTE
If the startup configuration file is saved on a file server, the route between the DHCP client and
file server must be reachable.
Procedure
● Configure a configuration file based on an interface address pool.


system-view
d. Specify the name of the configuration file.
dhcp server bootfile bootfile
By default, the name is not configured.

e. Specify the name of the server that hosts the configuration file.
dhcp server sname sname
By default, the name of the server is not configured.

f. (Optional) Specify the IP address of the file server that hosts the
configuration file.
dhcp server next-server ip-address
By default, the file server IP address is not configured.

● Configure a configuration file based on a global address pool.
system-view
c. Specify the name of the configuration file.
bootfile bootfile
By default, the name is not configured.
d. Specify the name of the server that hosts the configuration file.
sname sname
By default, the name of the server is not configured.
e. Specify the IP address of the file server that hosts the configuration file.
next-server ip-address
By default, the file server IP address is not configured.
● In the DHCP Option template view:
system-view
view.


c. Specify the name of the configuration file.
bootfile bootfile
By default, the name of the startup configuration file for DHCP clients is
not configured.
d. Specify the name of the server that hosts the configuration file.
sname sname
By default, the name of the server from which a DHCP client obtains the
startup configuration file is not configured.
e. (Optional) Specify the name of the server that hosts the configuration
file.
next-server ip-address
By default, the server IP address is not configured for the client after the
client automatically obtains the IP address.
f. (Optional) Return to the system view.
quit
g. (Optional) Enter the global address pool view.

h. (Optional) Bind a DHCP Option template to static clients.

----End
3.4.3.7.11 (Optional) Configuring User-defined Options
Context
A DHCP server can allocate user-defined options to clients using the following
methods:
● Based on the options in DHCP Discovery messages
Configure the options using the dhcp server option (based on an interface
address pool) or option (based on a global address pool) command. The
DHCP server provides options only if clients request them.
● By forcibly appending the Options field
Configure the options using the dhcp server force insert option (based on an
interface address pool) or force insert option (based on a global address
pool) command. The DHCP server inserts the Options field in a DHCP Reply
message, regardless of whether clients request the options.
Procedure
● Configure user-defined options for clients based on an interface address pool.
system-view
b. (Optional) Enable the DHCP server to trust Option 82.

dhcp server trust option82
By default, the device is enabled to trust Option 82.

c. (Optional) Enable the DHCP server to check and discard DHCP messages
with duplicate options.
dhcp anti-attack check duplicate option [ option-start [ to option-end ] ] &<1-254>
By default, a device does not check and discard DHCP messages with
duplicate options.
d. Enter the interface or sub-interface view.
e. (Optional) On an Ethernet interface, run undo portswitch

f. (Optional) Force the DHCP server to insert an Option field into DHCP
Reply messages.
dhcp server force insert option code &<1-254>
By default, the DHCP server does not forcibly insert an Option field to
DHCP Reply messages.
After this function is configured, the device inserts an Option field to a

DHCP Reply message regardless of whether the option has been
requested.
g. Configure DHCP options.
dhcp server option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | cipher
cipher-string | ip-address ip-address &<1-8> }
By default, no option is configured.
NOTE
If an option carries a password, using cipher is recommended. For security purposes,

use a password that is at least six characters long and contains at least two of the
following: digits, lowercase letters, uppercase letters, and special characters.
Not all options can be configured using the preceding command. The
following table lists the options and their commands.
Table 3-7 Commands for configuring options
Option Configuration Description

Command
Option 1 Mask-length in the ip Subnet mask

address ip-address
{ mask | mask-
length } command.
Option 3 Ip-address in the ip Gateway address
address ip-address
{ mask | mask-
length } command.


Command
Option 6 dhcp server dns-list DNS server IP address

ip-address &<1-8>
Option 15 dhcp server domain- Domain name
name (interface
view) domain-name
Option 44 dhcp server nbns-list NetBIOS server IP

ip-address &<1-8> address
Option 46 dhcp server netbios- NetBIOS node type

type { b-node | h-
node | m-node | p-
node }
Option 50 N/A Requested IP address
Option 51 dhcp server lease IP address lease

{ day day [ hour hour
[ minute minute ] ] |
unlimited }
Option 52 N/A Additional option
Option 53 N/A DHCP message type
Option 54 N/A Server identifier
Option 55 N/A Parameter request list
Option 57 N/A Maximum length of a

DHCP message
Option 58 N/A Lease renewal time

(T1), which is 50% of
the lease time

(T2), which is 87.5%
of the lease time
Option 61 N/A Client identifier
Option 82 N/A Relay agent

information
Option120 dhcp server sip- SIP server IP address

server { ip-address
ip-address &<1-2> |
list domain-name
&<1-2> }


Command
Option 121 dhcp server A group of classless

option121 ip-address routes
{ ip-address mask-
length gateway-
address } &<1-8>
Option 184 dhcp server Voice parameters
option184 { as-ip ip-
address | fail-over ip-
address dialer-string |
ncp-ip ip-address |
voice-vlan vlan-id }
● Configure user-defined options based on a global address pool.

– In the global address pool view:
i. Enter the system view.
system-view
ii. (Optional) Enable the DHCP server to trust Option 82.

dhcp server trust option82
By default, the device is enabled to trust Option 82.

iii. Enter the global address pool view.
iv. (Optional) Force the DHCP server to insert an Option field into DHCP
Reply messages.
force insert option code &<1-254>
By default, the DHCP server does not forcibly insert an Option field
to DHCP Reply messages.
v. Configure DHCP options.
option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | cipher cipher-
string | ip-address ip-address &<1-8> }
NOTE
If an option carries a password, using cipher is recommended. For security

purposes, use a password that is at least six characters long and contains at least
two of the following: digits, lowercase letters, uppercase letters, and special
characters.
Not all options can be configured using the preceding command. The
following table lists the options and their commands.

Table 3-8 Commands for configuring options

Command
Option 1 mask-length in the Subnet mask

network (IP
address pool view)
ip-address [ mask
{ mask | mask-
length } ] command
Option 3 gateway-list ip- Gateway address
address &<1-8>
Option 6 dns-list ip-address DNS server IP
&<1-8> address
Option 15 domain-name Domain name

domain-name
Option 44 nbns-list ip-address NetBIOS server IP
&<1-8> address
Option 46 netbios-type { b- NetBIOS node type

node | h-node | m-
node | p-node }
Option 50 N/A Requested IP

address
Option 51 lease { day day IP address lease

[ hour hour
[ minute minute ] ]
| unlimited }
Option 52 N/A Additional option
Option 53 N/A DHCP message type
Option 54 N/A Server identifier
Option 55 N/A Parameter request

list
Option 57 N/A Maximum length of

a DHCP message
Option 58 N/A Renewal time (T1),

which is 50% of the
lease time

(T2), which is 87.5%
of the lease time
Option 61 N/A Client identifier


Command
Option 82 N/A Relay agent

information
Option120 sip-server (IP SIP server IP address

address pool view)
{ ip-address ip-
address &<1-2> | list
domain-name
&<1-2> }
Option 121 option121 ip- A group of classless

address { ip-address routes
mask-length
gateway-address }
&<1-8>
Option 184 option184 { as-ip Voice parameters

ip-address | fail-
over ip-address
dialer-string | ncp-ip
ip-address | voice-
vlan vlan-id }
– In the DHCP Option template view:

i. Enter the system view.
system-view
ii. Create a DHCP Option template and enter the DHCP Option
template view.

configure a DHCP Option template. Network parameters configured
in the DHCP Option template view take effect only for static clients.
For static clients, if a network parameter is configured in both the
DHCP Option template view and global address pool view, only the
To allocate only IP addresses to static clients (for details, see
3.4.3.7.4 (Optional) Configuring Fixed IP Addresses in an Address
Pool), you do not need to configure a DHCP Option template.
iii. (Optional) Force the DHCP server to insert an Option field into DHCP
Reply messages.
force insert option code &<1-254>
By default, the DHCP server does not forcibly insert an Option field
to DHCP Reply messages.
iv. Configure DHCP options.
option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | cipher cipher-
string | ip-address ip-address &<1-8> }


NOTE
If an option carries a password, using cipher is recommended. For security

purposes, use a password that is at least six characters long and contains at least
two of the following: digits, lowercase letters, uppercase letters, and special
characters.
Not all options can be configured using the preceding command. See
Table 3-8 for the list of options and their commands.
v. Configure a classless static route to allocate to a DHCP client.
option121 ip-address { ip-address mask-length gateway-address } &<1-8>
By default, no classless static route allocated to DHCP clients is

configured.
vi. Configure Option 184.
option184 { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-
vlan vlan-id }
By default, the Option 184 field is not configured.

If you need to configure other items in the DHCP Option template
view, complete them first before performing the following steps.
vii. (Optional) Return to the system view.
quit
viii. (Optional) Enter the global address pool view.

ix. (Optional) Bind a DHCP Option template to static clients.

static-bind ip-address ip-address mac-address mac-address option-template template-
name
----End
3.4.3.7.12 (Optional) Configuring DNS Configurations Allocated by a DHCP Server
Context
If DHCP clients on your network use DNS and you want them to receive DNS
configurations through DHCP, configure the DHCP server to provide DNS
configurations.
Procedure
● Based on an interface address pool
system-view


d. Configure the IP address of a DNS server for DHCP clients.
dhcp server dns-list { ip-address &<1-8> | unnumbered interface interface-type interface-
number }

By default, no DNS server IP address is configured in an address pool.

Each address pool can be configured with a maximum of eight DNS
server IP addresses.
e. Configure a domain name that is allocated to DHCP clients.
dhcp server domain-name domain-name
By default, no domain name is allocated.

● Based on a global address pool in the global address pool view
system-view
c. Configure the IP address of a DNS server.
dns-list ip-address &<1-8>
By default, no DNS server IP address is configured in an address pool.

d. Configure a domain name that is allocated to DHCP clients.
domain-name domain-name
By default, no DNS domain name suffix is configured.

● In the DHCP Option template view
system-view
view.
c. Configure the DNS server IP address and DNS domain name suffix to be
allocated to DHCP clients.
▪ Configure the DNS server IP address to be allocated to DHCP clients.

dns-list ip-address &<1-8>
By default, no DNS server IP address is configured.
▪ Configure the DNS domain name suffix to be allocated to DHCP

clients.

domain-name domain-name
By default, no DNS domain name suffix is configured.

quit


----End
3.4.3.7.13 (Optional) Configuring NetBIOS Configurations Allocated by a DHCP

Server
Context
If DHCP clients on your network use NetBIOS and you want them to receive
NetBIOS configurations through DHCP, configure the DHCP server to provide
NetBIOS configurations.
Procedure
● Based on an interface address pool
system-view


d. Configure the NetBIOS server IP address and NetBIOS node type to be
▪ Configure the NetBIOS server IP address to be allocated to DHCP

clients.
dhcp server nbns-list ip-address &<1-8>
By default, no NetBIOS server IP address is configured in an address

pool.
Each address pool can be configured with a maximum of eight
NetBIOS server IP addresses.
▪ Configure a NetBIOS node type to be allocated to DHCP clients.

dhcp server netbios-type { b-node | h-node | m-node | p-node }
By default, no NetBIOS node type is configured for DHCP clients.

● Based on a global address pool in the global address pool view
system-view


c. Configure the NetBIOS server IP address and NetBIOS node type to be


clients.
nbns-list ip-address &<1-8>
By default, no NetBIOS server IP address is configured in an address

pool.

netbios-type { b-node | h-node | m-node | p-node }
By default, no NetBIOS node type is configured.

● In the DHCP Option template view
system-view
view.

c. Configure the NetBIOS server IP address and NetBIOS node type to be

clients.
nbns-list ip-address &<1-8>
By default, no NetBIOS server IP address is configured.


netbios-type { b-node | h-node | m-node | p-node }
By default, no NetBIOS node type is configured.

quit



----End
3.4.3.7.14 (Optional) Configuring a SIP Server Address to Be Allocated by the DHCP

Server
Context
When you configure a SIP server IP address in an address pool, the DHCP server
specifies the SIP server IP address when allocating IP addresses to DHCP clients.
Procedure
● Configure a SIP server address in an interface address pool.
system-view


d. Specify the IP address of a SIP server.
dhcp server sip-server { ip-address ip-address &<1-2> | list domain-name &<1-2> }
By default, no SIP server IP address is configured.

● Configure a SIP server address in a global address pool.
system-view

c. Specify the IP address of a SIP server.

sip-server { ip-address ip-address &<1-2> | list domain-name &<1-2> }
By default, no SIP server IP address is configured.

● Configure a SIP server address in the DHCP Option template view.
system-view
view.


c. Configure the SIP server IP address to be allocated to DHCP clients.
sip-server { ip-address ip-address &<1-2> | list domain-name &<1-2> }
By default, no SIP server IP address is configured in the DHCP Option

template view.
quit


----End
3.4.3.8 Verifying the DHCP Server Configuration
Procedure
● Check IP address allocation information in address pools using the following
commands:
– Interface address pool:
display ip pool [ interface interface-pool-name [ start-ip-address [ end-
ip-address ] | all | conflict | expired | used ] ]
– Global address pool:
display ip pool [ name ip-pool-name [ start-ip-address [ end-ip-
address ] | all | conflict | expired | used [ user-type { dhcp | pppoe | l2tp
| ipsec | ssl-vpn | ppp } ] ] ]
● Run the display dhcp server database command to view the path for storing
the DHCP database.
● Run the display dhcp option template [ name template-name ] command
to view the configuration of a DHCP Option template.
----End
3.5 Configuring a DHCP Relay Agent
3.5.1 Enabling DHCP

Context
Before enabling the DHCP relay function, enable DHCP in the system view.

NOTE
● The dhcp enable command is the prerequisite for configuring DHCP-related functions,
including DHCP relay, DHCP snooping, and DHCP server. These functions take effect only
after the dhcp enable command is run. After the undo dhcp enable command is run, all
DHCP-related configurations of the device are deleted. After DHCP is enabled again using
the dhcp enable command, all DHCP-related configurations of the device are restored to the
default configurations.
● After DHCP is enabled, if STP is also enabled, address allocation may slow down. By default,
STP is enabled. To disable STP, run the undo stp enable command.
Procedure
system-view
Step 2 Enable DHCP.

dhcp enable
By default, DHCP is disabled.
Step 3 (Optional) Enable dynamic route limiting on DHCP messages.

dhcp speed-limit auto
By default, dynamic rate limiting is disabled on DHCP messages.
----End
3.5.2 Enabling the DHCP Relay Function
Context
Enable the DHCP relay function on an interface so that the interface functions as
a DHCP relay agent.
Procedure
system-view
Step 2 Enter the interface view or sub-interface view.

interface interface-type interface-number [.subinterface-number ]
Step 3 (Optional) On an Ethernet interface, run undo portswitch
Step 4 Configure an IP address for the interface or configure the interface to borrow an
IP address from another interface.
ip address ip-address { mask | mask-length } or ip address unnumbered interface interface-type interface-
number

NOTE
● The DHCP relay function is configured on the user-side gateway interface typically. The
IP address of the gateway interface must be on the same network segment as the
address pool configured on the DHCP server; otherwise, DHCP clients cannot obtain IP
addresses.
● You can configure an interface to borrow an IP address from another interface in the
scenario where clients and the DHCP relay agent are on different network segments, for
example, CPEs function as DHCP clients and need to obtain public IP addresses, but no
public IP address is configured on the DHCP relay agent to save IP address resources. To
configure an interface to borrow an IP address from another interface, you must enable
DHCP snooping on the interface or VLAN connecting to users. After DHCP snooping is
enabled, the DHCP relay agent adds user network routes (UNRs) to clients when adding
DHCP snooping binding entries and deletes UNRs to clients when deleting DHCP
snooping binding entries. The number of clients cannot exceed the maximum number of
DHCP snooping binding entries that can be learned. You can run the dhcp snooping
max-user-number command to configure the maximum number of DHCP snooping
binding entries that can be learned.
Step 5 Enable the DHCP relay function on the interface.

dhcp select relay
By default, the DHCP relay function is disabled on an interface.
NOTE
When enabling the DHCP relay function on a sub-interface, run the arp broadcast enable
command on the sub-interface to enable ARP broadcast. By default, ARP broadcast is not
enabled on a VLAN tag termination sub-interface.
----End
3.5.3 Specifying the DHCP Server IP Address

Context
You must specify the IP address of the DHCP server so that the DHCP relay agent
can forward DHCP messages between the server and clients. Two methods are
available for you to specify the DHCP server IP address: in the interface view and
in the DHCP server group view. The former method is recommended if you
configure the DHCP relay function on individual interfaces connected to DHCP
servers that have different IP addresses. The latter method is recommended if you
configure the DHCP relay function on multiple interfaces that connect to one
DHCP server.
NOTE
A maximum of 16 DHCP relay agents are allowed between a DHCP server and a DHCP client. If
there are more than 16 DHCP relay agents, DHCP messages are discarded.
Procedure
● Specify the DHCP server IP address in the interface view.
system-view
b. (Optional) Configure the DHCP server polling function on the DHCP relay
agent.

ip relay address cycle
By default, DHCP server polling is disabled on a DHCP relay agent.

c. (Optional) Set the TTL value for DHCP Discovery messages after they are
forwarded by the DHCP relay agent at Layer 3.
dhcp set ttl { unvaried | ttl-value }
By default, the TTL value of DHCP Discovery messages decreases by 1

after they are forwarded by the DHCP relay agent at Layer 3.
NOTE
If the DHCP relay agent connects to a special client whose TTL value of DHCP
Discovery messages is 1, and if there are routing devices between the DHCP relay
agent and DHCP server, run the dhcp set ttl ttl-value command to specify a fixed
TTL value (16 is recommended) for DHCP Discovery messages after they are
d. Enter the interface or sub-interface view.
e. (Optional) On an Ethernet interface, run undo portswitch
f. Specify the IP address of a DHCP server.
dhcp relay server-ip ip-address
By default, no DHCP server IP address is specified.

You can specify up to 20 DHCP server IP addresses for each interface.
g. (Optional) Enable DHCP relay gateway switching.
dhcp relay gateway-switch enable
By default, DHCP relay gateway switching is disabled.

After primary and secondary IP addresses are configured on an interface,
the primary IP address functions as the gateway address in most cases. If
clients cannot use the primary IP address to apply for IP addresses,
configure DHCP relay gateway switching to allow the clients to use
secondary IP addresses to apply for IP addresses. After DHCP relay
gateway switching is enabled, configure address pools on the same
network segment as the secondary IP addresses on the connected DHCP
server.
▪ The gateway address switches from the primary IP address to a

secondary IP address only when a user fails at least three times to
obtain an IP address using the primary IP address and the interval
between the last failure and first failure exceeds 24 seconds.
▪ If a primary IP address and multiple secondary IP addresses are

configured on an interface, the system tries the secondary IP
addresses one by one based on the IP address configuration
sequence until users successfully obtain IP addresses.
● Specify the DHCP server IP address in the DHCP server group view.
system-view

b. (Optional) Configure the DHCP server polling function on the DHCP relay
agent.
ip relay address cycle
By default, DHCP server polling is disabled on a DHCP relay agent.

c. (Optional) Set the TTL value for DHCP Discovery messages after they are
dhcp set ttl { unvaried | ttl-value }
By default, the TTL value of DHCP Discovery messages decreases by 1

after they are forwarded by the DHCP relay agent at Layer 3.
NOTE
If the DHCP relay agent connects to a special client whose TTL value of DHCP
Discovery messages is 1, and if there are routing devices between the DHCP relay
agent and DHCP server, run the dhcp set ttl ttl-value command to specify a fixed
TTL value (16 is recommended) for DHCP Discovery messages after they are
d. Create a DHCP server group and enter its view.
dhcp server group group-name
By default, no DHCP server group is configured.

A maximum of 64 DHCP server groups can be configured on a device.
e. Configure the DHCP server members in the DHCP server group.
dhcp-server ip-address [ ip-address-index ]
By default, no DHCP server member is configured in a DHCP server

group.
A maximum of 20 DHCP servers can be added to a DHCP server group.
f. (Optional) Specify the gateway address for clients.
gateway ip-address
A gateway address is specified for clients.

Skip this step if the interface connecting the DHCP relay agent to clients
functions as the gateway.
The gateway address specified in this step must be the same as the
egress gateway address of clients specified on the DHCP server. If the
device functions as the DHCP server, refer to 3.4.3.7.9 (Optional)
Configuring a Gateway Address for Clients for details about how to
specify the egress gateway address for clients.
g. (Optional) Bind the DHCP server group to a VPN instance.
vpn-instance vpn-instance-name
By default, the DHCP server group is not bound to a VPN instance.

To ensure clients can obtain IP parameters if the DHCP relay agent is
deployed on a VPN network, bind the DHCP server group to a VPN
instance that is also bound to the address pool of the DHCP server.
h. Return to the system view.
quit
i. Enter the interface or sub-interface view.

j. (Optional) On an Ethernet interface, run undo portswitch

k. Create a DHCP server group.
dhcp relay server-select group-name
l. (Optional) Enable DHCP relay gateway switching.

dhcp relay gateway-switch enable
By default, DHCP relay gateway switching is disabled.
After primary and secondary IP addresses are configured on an interface,

the primary IP address functions as the gateway address in most cases. If
clients cannot use the primary IP address to apply for IP addresses,
configure DHCP relay gateway switching to allow the clients to use
secondary IP addresses to apply for IP addresses. After DHCP relay
gateway switching is enabled, configure address pools on the same
network segment as the secondary IP addresses on the connected DHCP
server.
▪ The gateway address switches from the primary IP address to a

secondary IP address only when a user fails at least three times to
obtain an IP address using the primary IP address and the interval
between the last failure and first failure exceeds 24 seconds.
▪ If a primary IP address and multiple secondary IP addresses are

configured on an interface, the system tries the secondary IP
addresses one by one based on the IP address configuration
sequence until users successfully obtain IP addresses.
----End
3.5.4 (Optional) Configuring Strategies for Processing Option

82 Information on a DHCP Relay Agent
Context
To enable a DHCP relay agent to accept, process, and forward DHCP messages
that carry Option 82 information, you must configure the DHCP relay agent to
trust and process this option.
You are advised to perform the configuration on a user-side device. If the DHCP
relay agent connects to a DHCP snooping-enabled device, configure the strategies
for processing Option 82 information on the DHCP snooping device. When a
device functions as the DHCP snooping device, for details on how to perform the
configuration, see Inserting the Option 82 Field in a DHCP Message in "DHCP
Snooping Configuration" in the S12700 V200R011C10 Configuration Guide -
Security.

NOTE
If the device functions as the first-hop DHCP relay agent, it can process Option 82 information.
If the device functions as the second-hop or subsequent DHCP relay agent, it cannot process
Option 82 information.
Procedure
system-view
Step 2 Enable the DHCP relay agent to trust Option 82.

dhcp relay trust option82
By default, a DHCP relay agent does not trust Option 82.

When this function is enabled, the DHCP relay agent can receive and forward
DHCP messages that carry Option 82. If the DHCP relay agent is disabled from
trusting Option 82 using the undo dhcp relay trust option82 command, the
device discards the DHCP messages carrying Option 82.
Step 3 Configure strategies for processing Option 82 information on the DHCP relay
agent.
● Configure the DHCP relay agent to insert the Option 82 field to DHCP
messages in a VLAN view. This configuration takes effect on all DHCP
messages from this VLAN received on the interfaces of the DHCP relay agent.
a. Enter the VLAN view.
vlan vlan-id
b. Enable the DHCP relay agent to insert the Option 82 field to received
DHCP messages.
dhcp option82 { insert | rebuild } enable interface interface-type interface-number1 [ to
interface-number2 ]
By default, a DHCP relay agent is disabled from inserting the Option 82
field to received DHCP messages.
c. Return to the system view.
quit
● Configure the DHCP relay agent to insert the Option 82 field to DHCP
messages in an interface view. This configuration takes effect on DHCP
messages received on the specified interface.
Use the following methods to configure strategies for processing Option 82
information. If both methods are used, method 2 takes effect.
– Method 1:
i. Enter the interface view or sub-interface view.
ii. Enable the DHCP relay agent to insert the Option 82 field to received
DHCP messages.
dhcp option82 { insert | rebuild } enable
By default, a DHCP relay agent is disabled from inserting the Option
82 field to received DHCP messages.
DHCP messages received on the DHCP relay agent may carry the
Option 82 field. Select a strategy based on network requirements.

When insert is configured: If a DHCP message does not carry the

Option 82 field, the DHCP relay agent inserts the Option 82 field. If a
DHCP message carries the Option 82 field, the DHCP relay agent
checks the Option 82 field. If the field contains remote-id, the
Option 82 field remains unchanged. Otherwise, the DHCP relay
agent inserts remote-id.
When rebuild is configured: If a DHCP message does not carry the
deletes the original Option 82 field and inserts the locally configured
Option 82 field.
iii. Return to the system view.
quit
– Method 2:
i. Enter the interface view or sub-interface view.
ii. Enable the DHCP relay agent to support Option 82.

dhcp relay information enable
By default, a DHCP relay agent does not support Option 82.

iii. Configure a strategy for processing Option 82 information on the
DHCP relay agent.
dhcp relay information strategy { drop | keep | replace }
The default strategy is replace.

DHCP messages received on the DHCP relay agent may carry the
Option 82 field. Select a strategy based on network requirements.
When replace is configured: If a DHCP message does not carry the
deletes the original Option 82 field and inserts the locally configured
Option 82 field.
When drop is configured: If a DHCP message does not carry the
Option 82 field, the DHCP relay agent forwards the message directly
without processing it. If a DHCP message carries the Option 82 field,
the DHCP relay agent discards the Option 82 field and forwards the
message.
When keep is configured: If a DHCP message does not carry the
Option 82 field, the DHCP relay agent forwards the message directly
without processing it. If a DHCP message carries the Option 82 field,
the DHCP relay agent retains the Option 82 field and forwards the
message.
iv. Return to the system view.
quit
Step 4 (Optional) Set the format of the Option 82 field.
Configure the format of the Option 82 field in the system or interface view. If the
configuration is performed in the system view, it takes effect on all interfaces of
the device. If the configuration is performed in an interface view, it takes effect
only on the specified interface.

If the strategy for processing Option 82 information is drop or keep on the DHCP
relay agent, skip this step.
NOTICE
● All Option82 fields configured in the system view or in the same interface view
share a length of 1-255 bytes. If their total length exceeds 255 bytes, some
Option82 information will be lost.
● There is no limit on the number of Option 82 fields configured on the device.
However, a large number of Option 82 fields will occupy a lot of memory and
prolong the device processing time. To ensure device performance, you are
advised to configure Option 82 fields based on the service requirements and
device memory size.
● In the system view:

Configure the format of the Option 82 field.
dhcp option82 [ vlan vlan-id ] [ ce-vlan ce-vlan-id ] [ circuit-id | remote-id ] format { default |
common | extend | user-defined text }
By default, the Option 82 field is in the default format.

● In the interface view:
a. Enter the interface view.
interface interface-type interface-number
b. Configure the format of the Option 82 field.

dhcp option82 [ vlan vlan-id ] [ ce-vlan ce-vlan-id ] [ circuit-id | remote-id ] format { default
| common | extend | user-defined text }
By default, the Option 82 field is in the default format.

c. Return to the system view.
quit
----End
3.5.5 Verifying the DHCP Relay Agent Configuration
Procedure
● Run the display dhcp relay { all | interface interface-type interface-number }
command to view information about the DHCP server or DHCP server group
on the interface functioning as a DHCP relay agent.
● Run the display dhcp server group [ group-name ] command to view the
configuration of the DHCP server group.
----End
3.6 Configuring a DHCP Client

3.6.1 Enabling the DHCP Client Function

Context
Before a device can function as a DHCP client, you must enable the DHCP client
function.
After an interface is enabled with the DHCP client function, the interface can
obtain network parameters including the IP address from the DHCP server. If the
allocated IP address and IP addresses of other interfaces are on the same network
segment, the interface does not use this IP address and does not re-apply for an IP
address. To allow the interface to re-apply for an IP address, run the shutdown
and then the undo shutdown commands on the interface. Alternatively, run the
undo ip address dhcp-alloc and then the ip address dhcp-alloc command on the
interface.
Procedure
system-view


Step 4 Enable the DHCP client function.
ip address dhcp-alloc
By default, the DHCP client function is disabled on an interface.
----End
3.6.2 (Optional) Configuring Attributes
Context
Configuring attributes allows you to specify certain parameters for the DHCP
client. You can configure the Option 60 field in either the system view or the
interface view. The configuration in the interface view has a higher priority and
overrides the configuration in the system view.
Procedure
system-view
Step 2 Configure the DHCP client to send DHCP Discover messages that carry the Option
60 field.
dhcp client class-id class-id

By default, the value of the Option 60 field is in the format of "huawei-device

model".

Step 5 Configure a hostname for the DHCP client.
dhcp client hostname hostname
By default, no hostname is configured for a DHCP client.

A hostname allows access to a DHCP client through a domain name. A domain
name consists of a hostname and domain name suffix.
Step 6 Configure an identifier for the DHCP client.
dhcp client client-id client-id
By default, a client's MAC address is used as its identifier.

Client identifier information is entered in the Option 61 field to uniquely identify
the DHCP client.
Step 7 Configure the DHCP client to send DHCP Discover messages that carry the Option
60 field.
dhcp client class-id class-id
By default, the Option 60 field is not configured.
----End
3.6.3 (Optional) Configuring an Expected Lease

Context
To enable a DHCP client to determine the lease length, configure an expected
lease on the DHCP client. If the expected lease is longer than the global lease, the
global lease takes effect.
Procedure
system-view


Step 4 Configure the expected lease.

dhcp client expected-lease time
By default, no expected lease is configured for a DHCP client.

Step 5 Renew the lease of the DHCP client's IP address.
dhcp client renew
NOTE
This command takes effect only if an IP address is already assigned.
----End
3.6.4 (Optional) Configuring Gateway Detection
Context
To enable a DHCP client to detect the status of the gateway, enable the gateway
detection function. A DHCP client enabled with the gateway detection function
sends an ARP Request packet to detect the gateway status after obtaining an IP
address. If the DHCP client receives no ARP Reply packet within the detection
period, it considers the gateway address incorrect or the gateway device faulty,
and then re-applies for an IP address.
Procedure
system-view


Step 4 Configure the gateway detection function on the DHCP client.
dhcp client gateway-detect period period retransmit retransmit timeout time
By default, the gateway detection function is not configured on a DHCP client.
----End
3.6.5 (Optional) Configuring a DHCP Client to Dynamically

Obtain Routing Information
Context
To allow a DHCP client to communicate with other network devices, you need to
configure a route in which the next hop address is the gateway address of the
client. If the gateway address of the client is dynamically obtained from the DHCP
server and the route is statically configured on the client, the static route must be
manually modified when the gateway address changes. After the DHCP client is
configured to dynamically obtain routing entries through DHCP, the next hop

address in the static route is automatically updated when the gateway address
changes, lowering maintenance costs.
A DHCP server can allocate routing entries to DHCP clients. On a device
functioning as the DHCP client, you can set the priorities of routing entries
allocated by the DHCP server so that the DHCP client can dynamically update its
routing table.
Procedure
system-view
Step 2 Configure the DHCP client to obtain routing entries through DHCP.
ip route ip-address { mask | mask-length } interface-type interface-number dhcp [ preference-value ]
By default, a DHCP client does not obtain routing entries through DHCP.

Step 5 Set the priority of routing entries allocated by the DHCP server to DHCP clients.
dhcp client default-route preference preference-value
The default priority of routing entries allocated by the DHCP server to DHCP
clients is 60.
----End
3.6.6 (Optional) Configuring Option Information Requested

by a DHCP Client
Context
The Option 55 field in DHCP Request messages is used to set the request option
list. DHCP clients use this option to specify network configuration parameters that
need to be obtained from the DHCP server. By default, the Option 55 field carries
request options 3, 6, 15, 28, 33, 44, 121, and 184 by default. You can run the dhcp
client request option-list exclude command to set a list of default options that
are excluded from the Option 55 field.
For option meanings, see 3.2.3 DHCP Messages in Configuration- IP Service
Configuration Guide - DHCP Configuration.
Procedure
system-view


Step 4 Configure a list of default request options that are excluded from the Option 55
field in DHCP Request messages.
dhcp client request option-list exclude option-code &<1-8>
By default, the device does not configure the option to be excluded from the
DHCP client request list.
----End
3.6.7 Verifying the DHCP Client Configuration

Procedure
● On an interface enabled with the DHCP client function, run the display this
command to view the configuration of the DHCP client.
● Run the display dhcp client command to view the status of the DHCP client.
----End
3.7 Configuring a Device as a BOOTP Client
3.7.1 Enabling the BOOTP Client Function
Context
Before a device can function as a BOOTP client, you must enable the BOOTP client
function.
After an interface is enabled with the BOOTP client function, the interface can
obtain network parameters including the IP address from the DHCP server. If the
allocated IP address and IP addresses of other interfaces are on the same network
segment, the interface does not use the allocated IP address and does not re-
apply for an IP address. To allow the interface to re-apply for an IP address, run
the shutdown and then the undo shutdown commands on the interface.
Alternatively, run the undo ip address bootp-alloc and then the ip address
bootp-alloc commands on the interface.
Procedure
system-view



Step 4 Enable the BOOTP client function.
ip address bootp-alloc
----End
3.7.2 (Optional) Configuring Attributes

Context
Configuring attributes allows you to specify certain parameters for the BOOTP
client.
Procedure
system-view


Step 4 Configure a hostname for the BOOTP client.
dhcp client hostname hostname
By default, no hostname is configured for a BOOTP client.

A hostname allows access to a BOOTP client through a domain name. A domain
name consists of a hostname and domain name suffix.
Step 5 Configure an identifier for the BOOTP client.
dhcp client client-id client-id
By default, a client's MAC address is used as its identifier.
----End
3.7.3 (Optional) Configuring Gateway Detection
Context
To enable a BOOTP client to detect the status of the gateway, enable the gateway
detection function. A BOOTP client enabled with the gateway detection function
sends an ARP Request packet to detect the gateway status after obtaining an IP
address. If the BOOTP client receives no ARP Reply packet within the detection
period, it considers the gateway address incorrect or the gateway device faulty,
and then re-applies for an IP address.

Procedure
system-view


Step 4 Configure the gateway detection function on the BOOTP client.
dhcp client gateway-detect period period retransmit retransmit timeout time
By default, the gateway detection function is not configured on a BOOTP client.
----End
3.7.4 (Optional) Configuring a BOOTP Client to Dynamically

Obtain Routing Information
Context
To allow a BOOTP client to communicate with other network devices, you need to
configure a route in which the next hop address is the gateway address of the
client. If the gateway address of the client is dynamically obtained from the DHCP
server and the route is statically configured on the client, the static route must be
manually modified when the gateway address changes. After the BOOTP client is
configured to dynamically obtain routing entries through DHCP, the next hop
address in the static route is automatically updated when the gateway address
changes, lowering maintenance costs.
A DHCP server can allocate routing entries to BOOTP clients. On a device
functioning as the BOOTP client, you can set the priorities of routing entries
allocated by the DHCP server so that the BOOTP client can dynamically update its
routing table.
Procedure
system-view
Step 2 Configure the BOOTP client to obtain routing entries through DHCP.
ip route ip-address { mask | mask-length } interface-type interface-number dhcp [ preference-value ]
By default, a BOOTP client does not obtain routing entries through DHCP.


Step 5 Set the priority of routing entries allocated by the DHCP server to BOOTP clients.
dhcp client default-route preference preference-value
The default priority of routing entries allocated by the DHCP server to BOOTP
clients is 60.
----End
3.7.5 Verifying the DHCP Client Configuration
Procedure
● On an interface enabled with the DHCP client function, run the display this
command to view the configuration of the DHCP client.
● Run the display dhcp client command to view the status of the DHCP client.
----End
3.8 Maintaining DHCP
3.8.1 Viewing Statistics About DHCP Messages
Context
Statistics about received and sent DHCP messages provide useful information for
fault locating during routine maintenance.
Procedure
● Run the display dhcp server statistics command to check statistics about
DHCP messages sent and received on a DHCP server.
● Run the display dhcp relay statistics command to check statistics about
DHCP messages sent and received on a DHCP relay agent.
● Run the display dhcp client statistics [ interface interface-type interface-
number ] command to check statistics about DHCP messages sent and
received on a DHCP client.
● Run the display dhcp statistics command to view statistics about DHCP
messages sent and received on a device.
----End
3.8.2 Clearing Statistics About DHCP Messages
Context
Before collecting statistics about DHCP messages during routine maintenance,
clear the existing statistics.

NOTICE
DHCP statistics cannot be restored after they are cleared. Exercise caution when
performing this operation.
Procedure
● Run the reset dhcp server statistics command to clear statistics about DHCP
messages sent and received on a DHCP server.
● Run the reset dhcp relay statistics command to clear statistics about DHCP
messages sent and received on a DHCP relay agent.
● Run the reset dhcp client statistics [ interface interface-type interface-
number ] command to clear statistics about DHCP messages sent and
received on a DHCP client.
● Run the reset dhcp statistics command to clear statistics about DHCP
messages sent and received on a device.
----End
3.8.3 Resetting a DHCP Address Pool

Context
To force a DHCP server to re-allocate IP addresses to clients or to set IP addresses
in an address pool to idle (idle IP addresses will be preferentially allocated), reset
an address pool.
Procedure
● Run the following commands to reset address pools on the device.
– Interface address pool:
reset ip pool interface interface-name { start-ip-address [ end-ip-
address ] | all | conflict | expired | used }
– Global address pool:
reset ip pool name ip-pool-name { start-ip-address [ end-ip-address ] |
all | conflict | expired | used }
● Configure a DHCP relay agent to request a DHCP server to release IP
addresses of clients.
After a DHCP relay agent is configured to request the DHCP server to release
IP addresses of clients, it sends DHCP Release messages to the specified DHCP
server. After receiving the message, the DHCP server restores specified IP
addresses to the idle status. Released IP addresses can then be allocated to
other clients. Run the following commands to configure the DHCP relay agent
to request the DHCP server to release IP addresses of clients:
system-view



d. Run the dhcp relay release client-ip-address mac-address [ vpn-instance
vpn-instance-name ] [ server-ip-address ] command to request the DHCP
server to release IP addresses allocated to DHCP clients.
NOTE
The parameter vpn-instance vpn-instance-name cannot be configured in the

interface view.
▪ When you run the preceding command in the system view:

○ If no DHCP server is specified, the DHCP relay agent sends DHCP
Release messages to all DHCP servers connected to DHCP relay-
enabled interfaces.
○ If a DHCP server is specified, the DHCP relay agent sends DHCP
Release messages to only the specified DHCP server.
▪ When you run the preceding command in the interface view:

○ If no DHCP server is specified, the DHCP relay agent sends DHCP
Release messages to the DHCP server connected to this
interface.
○ If a DHCP server is specified, the DHCP relay agent sends DHCP
Release messages to only the specified DHCP server.
----End
3.8.4 Locking a DHCP Address Pool
Context
When a DHCP server is migrated, address pools on the DHCP server need to be
transferred to a DHCP server on the live network. To prevent impacting clients
that have obtained IP address from the to-be-migrated DHCP server, lock the
address pools on the DHCP server. After the migration, new users apply for IP
addresses from the new address pool.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the ip pool ip-pool-name command to enter the global address pool view.
Step 3 Run the lock command to lock the address pool.
By default, address pools on a device are not locked.
----End

3.8.5 Forcing a DHCP Client to Release and Renew Its IP

Address
If a DHCP client obtains its IP address dynamically, you can force the client to
release and renew its IP address, which is useful during certain troubleshooting
procedures.
The commands used to release and renew an IP address depend on the operating
system running on the client. For details about the commands to run, see the
documentation of your operating system. The commands for some common
operating systems are as follows:
● Release an IP address.
– For Windows 7, run the ipconfig/release command.
– For MS-DOS of Windows 98, run the winipcfg/release command.
– For Unix-like operating systems, run the dhclient –r command.
● Renew an IP address lease or apply for a new IP address.
– For Windows 7, run the ipconfig/renew command.
– For MS-DOS of Windows 98, run the winipcfg/renew command.
– For Unix-like operating systems, run the dhclient command.
3.9 Configuration Examples for DHCP
3.9.1 Example for Configuring a DHCP Server (Based on an

Interface Address Pool)
Networking Requirements
In Figure 3-10, an enterprise plans two network segments for office terminals:
10.1.1.0/24 for fixed terminals and 10.1.2.0/24 for terminals used by staff on
business trips. To facilitate unified management, the enterprise requires terminals
to automatically obtain IP addresses and the DNS server IP address from the
Switch (if users access the Internet using domain names, a DNS server must be
specified). A PC (DHCP Client_1) requires fixed IP address 10.1.1.100/24 to meet
service requirements.

Figure 3-10 Networking diagram for configuring a device as a DHCP server

DNS Server
10.1.3.1/24
IP Network
GE1/0/1 GE1/0/2
VLANIF10 VLANIF11
10.1.1.1/24 10.1.2.1/24
Switch
DHCP Server
... DHCP DHCP DHCP

DHCP Client_1 ...
MAC: 286e-d488-b684 Client_n Client_s Client_t
IP: 10.1.1.100/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the switch as a DHCP server to dynamically allocate IP addresses on
the two network segments and the DNS server IP address to enterprise
terminals.
2. Allocate IP addresses on 10.1.1.0/24 to fixed terminals and set the lease time
of these IP addresses to 30 days.
3. Statically allocate the fixed IP address 10.1.1.100/24 to DHCP Client_1.
4. Allocate IP addresses on 10.1.2.0/24 to terminals used by staff on business
trips and set the lease time of these IP addresses to two days.
Procedure
Step 1 Enable DHCP.
[HUAWEI] sysname Switch
[Switch] dhcp enable
Step 2 Add interfaces to VLANs.

# Add GE1/0/1 to VLAN 10.
[Switch] vlan batch 10 to 11
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type hybrid
[Switch-GigabitEthernet1/0/1] port hybrid pvid vlan 10
[Switch-GigabitEthernet1/0/1] port hybrid untagged vlan 10
[Switch-GigabitEthernet1/0/1] quit
# Add GE1/0/2 to VLAN 11.


Step 3 Configure IP addresses for VLANIF interfaces.

# Configure an IP address for VLANIF 10.
[Switch] interface vlanif 10
[Switch-Vlanif10] ip address 10.1.1.1 24
[Switch-Vlanif10] quit
# Configure an IP address for VLANIF 11.

Step 4 Configure interface address pools.

# Configure the clients connected to VLANIF 10 to obtain IP addresses and other
network parameters from the address pool on VLANIF 10.
[Switch-Vlanif10] dhcp select interface
[Switch-Vlanif10] dhcp server gateway-list 10.1.1.1
[Switch-Vlanif10] dhcp server lease day 30
[Switch-Vlanif10] dhcp server domain-name huawei.com
[Switch-Vlanif10] dhcp server dns-list 10.1.3.1
[Switch-Vlanif10] dhcp server static-bind ip-address 10.1.1.100 mac-address 286e-d488-b684
# Configure the clients connected to VLANIF 11 to obtain IP addresses and other

network parameters from the address pool on VLANIF 11.
[Switch-Vlanif11] dhcp server gateway-list 10.1.2.1
[Switch-Vlanif11] dhcp server lease day 2
[Switch-Vlanif11] dhcp server domain-name huawei.com
[Switch-Vlanif11] dhcp server dns-list 10.1.3.1
Step 5 Enable the device to save DHCP data to the storage device. If a fault occurs on the
device, you can run the dhcp server database recover command after the system
restarts to restore DHCP data from files on the storage device.
[Switch] dhcp server database enable
Step 6 Verify the configuration.

# On the switch, run the display ip pool command to view IP address allocation
in address pools. The Used field displays the number of used IP addresses in the
address pool. For example, the enterprise has 100 employees with fixed office
terminals and 3 employees on business trips.
[Switch] display ip pool interface vlanif10
Pool-name : Vlanif10
Pool-No :0
Lease : 30 Days 0 Hours 0 Minutes
Domain-name : huawei.com
DNS-server0 : 10.1.3.1
NBNS-server0 :-
Netbios-type :-
Position : Interface
Status : Unlocked

Gateway-0 : 10.1.1.1
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
Conflicted address recycle interval: -
Address Statistic: Total :253 Used :100
Idle :153 Expired :0
Conflict :0 Disabled :0
-------------------------------------------------------------------------------
Network section
Start End Total Used Idle(Expired) Conflict Disabled
-------------------------------------------------------------------------------
10.1.1.1 10.1.1.254 253 100 153(0) 0 0
-------------------------------------------------------------------------------
Pool-No :1
Domain-name : huawei.com
NBNS-server0 :-
Netbios-type :-
Status : Unlocked
Gateway-0 : 10.1.2.1
Network : 10.1.2.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
-------------------------------------------------------------------------------
Network section
-------------------------------------------------------------------------------
10.1.1.1 10.1.1.254 253 3 250(0) 0 0
-------------------------------------------------------------------------------
Check IP address information on Client_1 (using Windows 7 operating system).

The IP address 10.1.1.100/24 has been assigned to Client_1.
C:\Documents and Settings\Administrator>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :

IPv4 Address. . . . . . . . . . . : 10.1.1.100
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 10.1.1.1
Check IP address information another DHCP client (for example, a terminal

belonging to the network segment 10.1.1.0/24 and using Windows 7 operating
system). An IP address has been assigned.
C:\Documents and Settings\Administrator>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :

IPv4 Address. . . . . . . . . . . : 10.1.1.51
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 10.1.1.1
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 to 11
#
dhcp enable
#
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp server gateway-list 10.1.1.1
dhcp server static-bind ip-address 10.1.1.100 mac-address 286e-d488-b684
dhcp server lease day 30 hour 0 minute 0
dhcp server dns-list 10.1.3.1
dhcp server domain-name huawei.com
#
interface Vlanif11
ip address 10.1.2.1 255.255.255.0
dhcp server gateway-list 10.1.2.1
dhcp server lease day 2 hour 0 minute 0
dhcp server dns-list 10.1.3.1
dhcp server domain-name huawei.com
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
#
return
3.9.2 Example for Configuring a DHCP Server to Allocate

Different Network Parameters from a Global Address Pool to
Dynamic and Static Clients
In Figure 3-11, the IP phone and PCs described represent typical in an office. To
uniformly manage these devices and reduce manual configuration costs, the
administrator needs to configure hosts to dynamically obtain IP addresses using
DHCP.

PCs are fixed terminals in the duty room and need to be always online and use
domain names to access network devices. PCs also require the unlimited IP
address lease time and need to obtain information about the DNS server.
The IP phone (MAC address dcd2-fc96-e4c0) needs a fixed IP address 10.1.1.4/24
and needs to dynamically obtain its startup configuration file configuration.ini
from the FTP server. There are reachable routes between the FTP server and IP
phone. The gateway address of the PCs and IP phone is 10.1.1.1/24.
Figure 3-11 Networking diagram for configuring a DHCP server to allocate

different network parameters to dynamic and static clients
DNS Server
10.1.1.2/24
GE1/0/1
SwitchB VLANIF10
10.1.1.1/24
Internet
SwitchA
IP Phone DHCP Server
10.1.1.4/24
PC PC PC FTP Server
10.1.1.3/24
1. Create a DHCP Option template on SwitchA.
a. In the DHCP Option template view, configure the startup configuration
file for the static client IP phone.
b. Specify the FTP server IP address for the IP phone.
2. Create a global address pool on SwitchA.
a. In the global address pool view, configure an IP address lease and DNS
server information for the dynamic client PCs.
b. Bind an IP address and the DHCP Option template to the MAC address of
the static client IP phone.
Procedure
Step 1 Create a VLAN and configure an IP address for the VLANIF interface connecting
SwitchA to SwitchB.
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type hybrid
[SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet1/0/1] quit

[SwitchA] interface vlanif 10

[SwitchA-Vlanif10] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vlanif10] quit
Step 2 Enable DHCP.

[SwitchA] dhcp enable
Step 3 Create a DHCP Option template.

In the DHCP Option template view, configure the startup configuration file for the
static client IP phone and specify the IP address of the file server for the IP phone
to obtain the startup configuration file.
[SwitchA] dhcp option template template1
[SwitchA-dhcp-option-template-template1] gateway-list 10.1.1.1
[SwitchA-dhcp-option-template-template1] bootfile configuration.ini
[SwitchA-dhcp-option-template-template1] next-server 10.1.1.3
[SwitchA-dhcp-option-template-template1] quit
Step 4 Create an IP address pool.

In the IP address pool view, configure the gateway address, IP address lease, and
DNS server IP address for the PCs. Allocate a fixed IP address to the IP phone and
configure the startup configuration file.
[SwitchA] ip pool pool1
[SwitchA-ip-pool-pool1] network 10.1.1.0 mask 255.255.255.0
[SwitchA-ip-pool-pool1] dns-list 10.1.1.2
[SwitchA-ip-pool-pool1] gateway-list 10.1.1.1
[SwitchA-ip-pool-pool1] excluded-ip-address 10.1.1.2 10.1.1.3
[SwitchA-ip-pool-pool1] lease unlimited
[SwitchA-ip-pool-pool1] static-bind ip-address 10.1.1.4 mac-address dcd2-fc96-e4c0 option-template
template1
[SwitchA-ip-pool-pool1] quit
Step 5 Enable the DHCP server function on the VLANIF 10 interface.

[SwitchA-Vlanif10] dhcp select global
Step 6 Enable the device to save DHCP data to the storage device. If a fault occurs on the
device, you can run the dhcp server database recover command after the system
restarts to restore DHCP data from files on the storage device.
[SwitchA] dhcp server database enable

# Run the display ip pool name pool1 command on SwitchA to view the address
pool configuration.
[SwitchA] display ip pool name pool1
Pool-name : pool1
Pool-No :0
Lease : unlimited
Domain-name :-
NBNS-server0 :-
Netbios-type :-
Position : Local
Status : Unlocked
Gateway-0 : 10.1.1.1
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable


-------------------------------------------------------------------------------
Network section
-------------------------------------------------------------------------------
10.1.1.1 10.1.1.254 253 4 247(0) 0 2
-------------------------------------------------------------------------------
# Run the display dhcp option template name template1 command on SwitchA
to view the DHCP Option template configuration.
[SwitchA] display dhcp option template name template1
-------------------------------------------------------------------------------
Template-Name : template1
Template-No : 0
Next-server : 10.1.1.3
Domain-name : -
DNS-server0 : -
NBNS-server0 : -
Netbios-type : -
Gateway-0 : 10.1.1.1
Bootfile : configuration.ini
----End
Configuration Files
SwitchA configuration file
#
sysname SwitchA
#
vlan batch 10
#
dhcp enable
#
#
dhcp option template template1
gateway-list 10.1.1.1
next-server 10.1.1.3
bootfile configuration.ini
#
ip pool pool1
network 10.1.1.0 mask 255.255.255.0
excluded-ip-address 10.1.1.2 10.1.1.3
static-bind ip-address 10.1.1.4 mac-address dcd2-fc96-e4c0 option-template
template1
lease unlimited
dns-list 10.1.1.2
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select global
#
#
return

3.9.3 Example for Configuring a DHCP Server to Allocate IP

Addresses to IP Phones
In Figure 3-12, IP phones send tagged voice packets. High-quality VoIP service
voice data flows must be transmitted with a high priority to ensure call quality. To
simplify management, the enterprise administrator requires that a DHCP server be
deployed to allocate IP addresses to IP phones. Each IP phone also needs to
dynamically obtain its startup configuration file configuration.ini from the FTP
server. There are reachable routes between the FTP server and IP phones.
Figure 3-12 Networking diagram for configuring a DHCP server to allocate IP

addresses to IP phones
FTP Server
10.1.1.3/24
Switch Internet
GE1/0/1
GE1/0/2
IP Phone A IP Phone B
1. Configure a voice VLAN on the Switch to ensure that the Switch preferentially
forwards voice packets.
2. Configure the Switch as a DHCP server to dynamically allocate the voice
VLAN, startup configuration file, and IP addresses to IP phones.
Procedure
Step 1 Create VLAN 10 and add GE1/0/1 and GE1/0/2 to VLAN 10.
[Switch] vlan 10
[Switch-vlan10] quit
[Switch-GigabitEthernet1/0/1] port link-type trunk
[Switch-GigabitEthernet1/0/1] port trunk pvid vlan 10
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 10


[Switch-GigabitEthernet1/0/2] port link-type trunk
[Switch-GigabitEthernet1/0/2] port trunk pvid vlan 10
[Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
Step 2 Configure a voice VLAN to increase priority of voice packets.

[Switch-GigabitEthernet1/0/1] voice-vlan 10 enable
[Switch-GigabitEthernet1/0/1] voice-vlan remark-mode vlan
[Switch-GigabitEthernet1/0/2] voice-vlan 10 enable
[Switch-GigabitEthernet1/0/2] voice-vlan remark-mode vlan
# Run the display voice-vlan 10 status command to check whether the

configuration of the voice VLAN is correct.
[Switch] display voice-vlan 10 status
Voice VLAN Configurations:
-----------------------------------------------------------
Voice VLAN ID : 10
Voice VLAN status : Enable
Voice VLAN 8021p remark : 6
Voice VLAN dscp remark : 46
-----------------------------------------------------------
Port Information:
-------------------------------------------------------------------------------------------
Port Add-Mode Security-Mode Legacy PribyVLAN Untag Tag0
-------------------------------------------------------------------------------------------
GigabitEthernet1/0/2 Manual Normal Disable Enable Disable Disable
GigabitEthernet1/0/1 Manual Normal Disable Enable Disable Disable
NOTE
The X series cards do not support the Tag0 field.
Step 3 Configure the Switch as a DHCP server to dynamically allocate the voice VLAN,
startup configuration file, and IP addresses to IP phones.
# Enable DHCP.
# Configure VLANIF 10 to work in interface address pool mode. Configure the

voice VLAN, startup configuration file, and allocatable IP address range in this
address pool.
[Switch-Vlanif10] dhcp server bootfile configuration.ini
[Switch-Vlanif10] dhcp server next-server 10.1.1.3
[Switch-Vlanif10] dhcp server option184 voice-vlan 10
The DHCP server is configured to allocate Option 184, which delivers the VLAN ID
to IP phones so that packets sent by IP phones carry the same VLAN ID as that
configured on the DHCP server. IP phone vendors may define different values for
the Option field. For details about the options, see the usage guide of the IP
phones.
# Run the display ip pool interface vlanif10 command on the Switch to view the
address pool configuration.


Pool-No :0
Next-server : 10.1.1.3
Domain-name : -
Option-code : 184
Option-subcode : --
Option-type : hex
Option-value : 0302000A
DNS-server0 : -
NBNS-server0 : -
Netbios-type : -
Status : Unlocked
Gateway-0 : 10.1.1.1
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Bootfile : configuration.ini
Logging : Disable
-----------------------------------------------------------------------------
Network section
-----------------------------------------------------------------------------
10.20.20.1 10.20.20.254 253 2 251(0) 0 0
-----------------------------------------------------------------------------
----End
Configuration Files
#
sysname Switch
#
vlan batch 10
#
dhcp enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp server next-server 10.1.1.3
dhcp server option184 voice-vlan 10
dhcp server bootfile configuration.ini
#
port link-type trunk
voice-vlan 10 enable
port trunk pvid vlan 10
port trunk allow-pass vlan 10
#
voice-vlan 10 enable
port trunk pvid vlan 10
#
return

3.9.4 Example for Configuring a DHCP Server in a Super-VLAN

In Figure 3-13, an enterprise has two departments that are allocated the same
network segment to conserve IP address resources. Users in departments A and B
belong to different VLANs for higher security and must be able to communicate at
Layer 3. For unified management, a DHCP server must be deployed to dynamically
allocate IP addresses to terminals in the departments.
Figure 3-13 Networking diagram for configuring a DHCP server in a super-VLAN

Switch
GE1/0/1 GE1/0/3
GE1/0/2 GE1/0/4
VLAN2 VLAN3
VLAN4
VLANIF4:10.1.1.12/24
Department A Department B
VLAN 2 VLAN 3
1. Configure sub-VLANs on the Switch to implement Layer 2 isolation between
users in different sub-VLANs. The sub-VLANs are on the same network
segment, which reduces the amount of required IP address resources.
2. Configure proxy ARP on the VLANIF interface of the super-VLAN to implement
Layer 3 communication among sub-VLANs.
3. Configure a DHCP server in the super-VLAN to dynamically allocate IP
addresses to terminals in departments A and B.
Procedure
Step 1 Create VLAN 2, and add GE1/0/1 and GE1/0/2 to VLAN 2. Create VLAN 3, and add
GE1/0/3 and GE1/0/4 to VLAN 3.
[Switch] vlan batch 2 to 4
[Switch] interface GigabitEthernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type access
[Switch-GigabitEthernet1/0/1] port default vlan 2


Step 2 Configure a super-VLAN to implement VLAN aggregation.

# Configure the super-VLAN.
[Switch] vlan 4
[Switch-vlan4] aggregate-vlan
[Switch-vlan4] access-vlan 2 to 3
[Switch-vlan4] quit
# Configure the VLANIF interface.

[Switch-Vlanif4] ip address 10.1.1.12 255.255.255.0
Step 3 Configure proxy ARP.

[Switch-Vlanif4] arp-proxy inter-sub-vlan-proxy enable
Step 4 Configure a DHCP server based on the interface address pool on VLANIF 4 to
dynamically allocate IP addresses to terminals in sub-VLANs.

After the configuration is complete, run the display ip pool interface vlanif4
command on the Switch to view IP address allocation in the address pool. The
Used field displays the number of used IP addresses in the address pool.
Pool-name : Vlanif4
Pool-No :0
Domain-name :-
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Status : Unlocked
Gateway-0 : 10.1.1.12
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
-------------------------------------------------------------------------------
Network section
-------------------------------------------------------------------------------

10.1.1.1 10.1.1.254 253 4 249(0) 0 0

-------------------------------------------------------------------------------
----End
Configuration Files
#
sysname Switch
#
vlan batch 2 to 4
#
dhcp enable
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
#
interface Vlanif4
ip address 10.1.1.12 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
port link-type access
port default vlan 2
#
port default vlan 2
#
port default vlan 3
#
port default vlan 3
#
return
3.9.5 Example for Configuring DHCP Servers on the Same

Network Segment (Based on the Global Address Pool in VRRP
Networking)
In Figure 3-14, a host in an enterprise is dual-homed to SwitchA and SwitchB
through the Switch. SwitchA functions as the master DHCP server to allocate IP
addresses to clients. If the master DHCP server fails, a backup DHCP server must
allocate IP addresses to clients.

Figure 3-14 Networking diagram for configuring DHCP servers on the same
network segment based on the global address pool in VRRP networking
VRRP VRID 1 SwitchA

Virtual IP Address: GE1/0/2
Master DHCP Server
10.1.1.111 VLANIF100
10.1.1.1/24
GE1/0/5
GE1/0/1
GE1/0/3
Switch
DHCP GE1/0/2
Client GE1/0/5
GE1/0/2
VLANIF100
10.1.1.129/24 SwitchB
Backup DHCP Server
1. Configure IP addresses for interfaces connecting SwitchA and SwitchB to
implement network-layer connectivity. Configure the Switch to transparently
transmit Layer 2 packets.
2. Configure a VRRP group on SwitchA and SwitchB. SwitchA has a higher
priority and functions as the master DHCP server to allocate IP addresses to
clients. SwitchB has a lower priority and functions as a backup DHCP server.
3. Create global address pools on SwitchA and SwitchB and set attributes for the
pools.
4. Configure a loop prevention protocol (STP used as an example) on Switch,
SwitchA, and SwitchB
Procedure
Step 1 Configure network-layer connectivity among devices.
# Configure IP addresses for interfaces. The following uses SwitchA as an example.
The configuration of SwitchB is similar. For details, see the configuration file of
SwitchB.
[SwitchA] vlan batch 100


[SwitchA-Vlanif100] ip address 10.1.1.1 24
# Configure Layer 2 transparent transmission on Switch.

[Switch] vlan 100
[Switch-vlan100] quit
Step 2 Create address pools and set attributes for the pools.
# Enable DHCP on SwitchA.
# Create an address pool on SwitchA and specify an IP address range 10.1.1.2 to

10.1.1.128, which is exclusive from the IP address range of the address pool on
SwitchB.
NOTE
Information about the address pool on the master DHCP server cannot be backed up to a
backup DHCP server in real time. To prevent IP address conflicts after a master/backup
switchover, the address pool ranges on the master and backup DHCP servers must be
mutually exclusive.
[SwitchA] ip pool 1
[SwitchA-ip-pool-1] network 10.1.1.0 mask 255.255.255.0
[SwitchA-ip-pool-1] gateway-list 10.1.1.111
[SwitchA-ip-pool-1] excluded-ip-address 10.1.1.1
[SwitchA-ip-pool-1] excluded-ip-address 10.1.1.129 10.1.1.254
[SwitchA-ip-pool-1] lease day 10
[SwitchA-ip-pool-1] quit
# Create an address pool on SwitchB and specify an IP address range 10.1.1.130 to

10.1.1.254, which is exclusive from the IP address range of the address pool on
SwitchA.
[SwitchB] dhcp enable
[SwitchB] ip pool 1
[SwitchB-ip-pool-1] network 10.1.1.0 mask 255.255.255.0
[SwitchB-ip-pool-1] gateway-list 10.1.1.111
[SwitchB-ip-pool-1] excluded-ip-address 10.1.1.1 10.1.1.110
[SwitchB-ip-pool-1] excluded-ip-address 10.1.1.112 10.1.1.129
[SwitchB-ip-pool-1] lease day 10
[SwitchB-ip-pool-1] quit
Step 3 Configure a VRRP group.

# Create VRRP group 1 on SwitchA, set the priority of SwitchA in the VRRP group
to 120, and configure clients to obtain IP addresses from a global address pool.


[SwitchA-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111
[SwitchA-Vlanif100] vrrp vrid 1 priority 120
[SwitchA-Vlanif100] dhcp select global
# Create VRRP group 1 on SwitchB, retain the priority (100 by default) of SwitchB
in the VRRP group, and configure clients to obtain IP addresses from a global
address pool.
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111
[SwitchB-Vlanif100] dhcp select global
[SwitchB-Vlanif100] quit
Step 4 Configure STP to prevent loops.

# Enable STP globally on Switch. The configurations on SwitchA and SwitchB are
similar. For details, see the configuration files of SwitchA and SwitchB.
[Switch] stp enable
# Disable STP on GE1/0/3 of Switch, and set the path cost of GE1/0/1 to 20000.
[Switch-GigabitEthernet1/0/3] stp disable
[Switch-GigabitEthernet1/0/1] stp cost 20000

# Run the display vrrp command on SwitchA and SwitchB. The command output
shows that SwitchA is the master and SwitchB is the backup in the VRRP group.
[SwitchA] display vrrp
Vlanif100 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
[SwitchB] display vrrp
State : Backup
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES

Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
# Run the display ip pool command on SwitchA and SwitchB. The command
output shows that SwitchA has successfully allocated an IP address to the client.
[SwitchA] display ip pool
-------------------------------------------------------------------------------
Pool-name :1
Pool-No :0
Position : Local
Status : Unlocked
Gateway-0 : 10.1.1.111
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
IP address Statistic
Total :253
Used :1 Idle :125
Expired :0 Conflict :0 Disabled :127
[SwitchB] display ip pool
-------------------------------------------------------------------------------
Pool-name :1
Pool-No :0
Position : Local
Status : Unlocked
Gateway-0 : 10.1.1.111
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Total :253
Used :0 Idle :125
# Run the shutdown command on GE1/0/2 and GE1/0/5 of SwitchA to simulate a

fault.
[SwitchA-GigabitEthernet1/0/2] shutdown
[SwitchA-GigabitEthernet1/0/5] shutdown
# Run the display vrrp command on SwitchB to view the VRRP status. The
command output shows that SwitchB becomes the master.
[SwitchB] display vrrp
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.129
PriorityRun : 100

TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
# Run the display ip pool command on SwitchB to view the address pool
configuration.
[SwitchB] display ip pool
-----------------------------------------------------------------------------
Pool-name :1
Pool-No :0
Position : Local
Status : Unlocked
Gateway-0 : 10.1.1.111
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Total :253
Used :1 Idle :124
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
vlan batch 100
#
dhcp enable
#
ip pool 1
network 10.1.1.0 mask 255.255.255.0
excluded-ip-address 10.1.1.1
lease day 10 hour 0 minute 0
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.111
vrrp vrid 1 priority 120
dhcp select global
#
#


#
return
● SwitchB configuration file

#
sysname SwitchB
#
vlan batch 100
#
dhcp enable
#
ip pool 1
network 10.1.1.0 mask 255.255.255.0
lease day 10 hour 0 minute 0
#
interface Vlanif100
ip address 10.1.1.129 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.111
dhcp select global
#
#
#
return
● Switch configuration file

#
sysname Switch
#
vlan batch 100
#
stp instance 0 cost 20000
#
#
port default vlan 100
stp disable
#
return

3.9.6 Example for Configuring a DHCP Relay Agent (DHCP

Relay Agent and DHCP Server on the Same Network)
In Figure 3-15, SwitchB functions as a DHCP server and resides on a different
network segment from DHCP clients. In this networking example, the enterprise
wants the DHCP server to dynamically allocate IP addresses to its clients.
Figure 3-15 Networking diagram for configuring a device as a DHCP relay agent
Internet
SwitchB
DHCP Server
GE1/0/1
VLANIF200
10.10.20.2/24
GE1/0/1
VLANIF200
10.10.20.1/24
SwitchA
DHCP Relay Agent
GE1/0/2
VLANIF100
10.20.20.1/24
DHCP Client DHCP Client

VLAN 100
Configure SwitchA as a DHCP relay agent to forward DHCP messages between the
DHCP server and clients.
Procedure
Step 1 Configure DHCP relay on SwitchA.

# Add interfaces to VLANs.

[SwitchA] vlan batch 100 200
# Enable the DHCP relay function on VLANIF 100.

[SwitchA-Vlanif100] dhcp select relay
[SwitchA-Vlanif100] dhcp relay server-ip 10.10.20.2
Step 2 Configure a default route on SwitchA.

[SwitchA] ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
Step 3 Configure SwitchB as the DHCP server based on the global address pool.
# Enable DHCP.
[HUAWEI] sysname SwitchB
# Configure VLANIF 200 to work in global address pool mode.

[SwitchB] vlan 200
[SwitchB-vlan200] quit
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type hybrid
[SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 200
[SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 200
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB-Vlanif200] ip address 10.10.20.2 24
# Create an address pool and set attributes for the address pool.
[SwitchB] ip pool pool1
[SwitchB-ip-pool-pool1] network 10.20.20.0 mask 24
[SwitchB-ip-pool-pool1] gateway-list 10.20.20.1
[SwitchB-ip-pool-pool1] option121 ip-address 10.10.20.0 24 10.20.20.1
[SwitchB-ip-pool-pool1] quit
Step 4 Configure a static route on SwitchB.

[SwitchB] ip route-static 10.20.20.0 255.255.255.0 10.10.20.1

# On SwitchA, run the display dhcp relay interface vlanif 100 command to view
the configuration of the DHCP relay agent.

[SwitchA] display dhcp relay interface vlanif 100

DHCP relay agent running information of interface Vlanif100 :
Server IP address [00] : 10.10.20.2
Gateway address in use : 10.20.20.1
# On SwitchB, run the display ip pool name pool1 command to view IP address
allocation in the address pool. The Used field displays the number of used IP
addresses in the address pool.
[SwitchB] display ip pool name pool1
Pool-name : pool1
Pool-No :0
Domain-name :-
Option-code : 121
Option-subcode : --
Option-type : hex
Option-value : 18640A1414141401
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Position : Local
Status : Unlocked
Gateway-0 : 10.20.20.1
Network : 10.20.20.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
-------------------------------------------------------------------------------
Network section
-------------------------------------------------------------------------------
10.20.20.1 10.20.20.254 253 2 251(0) 0 0
-------------------------------------------------------------------------------
----End
Configuration Files
#
sysname SwitchA
#
vlan batch 100 200
#
dhcp enable
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.10.20.2
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
#


#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
return

#
sysname SwitchB
#
vlan batch 200
#
dhcp enable
#
ip pool pool1
network 10.20.20.0 mask 255.255.255.0
option121 ip-address 10.10.20.0 24 10.20.20.1
#
interface Vlanif200
ip address 10.10.20.2 255.255.255.0
dhcp select global
#
#
ip route-static 10.20.20.0 255.255.255.0 10.10.20.1
#
return
3.9.7 Example for Configuring a Device as a DHCP Relay Agent

(Connected to a DHCP Server over a BGP/MPLS IP VPN
Tunnel)
In Figure 3-16, branch 1 and branch 2 of an enterprise are connected to the
headquarters through BGP/MPLS IP VPN tunnels to implement secure
interconnection. CE_1 and CE_2 are the egress gateways of branch 1 and branch 2,
respectively. For service isolation, branch 1 and branch 2 are deployed in vpna and
vpnb, respectively. The enterprise administrator deploys a DHCP server in the
headquarters and a multi-VPN-instance customer edge (MCE) as the headquarters
egress gateway so that the DHCP server can allocate IP addresses on 10.1.1.0/24
to terminals in branch1 and branch 2.

Figure 3-16 Networking diagram for configuring a device as a DHCP relay agent
DHCP Client
10.1.1.0/24
Branch 1
vpna
GE1/0/1
CE_1
DHCP Relay Agent Loopback0
GE1/0/2 10.20.20.9/32 MCE
GE2/0/0 DHCP Server
Loopback0 GE3/0/0 GE2/0/0 GE1/0/0
10.10.10.9/32 GE1/0/1
GE1/0/0 PE_1 PE_2
GE1/0/2
CE_2
DHCP Relay Agent
GE1/0/1
Branch 2
vpnb
DHCP Client
10.1.1.0/24
1. Configure Open Shortest Path First (OSPF) between PE_1 and PE_2 to
implement interworking between them and configure MP-IBGP to exchange
VPN routing information.
2. Configure basic MPLS capabilities and MPLS LDP on PE_1 and PE_2 to set up
an LDP LSP.
3. Create VPN instances vpna and vpnb on the MCE, PE_1, and PE_2 to isolate
services.
4. Set up EBGP peer relationships between PE_1 and its connected CEs and
import BGP routes to the VPN routing table of PE1.
5. Configure the MCE as a DHCP server to allocate IP addresses from the global
address pool to terminals in branch 1 and branch 2.
6. Configure the DHCP relay function on CE_1 and CE_2 to forward DHCP
messages between the DHCP server and terminals so that the terminals can
apply to the DHCP server for IP addresses.

7. Configure the terminals to dynamically obtain IP addresses from the DHCP

server.
This example uses Huawei AR series routers running V200R005C20 as PE_1 and
PE_2, and a Huawei S series switch as the MCE.
Procedure
Step 1 Create VLANs, add interfaces to the VLANs, and configure IP addresses for the
VLANIF interfaces.
# Configure CE_1.
[HUAWEI] sysname CE_1
[CE_1] vlan batch 10 20
[CE_1] interface gigabitethernet 1/0/1
[CE_1-GigabitEthernet1/0/1] port link-type hybrid
[CE_1-GigabitEthernet1/0/1] port hybrid pvid vlan 10
[CE_1-GigabitEthernet1/0/1] port hybrid untagged vlan 10
[CE_1-GigabitEthernet1/0/1] quit
[CE_1] interface vlanif 10
[CE_1-Vlanif10] ip address 10.1.1.1 24
[CE_1-Vlanif10] quit
# Configure CE_2.
[HUAWEI] sysname CE_2
[CE_2] vlan batch 10 20
# Configure PE_1.
[HUAWEI] sysname PE_1
[PE_1] interface loopback 0
[PE_1-LoopBack0] ip address 10.10.10.9 32
[PE_1-LoopBack0] quit
[PE_1] interface gigabitethernet 3/0/0
[PE_1-GigabitEthernet3/0/0] ip address 10.1.3.1 24
[PE_1-GigabitEthernet3/0/0] quit
# Configure PE_2.

[HUAWEI] sysname PE_2
[PE_2] interface loopback 0
[PE_2-LoopBack0] ip address 10.20.20.9 32
[PE_2-LoopBack0] quit
Step 2 Configure OSPF routes between PE_1 and PE_2.

# Configure PE_1.
[PE_1] ospf 1
[PE_1-ospf-1] area 0
[PE_1-ospf-1-area-0.0.0.0] network 10.10.10.9 0.0.0.0
[PE_1-ospf-1-area-0.0.0.0] quit
[PE_1-ospf-1] quit
# Configure PE_2.
[PE_2] ospf 1
[PE_2-ospf-1] quit
# After the configuration is complete, PE_1 and PE_2 set up the OSPF neighbor
relationship. Run the display ip routing-table command on PE_1 and PE_2 to
view the routes to each other.
Step 3 Configure basic MPLS capabilities and MPLS LDP on PE_1 and PE_2 to set up an
LDP LSP.
# Configure PE_1.
[PE_1] mpls lsr-id 10.10.10.9
[PE_1] mpls
[PE_1-mpls] quit
[PE_1] mpls ldp
[PE_1-mpls-ldp] quit
[PE_1-GigabitEthernet3/0/0] mpls
[PE_1-GigabitEthernet3/0/0] mpls ldp
# Configure PE_2.
[PE_2] mpls lsr-id 10.20.20.9
[PE_2] mpls
[PE_2-mpls] quit
[PE_2] mpls ldp
[PE_2-mpls-ldp] quit
[PE_2-GigabitEthernet2/0/0] mpls
[PE_2-GigabitEthernet2/0/0] mpls ldp
# After the configuration is complete, PE_1 and PE_2 set up an LDP session. Run
the display mpls ldp session command on PE_1 and PE_2. The command output
shows that the Status field is Operational. Run the display mpls ldp lsp
command. Information about the established LDP LSP is displayed.
Step 4 Configure VPN instances on the MCE, PE_1, and PE_2.
# Configure PE_1.

[PE_1] ip vpn-instance vpna

[PE_1-vpn-instance-vpna] ipv4-family
[PE_1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[PE_1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE_1-vpn-instance-vpna-af-ipv4] quit
[PE_1-vpn-instance-vpna] quit
[PE_1] ip vpn-instance vpnb
[PE_1-vpn-instance-vpnb] ipv4-family
[PE_1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
[PE_1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE_1-vpn-instance-vpnb-af-ipv4] quit
[PE_1-vpn-instance-vpnb] quit
[PE_1-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[PE_1-GigabitEthernet1/0/0] ip binding vpn-instance vpnb
# Configure PE_2.
[PE_2] ip vpn-instance vpna
[PE_2-vpn-instance-vpna] ipv4-family
[PE_2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[PE_2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE_2-vpn-instance-vpna-af-ipv4] quit
[PE_2-vpn-instance-vpna] quit
[PE_2] ip vpn-instance vpnb
[PE_2-vpn-instance-vpnb] ipv4-family
[PE_2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2
[PE_2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE_2-vpn-instance-vpnb-af-ipv4] quit
[PE_2-vpn-instance-vpnb] quit
[PE_2] interface gigabitethernet 1/0/0.1
[PE_2-GigabitEthernet1/0/0.1] dot1q termination vid 10
[PE_2-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna
[PE_2-GigabitEthernet1/0/0.1] ip address 10.1.4.2 24
[PE_2-GigabitEthernet1/0/0.1] arp broadcast enable
[PE_2-GigabitEthernet1/0/0.1] quit
[PE_2] interface gigabitethernet 1/0/0.2
[PE_2-GigabitEthernet1/0/0.2] dot1q termination vid 20
[PE_2-GigabitEthernet1/0/0.2] ip binding vpn-instance vpnb
[PE_2-GigabitEthernet1/0/0.2] ip address 10.1.5.2 24
[PE_2-GigabitEthernet1/0/0.2] arp broadcast enable
[PE_2-GigabitEthernet1/0/0.2] quit
# Configure the MCE.

[HUAWEI] sysname MCE
[MCE] ip vpn-instance vpna
[MCE-vpn-instance-vpna] ipv4-family
[MCE-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[MCE-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[MCE-vpn-instance-vpna-af-ipv4] quit
[MCE-vpn-instance-vpna] quit
[MCE] ip vpn-instance vpnb
[MCE-vpn-instance-vpnb] ipv4-family
[MCE-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2
[MCE-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[MCE-vpn-instance-vpnb-af-ipv4] quit
[MCE-vpn-instance-vpnb] quit
[MCE] interface GigabitEthernet 1/0/1
[MCE-GigabitEthernet1/0/1] undo portswitch
[MCE-GigabitEthernet1/0/1] quit
[MCE] interface gigabitethernet 1/0/1.1
[MCE-GigabitEthernet1/0/1.1] ip binding vpn-instance vpna
[MCE-GigabitEthernet1/0/1.1] dot1q termination vid 10

[MCE-GigabitEthernet1/0/1.1] ip address 10.1.4.1 24

[MCE-GigabitEthernet1/0/1.1] arp broadcast enable
[MCE-GigabitEthernet1/0/1.1] quit
[MCE-GigabitEthernet1/0/1.2] ip binding vpn-instance vpnb
[MCE-GigabitEthernet1/0/1.2] dot1q termination vid 20
[MCE-GigabitEthernet1/0/1.2] ip address 10.1.5.1 24
[MCE-GigabitEthernet1/0/1.2] arp broadcast enable
Step 5 Set up an MP-IBGP peer relationship between PE_1 and PE_2.
# Configure PE_1.
[PE_1] bgp 100
[PE_1-bgp] peer 10.20.20.9 as-number 100
[PE_1-bgp] peer 10.20.20.9 connect-interface loopback0
[PE_1-bgp] ipv4-family vpnv4
[PE_1-bgp-af-vpnv4] peer 10.20.20.9 enable
[PE_1-bgp-af-vpnv4] quit
[PE_1-bgp] ipv4-family vpn-instance vpna
[PE_1-bgp-vpna] import-route direct
[PE_1-bgp-vpna] quit
[PE_1-bgp] ipv4-family vpn-instance vpnb
[PE_1-bgp-vpnb] import-route direct
[PE_1-bgp-vpnb] quit
[PE_1-bgp] quit
# Configure PE_2.
[PE_2] bgp 100
[PE_2-bgp] peer 10.10.10.9 as-number 100
[PE_2-bgp] peer 10.10.10.9 connect-interface loopback0
[PE_2-bgp] ipv4-family vpnv4
[PE_2-bgp-af-vpnv4] peer 10.10.10.9 enable
[PE_2-bgp-af-vpnv4] quit
[PE_2-bgp] quit
# After the configuration is complete, run the display bgp peer command on
PE_1 and PE_2. The command output shows that an MP-IBGP peer relationship
has been set up between PEs and the relationship is in Established state.
Step 6 Configure EBGP peer relationships between CE_1 and PE_1 and between CE_2 and
PE_2.
# Configure CE_1.
[CE_1] bgp 65410
[CE_1-bgp] peer 10.1.2.2 as-number 100
[CE_1-bgp] ipv4-family unicast
[CE_1-bgp-af-ipv4] undo synchronization
[CE_1-bgp-af-ipv4] import-route direct
# Configure CE_2.
[CE_2] bgp 65411
[CE_2-bgp] peer 10.1.2.2 as-number 100
[CE_2-bgp] ipv4-family unicast
[CE_2-bgp-af-ipv4] undo synchronization
[CE_2-bgp-af-ipv4] import-route direct
# Configure PE_1.

[PE_1] bgp 100

[PE_1-bgp-vpna] peer 10.1.2.1 as-number 65410
[PE_1-bgp-vpnb] peer 10.1.2.1 as-number 65411
[PE_1-bgp] quit
Step 7 Configure OSPF multi-instance between the MCE and PE_2.
# Configure PE_2.
To configure OSPF multi-instance between the MCE and PE2, perform the
following tasks on PE_2:
● In the OSPF view, import BGP routes and advertise VPN routes of PE_1 to the
MCE.
● In the BGP view, import routes of the OSPF processes and advertise the VPN
routes of the MCE to PE_1.
[PE_2] ospf 100 vpn-instance vpna
[PE_2-ospf-100] import-route bgp
[PE_2-ospf-100] quit
[PE_2] ospf 200 vpn-instance vpnb
[PE_2-ospf-200] import-route bgp
[PE_2-ospf-200] quit
[PE_2] bgp 100
[PE_2-bgp-vpna] import-route ospf 100
[PE_2-bgp-vpnb] import-route ospf 200
[PE_2-bgp] quit
# Configure the MCE.
Import VPN routes to the OSPF processes.

[MCE] ospf 100 vpn-instance vpna
[MCE-ospf-100] vpn-instance-capability simple
[MCE-ospf-100] area 0
[MCE-ospf-100-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[MCE-ospf-100-area-0.0.0.0] quit
[MCE-ospf-100] quit
[MCE] ospf 200 vpn-instance vpnb
[MCE-ospf-200] vpn-instance-capability simple
[MCE-ospf-200] area 0
[MCE-ospf-200-area-0.0.0.0] network 10.1.5.0 0.0.0.255
[MCE-ospf-200-area-0.0.0.0] quit
[MCE-ospf-200] quit
# After the configuration is complete, run the display ip routing-table vpn-

instance command on the MCE to view the routes to the remote CEs.
# Run the display ip routing-table vpn-instance command on PE_1 to view the

routes to the remote CEs.

Step 8 Configure the MCE as the DHCP server.
# Enable DHCP.
[MCE] dhcp enable
# Create global address pools pool1 and pool2 to allocate IP addresses to

terminals in branch 1 and branch 2.
[MCE] ip pool pool1
[MCE-ip-pool-pool1] network 10.1.1.0 mask 255.255.255.0
[MCE-ip-pool-pool1] vpn-instance vpna
[MCE-ip-pool-pool1] gateway-list 10.1.1.1
[MCE-ip-pool-pool1] quit
[MCE] ip pool pool2
[MCE-ip-pool-pool2] network 10.1.1.0 mask 255.255.255.0
[MCE-ip-pool-pool2] vpn-instance vpnb
[MCE-ip-pool-pool2] gateway-list 10.1.1.1
[MCE-ip-pool-pool2] quit
# Configure clients to obtain IP addresses from the global address pools.

[MCE-GigabitEthernet1/0/1.1] dhcp select global
[MCE-GigabitEthernet1/0/1.2] dhcp select global
Step 9 Configure CE_1 and CE_2 as the DHCP relay agents.
# Configure CE_1.
[CE_1] dhcp enable
[CE_1-Vlanif10] dhcp select relay
[CE_1-Vlanif10] dhcp relay server-ip 10.1.4.1
# Configure CE_2.
[CE_2] dhcp enable
[CE_2-Vlanif10] dhcp select relay
[CE_2-Vlanif10] dhcp relay server-ip 10.1.5.1

# Run the display ip pool name command on the MCE to view IP address
allocation in the address pools. The command output for pool1 is used as an
example.
[MCE] display ip pool name pool1
Pool-name : pool1
Pool-No :0
Domain-name : -
DNS-server0 : -
NBNS-server0 : -
Netbios-type : -
Position : Local Status : Unlocked
Gateway-0 : 10.1.1.1
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : vpna
-----------------------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict Disable
-----------------------------------------------------------------------------

10.1.1.1 10.1.1.254 253 1 252(0) 0 0

-----------------------------------------------------------------------------
----End
Configuration Files
● PE_1 configuration file
#
sysname PE_1
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
#
mpls lsr-id 10.10.10.9
mpls
#
mpls ldp
#
ip address 10.1.3.1 255.255.255.0
mpls
mpls ldp
#
ip binding vpn-instance vpnb
ip address 10.1.2.2 255.255.255.0
#
ip binding vpn-instance vpna
ip address 10.1.2.2 255.255.255.0
#
interface LoopBack0
ip address 10.10.10.9 255.255.255.255
#
bgp 100
peer 10.20.20.9 as-number 100
peer 10.20.20.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 10.20.20.9 enable
#
ipv4-family vpnv4
policy vpn-target
#
ipv4-family vpn-instance vpna
import-route direct
#
ipv4-family vpn-instance vpnb
import-route direct
#
ospf 1
area 0.0.0.0
network 10.10.10.9 0.0.0.0
network 10.1.3.0 0.0.0.255

#
return
● PE_2 configuration file
#
sysname PE_2
#
ipv4-family
#
ipv4-family
#
mpls lsr-id 10.20.20.9
mpls
#
mpls ldp
#
ip address 10.1.3.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0.1
dot1q termination vid 10
ip address 10.1.4.2 255.255.255.0
arp broadcast enable
#
ip address 10.1.5.2 255.255.255.0
#
interface LoopBack0
ip address 10.20.20.9 255.255.255.255
#
bgp 100
peer 10.10.10.9 connect-interface LoopBack0
#
ipv4-family unicast
#
ipv4-family vpnv4
policy vpn-target
#
ipv4-family vpn-instance vpna
import-route ospf 100
#
ipv4-family vpn-instance vpnb
import-route ospf 200
#
ospf 1
area 0.0.0.0
network 10.20.20.9 0.0.0.0
network 10.1.3.0 0.0.0.255
#
ospf 100 vpn-instance vpna
import-route bgp
area 0.0.0.0

network 10.1.4.0 0.0.0.255

#
ospf 200 vpn-instance vpnb
import-route bgp
area 0.0.0.0
network 10.1.5.0 0.0.0.255
#
return
● CE_1 configuration file
#
sysname CE_1
#
vlan batch 10 20
#
dhcp enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select relay
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
#
#
bgp 65410
#
ipv4-family unicast
import-route direct
#
return
● CE_2 configuration file
#
sysname CE_2
#
vlan batch 10 20
#
dhcp enable
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select relay
#
interface Vlanif20
ip address 10.1.2.1 255.255.255.0
#
#

#
bgp 65411
#
ipv4-family unicast
import-route direct
#
return
● MCE configuration file

#
sysname MCE
#
dhcp enable
#
ipv4-family
#
ipv4-family
#
ip pool pool1
vpn-instance vpna
network 10.1.1.0 mask 255.255.255.0
#
ip pool pool2
vpn-instance vpnb
network 10.1.1.0 mask 255.255.255.0
#
undo portswitch
#
ip address 10.1.4.1 255.255.255.0
dhcp select global
#
ip address 10.1.5.1 255.255.255.0
dhcp select global
#
ospf 100 vpn-instance vpna
vpn-instance-capability simple
area 0.0.0.0
network 10.1.4.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
vpn-instance-capability simple
area 0.0.0.0
network 10.1.5.0 0.0.0.255
#
return

3.9.8 Example for Configuring a DHCP Relay Agent

(Connected to a DHCP Server over a GRE Tunnel)
In Figure 3-17, an enterprise deploys its headquarters and branch in different
areas. To enable the headquarters and branch to communicate through the
Internet, a Generic Routing Encapsulation (GRE) tunnel needs to be deployed. To
facilitate unified management, a DHCP server needs to be configured on Switch_1
in the headquarters to assign IP addresses to the terminals in the headquarters
and branch. The network segments 10.1.1.0/24 and 10.2.1.0/24 are planned for the
headquarters and branch, respectively.
Figure 3-17 Networking diagram for configuring a DHCP server to allocate IP

addresses to clients through a GRE tunnel
Switch_2
GE1/0/0 GE2/0/0
VLANIF10 VLANIF20
192.168.20.2/24 192.168.30.1/24
GE1/0/0 GE1/0/0
VLANIF10 VLANIF20
192.168.20.1/24 Tunnel Tunnel 192.168.30.2/24
192.168.40.1/24 192.168.40.2/24 Switch_3
Switch_1
GRE Tunnel DHCP Relay Agent
DHCP Server
GE2/0/0 GE2/0/0
VLANIF30 10.1.1.1/24 VLANIF30 10.2.1.1/24
LSW_1 LSW_2
DHCP Clients DHCP Clients

Headquarters Branch
1. Run OSPF between Switch_1, Switch_2, and Switch_3 to ensure their
reachability.
2. On Switch_1 and Switch_3, configure tunnel interfaces and create a GRE
tunnel.
3. Configure Switch_1 as a DHCP server based on a global address pool so that
the DHCP server can assign IP addresses from the global address pool to the
terminals in the headquarters and branch.
4. Configure Switch_3 as a DHCP relay and to function as the branch's gateway
to forward DHCP messages between the terminals and DHCP server.
Huawei S series switch functions as a DHCP server (Switch_1) in this example.

Configure the interface link types and VLANs on LSW_1 and LSW_2 to implement
Layer 2 communication.
Procedure
Step 1 Configure an IP address for each physical interface on Switch_1 through Switch_3.
# Configure Switch_1.
[HUAWEI] sysname Switch_1
[Switch_1] vlan batch 10 30
[Switch_1] interface gigabitethernet 1/0/0
[Switch_1-GigabitEthernet1/0/0] port link-type trunk
[Switch_1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[Switch_1-GigabitEthernet1/0/0] quit
[Switch_1] interface vlanif 10
[Switch_1-Vlanif10] ip address 192.168.20.1 24
[Switch_1-Vlanif10] quit

Step 2 Run OSPF between Switch_1, Switch_2, and Switch_3.

[Switch_1] ospf 1
[Switch_1-ospf-1] area 0
[Switch_1-ospf-1-area-0.0.0.0] network 192.168.20.0 0.0.0.255
[Switch_1-ospf-1-area-0.0.0.0] quit
[Switch_1-ospf-1] quit
[Switch_2] ospf 1
[Switch_3] ospf 1
Step 3 Configure tunnel interfaces.

[Switch_1] interface tunnel 1
[Switch_1-Tunnel1] tunnel-protocol gre
[Switch_1-Tunnel1] ip address 192.168.40.1 24
[Switch_1-Tunnel1] source 192.168.20.1
[Switch_1-Tunnel1] destination 192.168.30.2
[Switch_1-Tunnel1] quit
[Switch_3] interface tunnel 1
[Switch_3-Tunnel1] tunnel-protocol gre
[Switch_3-Tunnel1] ip address 192.168.40.2 24
[Switch_3-Tunnel1] source 192.168.30.2
[Switch_3-Tunnel1] destination 192.168.20.1
[Switch_3-Tunnel1] quit
Step 4 Configure Switch_1 as a DHCP server.

# Enable DHCP. By default, the service is disabled.
[Switch_1] dhcp enable
# Create a global address pool and configure related parameters.

[Switch_1] ip pool pool1
[Switch_1-ip-pool-pool1] network 10.2.1.0 mask 255.255.255.0
[Switch_1-ip-pool-pool1] gateway-list 10.2.1.1
[Switch_1-ip-pool-pool1] quit
[Switch_1-ip-pool-pool2] network 10.1.1.0 mask 255.255.255.0
# Configure the terminals connected to VLANIF30 to obtain IP addresses from the

global address pool.
[Switch_1-Vlanif30] dhcp select global

# Configure a static route to the network segment of the terminals in the branch.
[Switch_1] ip route-static 10.2.1.0 255.255.255.0 tunnel 1
Step 5 Configure the DHCP relay function on Switch_3.

# Enable DHCP. By default, the service is disabled.
# Configure the DHCP relay function on VLANIF 30 and specifies the DHCP server
address for the relay.
[Switch_3-Vlanif30] dhcp select relay
[Switch_3-Vlanif30] dhcp relay server-ip 10.1.1.1
# Configure a static route to the network segment of the server.

[Switch_3] ip route-static 10.1.1.0 255.255.255.0 tunnel 1
Step 6 Configure each terminal (using a PC running Windows 7 as an example) to

automatically obtain an IP address.
# Right-click Network and choose Properties to display the Network and
Sharing Center window.
# Click Local Area Connection to display the Local Area Connection Status
window.
# Click Properties to display the Local Area Connection Properties window.
# Select Internet Protocol Version 4 (TCP/IPv4) and click Properties to display
the Internet Protocol Version 4 (TCP/IPv4) Properties window.
# Select Obtain an IP address automatically and click OK.
# Run the display dhcp relay interface vlanif 30 command on Switch_3 to check
the DHCP relay configuration.
[Switch_3] display dhcp relay interface vlanif 30
DHCP relay agent running information of interface Vlanif30 :
Server IP address [00] : 10.1.1.1
Gateway address in use : 10.2.1.1
# Run the display ip pool command on Switch_1 to check the IP address
allocation of pool1 and pool2. The headquarters in this example has 100
terminals while the branch has 50.
[Switch_1] display ip pool name pool1
Pool-name : pool1
Pool-No :0
Domain-name :-
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Position : Local
Status : Unlocked
Gateway-0 : 10.2.1.1
Network : 10.2.1.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable

-------------------------------------------------------------------------------
Network section
-------------------------------------------------------------------------------
10.2.1.1 10.2.1.254 253 50 203(0) 0 0
-------------------------------------------------------------------------------
Pool-name : pool2
Pool-No :1
Domain-name :-
DNS-server0 :-
NBNS-server0 :-
Netbios-type :-
Position : Local
Status : Unlocked
Gateway-0 : 10.1.1.1
Network : 10.1.1.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
-------------------------------------------------------------------------------
Network section
-------------------------------------------------------------------------------
10.1.1.1 10.1.1.254 253 100 153(0) 0 0
-------------------------------------------------------------------------------
----End
Configuration Files
● Switch_1 configuration file
#
sysname Switch_1
#
vlan batch 10 30
#
dhcp enable
#
ip pool pool1
network 10.2.1.0 mask 255.255.255.0
#
ip pool pool2
network 10.1.1.0 mask 255.255.255.0
#
interface Vlanif10
ip address 192.168.20.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.1.1 255.255.255.0
dhcp select global
#
#

#
interface Tunnel1
ip address 192.168.40.1 255.255.255.0
tunnel-protocol gre
source 192.168.20.1
destination 192.168.30.2
#
ospf 1
area 0.0.0.0
network 192.168.20.0 0.0.0.255
#
ip route-static 10.2.1.0 255.255.255.0 Tunnel1
#
return
#
sysname Switch_2
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.20.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.30.1 255.255.255.0
#
#
#
ospf 1
area 0.0.0.0
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
#
return
#
sysname Switch_3
#
vlan batch 20 30
#
dhcp enable
#
interface Vlanif20
ip address 192.168.30.2 255.255.255.0
#
interface Vlanif30
ip address 10.2.1.1 255.255.255.0
dhcp select relay
#
#
#
interface Tunnel1
ip address 192.168.40.2 255.255.255.0
tunnel-protocol gre
source 192.168.30.2

destination 192.168.20.1
#
ospf 1
area 0.0.0.0
network 192.168.30.0 0.0.0.255
#
ip route-static 10.1.1.0 255.255.255.0 Tunnel1
#
return
3.9.9 Example for Configuring a DHCP Client

In Figure 3-18, Switch_1 functions as a DHCP client and needs to dynamically
obtain an IP address, DNS server address, and gateway address from a DHCP
server (Switch_2).
Figure 3-18 Networking diagram for configuring a DHCP client

Gateway
192.168.1.126/24
DNS Server Switch_2
192.168.1.2/24 DHCP Server
GE1/0/1
VLANIF10
192.168.1.1/24
GE1/0/1
VLANIF10
Switch_1
DHCP Client
1. Configure Switch_1 as a DHCP client to dynamically obtain an IP address from
the DHCP server.
2. Configure Switch_2 as a DHCP server to dynamically allocate network
parameters including IP addresses to Switch_1.
Procedure
Step 1 Configure Switch_1 as a DHCP client.
# Create VLAN 10 and add GE1/0/1 to VLAN 10.

[Switch_1] vlan 10
[Switch_1-vlan10] quit
# Enable the DHCP client function on VLANIF 10.

[Switch_1-Vlanif10] ip address dhcp-alloc
Step 2 Create a global address pool on Switch_2 and set attributes for the pool.
1. Enable DHCP.
2. Create VLAN 10 and add GE1/0/1 to VLAN 10.

[Switch_2] vlan 10
[Switch_2-vlan10] quit
3. Configure VLANIF 10 to work in global address pool mode.

[Switch_2-Vlanif10] dhcp select global
4. Create an address pool and set attributes for the pool.

[Switch_2-ip-pool-pool1] network 192.168.1.0 mask 24
[Switch_2-ip-pool-pool1] dns-list 192.168.1.2
[Switch_2-ip-pool-pool1] excluded-ip-address 192.168.1.2

# Run the display this command on VLANIF 10 of Switch_1 to view the DHCP
client configuration.
[Switch_1-Vlanif10] display this
#
interface Vlanif10
#
return
# After VLANIF 10 obtains an IP address, run the display dhcp client command
on Switch_1 to view the status of the DHCP client on VLANIF 10.
[Switch_1] display dhcp client
DHCP client lease information on interface Vlanif10 :
Current machine state : Bound
Internet address assigned via : DHCP
Physical address : 0025-9efb-be55
IP address : 192.168.1.254
Subnet mask : 255.255.255.0
Gateway ip address : 192.168.1.126
DHCP server : 192.168.1.1
Lease obtained at : 2014-09-10 20:30:39
Lease expires at : 2014-09-11 20:30:39

Lease renews at : 2014-09-11 08:30:39

Lease rebinds at : 2014-09-11 17:30:39
DNS : 192.168.1.2
# On Switch_2, run the display ip pool name pool1 command to view IP address
allocation in the address pool. The Used field displays the number of used IP
addresses in the address pool.
Pool-name : pool1
Pool-No :0
Domain-name :-
DNS-server0 : 192.168.1.2
NBNS-server0 :-
Netbios-type :-
Position : Local
Status : Unlocked
Gateway-0 : 192.168.1.126
Network : 192.168.1.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
-------------------------------------------------------------------------------
Network section
-------------------------------------------------------------------------------
192.168.1.1 192.168.1.254 253 1 251(0) 0 1
-------------------------------------------------------------------------------
----End
Configuration Files
#
sysname Switch_1
#
vlan batch 10
#
interface Vlanif10
#
#
return
#
sysname Switch_2
#
vlan batch 10
#
dhcp enable
#
ip pool pool1
network 192.168.1.0 mask 255.255.255.0
excluded-ip-address 192.168.1.2
dns-list 192.168.1.2
#

interface Vlanif10
ip address 192.168.1.1 255.255.255.0
dhcp select global
#
#
return
3.9.10 Example for Configuring a BOOTP Client

In Figure 3-19, SwitchA functions as a BOOTP client and needs to dynamically
obtain an IP address, DNS server address, and gateway address from a DHCP
server (SwitchB).
Figure 3-19 Networking diagram for configuring a BOOTP client

DNS Server Gateway
192.168.1.2/24 192.168.1.126/24
GE1/0/1
VLANIF10 GE1/0/1
192.168.1.1/24 VLANIF10
SwitchB SwitchA
DHCP Server BOOTP Client
1. Configure SwitchA as a BOOTP client to dynamically obtain an IP address
from the DHCP server.
2. Create a global address pool on SwitchB and set corresponding attributes.
Procedure
Step 1 Configure the BOOTP client function on SwitchA.
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 10

# Enable the BOOTP client function on VLANIF 10.

[SwitchA-Vlanif10] ip address bootp-alloc
Step 2 Create a global address pool on SwitchB and set corresponding attributes.
# Enable DHCP.
[HUAWEI] sysname SwitchB
[SwitchB] dhcp server bootp
[SwitchB] dhcp server bootp automatic

[SwitchB] vlan 10
[SwitchB-vlan10] quit
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet1/0/1] quit
# Configure VLANIF 10 to work in global address pool mode.

[SwitchB-Vlanif10] ip address 192.168.1.1 24
# Create an address pool and set corresponding attributes.

[SwitchB] ip pool pool1
[SwitchB-ip-pool-pool1] network 192.168.1.0 mask 24
[SwitchB-ip-pool-pool1] gateway-list 192.168.1.126
[SwitchB-ip-pool-pool1] dns-list 192.168.1.2
[SwitchB-ip-pool-pool1] excluded-ip-address 192.168.1.2
[SwitchB-ip-pool-pool1] quit

# On interface VLANIF 10, run the display this command to view the BOOTP
client configuration.
[SwitchA-Vlanif10] display this
#
interface Vlanif10
#
return
# After VLANIF 10 obtains an IP address, run the display dhcp client command
on SwitchA to view the status of the BOOTP client on VLANIF 10.
[SwitchA] display dhcp client
BOOTP client lease information on interface Vlanif10 :
Current machine state : Bound
Internet address assigned via : BOOTP
Physical address : 0018-8201-0987
IP address : 192.168.1.254
Subnet mask : 255.255.255.0
Gateway ip address : 192.168.1.126
Lease obtained at : 2008-11-06 23:04:47
DNS : 192.168.1.2
# Run the display ip pool command on SwitchB to view the address pool
configuration.

[SwitchB] display ip pool name pool1

Pool-name : pool1
Pool-No :0
Domain-name : 192.168.1.2
DNS-server0 : -
NBNS-server0 : -
Netbios-type : -
Position : Local
Status : Unlocked
Gateway-0 : 192.168.1.126
Network : 192.168.1.0
Mask : 255.255.255.0
VPN instance : --
Logging : Disable
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
10.20.20.1 10.20.20.254 253 1 251(0) 0 1
-----------------------------------------------------------------------------
----End
Configuration Files
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
#
#
return

#
sysname SwitchB
#
vlan batch 10
#
dhcp enable
#
dhcp server bootp
dhcp server bootp automatic
#
ip pool pool1
network 192.168.1.0 mask 255.255.255.0
dns-list 192.168.1.2
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
dhcp select global
#

#
return
3.10 Troubleshooting DHCP
3.10.1 IP Address Conflicts
Possible The DHCP server does not exclude manually configured IP

Cause addresses from the address pool.
Verificatio Disable the network adapter of the client or disconnect the

n network cable. Then, from another connected host, ping the
conflicting IP address. If you can ping the IP address, it is manually
configured.
Solution ● Exclude the conflicting IP address from the address pool.

– For an interface address pool, run:
dhcp server excluded-ip-address
– For a global address pool, run:

excluded-ip-address
Then, on the client, release the IP address and apply for a new
one.
● Change the host's manually configured IP address.
NOTE
IP address conflict detection can be configured on the DHCP server to
prevent conflicts. For details, see 3.4.3.4 (Optional) Configuring IP
Address Conflict Detection.
3.10.2 A Client Fails to Obtain an IP Address

Possible DHCP is disabled.
Cause 1
Verification Check whether DHCP is enabled. Enter the user view and run:
display current-configuration | include dhcp enable
If the command output is empty, DHCP is disabled.
Solution Enable DHCP. Enter the system view and run:

dhcp enable
By default, DHCP is disabled in the system.

Possible The configuration is incorrect.

Cause 2
Verification ● On the DHCP server:

– Check whether the address pool and client are on the same
network segment and whether the configuration is correct.
Run:
display ip pool
– If a DHCP relay agent is deployed, check whether a route to

the network segment of the client is configured on the
DHCP server.
● On the DHCP relay agent:
– Check whether the DHCP relay agent is correctly
configured. Run:
display dhcp relay
– In the view of the interface connected to the client, check

whether DHCP relay is enabled on the interface. Run:
display this
Solution Modify the configurations on the DHCP server and, if deployed,

DHCP relay agents. For details, see 3.4.3 Configuring a DHCP
Server and 3.5 Configuring a DHCP Relay Agent.
Possible The address pool has no available IP addresses.

Cause 3
Verification Check whether there are IP addresses available in the address

pool. Run:
display ip pool
The Idle(Expired) field displays the number of idle IP addresses in
the address pool.
Solution ● If the number of DHCP clients is greater than the number of

available IP addresses in the address pool, increase the range of
IP addresses in the address pool.

network ip-address [ mask { mask | mask-length } ]
● If the number of DHCP clients is less than the number of

available IP addresses in the address pool, reduce the lease
period and ensure that the DHCP server reclaims unused IP
addresses. For details, see (Optional) Configuring Automatic
Reclamation of Conflicting IP Addresses.

Possible The Spanning Tree Protocol (STP) is enabled on a diskless

Cause 4 workstation functioning as a DHCP client.
Verification Check whether STP is enabled. Run:

display stp
Solution Disable STP on the diskless workstations. The timeout period of

DHCP Discover messages sent from clients is shorter than the STP
convergence time, and therefore the DHCP server cannot receive
DHCP Discover messages or allocate IP addresses to the diskless
workstations. Run:
undo stp enable
Possible The IP address is manually configured for another host on the

Cause 5 network. This causes an IP address conflict because the DHCP
server does not exclude manually configured IP addresses from
the address pool.
Verification Disable the network adapter of the client or disconnect the

network cable. Then, from another connected host, ping the
conflicting IP address. If you can ping the IP address, it is manually
configured.
Solution ● Exclude the conflicting IP address from the address pool.

dhcp server excluded-ip-address

excluded-ip-address
Then, on the client, release the IP address and apply for a new
one.
● Change the host's manually configured IP address.
NOTE
IP address conflict detection can be configured on the DHCP server to
prevent conflicts. For details, see 3.4.3.4 (Optional) Configuring IP
Address Conflict Detection.
3.10.3 IP Address Assignment is Slow
Possible Multiple DHCP servers are deployed on the network.

Cause 1
Verification Determine whether the expected DHCP server allocates network

parameters.

Possible Multiple DHCP servers are deployed on the network.

Cause 1
Solution Configure DHCP snooping on the client. This configuration ensures

that the client receives DHCP messages from only the trusted
DHCP server. For details, see "Inserting the Option 82 Field in a
DHCP Message" in S12700 V200R011C10 Configuration Guide -
Security.
Possible Broadcast traffic suppression is configured and DHCP Discover

Cause 2 messages exceeding the specified threshold are discarded.
Verification Check whether broadcast traffic suppression is configured between

the DHCP server and client. Run:
display flow-suppression interface
Solution Adjust the broadcast traffic suppression threshold. Run:

broadcast-suppression
Possible The network is under attack.

Cause 3
Verification Check statistics about packets sent to the DHCP server's CPU and
determine the MAC address at the source of the attack. Run:
display cpu-defend statistics
Solution Add the MAC address at the source of the attack to the blacklist.
For details, see "Configuring CPU Attack Defense" in S12700
V200R011C10 Configuration Guide - Security - Local Attack
Defense Configuration.
Possible STP is enabled on the DHCP server or relay agent.

Cause 4
Verification Check whether STP is enabled. Run:

display stp
Solution To disable STP, run:

undo stp enable
3.11 FAQ About DHCP

3.11.1 How Can I Ensure that Users Accessed Through a Fit AP

Select a Correct DHCP Server? How Can I View DHCP Packet
Exchange Logs?
A DHCP client broadcasts a DHCP Discover message. When there are multiple
DHCP servers including bogus DHCP servers on a network segment, the DHCP
client accepts only the first received DHCP Offer message and therefore may
obtain an unexpected IP address from a bogus DHCP server. To ensure that a
client obtains an IP address from the correct DHCP server, configure DHCP
snooping.
Note the following when the DHCP snooping function is configured in an AC + Fit
AP scenario:
● Configure DHCP snooping for wired users.
When the downstream wired port of the AP is directly connected to a wired
terminal, run the learn-client-address enable command in the AP wired port
profile and apply the profile to the downstream wired port of the AP. This
command enables the function of learning IPv4/IPv6 addresses of the STAs
connected to the downstream wired port. In addition, the DHCP snooping
function is associated to be enabled on the downstream wired port. By
default, the AP's upstream ports including physical ports and CAPWAP ports
are DHCP trusted ports, and you do not need to change the default
configurations of the AP's upstream ports.
You can run the display dhcp snooping configuration command on the AP
to check the ports where the dhcp snooping enable or dhcp snooping
trusted command has been configured. (The dhcp snooping enable
command cannot be directly run on the AP and needs to be delivered by the
AC.)
● DHCP snooping is enabled for wireless users by default.
By default, the function of learning IPv4/IPv6 addresses of wireless STAs and
the DHCP snooping function are enabled on the AP's wireless ports, and the
AP's upstream ports including physical ports and CAPWAP ports are DHCP
trusted ports.
When receiving DHCP packets from a DHCP client or DHCP server, a DHCP
snooping-enabled Fit AP records DHCP/6/SNP_RCV_MSG logs. You need to
configure the Fit AP to send logs to the log host before viewing the DHCP/6/
SNP_RCV_MSG logs on the log host. Ensure that the Fit AP and log host are
routable to each other.
3.11.2 When Both the DHCP Server and Relay Functions Are
Enabled on an Interface, Which Function Is Processed
Preferentially?
When both the DHCP server function and the DHCP relay function are enabled on
an interface, the DHCP server function is processed preferentially. The local DHCP
server that is on the same network segment as the interface's IP address is used
preferentially to allocate IP addresses. If the local DHCP server cannot allocate IP
addresses, a remote DHCP server allocates IP addresses through the DHCP relay
agent.

01-03 DHCP Configuration PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01-03 DHCP Configuration PDF

Uploaded by

Copyright:

Available Formats

S12700 Series Agile Switches

Configuration Guide - IP Service 3 DHCP Configuration

About This Chapter

3.1 Overview of DHCP

3.1 Overview of DHCP

DHCP is based on the Bootstrap Protocol (BOOTP), which runs in a static

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 97

● Dynamic allocation: DHCP assigns an IP address to a client for a limited

Configure a DHCP Server and a DHCP Relay Agent

3.2 Key Concepts of DHCP

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 98

Figure 3-1 DHCP networking

DHCP Relay Agent DHCP Server

The following describes the three roles involved in DHCP:

3.2.2 DHCP Leases and Address Pools

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 99

● Interface address pool: After an IP address is configured for an interface on a

The number of IP addresses required in an address pool depends mainly on the

IP addresses in an address pool can be in the following status based on the IP

● Used: indicates that the IP address is in use.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 100

● Expired: indicates that the IP address expires and is idle.

3.2.3 DHCP Messages

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 101

Table 3-1 DHCP message types

DHCP A DHCP client broadcasts this message to locate a DHCP server

DHCP Offer A DHCP server sends this message in response to a DHCP

DHCP A DHCP client sends this message in the following scenarios:

DHCP Ack A DHCP server sends this message to acknowledge a DHCP

DHCP A DHCP client sends this message to release its allocated IP

DHCP Inform A DHCP client sends this message to obtain network

DHCP Message Format

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 102

Figure 3-2 DHCP message format

Table 3-2 Fields in a DHCP message

op 1 byte Operation Code: indicates the general type of message.

hlen 1 byte Hardware Address Length: indicates the length of a

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 103

Field Lengt Description

xid 4 bytes Transaction Identifier: indicates a random number chosen

secs 2 bytes Seconds: indicates the number of seconds elapsed since a

ciaddr 4 bytes Client IP Address: indicates the IP address of a DHCP

yiaddr 4 bytes Your IP Address: indicates the IP address that a DHCP

siaddr 4 bytes Server IP Address: indicates the server IP address from

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 104

Field Lengt Description

giaddr 4 bytes Gateway Address: indicates the IP address of the first

chaddr 16 Client Hardware Address: indicates the Layer 2 address of

sname 64 Server Hostname: indicates the name of the server from

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 105

Figure 3-3 Options field format

Table 3-3 Options field description

Field Length Description

Type 1 byte Indicates the information type.

Length 1 byte Indicates the length of the

Value Variable Indicates the message content.

Table 3-4 Common predefined DHCP options

Option Code Function

1 Specifies a subnet mask.

3 Specifies a gateway address.

6 Specifies the IP address of a DNS server.

12 Specifies the device name of a DHCP client.

15 Specifies a domain name.