HP 5500 Ei 5500 Si Switch Series Configuration Guide

 69 
Displaying and maintaining the DHCP client 
 
Task Command Remarks 
Display specified 
configuration information. display dhcp client 
[ verbose ] [ interface 
interface-type interface-number  ] [ | { begin | 
exclude  | include  } regular-expression  ]  Available in any view 
 
DHCP client configuration example 
Network requirements 
As shown in Figure 35
, on a L A N, Swi tch B c ontacts  the  D HC P  ser ver  via VL A N - i nter fac e  2  to  o btai n a n  
IP address, DNS server address, and...

 70 
# Configure DHCP address pool 0 and specify the subnet, lease duration, DNS server address, 
and a static route to subnet 20.1.1.0/24. 
[SwitchA] dhcp server ip-pool 0 
[SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 
[SwitchA-dhcp-pool-0] expired day 10 
[SwitchA-dhcp-pool-0] dns-list 20.1.1.1 
[SwitchA-dhcp-pool-0] option 121 hex 18 14 01 01 0A 01 01 02 
2.  Configure Switch B: 
# Enable the DHCP client on VLAN-interface 2. 
 system-view 
[SwitchB] interface vlan-interface 2...

 71 
Configuring DHCP snooping 
The DHCP snooping-enabled device must be either between the DHCP client and relay agent, or 
between the DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP 
server. 
DHCP snooping functions 
DHCP snooping can: 
1.  Ensure that DHCP clients obtain IP addr esses from authorized DHCP servers. 
2. Record IP-to-MAC mappings of DHCP clients. 
Ensuring that DHCP clients obtain  IP addresses from authorized 
DHCP servers 
With DHCP snooping,...

 72 
Application environment of trusted ports 
Configuring a trusted port connected to a DHCP server 
As shown in Figure 36, the DHCP snooping device por t that is connected to an authorized DHCP ser ver 
should be configured as a trusted port. The trusted  port forwards reply messages from the authorized 
DHCP server to the client, but the untrusted port does not forward reply messages from the unauthorized 
DHCP ser ver. This ensures that the DHCP client obtains an IP address from the authorized DHCP...

 73 
Figure 37 Configuring trusted ports in a cascaded network 
  
 
Table 4 Roles of ports 
Device Untrusted port  Trusted port disabled from 
recordin
g binding entries 
Trusted port enabled to 
record bindin
g entries 
Switch A  GigabitEthernet 1/0/1  GigabitEthernet 1/0/3  GigabitEthernet 1/0/2 
Switch B GigabitEthernet 1/0/3 and 
GigabitEthernet 1/0/4 
GigabitEthernet 1/0/1  GigabitEthernet 1/0/2 
Switch C  GigabitEthernet 1/0/1  GigabitEthernet 1/0/3 and 
GigabitEthernet 1/0/4 
GigabitEthernet...

 74 
If a client’s 
requesting message 
has… Handling 
strategy 
Padding format
 The DHCP snooping device will… 
Replace  normal 
Forward the message after replacing the 
original Option 82 with the Option 82 padded 
in normal format. verbose 
Forward the message after replacing the 
original Option 82 with the Option 82 padded 
in verbose format. 
user-defined Forward the message after replacing the 
original Option 82 with the user-defined 
Option 82. 
Append normal 
Forward the message without...

 75 
Task Remarks 
Enabling DHCP-REQUEST message attack protection  Optional 
Configuring DHCP packet rate limit Optional 
 
Configuring DHCP snooping basic functions 
Configuration guidelines 
Follow these guidelines when configure DHCP snooping basic functions: 
•  You must specify the ports connected to the authorized DHCP servers as trusted to make sure that 
DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP 
client must be in the same VLAN. 
•   You can...

 76 
 
Configuring DHCP snooping to support Option 82 
Configuration guidelines 
Follow these guidelines when configure DHCP snooping to support Option 82: 
•   You can only enable DHCP snooping to support Opti on 82 on Layer 2 Ethernet ports, and Layer 2 
aggregate interfaces. 
•   If a Layer 2 Ethernet port is added to an aggreg ation group, enabling DHCP snooping to support 
Option 82 on the interface will not take effect. After the interface quits the aggregation group, the 
configuration will be...

 77 
Step Command Remarks 
5.  Configure Option 
82  i n  t h e  
non-user-defined 
padding format. 
• Configure the padding format for 
Option 82: 
dhcp-snooping information format 
{  normal  | private    | standard 
|  verbose  [ node-identifier { mac  | 
sysname  | user -defined  
node-identifier  } ] } 
• Configure the code type for the 
circuit ID sub-option: 
dhcp-snooping information 
circuit-id format-type  { ascii | hex  }
 
• Configure the code type for the 
remote ID sub-option:...

 78 
To configure DHCP snooping entries backup:  
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Specify the name of the file for 
storing DHCP snooping 
entries.  dhcp-snooping binding 
database filename 
filename Not specified by default. 
DHCP snooping entries are stored 
immediately after this command is 
used and then updated at the 
interval set by the 
dhcp-snooping 
binding database update interval 
command. 
3.   Back up DHCP snooping 
entries to the file.  dhcp-snooping...