HP 5500 Ei 5500 Si Switch Series Configuration Guide

 79 
Enabling DHCP-REQUEST message attack 
protection 
Attackers may forge DHCP-REQUEST messages to renew the IP address leases for legitimate DHCP 
clients that no longer need the IP addresses. These forged messages keep a victim DHCP server renewing 
the leases of IP addresses instead of releasing the IP addresses. This wastes IP address resources. 
To prevent such attacks, you can enable DHCP-R EQUEST message check on DHCP snooping devices. 
With this feature enabled, upon receiving a DHCP-REQUEST...

 80 
Step Command Remarks 
3.  Configure the maximum rate of 
incoming DHCP packets.  dhcp-snooping rate-limit 
rate  Not configured by default 
 
Displaying and maintaining DHCP snooping 
 
Task Command Remarks 
Display DHCP snooping entries.  display dhcp-snooping
 [ ip ip-address  ] 
[ |  { begin |  exclude | include } 
regular-expression  ]  Available in any view 
Display Option 82 configuration 
information on the DHCP snooping 
device.  display dhcp-snooping information 
{ all  | 
interface...

 81 
Figure 38 Network diagram 
 
 
Configuration procedure 
# Enable DHCP snooping. 
 system-view 
[SwitchB] dhcp-snooping 
# Specify GigabitEthernet 1/0/1 as trusted. 
[SwitchB] interface GigabitEthernet 1/0/1 
[SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust 
[SwitchB-GigabitEthernet1/0/1] quit 
DHCP snooping Option 82 support configuration example 
Network requirements 
As shown in Figure 38, ena ble DHCP snooping and Option 82 support on Switch B. 
•   Configure the handling strategy for DHCP...

 82 
[SwitchB-GigabitEthernet1/0/2] dhcp-snooping information circuit-id stri\
ng company001 
[SwitchB-GigabitEthernet1/0/2] dhcp-snooping information remote-id strin\
g device001 
[SwitchB-GigabitEthernet1/0/2] quit 
# Configure GigabitEthernet 1/0/3 to support Option 82. 
[SwitchB] interface GigabitEthernet 1/0/3 
[SwitchB-GigabitEthernet1/0/3] dhcp-snooping information enable 
[SwitchB-GigabitEthernet1/0/3] dhcp-snooping information strategy replac\
e 
[SwitchB-GigabitEthernet1/0/3] dhcp-snooping...

 83 
Configuring BOOTP client 
Overview 
BOOTP application 
After you specify an interface of a device as a BOOTP client, the interface can use BOOTP to get 
information (such as IP address) from the BOOTP server. 
To use BOOTP, an administrator must configure a BOOTP parameter file for each BOOTP client on the 
BOOTP server. The parameter file contains information such as MAC address and IP address of a 
BOOTP client. When a BOOTP client sends a request to the BOOTP server, the BOOTP server searches...

 84 
Configuring an interface to dynamically obtain an 
IP address through BOOTP 
 
Step Command  Remarks 
1.  Enter system view. 
system-view N/A 
2.  Enter interface view.  interface
 interface-type 
interface-number  N/A 
3.
  Configure an interface to 
dynamically obtain an IP address 
through BOOTP.  ip address bootp-alloc 
By default, an interface does not use 
BOOTP to obtain an IP address. 
 
Displaying and maintaining BOOTP client 
configuration 
 
Task Command  Remarks 
Display BOOTP client...

 85 
Configuring IPv4 DNS 
Overview 
Domain Name System (DNS) is a distributed database used by TCP/IP applications to translate domain 
names into corresponding IP addresses. With DNS,  you can use easy-to-remember domain names in 
some applications and let the DNS server translate them into correct IP addresses.  
DNS services can be static or dynamic. After a user specifies a name, the device checks the local static 
name resolution table for an IP address. If no IP  address is available, it contacts...

 86 
Dynamic domain name resolution allows the DNS client to store latest mappings between domain names 
and IP addresses in the dynamic domain name cache. The DNS client does not need to send a request 
to the DNS server for a repeated query next time. The aged mappings are removed from the cache after 
some time, and latest entries are required from the DNS server. The DNS server decides how long a 
mapping is valid, and the DNS client gets the aging information from DNS messages. 
DNS suffixes 
The...

 87 
A DNS proxy operates as follows: 
1. A DNS client considers the DNS proxy as the DNS  server, and sends a DNS request to the DNS 
proxy. The destination address of the requ est is the IP address of the DNS proxy. 
2. The DNS proxy searches the local static domain  name resolution table and dynamic domain name 
resolution table after receiving the request. If  the requested information is found, the DNS proxy 
returns a DNS reply to the client. 
3.  If the requested information is not found, the DNS...

 88 
1.
 
The host sends a DNS request to the device to resolve the domain name of the HTTP server into an 
IP address. 
2. Upon receiving the request, the device searches  the local static and dynamic DNS entries for a 
match. If no match is found and the device does  know the DNS server address, the device spoofs 
the host by replying a configured IP address. The TTL of the DNS reply is 0. The device must have 
a route to the IP address with the dial-up  interface as the outgoing interface.  
3. Upon...