606 CHAPTER 57: DHCP S ERVER CONFIGURATIONDHCP SecurityConfigurationDHCP security configuration is needed to ensure the security of DHCP service.Prerequisites Before configuring DHCP security, you should first complete the DHCP serverconfiguration (either global address pool-based or interface address pool-basedDHCP server configuration).Configuring PrivateDHCP Server DetectingA private DHCP server on a network also answers IP address request packets andassigns IP addresses to DHCP clients. However, the IP addresses they assigned mayconflict with those of other hosts. As a result, users cannot normally accessnetworks. This kind of DHCP servers are known as private DHCP servers.With the private DHCP server detecting function enabled, when a DHCP clientsends the DHCP-REQUEST packet, the DHCP server tracks the information (such asthe IP addresses and interfaces) of DHCP servers to enable the administrator todetect private DHCP servers in time and take proper measures.Configuring IP AddressDetectingTo avoid IP address conflicts caused by assigning the same IP address to multipleDHCP clients simultaneously, you can configure a DHCP server to detect an IPaddress before it assigns the address to a DHCP client.IP address detecting is achieved by performing ping operations. To detect whetheran IP address is currently in use, the DHCP server sends an ICMP packet with the IPaddress to be assigned as the destination and waits for a response. If the DHCPserver receives no response within a specified time, it resends an ICMP packet. Thisprocedure repeats until the DHCP server receives a response or the number of thesent ICMP packets reaches the specified maximum number. The DHCP serverassigns the IP address to the DHCP client only when no response is received duringthe whole course, thus ensuring that an IP address is assigned to one DHCP clientexclusively.Table 478 Enable detection of a private DHCP serverOperation Command DescriptionEnter system view system-view -Enable the private DHCPserver detecting functiondhcp server detect RequiredBy default, the private DHCPserver detecting function isdisabledTable 479 Configure IP address detectingOperation Command DescriptionEnter system view system-view -Set the maximum number ofICMP packets a DHCP serversends in a ping testdhcp server ping packetsnumberOptionalBy default, a DHCP serverperforms the ping operationtwice to test an IP addressSet the response timeout timeof each ICMP packetdhcp server ping timeoutmillisecondsOptionalThe default timeout time is 500milliseconds
