Manualsbrain.com
  1. Manuels
  2. Marques
  3. 3com
  4. WX3000
  5. Manuel D’Utilisation

3com WX3000 Manuel D’Utilisation

Télécharger
Page de 715
 
2-5 
 
To improve security and avoid malicious attack to the unused SOCKETs, the device provides the 
following functions: 
UDP 67 and UDP 68 ports used by DHCP are enabled only when DHCP is enabled.  
UDP 67 and UDP 68 ports are disabled when DHCP is disabled. 
The corresponding implementation is as follows: 
When a VLAN interface is mapped to a DHCP server group with the dhcp-server command, the 
DHCP relay agent is enabled. At the same time, UDP 67 and UDP 68 ports used by DHCP are 
enabled. 
When the mapping between a VLAN interface and a DHCP server group is removed with the undo 
dhcp-server command, DHCP services are disabled. At the same time, UDP 67 and UDP 68 ports 
are disabled. 
 
 
You can configure up to eight DHCP server IP addresses in a DHCP server group. 
You can map multiple VLAN interfaces to one DHCP server group. But one VLAN interface can be 
mapped to only one DHCP server group.  
If you execute the dhcp-server groupNo command repeatedly, the new configuration overwrites 
the previous one. 
You need to configure the group number specified in the dhcp-server groupNo command in 
VLAN interface view by using dhcp-server groupNo ip ip-address&<1-8> in advance. 
 
Configuring DHCP Relay Agent Security Functions 
Configuring address checking 
After relaying an IP address from the DHCP server to a DHCP client, the DHCP relay agent can 
automatically record the client’s IP-to-MAC binding and generate a dynamic address entry. It also 
supports static bindings, which means you can manually configure IP-to-MAC bindings on the DHCP 
relay agent, so that users can access external network using fixed IP addresses. 
The purpose of the address checking function on DHCP relay agent is to prevent unauthorized users 
from statically configuring IP addresses to access external networks. With this function enabled, a 
DHCP relay agent inhibits a user from accessing external networks if the IP address configured on the 
user end and the MAC address of the user end do not match any entries (including the entries 
dynamically tracked by the DHCP relay agent and the manually configured static entries) in the user 
address table on the DHCP relay agent. 
Follow these steps to configure address checking: