(Optional) Configuring Fixed IP Addresses in an Address Pool

Context

A DHCP server leases IP addresses to clients. When the lease expires, the clients must apply for new IP addresses. To ensure stability, certain clients require fixed IP addresses. In this case, configure the DHCP server to allocate fixed IP addresses to these clients. The MAC addresses of these clients are then bound to fixed IP addresses. When such a client applies to the DHCP server for an IP address, the DHCP server searches the binding entries for the MAC address of the client and allocates the matched IP address to the client. DHCP static allocation prevents manual configuration errors and facilitates unified management.

Ensure that the bound IP address is not configured as the IP address that cannot be allocated.
IP addresses that are used can also be statically bound to MAC addresses or unbound from MAC addresses. When an IP address is statically bound to a MAC address, ensure that the MAC address to be bound is the same as the MAC address of the user who actually uses the IP address.
After an IP address is bound to a MAC address, the IP address does not expire. After an automatically allocated IP address is statically bound to a MAC address, the lease time of the IP address becomes unlimited. After the static binding between the IP address and the MAC address is deleted, the lease time of the IP address becomes the same as that configured in the address pool.

The binding of IP addresses and MAC addresses is used in DHCP static allocation, IPSG (for details on how to configure IPSG, see IP source guard in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Security), and static ARP. Table 1 lists different usage scenarios and implementations of these functions.

**Table 1** Differences between DHCP static allocation, IPSG, and static ARP
Function	Scenario	Implementation
DHCP static allocation	Some clients (such as servers and PCs) require fixed IP addresses from a DHCP server.	The MAC addresses of these clients are bound to fixed IP addresses. When such a client applies to the DHCP server for an IP address, the DHCP server searches the binding entries for the MAC address of the client and allocates the matched IP address to the client.
IPSG	Attacks including IP address spoofing and ARP spoofing need to be prevented: IP address spoofing: An attacker uses a forged IP address and its own MAC address to obtain rights of the attacked device and intercept packets destined for the attacked device. ARP spoofing: An attacker sends ARP packets using a forged MAC address to intercept packets destined for the attacked device or using the MAC address of the gateway to intercept all packets destined for the gateway.	The mapping between IP addresses and MAC addresses is set up on a device. When receiving an ARP Request packet, the device searches for the mapped MAC address based on the source IP address of the packet and compares the mapped MAC address with the source MAC address in the packet header. If the two MAC addresses are different from each other, the device considers the packet invalid and discards it.
Static ARP	The mapping between IP addresses and MAC addresses is manually configured in the following scenarios: Packets whose destination IP addresses are not on the local network segment need to be forwarded by a gateway on the local network segment. Destination IP addresses of invalid packets need to be bound to a nonexistent MAC address to filter them out. Critical devices need to forward packet securely and be protected against attacks, such as ARP flooding. In this situation, static ARP entries can be configured to bind MAC addresses to specific IP addresses. Network attackers cannot modify the mapping between the IP and MAC addresses, which ensures communication between the two devices.	The mapping between IP addresses and MAC addresses is set up on a device. When receiving an ARP Request packet, the device searches for the MAC address mapped to the IP address in the packet and responds with an ARP Reply packet. Static ARP entries are manually configured and maintained. These entries are neither aged nor overwritten by dynamic ARP entries, and therefore improve communication security.

Procedure

Configure a fixed IP address in an interface address pool.
1. Enter the system view.
```
system-view
```
2. Enter the interface or sub-interface view.
```
interface interface-type interface-number[.subinterface-number ]
```
  Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S6720-HI, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S6720-EI, and S6720S-EI support sub-interfaces.
3. (Optional) On an Ethernet interface, run undo portswitch
  The interface is switched to Layer 3 mode.
  
  By default, an Ethernet interface works in Layer 2 mode.
  
  Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.
4. Bind an IP address to a MAC address so that the DHCP server allocates this IP address to only the device with this MAC address.
```
dhcp server static-bind ip-address ip-address mac-address mac-address [ description description ]
```
  By default, a DHCP server does not allocate fixed IP addresses to specified clients.
Configure a fixed IP address in a global address pool.
1. Enter the system view.
```
system-view
```
2. Enter the global address pool view.
```
ip pool ip-pool-name
```
3. Bind an IP address to a MAC address so that the DHCP server allocates this IP address to only the device with this MAC address.
```
static-bind ip-address ip-address mac-address mac-address [ option-template template-name | description description ]
```
  By default, a DHCP server does not allocate fixed IP addresses to specified clients.