dhcp request-ip-address check

Usage Scenario

After a user sends a DHCP request packet with option 50, the device authenticates the user. If the requested IP address has been assigned to another user, the device replies an NAK packet to the user. If a large number of users resend DHCP Discover packets to apply for IP addresses, the device authenticates the users again, causing high CPU usage. To resolve this problem, run the dhcp request-ip-address check enable command to enable check of DHCP request packets with option 50 fields. After that, if the request IP addresses have been assigned to other users, the device replies NAK packets without authenticating users again. In this manner, high CPU usage is prevented.

Configuration Impact

If check of DHCP request packets with option 50 fields is enabled by running the dhcp request-ip-address check enable command, the device checks whether the requested IP address has been assigned to another users after receiving a DHCP request packet with option 50. If the IP address has been assigned to another user, the device replies an NAK packet without authenticating the user.

Precautions

In VS mode, this command is supported only by the admin VS.

Exercise caution when running the dhcp request-ip-address check enable command in scenarios where DHCPv4 users access a VPN.

After the dhcp request-ip-address check enable command is run in the system view, the device checks whether the requested IPv4 address carried in the Option 50 field of a DHCPv4 Request message from a VPN user has been assigned to another user. If the IPv4 address has been assigned to a public network user, the device responds with an NAK message without performing AAA, and the VPN user fails to go online. If the IPv4 address has been assigned to another user in the same VPN, the device performs AAA for the user and responds with an NAK message. And the private network user fails to go online.