Reclaim IP addresses on S series switch

12

On S series switches except S1700 switches, IP addresses that fail to be released in an IP address pool can be reclaimed. The reclaimed IP addresses enter the idle state and can be assigned to clients again. The reset ip pool { interface pool-name | name ip-pool-name } { start-ip-address [ end-ip-address ] | all | conflict | expired | used } command reclaims the conflicting, expired, and used IP addresses.
For example, you can reclaim IP address 10.1.1.5 that has been assigned to a client and bound to the client's MAC address as follows:
- For a global address pool:
<HUAWEI> reset ip pool name pool1 used //Reclaim the IP addresses in use.
<HUAWEI> system-view   //If an IP address is not bound to any MAC address, skip the following operation.
[HUAWEI] ip pool pool1
[HUAWEI-ip-pool-pool1] undo static-bind ip-address 10.1.1.5 //Unbind the IP address from the MAC address.
- For an interface address pool:
<HUAWEI> reset ip pool interface vlanif100 used //Reclaim the IP addresses in use.
<HUAWEI> system-view   //If an IP address is not bound to any MAC address, skip the following operation.
[HUAWEI] interface vlanif 100  
[HUAWEI-Vlanif100] undo dhcp server static-bind ip-address 10.1.1.5  //Unbind the IP address from the MAC address.
After the preceding commands are executed, a user may be disconnected if its IP address is within the address range specified in this command.

Other related questions:
How does an AR reclaim IP addresses
You can manually reclaim IP addresses that cannot be released due to exceptions. The reclaimed IP addresses become idle and can be re-allocated to clients. The command is as follows: reset ip pool { interfacepool-name | nameip-pool-name } { start-ip-address [ end-ip-address ] | all | conflict | expired | used } Conflicting, expired, and used IP addresses can be reclaimed.
To reclaim the allocated IP address of 10.1.1.5 that has been bound to a MAC address, use the following method:
- For the global address pool
<Huawei> reset ip pool name pool1 used //Release the allocated IP address.
<Huawei> system-view   //If IP addresses are not bound to MAC addresses, you do not need to perform the following operations.
[Huawei] ip pool pool1
[Huawei-ip-pool-pool1] undo static-bind ip-address 10.1.1.5 //Remove the static binding.
- For the address pool:
<Huawei> reset ip pool interface vlanif100 used //Release the allocated IP address.
<Huawei> system-view   //If IP addresses are not bound to MAC addresses, you do not need to perform the following operations.
[Huawei] interface vlanif 100  
[Huawei-Vlanif100] undo dhcp server static-bind ip-address 10.1.1.5  //Remove the static binding.
Note: If a used IP address is within the IP address range specified by the command, performing the preceding operations may cause unexpected logout.

How to bind the IP address, MAC address, and interface
The Switch implements binding between an interface and a MAC address through the traffic policy and DHCP snooping. Then the interface allows only the packets with the bound MAC address and packets matching the DHCP snooping binding table to pass through. The Switch does support binding of IP address + MAC address + interface. For example, to configure Ethernet 0/0/1 to allow only the packets with the source MAC address being 0-02-02 apart from of the packets matching the DHCP snooping binding table, and discard other packets, do as follows: # Enable DHCP snooping globally. [HUAWEI] dhcp snooping enable# Create an ACL that permits only the packets with the source MAC address being 0-02-02. [HUAWEI] acl 4000 [HUAWEI-acl-L2-4000] rule permit source-mac 0-02-02 ffff-ffff-ffff [HUAWEI-acl-L2-4000] rule deny# Create a traffic classifier that matches ACL 4000. [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 4000# Create a traffic behavior and a traffic policy. [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] permit [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1# Apply the traffic policy to Ethernet 0/0/1 so that the interface allows only the packets with the source MAC address 0-02-02 to pass through apart from of the packets matching the DHCP snooping binding table. In V100R005C00 and later versions, the configuration is as follows: [HUAWEI] interface Ethernet 0/0/1 [HUAWEI-Ethernet0/0/1] port default vlan 4094 [HUAWEI-Ethernet0/0/1] ip source check user-bind enable [HUAWEI-Ethernet0/0/1] traffic-policy p1 inbound

Incorrect IP address allocation on S series switch
A DHCP client sends request messages (DHCP Discover) in broadcast mode. If there is more than one DHCP server (private DHCP server) on the same network segment, the clients may obtain IP addresses from unauthorized servers. In this case, you can configure the DHCP snooping function, so that clients receive DHCP messages and obtain IP addresses only from authorized DHCP servers. Configure the DHCP snooping function as follows: 1. Enable DHCP snooping globally. [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable 2. Configure the interfaces connected to DHCP clients. Perform the configuration on all interfaces connected to DHCP clients. Configuration of interface GE1/0/1 is used as an example. [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] dhcp snooping enable [HUAWEI-GigabitEthernet1/0/1] quit 3. Configure the interface connected to the DHCP server. [HUAWEI] interface gigabitethernet 1/0/2 [HUAWEI-GigabitEthernet1/0/2] dhcp snooping trusted [HUAWEI-GigabitEthernet1/0/2] quit Note: - For a Layer 2 access switch, steps 1, 2, and 3 are mandatory and need to be performed in sequence. - For a DHCP relay agent, only steps 1 and 2 are required.

Remove IP address conflict on S series switch
In an ARP entry on an S series switch, except S1700, when one IP address matches multiple MAC addresses: If the switch functions as a DHCP server to assign IP addresses to clients, configure IP address conflict probing on the switch. If the switch functions as a gateway and IP addresses are statically assigned to clients, determine the clients using conflicting IP addresses and change the IP addresses for them manually.

Detect IP address conflicts on S series switch
On an S series switch, except S1700: When the IP addresses of two network devices conflict, the CPU usage on the switch becomes high and route flapping will occur on the switch. User services may be interrupted. To manage IP addresses efficiently and detect IP address conflicts promptly, enable IP address conflict detection. The switch can record logs for IP address conflicts. The configuration procedure is as follows: 1. Run the system-view command to enter the system view. 2. Run the arp ip-conflict-detect enable command to enable IP address conflict detection. By default, IP address conflict detection is disabled. 3. Run the display arp ip-conflict track command in any view to check IP address conflict records.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top