Ip address lose efficacy issue of V1R2 version of S series switch

1

It is recommended to upgrade version to V100R002C00SPC200 and patch to V100R002SPH021,or upgrade version to V100R006C00SPC800

Other related questions:
How to bind the IP address, MAC address, and interface
The Switch implements binding between an interface and a MAC address through the traffic policy and DHCP snooping. Then the interface allows only the packets with the bound MAC address and packets matching the DHCP snooping binding table to pass through. The Switch does support binding of IP address + MAC address + interface. For example, to configure Ethernet 0/0/1 to allow only the packets with the source MAC address being 0-02-02 apart from of the packets matching the DHCP snooping binding table, and discard other packets, do as follows: # Enable DHCP snooping globally. [HUAWEI] dhcp snooping enable# Create an ACL that permits only the packets with the source MAC address being 0-02-02. [HUAWEI] acl 4000 [HUAWEI-acl-L2-4000] rule permit source-mac 0-02-02 ffff-ffff-ffff [HUAWEI-acl-L2-4000] rule deny# Create a traffic classifier that matches ACL 4000. [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 4000# Create a traffic behavior and a traffic policy. [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] permit [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1# Apply the traffic policy to Ethernet 0/0/1 so that the interface allows only the packets with the source MAC address 0-02-02 to pass through apart from of the packets matching the DHCP snooping binding table. In V100R005C00 and later versions, the configuration is as follows: [HUAWEI] interface Ethernet 0/0/1 [HUAWEI-Ethernet0/0/1] port default vlan 4094 [HUAWEI-Ethernet0/0/1] ip source check user-bind enable [HUAWEI-Ethernet0/0/1] traffic-policy p1 inbound

Incorrect IP address allocation on S series switch
A DHCP client sends request messages (DHCP Discover) in broadcast mode. If there is more than one DHCP server (private DHCP server) on the same network segment, the clients may obtain IP addresses from unauthorized servers. In this case, you can configure the DHCP snooping function, so that clients receive DHCP messages and obtain IP addresses only from authorized DHCP servers. Configure the DHCP snooping function as follows: 1. Enable DHCP snooping globally. [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable 2. Configure the interfaces connected to DHCP clients. Perform the configuration on all interfaces connected to DHCP clients. Configuration of interface GE1/0/1 is used as an example. [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] dhcp snooping enable [HUAWEI-GigabitEthernet1/0/1] quit 3. Configure the interface connected to the DHCP server. [HUAWEI] interface gigabitethernet 1/0/2 [HUAWEI-GigabitEthernet1/0/2] dhcp snooping trusted [HUAWEI-GigabitEthernet1/0/2] quit Note: - For a Layer 2 access switch, steps 1, 2, and 3 are mandatory and need to be performed in sequence. - For a DHCP relay agent, only steps 1 and 2 are required.

Remove IP address conflict on S series switch
In an ARP entry on an S series switch, except S1700, when one IP address matches multiple MAC addresses: If the switch functions as a DHCP server to assign IP addresses to clients, configure IP address conflict probing on the switch. If the switch functions as a gateway and IP addresses are statically assigned to clients, determine the clients using conflicting IP addresses and change the IP addresses for them manually.

IP address exclusion configuration on S series switch
For S series switches except S1700 switches, some IP addresses in an address pool may be used by other servers and hosts, configured for clients with special requirements, or reserved. These IP addresses need to be excluded from the address pool so that the DHCP server does not assign them to clients, preventing IP address conflicts. For example, you can configure IP addresses in the range of 10.10.10.11 to 10.10.10.20 that cannot be automatically assigned to clients from the address pool on an S series switch except an S1700 switch as follows: - For an interface address pool: [HUAWEI] dhcp enable [HUAWEI] interface vlanif 100 //Enter the view of the interface connected to DHCP clients. [HUAWEI-Vlanif100] ip address 10.10.10.10 24 [HUAWEI-Vlanif100] dhcp select interface [HUAWEI-Vlanif100] dhcp server excluded-ip-address 10.10.10.11 10.10.10.20 - For a global address pool: [HUAWEI] dhcp enable [HUAWEI] interface vlanif 100 //Enter the view of the interface connected to DHCP clients. [HUAWEI-Vlanif100] ip address 10.10.10.10 24 [HUAWEI-Vlanif100] dhcp select global [HUAWEI-Vlanif100] quit [HUAWEI] ip pool global1 [HUAWEI-ip-pool-global1] network 10.10.10.0 mask 24 [HUAWEI-ip-pool-global1] excluded-ip-address 10.10.10.11 10.10.10.20

Detect IP address conflicts on S series switch
On an S series switch, except S1700: When the IP addresses of two network devices conflict, the CPU usage on the switch becomes high and route flapping will occur on the switch. User services may be interrupted. To manage IP addresses efficiently and detect IP address conflicts promptly, enable IP address conflict detection. The switch can record logs for IP address conflicts. The configuration procedure is as follows: 1. Run the system-view command to enter the system view. 2. Run the arp ip-conflict-detect enable command to enable IP address conflict detection. By default, IP address conflict detection is disabled. 3. Run the display arp ip-conflict track command in any view to check IP address conflict records.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top