IP addresses become invalid on S series switches in V100R002C00

11

It is recommended that you upgrade V100R002C00 to V100R002C00SPC200 and install the latest patch V100R002SPH021, or upgrade V100R002C00 to V100R006C00SPC800.

Other related questions:
How to solve the problem that invalid IP addresses cannot be automatically cleared on S series switches
The time for reclaiming IP addresses on S series switches is configurable: - In global address pool mode, run the lease command in the IP address pool view. - In interface address pool mode, run the dhcp server lease command in the corresponding interface view.

Routes imported into IS-IS are invalid on S series switches
Q: Why are routes imported into IS-IS invalid? A: For S series switches supporting IS-IS, if the IS-IS level is not set when routes are imported into IS-IS, level-2 IS-IS is used by default. That is, routes are imported into level-2 IS-IS. To import routes to areas of other levels, specify the area level.

How to bind the IP address, MAC address, and interface
The Switch implements binding between an interface and a MAC address through the traffic policy and DHCP snooping. Then the interface allows only the packets with the bound MAC address and packets matching the DHCP snooping binding table to pass through. The Switch does support binding of IP address + MAC address + interface. For example, to configure Ethernet 0/0/1 to allow only the packets with the source MAC address being 0-02-02 apart from of the packets matching the DHCP snooping binding table, and discard other packets, do as follows: # Enable DHCP snooping globally. [HUAWEI] dhcp snooping enable# Create an ACL that permits only the packets with the source MAC address being 0-02-02. [HUAWEI] acl 4000 [HUAWEI-acl-L2-4000] rule permit source-mac 0-02-02 ffff-ffff-ffff [HUAWEI-acl-L2-4000] rule deny# Create a traffic classifier that matches ACL 4000. [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 4000# Create a traffic behavior and a traffic policy. [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] permit [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1# Apply the traffic policy to Ethernet 0/0/1 so that the interface allows only the packets with the source MAC address 0-02-02 to pass through apart from of the packets matching the DHCP snooping binding table. In V100R005C00 and later versions, the configuration is as follows: [HUAWEI] interface Ethernet 0/0/1 [HUAWEI-Ethernet0/0/1] port default vlan 4094 [HUAWEI-Ethernet0/0/1] ip source check user-bind enable [HUAWEI-Ethernet0/0/1] traffic-policy p1 inbound

Incorrect IP address allocation on S series switch
A DHCP client sends request messages (DHCP Discover) in broadcast mode. If there is more than one DHCP server (private DHCP server) on the same network segment, the clients may obtain IP addresses from unauthorized servers. In this case, you can configure the DHCP snooping function, so that clients receive DHCP messages and obtain IP addresses only from authorized DHCP servers. Configure the DHCP snooping function as follows: 1. Enable DHCP snooping globally. [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable 2. Configure the interfaces connected to DHCP clients. Perform the configuration on all interfaces connected to DHCP clients. Configuration of interface GE1/0/1 is used as an example. [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] dhcp snooping enable [HUAWEI-GigabitEthernet1/0/1] quit 3. Configure the interface connected to the DHCP server. [HUAWEI] interface gigabitethernet 1/0/2 [HUAWEI-GigabitEthernet1/0/2] dhcp snooping trusted [HUAWEI-GigabitEthernet1/0/2] quit Note: - For a Layer 2 access switch, steps 1, 2, and 3 are mandatory and need to be performed in sequence. - For a DHCP relay agent, only steps 1 and 2 are required.

Remove IP address conflict on S series switch
In an ARP entry on an S series switch, except S1700, when one IP address matches multiple MAC addresses: If the switch functions as a DHCP server to assign IP addresses to clients, configure IP address conflict probing on the switch. If the switch functions as a gateway and IP addresses are statically assigned to clients, determine the clients using conflicting IP addresses and change the IP addresses for them manually.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top