Does the switch check the checksums of DHCP packets

53

If DHCP has been enabled using the dhcp enable command in the system view, the switch checks the checksums of all the DHCP packets passing through the switch.

The switch checks the IP checksum and UDP checksum of each DHCP packet.

Other related questions:
DHCP packet checksum check on S series switch
After the dhcp enable command is executed in the system view of S series switches, the switch checks the checksum of all passing DHCP packets as well as IP and UDP checksums.

Types of packets checked by S series switches with IPSG enabled
For S series switches (except S1700 switches), IPSG takes effect only for IP packets (except DHCP packets) but not for packets of other types such as ARP or PPPoE. With IPSG enabled, an S series switch checks only IPv4 packets in versions earlier than V200R001 and checks all IPv4 and IPv6 packets in V200R001 and later versions.

Duplicate option check in DHCP packets on S series switch
As specified in RFC, duplicate Options are not recommended in a DHCP packet if the length of the Option field in the DHCP packet does not exceed 255 bytes. However, different vendors process the Option field differently. DHCP response packets sent from some servers may contain duplicate options, such as Option 3 and Option 51. In some versions, after DHCP is enabled using the dhcp enable command, the switch drops received DHCP packets with duplicate options. In V100R003 and earlier versions, the switch checks for duplicate options in DHCP packets by default. In V100R006 and later versions, the switch does not check for duplicate options in DHCP packets by default. You can run the dhcp anti-attack check duplicate option command in the system view to enable the switch to check for duplicate options in DHCP packets.

Can the switch check for DHCP packets with duplicate options
In V100R006 and later versions, you can run the dhcp anti-attack check duplicate option command in the system view to enable the switch to check for DHCP packets with duplicate options.

Check DHCP information on S series switches
Method to check DHCP information on S series switches: - Run the display ip pool [ name ip-pool-name [ start-ip-address [ end-ip-address ] | all | conflict | expired | used ] ] command to check address allocation in interface address pool mode. - Run the display ip pool [ name ip-pool-name [ start-ip-address [ end-ip-address ] | all | conflict | expired | used ] ] command to check address allocation in global address pool mode. - Run the display dhcp server database command to check the names and directories of files in which DHCP data is saved. - Run the display nat-policy template [ template-name ] command to check the configuration of the DHCP Option template. - Run the display dhcp relay { all | interface interface-type interface-number } command to check DHCP server or DHCP server group information on the interface configured with the DHCP relay function. - Run the display dhcp server group [ group-name ] command to check the configuration of the DHCP server group. - Run the display dhcp client command to check information about DHCP clients. - Run the display dhcp server statistics command to check statistics on received and sent DHCP packet by the switch used as the DHCP server. - Run the display dhcp relay statistics command to check statistics on received and sent DHCP packet by the switch used as the DHCP relay agent. - Run the display dhcp client statistics [ interface interface-type interface-number ] command to check statistics on received and sent DHCP packet by the switch used as the DHCP client. - Run the display dhcp statistics command to check statistics on received and sent DHCP packet by the switch.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top