Configuration example (on a DHCP relay agent)
Network requirements
As shown in Figure 204, configure authorized ARP on GigabitEthernet 1/0/2 of Device B (a DHCP relay agent) to ensure user validity.
Figure 199: Network diagram
Configuration procedure
Configure Device A:
# Specify the IP address for GigabitEthernet 1/0/1.
<DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] ip address 10.1.1.1 24 [DeviceA-GigabitEthernet1/0/1] quit
# Configure DHCP.
[DeviceA] dhcp enable [DeviceA] dhcp server ip-pool 1 [DeviceA-dhcp-pool-1] network 10.10.1.0 mask 255.255.255.0 [DeviceA-dhcp-pool-1] gateway-list 10.10.1.1 [DeviceA-dhcp-pool-1] quit [DeviceA] ip route-static 10.10.1.0 24 10.1.1.2
Configure Device B:
# Enable DHCP.
<DeviceB> system-view [DeviceB] dhcp enable
# Specify the IP addresses of GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.
[DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] ip address 10.1.1.2 24 [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] ip address 10.10.1.1 24
# Enable DHCP relay agent on GigabitEthernet 1/0/2.
[DeviceB-GigabitEthernet1/0/2] dhcp select relay
# Add the DHCP server 10.1.1.1 to DHCP server group 1.
[DeviceB-GigabitEthernet1/0/2] dhcp relay server-address 10.1.1.1
# Enable authorized ARP.
[DeviceB-GigabitEthernet1/0/2] arp authorized enable [DeviceB-GigabitEthernet1/0/2] quit
# Enable recording of relay entries on the relay agent.
[DeviceB] dhcp relay client-information record
Configure Device C:
<DeviceC> system-view [DeviceC] ip route-static 10.1.1.0 24 10.10.1.1 [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] ip address dhcp-alloc [DeviceC-GigabitEthernet1/0/2] quit
Verifying the configuration
# Display authorized ARP information on Device B.
[DeviceB] display arp all Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid IP Address MAC Address VLAN Interface Aging Type 10.10.1.2 0012-3f86-e94c N/A GE1/0/2 20 D
The output shows that Device A assigned the IP address 10.10.1.2 to Device C.
Device C must use the IP address and MAC address in the authorized ARP entry to communicate with Device B. Otherwise, the communication fails. Thus the user validity is ensured.