Method and switch for implementing dhcp address security allocation

Abstract

This application discloses a method and a switch for realizing the safe allocation of DHCP addresses: the switch analyzes the response message returned by the DHCP server to the DHCP client to obtain the DHCP server identifier; sends the DHCP server identifier to the RADIUS server, so that The RADIUS server authenticates the DHCP server according to the DHCP server ID; receives the authentication result returned by RADIUS, and when the authentication passes, stores the DHCP server ID and the trusted port that received the response message returned by the DHCP server; When the DHCP client sends a request message, it selects the stored corresponding trusted port according to the DHCP server identifier in the request message to unicast the request message to the DHCP server, and the DHCP server provides the IP address to the DHCP client. Applying the method and equipment of the present invention can not only ensure that the DHCP client can obtain an IP address from a legitimate DHCP server without port configuration, but also reduce the flooding of broadcast messages.

Description

technical field [0001] The present application relates to the technical field of network communication, in particular to a method and a switch for implementing dynamic host configuration protocol (DHCP) address security allocation. Background technique [0002] DHCP adopts the client / server communication mode. The client submits a configuration request to the server, and the server returns the corresponding configuration information such as the IP address assigned to the client to realize the dynamic configuration of the IP address and other information. [0003] figure 1 A schematic diagram of a typical application network of existing DHCP is given, such as figure 1 As shown, the network includes a DHCP server and multiple DHCP clients (such as PCs and laptops). For the process of obtaining an IP address by a DHCP client, see figure 2 of the four stages. Such as figure 2 As shown, the four stages include: [0004] (1) Discovery phase, that is, the phase in which the ...

AI Technical Summary

Problems solved by technology

Therefore, the function of the switch also ensures that the DHCP client can only obtain an IP address from a legal DHCP server, and the fake DHCP server set up privately cannot assign an IP address to the DHCP client.

[0010] However, in a network where multiple switch devices are cascaded (such as Figure 4 In the network shown above), on the one hand, in order to ensure the legitimacy of the DHCP server, it is necessary to configure trusted ports and untrusted ports on each switch device in the network. Since there are a large number of switches in the network, the This greatly increases the configuration workload; on the other hand, when a switch receives a DHCP request message, it will traverse all trusted ports on the switch device and forward the message from the trusted port. When the trusted port of a switch device compares For a long time, some other devices that should not receive the DHCP request message will receive the DHCP request message, thus increasing the flooding of broadcast messages; finally, when the DHCP server in the network migrates, the switch cannot perceive For the migration of the DHCP server, in order to ensure the legitimacy of the DHCP server, it is necessary to change the configuration of trusted ports and untrusted ports on each switch, which greatly increases the workload of configuration.

Images