beautypg.com

Chapter 7: mx series router as a dhcp relay agent, Mx series router as a layer 2 dhcp relay agent, Chapter 7 – Juniper Networks JUNOS OS 10.4 User Manual

Page 99: Mx series router as a dhcp relay agent

background image

CHAPTER 7

MX Series Router as a DHCP Relay Agent

This chapter discusses the following topics:

MX Series Router as a Layer 2 DHCP Relay Agent on page 79

Example: Configuring DHCP Relay in a Bridge Domain VLAN Environment on page 80

Example: Configuring DHCP Relay in a VPLS Routing Instance Environment on page 81

MX Series Router as a Layer 2 DHCP Relay Agent

The Dynamic Host Configuration Protocol (DHCP) is used by a DHCP client (host) to
determine Layer 3 information (such as an IP address) from a DHCP server. DHCP uses
the client’s MAC (Layer 2) address to query the server. A router can be used as a DHCP
relay agent to pass the query on to a server while the router appears to reply to the client.
You can configure a Juniper Networks MX Series Ethernet Services Router to act as a
DHCP relay agent. The MX Series router configuration at Layer 2 accesses the Layer 3
information with DHCP snooping.

DHCP servers and relay agents have a level of trust in the MAC addresses used in DHCP
client queries. A hacker can spoof invalid MAC addresses and overwhelm the server or
relay agent with flooded traffic. Or the hacker can try to determine other information,
such as the IP address range used by devices on the network. The DHCP process should
only trust MAC addresses that are valid for a particular network.

You can configure the MX Series router to use MAC addresses obtained by the Layer 2
address learning process to control the flooding of DHCP packets.

Several restrictions apply to DHCP configuration on the MX Series routers:

All statements referring to “option 82” (including circuit information in DHCP relay
messages) are not supported on the MX Series routers.

This feature works for static IP/MAC bindings on the MX Series routers.

The DHCP snooping database table is not restored after a Routing Engine reboot.

The DHCP Discover message is not flooded to the DHCP server when broadband service
aggregator (BSA) and broadband service router (BSR) are provisioned on the same
switch.

79

Copyright © 2013, Juniper Networks, Inc.

See also other documents in the category Juniper Networks Hardware: