MX Series Router as a Layer 2 DHCP Relay Agent

DHCP servers and relay agents have a level of trust in the MAC addresses used in DHCP client queries. A hacker can spoof invalid MAC addresses and overwhelm the server or relay agent with flooded traffic. Or the hacker can try to determine other information, such as the IP address range used by devices on the network. The DHCP process should only trust MAC addresses that are valid for a particular network.

You can configure the MX Series router to use MAC addresses obtained by the Layer 2 address learning process to control the flooding of DHCP packets.

• All statements referring to “option 82” (including circuit information in DHCP relay messages) are not supported on the MX Series routers.
• This feature works for static IP/MAC bindings on the MX Series routers.
• The DHCP snooping database table is not restored after a Routing Engine reboot.
• The DHCP Discover message is not flooded to the DHCP server when broadband service aggregator (BSA) and broadband service router (BSR) are provisioned on the same switch.

For more information on configuring DHCP, see the Junos OS Subscriber Access Configuration Guide .