For platforms with ELS:[edit vlans vlan-name forwarding-options dhcp-security],[edit forwarding-options dhcp-relay ]
For platforms without ELS:
Statement introduced in Junos OS Release 9.0.
Hierarchy level [edit vlans vlan-name forwarding-options dhcp-security] introduced in Junos OS Release 13.2X50-D10. (See Using the Enhanced Layer 2 Software CLI for information about ELS.)
Perform dynamic ARP inspection (DAI) on all VLANs or on the specified VLAN.
When DAI is enabled, the switch logs invalid ARP packets that it receives on each interface, along with the sender’s IP and MAC addresses. ARP probe packets, which have the sender IP address 0.0.0.0, are validated by DAI.
If you configure DAI at the [edit vlans vlan-name forwarding-options dhcp-security] hierarchy level:
DAI can be configured only for a specific VLAN, not for a list or a range of VLAN IDs.
DHCP snooping is automatically enabled on the specified VLAN.
The forwarding-class statement is not available at the [edit vlans vlan-name forwarding-options dhcp-security] hierarchy level.
See Enabling Dynamic ARP Inspection (ELS) for more information about this configuration.
On EX9200 switches, DAI is not supported in an MC-LAG scenario.
The remaining statement is explained separately.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.