Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Setting Up DHCP Option 82 with the Switch as a Relay Agent Between Clients and DHCP Server (CLI Procedure)

 

You can use DHCP option 82, also known as the DHCP relay agent information option, to help switches against attacks such as spoofing (forging) of IP addresses and MAC addresses, and DHCP IP address starvation. Option 82 provides information about the network location of a DHCP client, and the DHCP server uses this information to implement IP addresses or other parameters for the client.

You can configure the DHCP option 82 feature in two topologies:

  • The switch functions as a relay agent when the DHCP clients or the DHCP server is connected to the switch through a Layer 3 interface. On the switch, these interfaces are configured as routed VLAN interfaces, or RVIs. The switch relays the clients' requests to the server and then forwards the server's replies to the clients. This topic describes this configuration. The configuration for this topology is the same regardless of whether your switch is running Junos OS for EX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style or not.

  • The switch, DHCP clients, and DHCP server are all on the same VLAN. The switch forwards the clients' requests to the server and forwards the server's replies to the clients. This configuration for this topology differs if your switch is running Junos OS for EX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style.

Before you configure DHCP option 82 on the switch, perform these tasks:

  • Connect and configure the DHCP server.

    Note

    Your DHCP server must be configured to accept DHCP option 82. If the server is not configured for DHCP option 82, the server does not use the DHCP option 82 information in the requests sent to it when it formulates its reply messages.

  • Configure the VLAN on the switch and associate the interfaces on which the clients connect to the switch with that VLAN.

  • Configure the routed VLAN interface (RVI) to allow the switch to relay packets to the server and receive packets from the server. See Configuring Routed VLAN Interfaces on Switches (CLI Procedure) or Configuring IRB Interfaces on Switches for the QFX Series.

  • Configure the switch as a BOOTP relay agent. See DHCP/BOOTP Relay for Switches Overview.

To configure DHCP option 82:

Note

Replace values displayed in italics with values for your configuration.

  1. Specify DHCP option 82 for the BOOTP server:

    • On all interfaces that connect to the server:

      [edit forwarding-options helpers bootp]

      user@switch# set dhcp-option82
    • On a specific interface that connects to the server:

      [edit forwarding-options helpers bootp]

      user@switch# set interface ge-0/0/10 dhcp-option82




      The remaining steps are optional. They show configurations for all interfaces; include the specific interface designation to configure any of the following options on a specific interface:

  2. To configure a prefix for the circuit ID suboption (the prefix is always the hostname of the switch):
    [edit forwarding-options helpers bootp]

    user@switch# set dhcp-option82 circuit-id prefix hostname


  3. To specify that the circuit ID suboption value should contain the interface description rather than the interface name (the default):
    [edit forwarding-options helpers bootp]

    user@switch# set dhcp-option82 circuit-id use-interface-description
    Note

    When you use the interface description rather than the interface name, the interface description has to be specified under interface unit ("set interfaces ge-0/0/0 unit 0 description "client"). If you do not do this, then the interface name is used.



  4. To specify that the circuit ID suboption value should contain the VLAN ID rather than the VLAN name (the default):
    [edit forwarding-options helpers bootp]

    user@switch# set dhcp-option82 circuit-id use-vlan-id


  5. To specify that the remote ID suboption be included in the DHCP option 82 information:
    [edit forwarding-options helpers bootp]

    user@switch# set dhcp-option82 remote-id


  6. To configure a prefix for the remote ID suboption (here, the prefix is the MAC address of the switch):
    [edit forwarding-options helpers bootp]

    user@switch# set dhcp-option82 remote-id prefix mac


  7. To specify that the prefix for the remote ID suboption be the hostname of the switch rather than the MAC address of the switch (the default):
    [edit forwarding-options helpers bootp]

    user@switch# set dhcp-option82 remote-id prefix hostname


  8. To specify that the remote ID suboption value should contain the interface description:
    [edit forwarding-options helpers bootp]

    user@switch# set dhcp-option82 remote-id use-interface-description


  9. To specify that the remote ID suboption value should contain a character string:
    [edit forwarding-options helpers bootp]

    user@switch# set dhcp-option82 remote-id use-string mystring


  10. To configure a vendor ID suboption and use the default value (the default value is Juniper), do not type a character string after the vendor-id option keyword:
    [edit forwarding-options helpers bootp]

    user@switch# set dhcp-option82 vendor-id


  11. To specify that the vendor ID suboption value contains a character string value that you specify rather than Juniper (the default):
    [edit forwarding-options helpers bootp]

    user@switch# set dhcp-option82 vendor-id mystring


To view results of the configuration steps before committing the configuration, type the show command at the user prompt.

To commit these changes to the active configuration, type the commit command at the user prompt.