Configuring DHCP Snooped Packets Forwarding Support for DHCP Relay Agent
You can configure how DHCP relay agent handles DHCP snooped packets. Depending on the configuration, DHCP relay agent either forwards or drops the snooped packets it receives.
DHCP relay uses a two-part configuration to determine how to handle DHCP snooped packets. This topic describes how you use the forward-snooped-clients statement to manage whether DHCP relay agent forwards or drops snooped packets, depending on the type of interface on which the packets are snooped. In the other part of the DHCP relay agent snooping configuration, which is described in Enabling and Disabling DHCP Snooped Packets Support for DHCP Relay Agent, you enable or disable the DHCP relay snooping feature.
Table 1 shows the action the router takes on snooped packets when DHCP snooping is enabled by the allow-snooped-clients statement. Table 2 shows the action the router takes on snooped packets when DHCP snooping is disabled by the no-allow-snooped-clients statement.
The router also uses the configuration of the DHCP relay agent forwarding support to determine how to handle snooped BOOTREPLY packets. Table 3 shows the action the router takes for the snooped BOOTREPLY packets.
 | Note: Configured interfaces have been configured with the group statement in the [edit forwarding-options dhcp-relay] hierarchy. Non-configured interfaces are in the logical system/routing instance but have not been configured by the group statement. |
Table 1: Actions for DHCP Relay Agent Snooped Packets When DHCP Snooping Is Enabled
forward-snooped-clients Configuration | Action on Configured Interfaces | Action on Non-Configured Interfaces |
|---|---|---|
forward-snooped-clients not configured | snooped packets result in subscriber creation | dropped |
all-interfaces | forwarded | forwarded |
configured-interfaces | forwarded | dropped |
non-configured-interfaces | snooped packets result in subscriber creation | forwarded |
Table 2: Actions for DHCP Relay Agent Snooped Packets When DHCP Snooping Is Disabled
forward-snooped-clients Configuration | Action on Configured Interfaces | Action on Non-Configured Interfaces |
|---|---|---|
forward-snooped-clients not configured | dropped | dropped |
all-interfaces | dropped | forwarded |
configured-interfaces | dropped | dropped |
non-configured-interfaces | dropped | forwarded |
Table 3: Actions for Snooped BOOTREPLY Packets
forward-snooped-clients Configuration | Action |
|---|---|
forward-snooped-clients not configured | snooped BOOTREPLY packets dropped if client is not found |
forward-snooped-clients all configurations | snooped BOOTREPLY packets forwarded if client is not found |
To configure DHCP snooped packet forwarding and BOOTREPLY snooped packet forwarding for DHCP relay agent:
- Specify that you want to configure DHCP relay agent. [edit]user@host# edit forwarding-options dhcp-relay
- Enable DHCP snooped packet forwarding.[edit forwarding-options dhcp-relay]user@host# edit forward-snooped-clients
- Specify the interfaces that are supported for snooped
packet forwarding. [edit forwarding-options dhcp-relay forward-snooped-clients]user@host# set (all-interfaces | configured-interfaces | non-configured-interfaces)
For example, to configure DHCP relay agent to forward DHCP snooped packets on only configured interfaces:
