- Download PDFs
-
Overriding the Default DHCP Relay Configuration
Overriding the Default DHCP Relay Configuration
You can override certain default DHCP relay agent configuration settings. You can override the settings at the global level and for a named group of interfaces.
To override global default DHCP relay agent configuration options, include the overrides statement and its subordinate statements at the [edit forwarding-options dhcp-relay] hierarchy level. To override DHCP local server configuration options for a named group of interfaces, include the statements at the [edit forwarding-options dhcp-relay group group-name] hierarchy level.
To remove all DHCP relay agent configuration overrides at a particular hierarchy level, include the overrides statement without any subordinate statements.
To override default DHCP relay agent configuration settings:
- Specify that you want to configure override options.
- [edit forwarding-options dhcp-relay]
- user@host# edit overrides
- (Optional) Overwrite the giaddr in DHCP packets the DHCP relay agent forwards.
- (Optional) Override the DHCP relay agent information option (option 82) in DHCP packets.
- (Optional) Override the setting of the broadcast bit in DHCP request packets and use the Layer 2 unicast transmission method.
- (Optional) Trust DHCP client packets that have a giaddr of 0 and that contain option 82 information.
- (Optional) Override ARP table population in distrusted environments.
- (Optional) Override the maximum number of DHCP
clients allowed per interface.
See Specifying the Maximum Number of DHCP Clients Per Interface.
- (Optional) Configure client auto logout.
- (Optional) Disable DHCP relay agent on specific
interfaces.
See Disabling DHCP Relay.
This topic contains the following sections:
Overwriting giaddr Information
You can configure the DHCP relay agent to change the gateway IP address (giaddr) field in packets that it forwards between a DHCP client and a DHCP server.
To overwrite the giaddr of every DHCP packet with the giaddr of the DHCP relay agent before forwarding the packet to the DHCP server:
- Specify that you want to configure override options.
- [edit forwarding-options dhcp-relay]
- user@host# edit overrides
- Specify that the giaddr of DHCP packets
is overwritten.
- [edit forwarding-options dhcp-relay overrides]
- user@host# set always-write-giaddr
Overriding Option 82 Information
You can configure the DHCP relay agent to add or remove the DHCP relay agent information option (option 82) in DHCP packets.
This feature causes the DHCP relay agent to perform one of the following actions, depending on the configuration:
- If the DHCP relay agent is configured to add option 82 information to DHCP packets, it clears the existing option 82 values from the DHCP packets and inserts the new values before forwarding the packets to the DHCP server.
- If the DHCP relay agent is not configured to add option 82 information to DHCP packets, it clears the existing option 82 values from the packets, but does not add any new values before forwarding the packets to the DHCP server.
To override the default option 82 information in DHCP packets destined for a DHCP server:
- Specify that you want to configure override options.
- [edit forwarding-options dhcp-relay]
- user@host# edit overrides
- Specify that the option 82 information
in DHCP packets is overwritten.
- [edit forwarding-options dhcp-relay overrides]
- user@host# set always-write-option-82
Using Layer 2 Unicast Transmission for DHCP Packets
You can configure the DHCP relay agent to override the setting of the broadcast bit in DHCP request packets. DHCP relay agent then instead uses the Layer 2 unicast transmission method to send DHCP Offer reply packets and DHCP ACK reply packets from the DHCP server to DHCP clients during the discovery process.
To override the default setting of the broadcast bit in DHCP request packets:
- Specify that you want to configure override options.
- [edit forwarding-options dhcp-relay]
- user@host# edit overrides
- Specify that the DHCP relay agent uses
the Layer 2 unicast transmission method.
- [edit forwarding-options dhcp-relay overrides]
- user@host# set layer2-unicast-replies
Trusting Option 82 Information
By default, the DHCP relay agent treats client packets with a giaddr of 0 (zero) and option 82 information as if the packets originated at an untrusted source, and drops them without further processing. You can override this behavior and specify that the DHCP relay agent process DHCP client packets that have a giaddr of 0 (zero) and contain option 82 information.
To configure DHCP relay agent to trust option 82 information:
- Specify that you want to configure override options.
- [edit forwarding-options dhcp-relay]
- user@host# edit overrides
- Specify that the DHCP relay agent process
DHCP client packets with a giaddr of 0 and that contain option 82
information.
- [edit forwarding-options dhcp-relay overrides]
- user@host# set trust-option-82
Disabling ARP Table Population
By default, DHCP populates the ARP table with the MAC address of a client when the client binding is established. However, you may choose to use the DHCP no-arp statement to hide the subscriber MAC address information, as it appears in ARP table entries.
When running in a trusted environment (that is, when not using the no-arp statement), DHCP populates the ARP table with unique MAC addresses contained within the DHCP PDU for each DHCP client:
Table 1: ARP Table in Trusted Environment
| IP Address | MAC Address |
|---|---|
|
Client 1 IP Address |
MAC A |
|
Client 2 IP Address |
MAC B |
|
Client 3 IP Address |
MAC C |
In distrusted environments, you can specify the no-arp statement to hide the MAC addresses of clients. When you specify the no-arp statement, DHCP does not automatically populate the ARP table with MAC address information from the DHCP PDU for each client. Instead, the system performs an ARP to obtain the MAC address of each client and obtains the MAC address of the immediately-attached device (for example, a DSLAM). DHCP populates the ARP table with the same interface MAC address (for example, MAC X from a DSLAM interface) for each client:
Table 2: ARP Table in Distrusted Environment
| IP Address | MAC Address |
|---|---|
|
Client 1 IP Address |
MAC X |
|
Client 2 IP Address |
MAC X |
|
Client 3 IP Address |
MAC X |
To disable ARP table population:
- Specify that you want to configure override options.
- Disable ARP table population with client-specific information. (DHCP local server and DHCP relay agent both support the no-arp statement.)
Specifying the Maximum Number of DHCP Clients Per Interface
By default, there is no limit to the number of DHCP local server or DHCP relay clients allowed on an interface. However, you can override the default setting and specify the maximum number of clients allowed per interface, in the range 1 to 500,000. When the number of clients on the interface reaches the specified limit, no additional DHCP Discover PDUs are accepted. When the number of clients subsequently drops below the limit, new clients are again accepted.
 |
Note: The maximum number of DHCP local server clients or DHCP relay clients can also be specified by Juniper Networks VSA 26-143 during client login. The VSA-specified value always takes precedence if the interface-client-limit number statement specifies a different number. If the VSA-specified value differs with each client login, DHCP uses the largest limit set by the VSA until there are no clients on the interface. |
To configure the maximum number of DHCP clients allowed per interface:
- Specify that you want to configure override options.
- Configure the maximum number of clients
allowed per interface. (DHCP local server and DHCP relay agent both
support the interface-client-limit statement.)
- [edit system services dhcp-local-server overrides]
- user@host# set interface-client-limit number
Disabling DHCP Relay
You can disable DHCP relay on all interfaces or a group of interfaces.
To disable DHCP relay agent:
- Specify that you want to configure
override options.
- [edit forwarding-options dhcp-relay]
- user@host# edit overrides
- Disable the DHCP relay agent.
- [edit forwarding-options dhcp-relay overrides]
- user@host# set disable-relay