Example: Preventing Installation of Host Routes

This example describes the configuration of a DHCP relay to prevent installation of host routes.

Requirements

This example uses the following software and hardware components:

Overview

This example describes a sample procedure for configuring multiple subscribers over a particular static subscriber interface (ip53001 in this example)—you might use commands similar to the following to create demultiplexer table entries and a subnet route that points to the static subscriber interface.

In the example, the host routes are associated with the primary IP interface on Gigabit Ethernet 1/0. Because the host routes are statically configured with the subscriber interface, there is no need for the router to install DHCP host routes. Therefore, in step 7, the set dhcp relay inhibit-access-route-creation command is used to prevent DHCP relay from installing host routes.

In the example, if you do not prevent DHCP relay from installing host routes, the ARP spoof-checking mechanism associates the ARP traffic with the primary IP interface (Gigabit Ethernet 1/0), although packets actually arrive on the subscriber interface (ip53001), causing the router to detect a spoof and drop the packet.

Configuring DHCP Relay to Prevent Installation of Host Routes

Step-by-Step Procedure

This example describes how you can configure the DHCP relay to not install host routes:

  1. Create a shared IP interface.
    host1(config)#interface ip ip53001
  2. Associate the shared IP interface with a static layer 2 interface.
    host1(config-if)#ip share-interface gigabitEthernet 1/0
  3. Make the shared interface an unnumbered interface.
    host1(config-if)#ip unnumbered loopback 53
  4. Specify the source addresses that the subscriber interface uses to demultiplex traffic.
    host1(config-if)#ip source-prefix 10.10.10.0 255.255.255.252
  5. Exit Interface Configuration mode.
    host1(config-if)#exit
  6. Create a static route that sends traffic for destination address 10.10.10.0 to subscriber interface ip53001.
    host1(config)#ip route 10.10.10.0 255.255.255.252 ip ip53001
  7. Prevent DHCP relay from installing host routes—this avoids a conflict that can cause undesirable ARP behavior.
    host1(config)#set dhcp relay inhibit-access-route-creation

Related Documentation