Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Preventing DHCP Relay from Installing Host Routes by Default

    The Address Resolution Protocol (ARP) performs spoof checking on all incoming ARP requests by default. For each incoming packet, ARP does a route lookup on the source IP address to determine the interface on which that IP address was routed. ARP then verifies that the interface on which the packet was received matches the routed interface. If the interface on which the packet was received does not match the routed interface, the router drops the packet.

    When you configure applications such as DHCP relay that automatically install routes, you must ensure that the routes are correctly installed for your configuration. DHCP relay installs host routes by default, which is required in certain configurations to enable address renewals from the DHCP server to work properly. However, the default installation of host routes might cause a conflict when you configure DHCP relay with static subscriber interfaces. To avoid these configuration conflicts, use the set dhcp relay inhibit-access-route-creation command to prevent DHCP relay from installing host routes by default. The command enforces consistent state of the route and client database.

    In relay mode, this command removes all installed host routes from IP, deletes all host routes from mirrored storage and NVS, and stops accumulating host route information.

    In relay proxy mode, this command removes all installed host routes from IP, deletes all NVS client data, and stops installing host routes for newly bound clients in IP. However, it does preserve the client data in mirrored storage and continues preservation of newly bound clients in mirrored storage.

    The no set dhcp relay inhibit-access-route-creation command enforces consistent state of the route and client database. In relay proxy mode, after the unified ISSU is completed and normal operations resume, this command installs a host route for all existing bound clients in IP and saves it in NVS.

    Published: 2014-08-20