Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Preventing Installation of Host Routes

    This example describes the configuration of a DHCP relay to prevent installation of host routes.


    This example uses the following software and hardware components:

    • JunosE Release 7.1.0 or higher-numbered releases
    • E Series router (ERX7xx models, ERX14xx models, the ERX310 router, the E120 router, or the E320 router)
    • ASIC-based line modules that support Fast Ethernet or Gigabit Ethernet


    This example describes a sample procedure for configuring multiple subscribers over a particular static subscriber interface (ip53001 in this example)—you might use commands similar to the following to create demultiplexer table entries and a subnet route that points to the static subscriber interface.

    In the example, the host routes are associated with the primary IP interface on Gigabit Ethernet 1/0. Because the host routes are statically configured with the subscriber interface, there is no need for the router to install DHCP host routes. Therefore, in step 7, the set dhcp relay inhibit-access-route-creation command is used to prevent DHCP relay from installing host routes.

    In the example, if you do not prevent DHCP relay from installing host routes, the ARP spoof-checking mechanism associates the ARP traffic with the primary IP interface (Gigabit Ethernet 1/0), although packets actually arrive on the subscriber interface (ip53001), causing the router to detect a spoof and drop the packet.

    Configuring DHCP Relay to Prevent Installation of Host Routes

    Step-by-Step Procedure

    This example describes how you can configure the DHCP relay to not install host routes:

    1. Create a shared IP interface.
      host1(config)#interface ip ip53001
    2. Associate the shared IP interface with a static layer 2 interface.
      host1(config-if)#ip share-interface gigabitEthernet 1/0
    3. Make the shared interface an unnumbered interface.
      host1(config-if)#ip unnumbered loopback 53
    4. Specify the source addresses that the subscriber interface uses to demultiplex traffic.
      host1(config-if)#ip source-prefix
    5. Exit Interface Configuration mode.
    6. Create a static route that sends traffic for destination address to subscriber interface ip53001.
      host1(config)#ip route ip ip53001
    7. Prevent DHCP relay from installing host routes—this avoids a conflict that can cause undesirable ARP behavior.
      host1(config)#set dhcp relay inhibit-access-route-creation

    Published: 2014-08-20