DHCP Relay and MX-series Overview

The Dynamic Host Configuration Protocol (DHCP) is used by a DHCP client (host) to determine Layer 3 information (such as an IP address) from a DHCP server. DHCP uses the client’s MAC (Layer 2) address to query the server. A router can be used as a DHCP relay agent to pass the query on to a server while the router appears to reply to the client. You can configure an MX-series router to act as a DHCP relay agent. The MX-series router configuration at Layer 2 accesses the Layer 3 information with DHCP snooping.

DHCP servers and relay agents have a level of trust in the MAC addresses used in DHCP client queries. A hacker can spoof invalid MAC addresses and overwhelm the server or relay agent with flooded traffic. Or the hacker can try to determine other information, such as the IP address range used by devices on the network. The DHCP process should only trust MAC addresses that are valid for a particular network.

You can configure the MX-series router to use MAC addresses obtained by the Layer 2 address learning process to control the flooding of DHCP packets.

Several restrictions apply to DHCP configuration on the MX-series routers:

• All statements referring to “option 82” (including circuit information in DHCP relay messages) are not supported on the MX-series routers.
• This feature works for static IP/MAC bindings on the MX-series routers.
• The DHCP snooping database table is not restored after a Routing Engine reboot.
• The DHCP Discover message is not flooded to the DHCP server when broadband service aggregator (BSA) and broadband service router (BSR) are provisioned on the same switch.

For more information on configuring DHCP, see the JUNOS Software Subscriber Access Configuration Guide.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.