 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
See the following sections:
-
dhcp-relay {
-
-
authentication {
-
password password-string;
-
-
username-include {
-
circuit-type;
-
delimiter delimiter-character;
-
domain-name domain-name-string;
-
logical-system-name;
-
mac-address;
-
option-60;
-
option-82 [circuit-id]
[remote-id];
-
routing-instance-name;
-
user-prefix user-prefix-string;
- }
- }
-
-
overrides {
-
always-write-giaddr;
-
always-write-option-82;
-
layer2-unicast-replies;
-
trust-option-82;
-
disable-relay;
- }
-
-
relay-option-60 {
-
-
vendor-option {
-
- (equals | starts-with) (ascii match-string | hexadecimal match-hex) {
- (relay-server-group server-group-name | local-server-group local-server-group-name | drop);
- }
- (default-relay-server-group server-group-name | default-local-server-group local-server-group-name | drop);
- }
- }
-
-
relay-option-82 {
-
-
circuit-id {
-
prefix host-name logical-system-name
routing-instance-name;
- }
- }
-
-
server-group {
-
-
server-group-name {
-
server-ip-address;
- }
- }
-
-
active-server-group server-group-name;
-
-
group group-name {
-
-
active-server-group server-group-name;
-
-
authentication {
-
password password-string;
-
-
username-include {
-
circuit-type;
-
delimiter delimiter-character;
-
domain-name domain-name-string;
-
logical-system-name;
-
mac-address;
-
option-60;
-
option-82 [circuit-id]
[remote-id];
-
routing-instance-name;
-
user-prefix user-prefix-string;
- }
- }
-
-
overrides {
-
always-write-giaddr;
-
always-write-option-82;
-
layer2-unicast-replies;
-
trust-option-82;
-
disable-relay;
- }
-
-
relay-option-60 {
-
-
vendor-option {
-
- (equals | starts-with) (ascii match-string | hexadecimal match-hex) {
- (relay-server-group server-group-name |
-
local-server-group local-server-group-name |
-
drop);
- }
- (default-relay-server-group server-group-name |
-
default-local-server-group local-server-group-name |
-
drop);
- }
- }
-
-
relay-option-82 {
-
-
circuit-id {
-
prefix host-name logical-system-name
routing-instance-name;
- }
- }
-
-
interface interface-name [upto upto-interface-name] [exclude];
- }
-
-
traceoptions {
- flag all;
- flag database;
- flag state;
- flag interface;
- flag rtsock;
- flag packet;
- flag packet-option;
- flag io;
- flag ha;
- flag ui;
- flag general;
- flag fwd;
- flag rpd;
-
- file file-name {
- <files number>;
- <size maximum-file-size>;
- <match regex>;
- <world-readable | no-world-readable>;
- }
- }
- }
- [edit forwarding-options],
- [edit logical-systems logical-system-name forwarding-options],
- [edit logical-systems logical-system-name routing-instances routing-instance-name forwarding-options],
- [edit routing-instances routing-instance-name forwarding-options]
Statement introduced in JUNOS Release 8.3.
traceoptions option introduced in JUNOS Release 8.5.
relay-option-60 option introduced in JUNOS Release 9.0.
authentication option introduced in JUNOS Release 9.1.
Configure extended Dynamic Host Configuration Protocol (DHCP) relay options on the router and enable the router to function as a DHCP relay agent. A DHCP relay agent forwards DHCP request and reply packets between a DHCP client and a DHCP server.
The extended DHCP relay agent options configured with the dhcp-relay statement are incompatible with the DHCP/BOOTP relay agent options configured with the bootp statement. As a result, the extended DHCP relay agent and the DHCP/BOOTP relay agent cannot both be enabled on the router at the same time.
The extended DHCP relay interacts with the local AAA service framework to use back-end authentication servers, such as RADIUS, to provide subscriber authentication. You can configure authentication support on a global basis or for a specific group of interfaces.
The statements are explained separately.
See Configuring the Extended DHCP Relay Agent and Using External AAA Authentication Services.
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
-
dhcp-relay {
-
-
group group-name {
-
-
interface interface-name];
- }
- }
- [edit routing-instances routing-instance-name forwarding-options],
- [edit routing-instances routing-instance-name bridge-domain bridge-domain-name forwarding-options]
Statement supported on MX-series routers starting in JUNOS Release 9.4.
Configure Dynamic Host Configuration Protocol (DHCP) snooping on the router. When acting as a snooping agent, the MX-series router typically is located between the client and the DHCP relay agent. It creates filters by “snooping” DHCP messages and binding DHCP-issued IP addresses to the MAC address of the client. These filters help prevent DHCP spoofing.
Configure DHCP snooping by including the appropriate interfaces in the DHCP relay configuration.
The statements are explained separately.
See Preventing DHCP Spoofing (MX-series Routers Only).
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |