Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Example: Preventing Installation of Host Routes
This example describes the configuration of a DHCP relay to prevent installation of host routes.
Requirements
This example uses the following software and hardware components:
- JunosE Release 7.1.0 or higher-numbered releases
- E Series router (ERX7xx models, ERX14xx models, the ERX310 router, the E120 router, or the E320 router)
- ASIC-based line modules that support Fast Ethernet or Gigabit Ethernet
Overview
This example describes a sample procedure for configuring multiple subscribers over a particular static subscriber interface (ip53001 in this example)—you might use commands similar to the following to create demultiplexer table entries and a subnet route that points to the static subscriber interface.
In the example, the host routes are associated with the primary IP interface on Gigabit Ethernet 1/0. Because the host routes are statically configured with the subscriber interface, there is no need for the router to install DHCP host routes. Therefore, in step 7, the set dhcp relay inhibit-access-route-creation command is used to prevent DHCP relay from installing host routes.
In the example, if you do not prevent DHCP relay from installing host routes, the ARP spoof-checking mechanism associates the ARP traffic with the primary IP interface (Gigabit Ethernet 1/0), although packets actually arrive on the subscriber interface (ip53001), causing the router to detect a spoof and drop the packet.
Configuring DHCP Relay to Prevent Installation of Host Routes
Step-by-Step Procedure
This example describes how you can configure the DHCP relay to not install host routes:
- Create a shared IP interface.host1(config)#interface ip ip53001
- Associate the shared IP interface with a static layer
2 interface.host1(config-if)#ip share-interface gigabitEthernet 1/0
- Make the shared interface an unnumbered interface.host1(config-if)#ip unnumbered loopback 53
- Specify the source addresses that the subscriber interface
uses to demultiplex traffic.host1(config-if)#ip source-prefix 10.10.10.0 255.255.255.252
- Exit Interface Configuration mode.host1(config-if)#exit
- Create a static route that sends traffic for destination
address 10.10.10.0 to subscriber interface ip53001.host1(config)#ip route 10.10.10.0 255.255.255.252 ip ip53001
- Prevent DHCP relay from installing host
routes—this avoids a conflict that can cause undesirable ARP
behavior. host1(config)#set dhcp relay inhibit-access-route-creation
