Configuring the Layer 2 Unicast Transmission Method for Reply Packets to DHCP Clients

By default, DHCP relay and relay proxy broadcast DHCP Offer reply packets and DHCP ACK and NAK reply packets to DHCP clients during the discovery process. In some environments, this default broadcast method might be a security concern because all clients can receive packets intended for all other clients.

You use the set dhcp relay layer2-unicast-replies command in Global Configuration mode to configure the optional layer 2 unicast and layer 3 broadcast transmission method for DHCP relay and DHCP relay proxy. This method uses the client’s layer 2 (MAC) address and layer 3 (IP) broadcast address to provide secure transmission of DHCP Offer reply packets and ACK and NAK reply packets. The optional layer 2 unicast method enables reply packets to be broadcast through the layer 3 network but received only by the specified client.

There are exceptions to this behavior for DHCP relay proxy when the DHCP client is already bound to an IP address or is renewing the lease on its IP address. For information, see in .

To display whether the layer 2 unicast method is currently on or off on the router, use the show dhcp relay command. For information, see the Behavior for Bound Clients and Address Renewals section in Managing Host Routes Using DHCP Relay Proxy.

The dhcpRelayGeneral logging event category uses the debug severity level to log DHCP reply packets that are transmitted to clients using a layer 2 unicast address and a layer 3 broadcast address.

The set dhcp relay broadcast-flag-replies command configures the router to use the setting of the broadcast flag in DHCP request packets to control the transmission of DHCP reply packets. The set dhcp relay layer2-unicast-replies command and the set dhcp relay broadcast-flag-replies command are mutually exclusive. For more information, see Interaction of DHCP Relay Broadcast Flag with the Layer 2 Unicast Transmission Method.

Note: When you enable the layer 2 unicast transmission feature, the DHCP relay and DHCP relay proxy instance must be the next hop from the DHCP clients. Otherwise, the DHCP reply packets might be discarded. The layer 2 unicast transmission method is not supported on non-ASIC line modules.

• To configure the optional broadcast transmission method:
  host1(config)#set dhcp relay layer2-unicast-replies