Technical Documentation

Configuring a Token for DHCP Local Server Authentication

You can configure the local server to include a constant, unencoded token in the DHCP forcerenew message as part of the authentication option it sends to clients. The client compares the received token with a token already configured on the client. If the tokens do not match, the DHCP client discards the forcerenew message. Use of the token provides rudimentary protection against inadvertently instantiated DHCP servers.

(Optional) To configure the DHCP local server to include a token in the forcerenew message sent to the client, for all clients:

  • Specify the token
    [edit system services dhcp-local-server reconfigure]user@host# set token 8ysIU9E32k8r

To override the global configuration for a particular group of clients, include the statement at the [edit system services dhcp-local-server group group-name reconfigure] hierarchy level.

Published: 2010-04-15