dhcp-relay
Syntax
dhcp-relay { access-profile profile-name; active-server-group server-group-name; authentication { password password-string; username-include { circuit-type; delimiter delimiter-character; domain-name domain-name-string; interface-description (device-interface | logical-interface); interface-name; logical-system-name; mac-address; option-60; option-82 <circuit-id> <remote-id>; routing-instance-name; user-prefix user-prefix-string; vlan-tags; } } dhcpv6 { access-profile profile-name; active-server-group server-group-name; } authentication { password password-string; username-include { circuit-type; client-id; delimiter delimiter-character; domain-name domain-name-string; interface-description (device-interface | logical-interface); interface-name interface-name; logical-system-name; mac-address mac-address; relay-agent-interface-id; relay-agent-remote-id; relay-agent-subscriber-id; routing-instance-name; user-prefix user-prefix-string; vlan-tags; } } duplicate-clients incoming-interface; dynamic-profile profile-name { aggregate-clients (merge | replace); use-primary primary-profile-name; } forward-only { logical-system <current | default | logical-system-name>; routing-instance <current | default | routing-instance-name>; } forward-only-replies; } forward-snooped-clients (all-interfaces | configured-interfaces | non-configured-interfaces); group group-name { access-profile profile-name; active-server-group server-group-name; authentication { password password-string; username-include { circuit-type; client-id; delimiter delimiter-character; domain-name domain-name-string; interface-description (device-interface | logical-interface); interface-name interface-name; logical-system-name; mac-address mac-address; relay-agent-interface-id; relay-agent-remote-id; relay-agent-subscriber-id; routing-instance-name; user-prefix user-prefix-string; vlan-tags; } } dynamic-profile profile-name { aggregate-clients (merge | replace); use-primary primary-profile-name; } forward-only { logical-system <current | default | logical-system-name>; routing-instance <current | default | routing-instance-name>; } interface interface-name { access-profile profile-name; dynamic-profile profile-name { aggregate-clients (merge | replace); use-primary primary-profile-name; } exclude; overrides { allow-snooped-clients; asymmetric-lease-time seconds; asymmetric-prefix-lease-time seconds; client-negotiation-match incoming-interface; delay-authentication; delete-binding-on-renegotiation; dual-stack dual-stack-group-name; interface-client-limit number; no-allow-snooped-clients; no-bind-on-request; relay-source interface-name; send-release-on-delete; } service-profile dynamic-profile-name; short-cycle-protection <lockout-min-time seconds> <lockout-max-time seconds>; trace; upto upto-interface-name; } } lease-time-validation { lease-time-threshold seconds; violation-action action; } overrides { allow-snooped-clients; asymmetric-lease-time seconds; asymmetric-prefix-lease-time seconds; client-negotiation-match incoming-interface; delay-authentication; delete-binding-on-renegotiation; dual-stack dual-stack-group-name; interface-client-limit number; no-allow-snooped-clients; no-bind-on-request; relay-source interface-name; send-release-on-delete; } relay-agent-interface-id { include-irb-and-l2; keep-incoming-interface-id ; no-vlan-interface-name; prefix prefix; use-interface-description (logical | device); use-option-82 <strict>; use-vlan-id; } relay-agent-remote-id { include-irb-and-l2; keep-incoming-interface-id ; no-vlan-interface-name; prefix prefix; use-interface-description (logical | device); use-option-82 <strict>; use-vlan-id; } relay-option { option-number option-number; default-action { drop; forward-only; relay-server-group relay-server-group; } equals (ascii ascii-string | hexadecimal hexadecimal-string) { drop; forward-only; relay-server-group relay-server-group; } starts-with (ascii ascii-string | hexadecimal hexadecimal-string) { drop; forward-only; relay-server-group relay-server-group; } } remote-id-mismatch disconnect; route-suppression; service-profile dynamic-profile-name; short-cycle-protection <lockout-min-time seconds> <lockout-max-time seconds>; } lease-time-validation { lease-time-threshold seconds; violation-action action; } no-snoop; overrides { allow-snooped-clients; asymmetric-lease-time seconds; asymmetric-prefix-lease-time seconds; client-negotiation-match incoming-interface; delay-authentication; delete-binding-on-renegotiation; dual-stack dual-stack-group-name; interface-client-limit number; no-allow-snooped-clients; no-bind-on-request; relay-source interface-name; send-release-on-delete; } relay-agent-interface-id { include-irb-and-l2; keep-incoming-interface-id ; no-vlan-interface-name; prefix prefix; use-interface-description (logical | device); use-option-82 <strict>; use-vlan-id; } elay-agent-remote-id { include-irb-and-l2; keep-incoming-remote-id ; no-vlan-interface-name; prefix prefix; use-interface-description (logical | device); use-option-82 <strict>; use-vlan-id; } relay-option { option-number option-number; default-action { drop; forward-only; relay-server-group relay-server-group; } equals (ascii ascii-string | hexadecimal hexadecimal-string) { drop; forward-only; relay-server-group relay-server-group; } starts-with (ascii ascii-string | hexadecimal hexadecimal-string) { drop; forward-only; relay-server-group relay-server-group; } } relay-option-vendor-specific{ host-name; location; remote-id-mismatch disconnect; route-suppression; server-group { server-group-name { server-ip-address; } } server-response-time seconds; service-profile dynamic-profile-name; short-cycle-protection <lockout-min-time seconds> <lockout-max-time seconds>; } dual-stack-group dual-stack-group-name { access-profile profile-name; authentication { password password-string; username-include { circuit-type; delimiter delimiter-character; domain-name domain-name-string; interface-description (device-interface | logical-interface); interface-name; logical-system-name; mac-address; relay-agent-interface-id; relay-agent-remote-id; routing-instance-name; user-prefix user-prefix-string; vlan-tags; } } classification-key { circuit-id circuit-id; mac-address mac-address; remote-id remote-id; } dual-stack-interface-client-limit number; dynamic-profile profile-name { aggregate-clients (merge | replace); use-primary primary-profile-name; } protocol-primary (inet | inet6); relay-agent-interface-id { include-irb-and-l2; keep-incoming-interface-id ; no-vlan-interface-name; prefix prefix; use-interface-description (logical | device); use-option-82 <strict>; use-vlan-id; } relay-agent-remote-id { include-irb-and-l2; keep-incoming-remote-id ; no-vlan-interface-name; prefix prefix; use-interface-description (logical | device); use-option-82 <strict>; use-vlan-id; } service-profile dynamic-profile-name; short-cycle-protection <lockout-min-time seconds> <lockout-max-time seconds>; } duplicate-clients-in-subnet (incoming-interface | option-82): dynamic-profile profile-name { aggregate-clients (merge | replace); use-primary primary-profile-name; } forward-only { logical-system <current | default | logical-system-name>; routing-instance <current | default | routing-instance-name>; } forward-only-replies; forward-snooped-clients (all-interfaces | configured-interfaces | non-configured-interfaces); group group-name { access-profile profile-name; active-server-group server-group-name; authentication { password password-string; username-include { circuit-type; delimiter delimiter-character; domain-name domain-name-string; interface-description (device-interface | logical-interface); interface-name interface-name; logical-system-name; mac-address; option-60; option-82 [circuit-id] [remote-id]; routing-instance-name; user-prefix user-prefix-string; } vlan-tags; } dynamic-profile profile-name { aggregate-clients (merge | replace); use-primary primary-profile-name; } forward-only { logical-system <current | default | logical-system-name>; routing-instance <current | default | routing-instance-name>; } forward-only { logical-system <current | default | logical-system-name>; routing-instance <current | default | routing-instance-name>; } interface interface-name { access-profile profile-name; exclude; overrides { allow-no-end-option; allow-snooped-clients; always-write-giaddr; always-write-option-82; asymmetric-lease-time seconds; client-discover-match <option60-and-option82 | incoming-interface>; delay-authentication; delete-binding-on-renegotiation; disable-relay; dual-stack dual-stack-group-name; interface-client-limit number; layer2-unicast-replies; no-allow-snooped-clients; no-bind-on-request; proxy-mode; relay-source replace-ip-source-with; send-release-on-delete; trust-option-82; } service-profile dynamic-profile-name; short-cycle-protection <lockout-min-time seconds> <lockout-max-time seconds>; trace; upto upto-interface-name; } overrides { allow-no-end-option allow-snooped-clients; always-write-giaddr; always-write-option-82; asymmetric-lease-time seconds; asymmetric-prefix-lease-time seconds; client-discover-match (option60-and-option82 | incoming-interface); delay-authentication; delete-binding-on-renegotiation; disable-relay; dual-stack dual-stack-group-name; interface-client-limit number; layer2-unicast-replies; no-allow-snooped-clients; no-bind-on-request; proxy-mode; relay-source replace-ip-source-with; send-release-on-delete; trust-option-82; } relay-option { option-number option-number; default-action { drop; forward-only; relay-server-group group-name; } equals (ascii ascii-string | hexadecimal hexadecimal-string) { drop; forward-only; relay-server-group relay-server-group; } starts-with (ascii ascii-string | hexadecimal hexadecimal-string) { drop; forward-only; local-server-group local-server-group; relay-server-group relay-server-group; } } relay-option-82 { circuit-id { prefix prefix; use-interface-description (logical | device); } remote-id { prefix prefix; use-interface-description (logical | device); } server-id-override } remote-id-mismatch disconnect; route-suppression: service-profile dynamic-profile-name; short-cycle-protection <lockout-min-time seconds> <lockout-max-time seconds>; } lease-time-validation { lease-time-threshold seconds; violation-action action; } no-snoop; overrides { allow-no-end-option allow-snooped-clients; always-write-giaddr; always-write-option-82; asymmetric-lease-time seconds; asymmetric-prefix-lease-time seconds; client-discover-match (option60-and-option82 | incoming-interface); delay-authentication; delete-binding-on-renegotiation; disable-relay; dual-stack dual-stack-group-name; interface-client-limit number; layer2-unicast-replies; no-allow-snooped-clients; no-bind-on-request; proxy-mode; relay-source replace-ip-source-with; send-release-on-delete; trust-option-82; } relay-option { option-number option-number; default-action { drop; forward-only; relay-server-group group-name; } equals (ascii ascii-string | hexadecimal hexadecimal-string) { drop; forward-only; relay-server-group relay-server-group; } starts-with (ascii ascii-string | hexadecimal hexadecimal-string) { drop; forward-only; local-server-group local-server-group; relay-server-group relay-server-group; } } relay-option-82 { circuit-id { prefix prefix; use-interface-description (logical | device); } remote-id { prefix prefix; use-interface-description (logical | device); } server-id-override } } remote-id-mismatch disconnect; route-suppression: server-group { server-group-name { server-ip-address; } } server-response-time seconds; service-profile dynamic-profile-name; short-cycle-protection <lockout-min-time seconds> <lockout-max-time seconds>; }
Hierarchy Level
[edit forwarding-options], [edit logical-systems logical-system-name forwarding-options], [edit logical-systems logical-system-name routing-instances routing-instance-name forwarding-options], [edit routing-instances routing-instance-name forwarding-options]
Description
Configure extended Dynamic Host Configuration Protocol (DHCP) relay and DHCPv6 relay options on the router or switch to enable the router (or switch) to function as a DHCP relay agent. A DHCP relay agent forwards DHCP request and reply packets between a DHCP client and a DHCP server.
DHCP relay supports the attachment of dynamic profiles and also interacts with the local AAA Service Framework to use back-end authentication servers, such as RADIUS, to provide subscriber authentication or client authentication. You can attach dynamic profiles and configure authentication support on a global basis or for a specific group of interfaces.
The extended DHCP and DHCPv6 relay agent options
configured with the dhcp-relay
and dhcpv6
statements
are incompatible with the DHCP/BOOTP relay agent options configured
with the bootp
statement. As a result, the extended DHCP
or DHCPv6 relay agent and the DHCP/BOOTP relay agent cannot both be
enabled on the router (or switch) at the same time.
The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.