Table of Contents
Advertisement
JunosE 11.2.x Broadband Access Configuration Guide
Using the Broadcast Flag Setting to Control Transmission of DHCP Reply Packets
486
all giaddrs (including valid giaddrs) that are received from downstream network elements,
use the set dhcp relay override command with the giaddr keyword. DHCP relay then
takes control of the client, adding its own giaddr to the packets before forwarding the
packets to the DHCP server.
Spoofed relay agent options are a concern if the giaddr is not null, or if it is null and the
DHCP relay is operating in the trust-all method. In these two situations, DHCP relay always
honors the relay agent option value in received DHCP packets.
To protect against spoofed giaddrs and relay agent option values:
host1(config)#set dhcp relay override agent-option
DHCP relay then overrides all relay agent option values that are received from
downstream network elements, performing one of the following actions:
If the DHCP relay is configured to add relay agent option 82 to the packets, it clears
the existing option 82 values and inserts the new values.
If the DHCP relay is not configured to add relay agent option 82, it clears the existing
option values but does not add any new values.
Each DHCP request packet includes a broadcast flag that, if set, specifies how to transmit
DHCP Offer reply packets and DHCP ACK and NAK reply packets to DHCP clients during
the discovery process. To configure DHCP relay and DHCP relay proxy to use the setting
of the broadcast flag to control the transmission of DHCP Offer, DHCP ACK, and DHCP
NAK reply packets, use the set dhcp relay broadcast-flag-replies command from Global
Configuration mode.
When you issue the set dhcp relay broadcast-flag-replies command, the method that
DHCP relay and DHCP relay proxy use to transmit DHCP Offer reply packets and ACK
and NAK reply packets depends on whether the broadcast flag in the DHCP request
packet is set or not set, as follows:
If the broadcast flag is set in the DHCP request packet, using the set dhcp relay
broadcast-flag-replies command causes DHCP relay and DHCP relay proxy to
broadcast DHCP reply packets to clients.
If the broadcast flag is not set in the DHCP request packet, using the set dhcp relay
broadcast-flag-replies command causes DHCP relay and DHCP relay proxy to use
the layer 2 unicast transmission method to send DHCP reply packets using the client's
layer 2 (MAC) address and layer 3 (IP) unicast address.
There are exceptions to this behavior for DHCP relay proxy when the DHCP client is
already bound to an IP address or is renewing the lease on its IP address. For information,
see "Behavior for Bound Clients and Address Renewals" on page 509.
To display whether support for broadcast flag replies is currently on or off on the router,
use the show dhcp relay command. For information, see "Monitoring and Troubleshooting
DHCP" on page 525.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Troubleshooting
