Interfaces; Dhcp Clients - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12 Configuration Manual

JunosE 11.3.x Broadband Access Configuration Guide
Using the Giaddr to Identify the Primary Interface for Dynamic Subscriber Interfaces
Configuring Layer 2 Unicast Transmission Method for Reply Packets to DHCP Clients
498
Include either or both of the agent-circuit-id (suboption 1) and agent-remote-id
(suboption 2) suboptions of the DHCP relay agent information option, with or without
the NAS-Identifier [32] RADIUS attribute.
Append the agent-circuit-id suboption value to an interface specifier that is consistent
with the recommended format in the DSL Forum Technical Report (TR)-101—Migration
to Ethernet-Based DSL Aggregation (April 2006).
For information about configuring the PPPoE remote circuit ID, see the Using the PPPoE
Remote Circuit ID to Identify Subscribers and Configuring PPPoE Remote Circuit ID Capture
sections in JunosE Link Layer Configuration Guide .
When creating dynamic subscriber interfaces, the router builds the dynamic interfaces
on the associated primary interface. By default, the router identifies the primary interface
based on the interface on which DHCP client discover packets are received. The router
then builds all dynamic interfaces on that primary interface.
In some cases you might want more control over the determination of the primary interface
and you might not want to use the primary interface that is determined by the default
behavior. The JunosE Software enables you to configure DHCP relay to use information
in the giaddr in DHCP ACK messages to specify which interface is to be used as the
primary interface. This capability allows you to build dynamic interfaces on the primary
interface of your choice.
To use information in the giaddr to identify the primary interface for dynamic subscriber

interfaces:

host1(config)#set dhcp relay giaddr-selects-interface
By default, DHCP relay and relay proxy broadcast DHCP Offer reply packets and DHCP
ACK and NAK reply packets to DHCP clients during the discovery process. In some
environments, this default broadcast method might be a security concern because all
clients can receive packets intended for all other clients.
You use the set dhcp relay layer2-unicast-replies command in Global Configuration
mode to configure the optional layer 2 unicast and layer 3 broadcast transmission method
for DHCP relay and DHCP relay proxy. This method uses the client's layer 2 (MAC) address
and layer 3 (IP) broadcast address to provide secure transmission of DHCP Offer reply
packets and ACK and NAK reply packets. The optional layer 2 unicast method enables
reply packets to be broadcast through the layer 3 network but received only by the
specified client.
There are exceptions to this behavior for DHCP relay proxy when the DHCP client is
already bound to an IP address or is renewing the lease on its IP address. For information,
see "Behavior for Bound Clients and Address Renewals" on page 517.
To display whether the layer 2 unicast method is currently on or off on the router, use the
show dhcp relay command. For information, see "Monitoring and Troubleshooting DHCP"
on page 533.
Copyright © 2010, Juniper Networks, Inc.