/
Configuring DHCP Relay and DHCP Snooping together

Configuring DHCP Relay and DHCP Snooping together

Owned by Tracy Yang (Unlicensed)
Dec 16, 2018

By configuring DHCP relay and DHCP snooping together for ARP snooping defense, about DHCP relay configuration please refer to Configuring DHCP Relay, about DHCP snooping configuration please refer to Configuring DHCP Snooping.

If we configure the DHCP relay and DHCP snooping together, the mapping table of DHCP snooping will be synchronized to ARP inspection table to validate ARP packets in a network, please refer to Dynamic ARP Inspection for detail of ARP inspection table .

Configuration example

Networking Requirements

  • The IP address of the ge-1/1/1 interface of Pica8 Switch is 100.1.1.1/24 and belongs to VLAN 100, and enable DHCP relay function on VLAN 100.
  • The IP address of the ge-1/1/2 interface of Pica8 Switch is 200.1.1.1/24 and belongs to VLAN 200, and configure the interface as the DHCP snooping trusted interface.
  • Enable DHCP snooping on VLAN 100.
  • The IP address of DHCP server is 200.1.1.10.


Procedure

Step 1.   Configure VLAN.

       admin@XorPlus#set vlans vlan-id 100
       admin@XorPlus#set vlans vlan-id 200
       admin@XorPlus#set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 100
       admin@XorPlus#set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 200
       admin@XorPlus#set vlan-interface interface vlan-100 vif vlan-100 address 100.1.1.1 prefix-length 24
       admin@XorPlus#set vlan-interface interface vlan-200 vif vlan-200 address 200.1.1.1 prefix-length 24
       admin@XorPlus#set vlans vlan-id 100 l3-interface vlan-100
       admin@XorPlus#set vlans vlan-id 200 l3-interface vlan-200

Step 2.   Enable DHCP relay on VLAN 100.

       admin@XorPlus#set protocols dhcp relay vlan-interface vlan-100 disable false

Step 3.   Configure the IP address of DHCP server as 200.1.1.10.

       admin@XorPlus#set protocols dhcp relay vlan-interface vlan-100 dhcp-server-address1 200.1.1.10

Step 4.   Enable DHCP snooping.

       admin@XorPlus# set protocols dhcp snooping disable false

Step 5.   Configure DHCP snooping on VLAN 100.

       admin@XorPlus#set protocols dhcp snooping vlan 100

NOTE: 
The VLAN that enabling DHCP snooping needs to be configured as the VLAN to which the interface connected to the host.

Step 6.   Configure the interface ge-1/1/2 as  DHCP snooping trusted interface.

       admin@XorPlus#set protocols dhcp snooping port ge-1/1/2 trust true

Step 7.   Commit the configuration.

       admin@XorPlus# commit

Step 8.   Verify the configuration.

  • After the configuration is complete, run the show protocols dhcp command to view the configuration.

        admin@Xorplus# show protocols dhcp       

            relay {        

        vlan-interface vlan-100 {            

          dhcp-server-address1: 200.1.1.10         

                        }    

                     }     

                     snooping {         

                 disable: false     

                      } 

  • Run the run show dhcp snooping command to view the infomation of DHCP snooping binding table.

        admin@XorPlus# run show dhcp snooping
        Total count: 1
        MAC Address            IP Address         Port        VLAN ID VLAN Interface
        ------------------------ ------------------- ---------------- ------------- --------------------
        00:1d:09:fa:a1:b4      100.1.1.11      ge-1/1/1          100        vlan-100

Copyright © 2025 Pica8 Inc. All Rights Reserved.