/
Typical Configuration Example for DHCP Relay and DHCP Snooping

Typical Configuration Example for DHCP Relay and DHCP Snooping


Networking Requirements

As shown in figure 5, Switch 1 is a Layer 2 device and Switch 2 is the gateway that acts as a DHCP relay agent to forward DHCP packets between DHCP client and DHCP server, allowing the DHCP client to get configuration parameters such as IP address from the DHCP server.

In order to provide better service to DHCP clients, network administrator can configure DHCP snooping feature on Switch 1 to implement DHCP attack prevention.

Figure 1 User Topology of DHCP Snooping and DHCP Relay

Configure the DHCP Snooping and DHCP Relay by completing the following tasks on each Switch 1 and Switch 2:

  • Switch 1 is a Layer 2 device, the interfaces ge-1/1/1 and ge-1/1/2 belong to VLAN 100.
  • On Switch 1, enable DHCP snooping in VLAN 100 and configure the interface ge-1/1/2 as the DHCP snooping trust interface.
  • On Switch 2, ge-1/1/1 interface belongs to VLAN 100, the IP address of the associated L3 VLAN interface is 10.10.1.1/24; ge-1/1/2 interface belongs to VLAN 200, the IP address of the associated L3 VLAN interface is 10.20.1.1/24.
  • Enable DHCP relay on Switch 2 on the L3 VLAN interface VLAN100.
  • DHCP server and DHCP relay agent are in the same subnet. The IP address of the DHCP server is 10.20.1.100.

Procedure

Switch 1

Step 1        Configure the VLANs.

admin@Switch1# set vlans vlan-id 100
admin@Switch1# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 100
admin@Switch1# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 100

Step 2        Enable DHCP snooping on VLAN 100.

admin@Switch1#set protocols dhcp snooping vlan 100 disable false


NOTE:

The DHCP snooping function is only practicable to the clients directly connected to the local L2 domain, rather than connected through a router.

Step 3        Configure the interface ge-1/1/2 as DHCP snooping trust interface.

admin@Switch1# set protocols dhcp snooping trust-port ge-1/1/2

Step 4        Commit the configuration.

admin@Switch1# commit

Switch 2

Step 1        Configure the VLANs.

admin@Switch2# set vlans vlan-id 100
admin@Switch2# set vlans vlan-id 200
admin@Switch2# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 100
admin@Switch2# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 200
admin@Switch2# set vlans vlan-id 100 l3-interface VLAN100
admin@Switch2# set vlans vlan-id 200 l3-interface VLAN200
admin@Switch2# set l3-interface vlan-interface VLAN100 address 10.10.1.1 prefix-length 24
admin@Switch2# set l3-interface vlan-interface VLAN200 address 10.20.1.1 prefix-length 24

Step 2        Enable IP routing function when using DHCP relay.

admin@Switch2# set ip routing enable true

Step 3        Enable DHCP relay on the L3 VLAN interface VLAN100.

admin@Switch2#set protocols dhcp relay interface VLAN100 disable false

Step 4        Configure the IP address for the DHCP server.

admin@Switch2#set protocols dhcp relay interface VLAN100 dhcp-server-address 10.20.1.100

Step 5        Commit the configuration.

admin@Switch2# commit

Verify the Configuration

  • After the configuration is complete, run the run show dhcp snooping command on Switch1 to view the information of DHCP snooping binding table.
admin@Switch1# run show dhcp snooping binding
Total count:     1
MAC Address         IP Address     Port           VLAN ID   Lease(sec)                
------------------------------------------------------------------------------------------------------                             
E3:44:56:a2:00:2c   10.10.1.12     ge-1/1/1        100     60/600

The format of lease time for the IP address is Remaining Lease Time/Total Lease Time.

  • DHCP client can obtain the IP address normally.



Related content

Copyright © 2025 Pica8 Inc. All Rights Reserved.