Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

By configuring DHCP relay and DHCP snooping together for ARP snooping defense, about DHCP relay configuration please refer to Configuring DHCP Relay, about DHCP snooping configuration please refer to Configuring DHCP Snooping.

If we configure the DHCP relay and DHCP snooping together, the mapping table of DHCP snooping will be synchronized to ARP inspection table to validate ARP packets in a network, please refer to Dynamic ARP Inspection for detail of ARP inspection table .

Configuration example

Networking Requirements

  • The IP address of the ge-1/1/1 interface of Pica8 Switch is and belongs to VLAN 100, and enable DHCP relay function on VLAN 100.
  • The IP address of the ge-1/1/2 interface of Pica8 Switch is and belongs to VLAN 200, and configure the interface as the DHCP snooping trusted interface.
  • Enable DHCP snooping on VLAN 100.
  • The IP address of DHCP server is


Step 1.   Configure VLAN.

       admin@XorPlus#set vlans vlan-id 100
       admin@XorPlus#set vlans vlan-id 200
       admin@XorPlus#set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 100
       admin@XorPlus#set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 200
       admin@XorPlus#set vlan-interface interface vlan-100 vif vlan-100 address prefix-length 24
       admin@XorPlus#set vlan-interface interface vlan-200 vif vlan-200 address prefix-length 24
       admin@XorPlus#set vlans vlan-id 100 l3-interface vlan-100
       admin@XorPlus#set vlans vlan-id 200 l3-interface vlan-200

Step 2.   Enable DHCP relay on VLAN 100.

       admin@XorPlus#set protocols dhcp relay vlan-interface vlan-100 disable false

Step 3.   Configure the IP address of DHCP server as

       admin@XorPlus#set protocols dhcp relay vlan-interface vlan-100 dhcp-server-address1

Step 4.   Enable DHCP snooping.

       admin@XorPlus# set protocols dhcp snooping disable false

Step 5.   Configure DHCP snooping on VLAN 100.

       admin@XorPlus#set protocols dhcp snooping vlan 100

The VLAN that enabling DHCP snooping needs to be configured as the VLAN to which the interface connected to the host.

Step 6.   Configure the interface ge-1/1/2 as  DHCP snooping trusted interface.

       admin@XorPlus#set protocols dhcp snooping port ge-1/1/2 trust true

Step 7.   Commit the configuration.

       admin@XorPlus# commit

Step 8.   Verify the configuration.

  • After the configuration is complete, run the show protocols dhcp command to view the configuration.

        admin@Xorplus# show protocols dhcp       

            relay {        

        vlan-interface vlan-100 {            




                     snooping {         

                 disable: false     


  • Run the run show dhcp snooping command to view the infomation of DHCP snooping binding table.

        admin@XorPlus# run show dhcp snooping
        Total count: 1
        MAC Address            IP Address         Port        VLAN ID VLAN Interface
        ------------------------ ------------------- ---------------- ------------- --------------------
        00:1d:09:fa:a1:b4      ge-1/1/1          100        vlan-100

  • No labels