Networking Requirements

As shown in figure 5, Switch 1 is a Layer 2 device and Switch 2 is the gateway that acts as a DHCP relay agent to forward DHCP packets between DHCP client and DHCP server, allowing the DHCP client to get configuration parameters such as IP address from the DHCP server.

In order to provide better service to DHCP clients, network administrator can configure DHCP snooping feature on Switch 1 to implement DHCP attack prevention.

Figure 1 User Topology of DHCP Snooping and DHCP Relay

Configure the DHCP Snooping and DHCP Relay by completing the following tasks on each Switch 1 and Switch 2:

Procedure

Switch 1

Step 1        Configure the VLANs.

admin@Switch1# set vlans vlan-id 100
admin@Switch1# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 100
admin@Switch1# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 100

Step 2        Enable DHCP snooping on VLAN 100.

admin@Switch1#set protocols dhcp snooping vlan 100 disable false


NOTE:

The DHCP snooping function is only practicable to the clients directly connected to the local L2 domain, rather than connected through a router.

Step 3        Configure the interface ge-1/1/2 as DHCP snooping trust interface.

admin@Switch1# set protocols dhcp snooping trust-port ge-1/1/2

Step 4        Commit the configuration.

admin@Switch1# commit

Switch 2

Step 1        Configure the VLANs.

admin@Switch2# set vlans vlan-id 100
admin@Switch2# set vlans vlan-id 200
admin@Switch2# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 100
admin@Switch2# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 200
admin@Switch2# set vlans vlan-id 100 l3-interface VLAN100
admin@Switch2# set vlans vlan-id 200 l3-interface VLAN200
admin@Switch2# set l3-interface vlan-interface VLAN100 address 10.10.1.1 prefix-length 24
admin@Switch2# set l3-interface vlan-interface VLAN200 address 10.20.1.1 prefix-length 24

Step 2        Enable IP routing function when using DHCP relay.

admin@Switch2# set ip routing enable true

Step 3        Enable DHCP relay on the L3 VLAN interface VLAN100.

admin@Switch2#set protocols dhcp relay interface VLAN100 disable false

Step 4        Configure the IP address for the DHCP server.

admin@Switch2#set protocols dhcp relay interface VLAN100 dhcp-server-address 10.20.1.100

Step 5        Commit the configuration.

admin@Switch2# commit

Verify the Configuration

admin@Switch1# run show dhcp snooping binding
Total count:     1
MAC Address         IP Address     Port           VLAN ID   Lease(sec)                
------------------------------------------------------------------------------------------------------                             
E3:44:56:a2:00:2c   10.10.1.12     ge-1/1/1        100     60/600

The format of lease time for the IP address is Remaining Lease Time/Total Lease Time.