By configuring DHCP relay and DHCP snooping together for ARP snooping defense, about DHCP relay configuration please refer to Configuring DHCP Relay, about DHCP snooping configuration please refer to Configuring DHCP Snooping.

If we configure the DHCP relay and DHCP snooping together, the mapping table of DHCP snooping will be synchronized to ARP inspection table to validate ARP packets in a network, please refer to Dynamic ARP Inspection for detail of ARP inspection table .

Configuration example

Networking Requirements


Procedure

Step 1.   Configure VLAN.

       admin@XorPlus#set vlans vlan-id 100
       admin@XorPlus#set vlans vlan-id 200
       admin@XorPlus#set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 100
       admin@XorPlus#set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 200
       admin@XorPlus#set vlan-interface interface vlan-100 vif vlan-100 address 100.1.1.1 prefix-length 24
       admin@XorPlus#set vlan-interface interface vlan-200 vif vlan-200 address 200.1.1.1 prefix-length 24
       admin@XorPlus#set vlans vlan-id 100 l3-interface vlan-100
       admin@XorPlus#set vlans vlan-id 200 l3-interface vlan-200

Step 2.   Enable DHCP relay on VLAN 100.

       admin@XorPlus#set protocols dhcp relay vlan-interface vlan-100 disable false

Step 3.   Configure the IP address of DHCP server as 200.1.1.10.

       admin@XorPlus#set protocols dhcp relay vlan-interface vlan-100 dhcp-server-address1 200.1.1.10

Step 4.   Enable DHCP snooping.

       admin@XorPlus# set protocols dhcp snooping disable false

Step 5.   Configure DHCP snooping on VLAN 100.

       admin@XorPlus#set protocols dhcp snooping vlan 100

NOTE: 
The VLAN that enabling DHCP snooping needs to be configured as the VLAN to which the interface connected to the host.

Step 6.   Configure the interface ge-1/1/2 as  DHCP snooping trusted interface.

       admin@XorPlus#set protocols dhcp snooping port ge-1/1/2 trust true

Step 7.   Commit the configuration.

       admin@XorPlus# commit

Step 8.   Verify the configuration.

        admin@Xorplus# show protocols dhcp       

            relay {        

        vlan-interface vlan-100 {            

          dhcp-server-address1: 200.1.1.10         

                        }    

                     }     

                     snooping {         

                 disable: false     

                      } 

        admin@XorPlus# run show dhcp snooping
        Total count: 1
        MAC Address            IP Address         Port        VLAN ID VLAN Interface
        ------------------------ ------------------- ---------------- ------------- --------------------
        00:1d:09:fa:a1:b4      100.1.1.11      ge-1/1/1          100        vlan-100