By configuring DHCP relay and DHCP snooping together for ARP snooping defense, about DHCP relay configuration please refer to Configuring DHCP Relay, about DHCP snooping configuration please refer to Configuring DHCP Snooping.

If we configure the DHCP relay and DHCP snooping together, the mapping table of DHCP snooping will be synchronized to ARP inspection table to validate ARP packets in a network, please refer to Dynamic ARP Inspection for detail of ARP inspection table .

Configuration example

Networking Requirements


Step 1.   Configure VLAN.

       admin@XorPlus#set vlans vlan-id 100
       admin@XorPlus#set vlans vlan-id 200
       admin@XorPlus#set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 100
       admin@XorPlus#set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 200
       admin@XorPlus#set vlan-interface interface vlan-100 vif vlan-100 address prefix-length 24
       admin@XorPlus#set vlan-interface interface vlan-200 vif vlan-200 address prefix-length 24
       admin@XorPlus#set vlans vlan-id 100 l3-interface vlan-100
       admin@XorPlus#set vlans vlan-id 200 l3-interface vlan-200

Step 2.   Enable DHCP relay on VLAN 100.

       admin@XorPlus#set protocols dhcp relay vlan-interface vlan-100 disable false

Step 3.   Configure the IP address of DHCP server as

       admin@XorPlus#set protocols dhcp relay vlan-interface vlan-100 dhcp-server-address1

Step 4.   Enable DHCP snooping.

       admin@XorPlus# set protocols dhcp snooping disable false

Step 5.   Configure DHCP snooping on VLAN 100.

       admin@XorPlus#set protocols dhcp snooping vlan 100

The VLAN that enabling DHCP snooping needs to be configured as the VLAN to which the interface connected to the host.

Step 6.   Configure the interface ge-1/1/2 as  DHCP snooping trusted interface.

       admin@XorPlus#set protocols dhcp snooping port ge-1/1/2 trust true

Step 7.   Commit the configuration.

       admin@XorPlus# commit

Step 8.   Verify the configuration.

        admin@Xorplus# show protocols dhcp       

            relay {        

        vlan-interface vlan-100 {            




                     snooping {         

                 disable: false     


        admin@XorPlus# run show dhcp snooping
        Total count: 1
        MAC Address            IP Address         Port        VLAN ID VLAN Interface
        ------------------------ ------------------- ---------------- ------------- --------------------
        00:1d:09:fa:a1:b4      ge-1/1/1          100        vlan-100