Workaround to enable DHCP Snooping in Juniper ELS CLI
DHCP Snooping allows a network device to monitor the DHCP messages received from untrusted devices connected to the network device. The DHCP Snooping is enabled per VLAN and the router or the switch where DHCP snooping is enabled checks the DHCP messages received from untrusted devices from that VLAN and builds the DHCP snooping database that has information about the untrusted host IP address, MAC address, lease time, interface where is connected. The hosts that require access to the network has to pass the verification against the DHCP Snooping database.
Currently there is no direct CLI knob in Enhanced Layer 2 Software (ELS) to enable DHCP Snooping.
In non-ELS configuration style, DHCP Snooping for both IPv4 and IPv6 is enabled like this:
{master:0}[edit] root@SWITCH-TEST# show ethernet-switching-options secure-access-port { vlan VLAN100 { examine-dhcp; examine-dhcpv6; } } {master:0}[edit] root@SWITCH-TEST#
That was for a specific VLAN, but you can enable DHCP Snooping for all VLANs at once using “all” instead the VLAN name.
Keep in mind that the command to enable DHCPv6 Snooping is available starting with 14.1X53-D10 on EX switches.
There is a workaround in ELS that is not easily seen and that is to use “overrides” knob.
This has to be done per VLAN:
{master:0}[edit] root@EX4300-VC# show vlans | no-more VLAN100 { vlan-id 100; l3-interface irb.100; forwarding-options { dhcp-security { group DHCP { overrides { no-option82; } } } } } {master:0}[edit] root@EX4300-VC#
Until there will be a specific knob to configure DHCP Snooping on ELS, you can use this workaround.
I hope you found this post useful.
Paris ARAU
Latest posts by Paris ARAU (see all)
- Junos Fusion – Part IV – Satellite policies and uplink failure detection - 30 July 2018
- Junos Fusion – Part III – Satellite commands and traffic forwarding - 16 July 2018
- Junos Fusion – Part II – Configuration, Administration and Operation - 16 July 2018
- Junos Fusion – Part I – Overview, Components, Ports and Software - 11 July 2018
- Vagrant – Part IV – Network topology using Juniper and Cumulus - 26 April 2018
Comments
So empty here ... leave a comment!