relay¶
DHCP relay configuration.
vsr running config# vrf <vrf> dhcp relay
enabled (pushed)¶
Enable/Disable DHCP relay on this VRF.
vsr running config# vrf <vrf> dhcp relay
vsr running relay# enabled true|false
- Default value
true
handle-option¶
Handling of DHCPv4 packets that come from another DHCP relay (ie. with giaddr set) and already contain agent information (options 82).
vsr running config# vrf <vrf> dhcp relay
vsr running relay# handle-option HANDLE-OPTION
|
Description |
|---|---|
|
Append our own set of agent information (options 82) to the packet, leaving the supplied option field intact. This behavior does not strictly comply with RFC3046. |
|
Replace the existing agent information (options 82) field. This behavior does not strictly comply with RFC3046. |
|
Forward the packet unchanged. |
|
Discard the packet. Require agent-information (options 82) to be enabled to actually discard. |
drop-unmatched¶
If true and agent-information is enabled, drop packets received from DHCP servers containing agent information (option 82) that differs from the configured settings. Since the DHCP server is expected to mirror option 82 from the DHCP request, any mismatch could indicate that the packet was generated in response to a different DHCP relay using the relay IP address (giaddr) or that an attacker has forged a DHCP packet.
vsr running config# vrf <vrf> dhcp relay
vsr running relay# drop-unmatched true|false
- Default value
false
hop-count¶
Maximum hop count before packets are discarded.
vsr running config# vrf <vrf> dhcp relay
vsr running relay# hop-count <0-255>
- Default value
10
max-size¶
Maximum packet size to send to a DHCPv4 server. If a DHCP packet size surpasses this value it will be forwarded without appending relay agent information.
vsr running config# vrf <vrf> dhcp relay
vsr running relay# max-size <64-1400>
- Default value
576
dhcp-server (deprecated)¶
Attention
interfaceConfiguration of DHCP server to which DHCP queries should be relayed.
vsr running config# vrf <vrf> dhcp relay dhcp-server <dhcp-server>
|
An IPv4 address. |
enabled (deprecated) (pushed)¶
Enable/Disable DHCP relay for this server.
vsr running config# vrf <vrf> dhcp relay dhcp-server <dhcp-server>
vsr running dhcp-server <dhcp-server># enabled true|false
interface (deprecated)¶
Interface(s) on which to listen to DHCPv4 queries. If ommitted, DHCP relay will listen on all broadcast interfaces.
vsr running config# vrf <vrf> dhcp relay dhcp-server <dhcp-server>
vsr running dhcp-server <dhcp-server># interface INTERFACE
|
An interface name. |
server-interface (deprecated)¶
Interface used for communication between this relay and the DHCP server. If omitted, and if the relay and server are on the same IP network, an appropriate value will be auto-detected.
vsr running config# vrf <vrf> dhcp relay dhcp-server <dhcp-server>
vsr running dhcp-server <dhcp-server># server-interface SERVER-INTERFACE
|
An interface name. |
handle-option (deprecated)¶
Handling of DHCPv4 packets that come from another DHCP relay (ie. with giaddr set) and already contain agent information (options 82). Override the matching option in root context.
vsr running config# vrf <vrf> dhcp relay dhcp-server <dhcp-server>
vsr running dhcp-server <dhcp-server># handle-option HANDLE-OPTION
|
Description |
|---|---|
|
Append our own set of agent information (options 82) to the packet, leaving the supplied option field intact. This behavior does not strictly comply with RFC3046. |
|
Replace the existing agent information (options 82) field. This behavior does not strictly comply with RFC3046. |
|
Forward the packet unchanged. |
|
Discard the packet. Require agent-information (options 82) to be enabled to actually discard. |
drop-unmatched (deprecated)¶
If true and agent-information is enabled, drop packets received from DHCP servers containing agent information (option 82) that differs from the configured settings. Since the DHCP server is expected to mirror option 82 from the DHCP request, any mismatch could indicate that the packet was sent in response to a different DHCP relay using the same giaddr or that an attacker has forged a DHCP packet. Override the matching option in root context.
vsr running config# vrf <vrf> dhcp relay dhcp-server <dhcp-server>
vsr running dhcp-server <dhcp-server># drop-unmatched true|false
hop-count (deprecated)¶
Maximum hop count before packets are discarded. Override the matching option in root context.
vsr running config# vrf <vrf> dhcp relay dhcp-server <dhcp-server>
vsr running dhcp-server <dhcp-server># hop-count <0-255>
max-size (deprecated)¶
Maximum packet size to send to a DHCPv4 server. If a DHCP packet size surpasses this value it will be forwarded without appending relay agent information. Override the matching option in root context.
vsr running config# vrf <vrf> dhcp relay dhcp-server <dhcp-server>
vsr running dhcp-server <dhcp-server># max-size <64-1400>
counters (state only)¶
Statistics for DHCP relay.
discover (state only)¶
Number of DHCP discover messages.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> counters discover
offer (state only)¶
Number of DHCP offer messages.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> counters offer
request (state only)¶
Number of DHCP request messages.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> counters request
decline (state only)¶
Number of DHCP decline messages.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> counters decline
ack (state only)¶
Number of DHCP ack messages.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> counters ack
nack (state only)¶
Number of DHCP nack messages.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> counters nack
release (state only)¶
Number of DHCP release messages.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> counters release
inform (state only)¶
Number of DHCP inform messages.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> counters inform
boot-request (state only)¶
Number of BOOTP BOOTREQUEST messages.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> counters boot-request
boot-reply (state only)¶
Number of BOOTP BOOTREPLY messages.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> counters boot-reply
dhcp-server-leases (state only)¶
State of leases for DHCP server.
starts (state only)¶
Lease start time.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> dhcp-server-leases <dhcp-server-leases> starts
ends (state only)¶
Lease end time.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> dhcp-server-leases <dhcp-server-leases> ends
hw-mac-address (state only)¶
MAC address of the network interface on which the lease will be used.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> dhcp-server-leases <dhcp-server-leases> hw-mac-address
uid (state only)¶
Client identifier used by the client to acquire the lease.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> dhcp-server-leases <dhcp-server-leases> uid
client-hostname (state only)¶
Client host name sent using client-hostname statement.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> dhcp-server-leases <dhcp-server-leases> client-hostname
binding-state (state only)¶
Lease’s binding state.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> dhcp-server-leases <dhcp-server-leases> binding-state
next-binding-state (state only)¶
State the lease will move to when the current state expires.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> dhcp-server-leases <dhcp-server-leases> next-binding-state
option-agent-circuit-id (state only)¶
Circuit ID option sent by the relay agent.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> dhcp-server-leases <dhcp-server-leases> option-agent-circuit-id
option-agent-remote-id (state only)¶
Remote ID option sent by the relay agent.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> dhcp-server-leases <dhcp-server-leases> option-agent-remote-id
vendor-class-identifier (state only)¶
Client-supplied Vendor Class Identifier option.
vsr> show state vrf <vrf> dhcp relay dhcp-server <dhcp-server> dhcp-server-leases <dhcp-server-leases> vendor-class-identifier
interface¶
Interface configuration on which to listen to DHCPv4 queries.
vsr running config# vrf <vrf> dhcp relay interface <interface>
|
An interface name. |
enabled¶
Enable or disable DHCP relay for this interface.
vsr running config# vrf <vrf> dhcp relay interface <interface>
vsr running interface <interface># enabled true|false
- Default value
true
dhcp-server (mandatory)¶
IP address of DHCP server to which DHCP queries should be relayed.
vsr running config# vrf <vrf> dhcp relay interface <interface>
vsr running interface <interface># dhcp-server DHCP-SERVER
|
An IPv4 address. |
handle-option¶
Handling of DHCPv4 packets that come from another DHCP relay (ie. with giaddr set) and already contain agent information (options 82). Override the matching option in root context.
vsr running config# vrf <vrf> dhcp relay interface <interface>
vsr running interface <interface># handle-option HANDLE-OPTION
|
Description |
|---|---|
|
Append our own set of agent information (options 82) to the packet, leaving the supplied option field intact. This behavior does not strictly comply with RFC3046. |
|
Replace the existing agent information (options 82) field. This behavior does not strictly comply with RFC3046. |
|
Forward the packet unchanged. |
|
Discard the packet. Require agent-information (options 82) to be enabled to actually discard. |
drop-unmatched¶
If true and agent-information is enabled, drop packets received from DHCP servers containing agent information (option 82) that differs from the configured settings. Since the DHCP server is expected to mirror option 82 from the DHCP request, any mismatch could indicate that the packet was sent in response to a different DHCP relay using the same giaddr or that an attacker has forged a DHCP packet. Override the matching option in root context.
vsr running config# vrf <vrf> dhcp relay interface <interface>
vsr running interface <interface># drop-unmatched true|false
hop-count¶
Maximum hop count before packets are discarded. Override the matching option in root context.
vsr running config# vrf <vrf> dhcp relay interface <interface>
vsr running interface <interface># hop-count <0-255>
max-size¶
Maximum packet size to send to a DHCPv4 server. If a DHCP packet size surpasses this value it will be forwarded without appending relay agent information. Override the matching option in root context.
vsr running config# vrf <vrf> dhcp relay interface <interface>
vsr running interface <interface># max-size <64-1400>
agent-information¶
Configure Relay Agent information parameters like the relay address and DHCP options 82.
vsr running config# vrf <vrf> dhcp relay interface <interface> agent-information
enabled¶
Enable Relay Agent information parameters like the relay address and DHCP options 82.
vsr running config# vrf <vrf> dhcp relay interface <interface> agent-information
vsr running agent-information# enabled true|false
- Default value
true
circuit-id¶
Custom Agent Circuit ID DHCP Option 82.1 to set when relaying the DHCP packets to the DHCP servers. It identifies the interface towards the DHCP client.
vsr running config# vrf <vrf> dhcp relay interface <interface> agent-information
vsr running agent-information# circuit-id <string>
link-selection¶
Sets Link Selection DHCP Option 82.5 to ensure DHCP servers use the appropriate IP for assigning client ranges. Without it, servers rely on giaddr. If multiple IPv4 addresses are configured on the client interface and no relay-address is set, the relay will choose a relay address different from the link-selection. Enabling this also sets Agent Circuit ID Option 82.1, defaulting to the client interface name unless customized.
vsr running config# vrf <vrf> dhcp relay interface <interface> agent-information
vsr running agent-information# link-selection LINK-SELECTION
|
Description |
|---|---|
|
Automatically set the Link-Selection to an IP address of this interface. If multiple IP addresses are available, select the first detected IP address that differs from the configured relay-address value. If only one address exists, the Link-Selection value will match the relay address (used for giaddr and source IP to servers). |
|
An IPv4 address. |
trusted-circuit¶
Defines if the circuit between the DHCP request source and this relay agent is trusted per RFC3046 section 2.1. A circuit is generally considered trusted if it is managed by the same entity. If true (trusted), all requests are accepted, even those from another relay. If false (untrusted), requests with a giaddr or option 82 are discarded. Override the matching option in root context.
vsr running config# vrf <vrf> dhcp relay interface <interface> agent-information
vsr running agent-information# trusted-circuit true|false
relay-address¶
Relay Agent Gateway IP Address to communicate with DHCP servers and set in the giaddr DHCP field if this relay is the first in the path. This IP address does not need to belong to the client interface. If not explicitly configured, the relay will automatically select the first available IPv4 address on this interface that differs from the configured link-selection value.
vsr running config# vrf <vrf> dhcp relay interface <interface> agent-information
vsr running agent-information# relay-address RELAY-ADDRESS
|
An IPv4 address. |
remote-id¶
Agent Remote ID DHCP Option 82.2 to set when relaying the DHCP packets to the DHCP servers. It identifies the remote end device. If enabled, the Agent Circuit ID DHCP Option 82.1 will also be set and default to the client interface name unless a custom circuit ID name is configured.
vsr running config# vrf <vrf> dhcp relay interface <interface> agent-information remote-id
global¶
Custom Agent Remote ID DCHP Option 82.2 value to set when relaying DHCP packets to the DHCP servers. Because this value applies globally to all remote devices behind the interface, it does not comply with RFC3046. However, it does ensure compatibility with certain DHCP implementations.
vsr running config# vrf <vrf> dhcp relay interface <interface> agent-information remote-id
vsr running remote-id# global <string>
counters (state only)¶
Statistics for DHCP relay.
discover (state only)¶
Number of DHCP discover messages.
vsr> show state vrf <vrf> dhcp relay interface <interface> counters discover
offer (state only)¶
Number of DHCP offer messages.
vsr> show state vrf <vrf> dhcp relay interface <interface> counters offer
request (state only)¶
Number of DHCP request messages.
vsr> show state vrf <vrf> dhcp relay interface <interface> counters request
decline (state only)¶
Number of DHCP decline messages.
vsr> show state vrf <vrf> dhcp relay interface <interface> counters decline
ack (state only)¶
Number of DHCP ack messages.
vsr> show state vrf <vrf> dhcp relay interface <interface> counters ack
nack (state only)¶
Number of DHCP nack messages.
vsr> show state vrf <vrf> dhcp relay interface <interface> counters nack
release (state only)¶
Number of DHCP release messages.
vsr> show state vrf <vrf> dhcp relay interface <interface> counters release
inform (state only)¶
Number of DHCP inform messages.
vsr> show state vrf <vrf> dhcp relay interface <interface> counters inform
boot-request (state only)¶
Number of BOOTP BOOTREQUEST messages.
vsr> show state vrf <vrf> dhcp relay interface <interface> counters boot-request
boot-reply (state only)¶
Number of BOOTP BOOTREPLY messages.
vsr> show state vrf <vrf> dhcp relay interface <interface> counters boot-reply
dhcp-server-leases (state only)¶
State of leases for DHCP server.
starts (state only)¶
Lease start time.
vsr> show state vrf <vrf> dhcp relay interface <interface> dhcp-server-leases <dhcp-server-leases> starts
ends (state only)¶
Lease end time.
vsr> show state vrf <vrf> dhcp relay interface <interface> dhcp-server-leases <dhcp-server-leases> ends
hw-mac-address (state only)¶
MAC address of the network interface on which the lease will be used.
vsr> show state vrf <vrf> dhcp relay interface <interface> dhcp-server-leases <dhcp-server-leases> hw-mac-address
uid (state only)¶
Client identifier used by the client to acquire the lease.
vsr> show state vrf <vrf> dhcp relay interface <interface> dhcp-server-leases <dhcp-server-leases> uid
client-hostname (state only)¶
Client host name sent using client-hostname statement.
vsr> show state vrf <vrf> dhcp relay interface <interface> dhcp-server-leases <dhcp-server-leases> client-hostname
binding-state (state only)¶
Lease’s binding state.
vsr> show state vrf <vrf> dhcp relay interface <interface> dhcp-server-leases <dhcp-server-leases> binding-state
next-binding-state (state only)¶
State the lease will move to when the current state expires.
vsr> show state vrf <vrf> dhcp relay interface <interface> dhcp-server-leases <dhcp-server-leases> next-binding-state
option-agent-circuit-id (state only)¶
Circuit ID option sent by the relay agent.
vsr> show state vrf <vrf> dhcp relay interface <interface> dhcp-server-leases <dhcp-server-leases> option-agent-circuit-id
option-agent-remote-id (state only)¶
Remote ID option sent by the relay agent.
vsr> show state vrf <vrf> dhcp relay interface <interface> dhcp-server-leases <dhcp-server-leases> option-agent-remote-id
vendor-class-identifier (state only)¶
Client-supplied Vendor Class Identifier option.
vsr> show state vrf <vrf> dhcp relay interface <interface> dhcp-server-leases <dhcp-server-leases> vendor-class-identifier
agent-information¶
Configure Relay Agent Information parameters.
vsr running config# vrf <vrf> dhcp relay agent-information
trusted-circuit¶
Defines if the circuit between the DHCP request source and this relay agent is trusted per RFC3046 section 2.1. A circuit is generally considered trusted if it is managed by the same entity. If true (trusted), all requests are accepted, even those from another relay. If false (untrusted), requests with a giaddr or option 82 are discarded.
vsr running config# vrf <vrf> dhcp relay agent-information
vsr running agent-information# trusted-circuit true|false
- Default value
true