Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS DHCP User Guide DHCP Relay Agent

DHCP User Guide

keyboard_arrow_up
close
keyboard_arrow_left
DHCP User Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

DHCP Relay Agent Information Option (Option 82)

date_range 06-Dec-23
arrow_backward
arrow_forward

The DHCP relay agent information option (option 82) enables you to include additional useful information in the client-originated DHCP packets that the DHCP relay forwards to a DHCP server. You can configure the option 82 support globally or for a named group of interfaces. For more information, read this topic.

Using DHCP Relay Agent Option 82 Information

Subscriber management enables you to configure the DHCP relay agent to include additional option 82 information in the DHCP packets that the relay agent receives from clients and forwards to a DHCP server. The DHCP server uses the additional information to determine the IP address to assign to the client. The server might also use the information for other purposes—for example, to determine which services to grant the client, or to provide additional security against threats such as address spoofing. The DHCP server sends its reply back to the DHCP relay agent, and the agent removes the option 82 information from the message and forwards the packet to the client.

To configure support for the DHCP relay agent information option 82, you use the relay-option-82 statement. You can configure the DHCP relay agent to include the following suboptions in the packet the relay agent sends to the DHCP server:

  • Agent Circuit ID (suboption 1)—An ASCII string that identifies the interface on which the client DHCP packet is received.

    Note:

    If relay-option-82 is configured, but none of the attributes under relay-option-82 (that is, circuit-id | remote-id | server-id-override) are explicitly configured, then the default behavior is for the circuit-id (that is, suboption 1) to always be included in the option-82 value. This is true whether or not the vendor-specific attribute under relay-option-82 is configured.

  • Agent Remote ID (suboption 2)—An ASCII string assigned by the DHCP relay agent that securely identifies the client.

You can configure the option 82 support globally or for a named group of interfaces.

To restore the default behavior, in which option 82 information is not inserted into DHCP packets, you use the delete relay-option-82 statement.

Note:

The DHCPv6 relay agent provides similar Agent Circuit ID and Agent Remote ID support for DHCPv6 clients. For DHCPv6, subscriber management uses DHCPv6 option 18 to include the circuit ID in the packets that the relay agent sends to a DHCPv6 server, and option 37 to include the remote ID in the packets. See DHCPv6 Relay Agent Options.

The following sections describe the option 82 operations you can configure:

Configuring Option 82 Information

You use the relay-option-82 statement to configure the DHCP relay agent to insert option 82 information in DHCP packets that the relay agent receives from clients and forwards to a DHCP server. When you configure option 82, you can include one of the suboption statements to specify the type of information you want to include in the DHCP packets. If you configure option 82 without including one of the suboption statements, the Agent Circuit ID option is included by default. Use the circuit-id statement to include the Agent Circuit ID (suboption 1) in the packets, or the remote-id statement to include the Agent Remote ID (suboption 2).

You can optionally configure DHCP relay agent to include a prefix or the interface description as part of the suboption information. If you specify the circuit-id or remote-id statement without including any of the optional prefix, use-interface-description, use-vlan-id, include-irb-and-l2, or no-vlan-interface-name statements, the format of the Agent Circuit ID or Agent Remote ID information for Fast Ethernet (fe), Gigabit Ethernet (ge), and integrated routing and bridging (irb) interfaces is one of the following, depending on your network configuration:

  • For Fast Ethernet or Gigabit Ethernet interfaces that do not use VLANs, stacked VLANs (S-VLANs), or bridge domains:

    content_copy zoom_out_map
    (fe | ge)-fpc/pic/port.subunit
    Note:

    For remote systems, the subunit is required and is used to differentiate an interface.

  • For Fast Ethernet or Gigabit Ethernet interfaces that use VLANs:

    content_copy zoom_out_map
    (fe | ge)-fpc/pic/port:vlan-id

  • For Fast Ethernet or Gigabit Ethernet interfaces that use S-VLANs:

    content_copy zoom_out_map
    (fe | ge)-fpc/pic/port:svlan-id-vlan-id
Note:

Integrated routing and bridging (IRB) provides simultaneous support for Layer 2 bridging and Layer 3 IP routing on the same interface. IRB enables you to route local packets to another routed interface or to another bridging domain that has a Layer 3 protocol configured.

The interface to bridge domain relationship might be implicit (the interface is mapped to the bridge domain by the system based on the VLAN tag) or explicit (the interface is mapped to the bridge domain by configuring it in the bridge domain definition). For the explicit case, tagging might not be relevant for the mapping.

In the case of an IRB interface, the format displays the Layer 2 interface instead of the IRB interface along with the bridge domain name. For IRB interfaces (or other pseudo devices) the default format is as follows:

  • IRB interfaces that use bridge domains but do not use VLANs or S-VLANs:

    content_copy zoom_out_map
    (fe | ge)-fpc/pic/port.subunit:bridge-domain-name

  • IRB interfaces that use VLANs:

    content_copy zoom_out_map
    (fe | ge)-fpc/pic/port.subunit:vlan-name

To include the IRB interface name with the Layer 2 interface name, configure the include-irb-and-l2 statement. The format is as follows:

  • IRB interfaces that use bridge domains but do not use VLANs or S-VLANs:

    content_copy zoom_out_map
    (fe | ge)-fpc/pic/port:bridge-domain-name+irb.subunit

  • IRB interfaces that use VLANs:

    content_copy zoom_out_map
    (fe | ge)-fpc/pic/port:vlan-name+irb.subunit

To include only the IRB interface name without the Layer 2 interface and bridge domain or VLAN, configure the no-vlan-interface-name statement. The format is as follows:

content_copy zoom_out_map
irb.subunit

To enable insertion of option 82 information:

  1. Specify that you want to configure option 82 support.
    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# edit relay-option-82
  2. Configure the DHCP relay agent to insert the Agent Circuit ID suboption, the Agent Remote ID suboption, or both.

    • To insert the Agent Circuit ID:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay relay-option-82]
user@host# set circuit-id

    • To insert the Agent Remote ID:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay relay-option-82]
user@host# set remote-id

    • To insert both, configure both set commands.

  3. (Optional) Configure a prefix that is used in the option 82 information in the DHCP packets.

    See Including a Prefix in DHCP Options.

  4. (Optional) Configure the DHCP relay agent to include the interface’s textual description instead of the interface identifier in the option 82 information.

    See Including a Textual Description in DHCP Options.

Overriding Option 82 Information

You can configure the DHCP relay agent to add or remove the DHCP relay agent information option (option 82) in DHCP packets.

This feature causes the DHCP relay agent to perform one of the following actions, depending on the configuration:

  • If the DHCP relay agent is configured to add option 82 information to DHCP packets, it clears the existing option 82 values from the DHCP packets and inserts the new values before forwarding the packets to the DHCP server.

  • If the DHCP relay agent is not configured to add option 82 information to DHCP packets, it clears the existing option 82 values from the packets, but does not add any new values before forwarding the packets to the DHCP server.

To override the default option 82 information in DHCP packets destined for a DHCP server:

  1. Specify that you want to configure override options.
    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# edit overrides
  2. Specify that the option 82 information in DHCP packets is overwritten.
    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay overrides]
user@host# set always-write-option-82

Including a Prefix in DHCP Options

When you configure the DHCP relay agent to include DHCP options in the packets that the relay agent sends to a DHCP server, you can specify that the relay agent add a prefix to the DHCP option. You can add a prefix to the following DHCP options:

  • DHCPv4 option 82 Agent Circuit ID (suboption 1)

  • DHCPv4 option 82 Agent Remote ID (suboption 2)

  • DHCPv6 option 18 Relay Agent Interface-ID

  • DHCPv6 option 37 Relay Agent Remote-ID

The prefix is separated from the DHCP option information by a colon (:), and it can include any combination of the host-name, logical-system-name, and routing-instance-name options. The DHCP relay agent obtains the values for the host-name, logical-system-name, and routing-instance-name as follows:

  • If you include the host-name option, the DHCP relay agent uses the hostname of the device configured with the host-name statement at the [edit system] hierarchy level.

  • If you include the logical-system-name option, the DHCP relay agent uses the logical system name configured with the logical-system statement at the [edit logical-system] hierarchy level.

  • If you include the routing-instance-name option, the DHCP relay agent uses the routing instance name configured with the routing-instance statement at the [edit routing-instances] hierarchy level or at the [edit logical-system logical-system-name routing-instances] hierarchy level.

If you include the hostname and either or both of the logical system name and the routing instance name in the prefix, the hostname is followed by a forward slash (/). If you include both the logical system name and the routing instance name in the prefix, these values are separated by a semicolon (;).

The following examples show several possible formats for the DHCP option information when you specify the prefix statement for Fast Ethernet (fe) or Gigabit Ethernet (ge) interfaces with S-VLANs.

  • If you include only the hostname in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

    content_copy zoom_out_map
    hostname:(fe | ge)-fpc/pic/port:svlan-id-vlan-id

  • If you include only the logical system name in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

    content_copy zoom_out_map
    logical-system-name:(fe | ge)-fpc/pic/port:svlan-id-vlan-id

  • If you include only the routing instance name in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

    content_copy zoom_out_map
    routing-instance-name:(fe | ge)-fpc/pic/port:svlan-id-vlan-id

  • If you include both the hostname and the logical system name in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

    content_copy zoom_out_map
    host-name/logical-system-name:(fe | ge)-fpc/pic/port:svlan-id-vlan-id

  • If you include both the logical system name and the routing instance name in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

    content_copy zoom_out_map
    logical-system-name;routing-instance-name:(fe | ge)-fpc/pic/port:svlan-id-vlan-id

  • If you include the hostname, logical system name, and routing instance name in the prefix for Fast Ethernet or Gigabit Ethernet interfaces with S-VLANs:

    content_copy zoom_out_map
    host-name/logical-system-name;routing-instance-name:(fe | ge)-fpc/pic/port:svlan-id-vlan-id

For Fast Ethernet or Gigabit Ethernet interfaces that use VLANs but not S-VLANs, only the vlan-id value appears in the DHCP option format.

(DHCPv4) To configure a prefix with the option 82 information:

  1. Specify that you want to configure option 82 support.
    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# edit relay-option-82
  2. Configure DHCP relay agent to insert the Agent Circuit ID, the Agent Remote ID, or both.

    • To configure the Agent Circuit ID:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay relay-option-82]
user@host# edit circuit-id

    • To configure the Agent Remote ID:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay relay-option-82]
user@host# edit remote-id
  3. Specify that the prefix be included in the option 82 information. In this example, the prefix includes the hostname and logical system name.

    • To include the prefix with the Agent Circuit ID:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay relay-option-82 circuit-id]
user@host# set prefix host-name logical-system-name

    • To include the prefix with the Agent Remote ID:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay relay-option-82 remote-id]
user@host# set prefix host-name logical-system-name

(DHCPv6) To use a prefix with the DHCPv6 option 18 or option 37 information:

  1. Specify that you want to configure DHCPv6 relay agent support.

    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# edit dhcpv6

  2. Configure DHCPv6 relay agent to insert option 18 (Relay Agent Interface-ID), option 37 (Relay Agent Remote-ID), or both.

    • To configure option 18:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay dhcpv6]
user@host# edit relay-agent-interface-id

    • To configure option 37:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay dhcpv6]
user@host# edit relay-agent-remote-id

  3. Specify that the prefix is included in the option information. In this example, the prefix includes the hostname and logical system name

    • To include the prefix with option 18:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay dhcpv6 relay-agent-interface-id]
user@host# set prefix host-name logical-system-name

    • To include the prefix with option 37:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay dhcpv6 relay-agent-remote-id]
user@host# set prefix host-name logical-system-name

Including a Textual Description in DHCP Options

By default, when DHCP relay agent inserts option information in the packets sent to a DHCP server, the options include the interface identifier. However, you can configure the DHCP relay agent to include the textual description that is configured for the interface instead of the interface identifier. You can use the textual description for either the logical interface or the device interface.

You can include the textual interface description in the following DHCP options:

  • DHCPv4 option 82 Agent Circuit ID (suboption 1)

  • DHCPv4 option 82 Agent Remote ID (suboption 2)

  • DHCPv6 option 18 Relay Agent Interface-ID

  • DHCPv6 option 37 Relay Agent Remote-ID

The textual description is configured separately, using the description statement at the [edit interfaces interface-name] hierarchy level. If you specify that the textual description is used and no description is configured for the interface, DHCP relay defaults to using the Layer 2 interface name.

In the case of integrated routing and bridging (IRB) interfaces, the textual description of the Layer 2 interface is used instead of the textual description of the IRB interface. If there is no description configured, the Layer 2 logical interface name is used.

Note:

For IRB interfaces, the option 82 field must be able to uniquely identify the incoming interface based on either the Agent Circuit ID or Agent Remote ID . You can modify the information in the textual interface description to match the raw IFD (physical interface without a subunit) name and configure the option 82 field to use the interface description.

You can use the textual description with the following DHCP options:

  • DHCPv4 Option 82 Agent Circuit ID (suboption 1)

  • DHCPv4 Option 82 Agent Remote ID (suboption 2)

  • DHCPv6 Relay Agent Interface-ID (option 18)

  • DHCPv6 Relay Agent Remote-ID (option 37)

(DHCPv4) To configure the DHCP relay option 82 suboption to include the textual interface description:

  1. Specify that you want to configure option 82 support.
    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# edit relay-option-82
  2. Configure DHCP relay agent to insert the Agent Circuit ID, Agent Remote ID, or both.
    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay relay-option-82]
user@host# edit circuit-id
  3. Specify that the textual description is included in the option 82 information. In this example, the option 82 information includes the description used for the device interface.
    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay relay-option-82 circuit-id]
user@host# set use-interface-description device

(DHCPv6) To configure the DHCPv6 option 18 or option 37 to include the textual interface description:

  1. Specify that you want to configure DHCPv6 relay agent support.

    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# edit dhcpv6

  2. Configure DHCPv6 relay agent to insert option 18 (Relay Agent Interface-ID), option 37 (Relay Agent Remote-ID), or both.

    • To configure option 18:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay dhcpv6]
user@host# edit relay-agent-interface-id

    • To configure option 37:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay dhcpv6]
user@host# edit relay-agent-remote-id

  3. Specify that the textual description is included in the option information. In the following example, the option information includes the description used for the device interface.

    • To include the textual description in option 18:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay dhcpv6 relay-agent-interface-id]
user@host# set use-interface-description device

    • To include the textual description in option 37:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay dhcpv6 relay-agent-remote-id]
user@host# set use-interface-description device

See Also

How DHCP Relay Agent Uses Option 82 for Auto Logout

Table 1 indicates how the DHCP relay agent determines the option 82 value used for the client auto logout feature. Depending on the configuration settings, DHCP relay agent takes the action indicated in the Action Taken column.

Table 1: DHCP Relay Agent Option 82 Value for Auto Logout

DHCP Relay Agent Configuration Settings

    

DHCP Relay Configured with Option 82

Discover Packet Contains Option 82

Override “trust-option- 82”

Override “always-write- option-82”

giaddr in non-snooped packet

Action Taken

No

No

No secondary search performed

No

Yes

Yes

Use option 82 from packet

No

Yes

No

Zero

Drop packet

No

Yes

No

Non-zero

Use option 82 from packet

Yes

No

Use configured option 82

Yes

Yes

No

Zero

Drop packet

Yes

Yes

No

No

Non-zero

Use option 82 from packet

Yes

Yes

No

Yes

Non-zero

Overwrite the configured option 82

Yes

Yes

Yes

No

Use option 82 from packet

Yes

Yes

Yes

Yes

Overwrite the configured option 82

Enable Processing of Untrusted Packets So Option 82 Information Can Be Used

By default, the DHCP relay agent treats client packets with a giaddr of 0 (zero) and option 82 information as if the packets originated at an untrusted source, and drops them without further processing. You can override this behavior and specify that the DHCP relay agent process DHCP client packets that have a giaddr of 0 (zero) and contain option 82 information.

To configure DHCP relay agent to trust option 82 information:

  1. Specify that you want to configure override options.
    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# edit overrides
  2. Specify that the DHCP relay agent process DHCP client packets with a giaddr of 0 and that contain option 82 information.
    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay overrides]
user@host# set trust-option-82

Check if Your Device Support DHCP Option-82

To configure a switch with DHCP relay in forward-only mode, check whether your DHCP server supports DHCP Option 82.

Use the procedures in Table 2 to confirm the support of Option-82 or required workaround.

Table 2: Verify support of Option-82 in DHCP Server

Problem

How to Verify ?

Solution

Verify if your DHCP server supports DHCP Option 82.

Use the dhcp traceoptions on the DHCP Relay. A message states the drop due to missing Option 82.

If the DHCP Offer packet dropped because of Option-82 not included, you will receive the message like:

Feb 25 15:41:13.577519 [MSTR][NOTE] 
[default:default][RLY][INET][irb.6] 
jdhcpd_packet_handle: BOOTPREPLY could not find
client table entry

To fix the issue:

  • Solution 1: Upgrade the DHCP Server to Junos OS version that fully supports Option 82.

  • Solution 2: Change the DHCP Relay to a “stateful” mode (that is, DHCP Relay “binding” mode).

  • Solution 3: Move the DHCP Relay to a MX or to a non-ELS EX/QFX switch, so to enable the Legacy ‘helper bootp’ mode.

Note:

Example: The DHCP Server in MS Windows Server 2019 fully supports Option 82, where as version 2016 has partial support.

See Also

Managing Your DHCP PXE/BOOTP Servers That Do Not Support Option-82

Some PXE or BOOTP servers do not support Option-82, that is, their DHCP Offer messages do not include the Option-82 value added by the DHCP Relay. As a result, the DHCP Relay will drop the DHCP Offer and the PXE/BOOTP client will not be able to complete its boot sequence.

Following are the possible solution to resolve this issue:

Solution 1: Upgrade to a PXE Server that supports Option-82

Solution 2: Host the PXE server with a DHCP Server

  • Ensure that the DHCP Server (that supports Option-82) run together with the PXE server.

  • Configure an Option-60 on the DHCP Server.

    • Use the following CLI to configure Option-60 an a Microsoft WS DHCP Server:

      content_copy zoom_out_map
      netsh dhcp server dhcp-server-address add optiondef 60 ClientIdentifier STRING 0 PXEClient

    • Activate the option in the user interface of the DHCP server.

This way, the PXE/BOOTP clients will receive proper DHCP Offer with Option-60 “PXEClient” and will reach the PXE server at the same IP address of the DHCP Server.

Solution 3: Include Option-60 and Option-43 DHCP Server Message

If the PXE Server is not hosted together with the DHCP Server, you need the DHCP Server to send an Option-43 also in its DHCP Offer. The Option-43 provides the IP address of the PXE server. Note that, the older PXE or BOOTP clients might ignore Option-43 and will therefore try to get the software from the DHCP Server. Enter the Option-43 in the DHCP Server configuration in a hexadecimal mode.

For is a sample option-43 message:

content_copy zoom_out_map
06 01 07 08 07 00 01 01 0A 0B 0C 0D 09 0B 00 01 09 53 65 72 76 65 72 50 58 45 0A 02 00 53

The above message indicates the following information to the PXE client:

  • Disable broadcast and multicast discovery

  • Accept only the PXE Server provided in this text

  • PXE Server IP is 10.11.12.13 (see the bytes '0A 0B 0C 0D' in the above text)

  • Boot menu on the PXE client (to present to the end user):

    • just one line, “ServerPXE”

    • Autoselect the first Boot option, prompt “S”, no timeout (that is, immediately boot unless you press F8)

DHCP Packets on Non-Configured Interfaces

Once you enable DHCP-Relay on the MX Series routers, QFX or EX Series switches, the DHCP Snooping feature gets enabled and all DHCP packets incoming through any interface (both configured and unconfigured interface) of the device are analyzed. The interfaces that are not listed under the DHCP configuration are considered ‘unconfigured’.

Depending on the configuration, DHCP packets received on unconfigured interfaces are dropped.

If the DHCP packets are dropped on ‘unconfigured’ interface, you will receive the following message:

content_copy zoom_out_map
May 25 18:26:31.796241 [MSTR][NOTE] [default:default][RLY][INET][irb.82] jdhcpd_packet_handle: BOOTPREQUEST irb.82 arrived on unconfigured interface DISCOVER, flags 23, config 0x0

See Also

Example: Configure DHCP Relay in Forward Only Mode

The example shows how to configure a “stateless” (“forward-only”) DHCP Relay on Enhanced Layer 2 Software (ELS) EX Series and QFX Series switches. If your switch runs software that does not support ELS, see Configuring Interface Ranges. For ELS details, see Using the Enhanced Layer 2 Software CLI.

Requirements

This example uses the following hardware and software components:

  • QFX or EX Series Switches (ELS mode).

  • Junos OS Release 18.4R3.

Before you configure forward-only DHCP relay on EX Series and QFX Series switches, lets understand about Option 82 support on DHCP.

To verify whether your device supports DHCP Option-82, see Check if Your Device Support DHCP Option-82.

The following messages from the DHCP server include a copy of the Option 82 information on sent by the DHCP Relay in the Discover and Request messages:

  • Offer

  • Acknowledgement (ACK)

  • Negative acknowledgment (NACK)

The DHCP relay discards any OFFER, ACK, and NACK messages that do not include a valid Option 82 information.

On how to avoid dropping of DHCP offer message when PXE or BOOTP servers do not support Option-82, see Managing Your DHCP PXE/BOOTP Servers That Do Not Support Option-82.

Overview

In this example, we are configuring a switching device to act as DHCP relay agent by completing the following steps:

  1. Add a set of DHCP server IP addresses configured as active server groups.

  2. Configure the option 82 support for a named group of interfaces.

After you configure the example, the DHCP relay agent includes option 82 information in the DHCP packets that it receives from the clients and forwards to the DHCP server.

Configuration

To configure a forward-only DHCP relay agent on a ELS supported EX or QFX switches, perform these tasks:

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them in a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the command into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set forwarding-options dhcp-relay server-group SV1 dhcp-server-1-address
set forwarding-options dhcp-relay server-group SV2 dhcp-server-2-address
set forwarding-options dhcp-relay active-server-group SV1
set forwarding-options dhcp-relay group DHCP-FO forward-only
set forwarding-options dhcp-relay group DHCP-FO relay-option-82 circuit-id use-interface-description device
set forwarding-options dhcp-relay group DHCP-FO interface interface1
set forwarding-options dhcp-relay group DHCP-FO interface interface2

Configure forward-only' DHCP Relay Agent

Step-by-Step Procedure

To configure forward-only DHCP relay:

  1. Specify the name of the server group, SV1 and SV2.

    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# set server-group SV1
user@host# set server-group SV2

  2. Add the IP addresses of the DHCP servers belonging to the group.

    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# set server-group SV1 dhcp-server-1-address 
user@host# set server-group SV2 dhcp-server-2-address

  3. (Optional) In enterprise scenario, you can use the Preboot Execution Environment (PXE) or BOOTP for a PC (or other devices) to get its Junos OS from a server.

    • If you want to enable BOOTP support when the switch is configured to be a DHCP relay agent, enter the following statement:

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay]
user@host# set overrides bootp-support

    • Add a DHCP or PXE Servers to the DHCP Servers group

      content_copy zoom_out_map
      [edit forwarding-options dhcp-relay]
user@host# server-group SV1 dhcp-server-3-address

  4. Apply the server group as an active server group.

    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# set active-server-group SV1

  5. Define DHCP-FO as interface group on your switching device acting as DHCP relay. Configure:

    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# set group DHCP-FO forward-only

  6. Add a list of interfaces to the interface group.

    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# set group DHCP-FO interface interface1
user@host# set group DHCP-FO interface interface2

  7. Set relay option 82 to interfaces and specify Agent circuit ID. Agent Circuit ID identifies the interface on which the client DHCP packet is received. When you configure circuit ID, the include the textual interface description in the message.

    content_copy zoom_out_map
    [edit forwarding-options dhcp-relay]
user@host# set group DHCP-FO group relay-option-82 circuit-id use-interface-description device

Results

From configuration mode, confirm the results of your configuration by issuing the show statement at the [edit forwarding-options] hierarchy level. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

content_copy zoom_out_map
[edit forwarding-options]
user@host> show
dhcp-relay {
    server-group {
        SV1 {
            dhcp-server-1-address;
        }
        SV2 {
            dhcp-server-2-address;
        }
    }
    active-server-group SV1;
    group DHCP-FO {
        relay-option-82 {
            circuit-id {
                use-interface-description device;
            }
        }
        forward-only;
        interface interface1;
        interface interface2;
    }
}

If you are done configuring the device, enter commit from configuration mode.

Verification

Verify if the messages from the DHCP server includes a copy of the Option 82 information sent by the DHCP relay.

Verifying the Offer message with Option-82

Purpose

Verify the “forward-only” DHCP Relay by enabling the dhcp traceoptions on the DHCP Relay.

Action

  • Receive the output of the tracing operation in the specified file.

    content_copy zoom_out_map
    user@host# set system processes dhcp-service traceoptions file dhcp_logfile size 10m
user@host# set system processes dhcp-service traceoptions level all
user@host# set system processes dhcp-service traceoptions flag all
Feb 25 15:41:11.454186 [MSTR][DEBUG][default:default][RLY][INET][irb.56] jdhcpd_io_process_ip_packet: LOCAL: recv pkt; sa 10.42.6.20; da 10.42.59.251; src_port 67; dst_port 67; len 410
Feb 25 15:41:11.454218 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP   from == 10.42.6.20, port == 67 ]--
Feb 25 15:41:11.454228 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP   size == 410, op == 2 ]--
Feb 25 15:41:11.454250 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP  flags == 8000 ]--
Feb 25 15:41:11.454271 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP  htype == 1, hlen == 6 ]--
Feb 25 15:41:11.454292 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP   hops == 0, xid == e50f52a1 ]--
Feb 25 15:41:11.454313 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP   secs == 0, flags == 8000 ]--
Feb 25 15:41:11.454347 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP ciaddr == 0.0.0.0 ]--
Feb 25 15:41:11.454428 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP yiaddr == 10.42.58.21 ]--
Feb 25 15:41:11.454461 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP siaddr == 10.42.6.20 ]--
Feb 25 15:41:11.454472 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP giaddr == 10.42.59.251 ]--
Feb 25 15:41:11.454486 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP chaddr == 34 48 ed 27 e2 29 00 00 00 00 00 00 00 00 00 00 ]--
Feb 25 15:41:11.454508 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP  sname ==  ]--
Feb 25 15:41:11.454535 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ DHCP/BOOTP   file ==  ]--
Feb 25 15:41:11.454560 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code  53, len   1, data DHCP-OFFER ]--
Feb 25 15:41:11.454603 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code   1, len   4, data ff ff fc 00 ]--
Feb 25 15:41:11.454616 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code  58, len   4, data 00 05 46 00 ]--
Feb 25 15:41:11.454638 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code  59, len   4, data 00 09 3a 80 ]--
Feb 25 15:41:11.454675 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code  51, len   4, data 00 0a 8c 00 ]--
Feb 25 15:41:11.454701 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code  54, len   4, data 0a 2a 06 14 ]--
Feb 25 15:41:11.454724 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code   3, len   4, data 0a 2a 3b fe ]--
Feb 25 15:41:11.454748 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code   4, len   8, data 0a 2a 01 64 0a 2a 06 64 ]--
Feb 25 15:41:11.454778 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code   6, len   8, data 0a 2a 01 64 0a 2a 06 64 ]--
Feb 25 15:41:11.454805 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code  15, len  15, data 6c 69 73 65 63 2e 69 6e 74 65 72 6e 61 6c 00 ]--
Feb 25 15:41:11.454829 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code  42, len   8, data 0a 2a 01 64 0a 2a 06 64 ]--
Feb 25 15:41:11.454858 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code 128, len  29, data 61 74 73 65 2d 65 6d 70 69 72 75 6d 31 2e 6c 69 73 65 63 2e 69 6e 74 65 72 6e 61 6c 00 ]--
Feb 25 15:41:11.454888 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code 129, len  29, data 61 74 73 65 2d 65 6d 70 69 72 75 6d 31 2e 6c 69 73 65 63 2e 69 6e 74 65 72 6e 61 6c 00 ]--
Feb 25 15:41:11.454902 [MSTR][DEBUG][default:default][RLY][INET][irb.56] --[ OPTION code  82, len  19, data 01 11 49 52 42 2d 69 72 62 2e 35 36 3a 61 65 33 30 2e 30 ]--
Feb 25 15:41:11.454924 [MSTR][INFO] [default:default][RLY][INET][irb.56] --[ OPTION code 255, len   0 ]--
Feb 25 15:41:11.454939 [MSTR][DEBUG][default:default][RLY][INET][irb.56] jdhcpd_find_client_from_server_pdu: Using yiaddr from BOOTPREPLY for lookup
Feb 25 15:41:11.454962 [MSTR][DEBUG][default:default][RLY][INET][irb.56] jdhcpd_platform_client_v4_app_get_l3_index:  safd is not client type
Feb 25 15:41:11.454992 [MSTR][DEBUG] client_key_compose: Composing key (0xb294380) for cid_l 0, cid NULL, mac 34 48 ed 27 e2 29, htype 1, subnet 10.42.59.251, ifindx 0, opt82_l 0, opt82 NULL
Feb 25 15:41:11.455016 [MSTR][DEBUG] client_key_compose: Successfully composed CK_TYPE_HW_ADDR_ON_SUBNET (2) client key object.
Feb 25 15:41:11.455028 [MSTR][DEBUG] client_key_print: key_type CK_TYPE_HW_ADDR_ON_SUBNET (2): subnet 10.42.59.251, MAC htype 1, Addr 34 48 ed 27 e2 29
Feb 25 15:41:11.455050 [MSTR][DEBUG] client_key_print: key_type CK_TYPE_HW_ADDR_ON_SUBNET (2) other fields: subnet 10.42.59.251, ifindex 0, opt82_len 0, -
Feb 25 15:41:11.455081 [MSTR][INFO] [default:default][RLY][INET][irb.56] jdhcpd_process_forward_only_or_drop: Safd irb.56 in routing context default:default - forward only or drop processing
Feb 25 15:41:11.455114 [MSTR][DEBUG][default:default][RLY][INET][irb.56] jdhcpd_option_strip_relay_info: Removing option-82
Feb 25 15:41:11.455124 [MSTR][DEBUG][default:default][RLY][INET][irb.56] jdhcpd_option_strip_relay_info: Length of option 82 = 21 bytes
Feb 25 15:41:11.455146 [MSTR][DEBUG][default:default][RLY][INET][irb.56] jdhcpd_option_strip_relay_info: Moving 2 bytes, which were after option 82 and parse again
Feb 25 15:41:11.455169 [MSTR][DEBUG][default:default][RLY][INET][irb.56] jdhcpd_process_forward_only_or_drop: Safd irb.56 in routing context default:default - config supports fwd only relaying packet
Feb 25 15:41:11.455193 [MSTR][DEBUG][default:default][RLY][INET][irb.56] jdhcpd_process_forward_only_or_drop: Result of forward-only: packet_consumed Yes, packet_dropped No, message_type OFFER
Feb 25 15:41:11.455217 [MSTR][DEBUG][default:default][RLY][INET][irb.56] jdhcpd_relay_forward_only_packet: Broadcast BOOTPREPLY OFFER for 10.42.58.21 on safd irb.56

  • You can use the following commands to search for problems in the DHCP traceoptions log file (in this example, ‘dhcp_logfile’).

    • To get an overview of most common problems, use:

      content_copy zoom_out_map
      user@host>  show log dhcp_logfile | match "dropp|fail|unconf" | except "packet_dropped No"

    • To investigate a specific problem, use:

      content_copy zoom_out_map
      user@host>  show log dhcp_logfile | find " arrived on unconfigured interface"

      The find command is similar to Linux less command. It will reach the first entry in the log and allow you to scroll up/down the message.

  • (Optional) To query the traceoptions logs on a Linux sever (or from the Junos shell), you can use both the following commands:

    content_copy zoom_out_map
    user@host> egrep -i "dropp|fail|unconf" dhcp_logfile | egrep -v "packet_dropped No" | more
    content_copy zoom_out_map
    user@host> egrep -i -b 5 " arrived on unconfigured interface" dhcp_logfile | more
Meaning

The above sample confirms that the messages from the DHCP server includes a copy of the Option 82 information sent by the DHCP relay and the sample also displays the textual description of the interface.

Related Documentation

arrow_backward PREVIOUS DHCP and BOOTP Relay Agent
NEXT arrow_forward DHCPv6 Relay Agent
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top