Supported Platforms
Disabling ARP Table Population
By default, DHCP populates the ARP table with the MAC address of a client when the client binding is established. However, you may choose to use the DHCP no-arp statement to hide the subscriber MAC address information, as it appears in ARP table entries.
When running in a trusted environment (that is, when not using the no-arp statement), DHCP populates the ARP table with unique MAC addresses contained within the DHCP PDU for each DHCP client:
Table 1: ARP Table in Trusted Environment
IP Address | MAC Address |
|---|---|
Client 1 IP Address | MAC A |
Client 2 IP Address | MAC B |
Client 3 IP Address | MAC C |
In distrusted environments, you can specify the no-arp statement to hide the MAC addresses of clients. When you specify the no-arp statement, DHCP does not automatically populate the ARP table with MAC address information from the DHCP PDU for each client. Instead, the system performs an ARP to obtain the MAC address of each client and obtains the MAC address of the immediately attached device (for example, a DSLAM). DHCP populates the ARP table with the same interface MAC address (for example, MAC X from a DSLAM interface) for each client:
Table 2: ARP Table in Distrusted Environment
IP Address | MAC Address |
|---|---|
Client 1 IP Address | MAC X |
Client 2 IP Address | MAC X |
Client 3 IP Address | MAC X |
To disable ARP table population:
- Specify that you want to configure override options.
- For DHCP local server:[edit system services dhcp-local-server]user@host# edit overrides
- For DHCP relay:[edit forwarding-options dhcp-relay]user@host# edit overrides
- For DHCP local server:
- Disable ARP table population with client-specific information.
(DHCP local server and DHCP relay agent both support the no-arp statement.)
- For DHCP local server:[edit system services dhcp-local-server overrides]user@host# set no-arp
- For DHCP relay:[edit forwarding-options dhcp-relay overrides]user@host# set no-arp
- For DHCP local server:
