Entries in the DHCP database are updated in these events:
•
When a DHCP client releases an IP address (sends a DHCPRELEASE message), the
associated mapping entry is deleted from the database.
•
If you move a network device from one VLAN to another, typically the device has to
acquire a new IP address, so its entry in the database, including the VLAN ID, is updated.
•
When the lease time (timeout value) assigned by the DHCP server expires, the
associated entry is deleted from the database.
TIP:
By default, the IP-MAC bindings are lost when the switch is rebooted
and DHCP clients (the network devices, or hosts) must reacquire bindings.
However, you can configure the bindings to persist by setting the
dhcp-snooping-file
statement to store the database file either locally or
remotely.
You can configure the switch to snoop DHCP server responses only from particular VLANs.
Doing this prevents spoofing of DHCP server messages.
You configure DHCP snooping for each VLAN, not for each interface (port). By default,
DHCP snooping is disabled for all VLANs.
TIP:
For private VLANs (PVLANs), enable DHCP snooping on the primary
VLAN. If you enable DHCP snooping only on a community VLAN, DHCP
messages coming from PVLAN trunk ports are not snooped.
DHCP Snooping Process
The basic process of DHCP snooping entails the following steps:
1.
Device sends DHCPDISCOVER to request IP address.
2.
Switch forwards the packet to the DHCP server.
3.
Server sends DHCPOFFER to offer an address. If the DHCPOFFER is from a trusted
interface, switch forwards the packet to the DHCP client.
4.
Device sends DHCPREQUEST to accept the IP address. Switch snoops this packet
and adds IP-MAC placeholder binding to the database. The entry is considered a
placeholder until a DHCPACK is received from the server. Until then, the IP address
could still be assigned to some other host.
5.
Server sends DHCPACK to assign the IP address or DHCPNAK to deny the address
request
6.
Switch updates the the DHCP database in accordance with the type of packet received:
•
Upon receipt of DHCPACK, switch updates lease information for the IP-MAC binding
in its database.
Copyright © 2010, Juniper Networks, Inc.
2830
Complete Software Guide for Junos
®
OS for EX Series Ethernet Switches, Release 10.3
Summary of Contents for JUNOS OS 10.3 - SOFTWARE
Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...
Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...
Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...
Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...
Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...
Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...