Can anybody help me to make DHCP Snooping Bindings work on EX8208 ? We have some EX8208s running JunOS 15.1R5.5 version, but tried to activate it before on 14 and 13 JunOS and all the time we were unable to get it working as it should...
I have attached our topology, and I want to explain a little bit, how our network works:
Hosts are connected in an access switch which inserts Options82 in DHCP packets, then EX8208 is acting as a DHCP Relay and relays dhcp packets to DHCP Server. On EX we have configured bootp as following:
show configuration forwarding-options helpers
bootp {
relay-agent-option;
server 10.1.1.1
server 10.2.2.2
interface {
vlan.55;
vlan.56;
vlan.61;
vlan.67;
vlan.70;
I've tried to confiure
set ethernet-switching-options secure-access-port vlan VLANxxx examine-dhcp
On thus vlans which are configured with relay, but it didn't work.. What I've noticed is that when hosts obtain IP through DHCP, in dhcp snooping bindings table I see a bind, but it has lease time of 4 seconds(actually we have a least time equal to 3 days), and it shows me my uplink interface(interface to DHCP Server) not the downlink interface which is going to the client:
show dhcp snooping binding DHCP Snooping Information: MAC Address IP Address Lease Type VLAN Interface ----------------- ---------- ----- ------- ---- --------- xx:xx:xx:xx:xx:xx 192.0.2.0 4 dynamic VLAN55 xe-0/0/1.0
I think that the problem is that EX see all ports as trusted, while hosts ports should be untrusted,but if I set downlink port ge-4/0/4 as untrasted, then it is dropping DHCP packets with Options82... I've noticed the same on Cisco switches, but there is a command something like "dhcp snooping information options allow-untrusted", here I can't see such a command..
Does anybody know what is the problem ? And how to make DHCP Snooping Bindings works properly as we want to enable IP Source Guard and Dynamic Arp Inspection for security.