Ethernet Switching
Ethernet Switching

DHCP Snooping Binding on EX8208

03.17.17   |  
‎03-17-2017 10:34 AM

Can anybody help me to make DHCP Snooping Bindings work on EX8208 ? We have some EX8208s running JunOS 15.1R5.5 version, but tried to activate it before on 14 and 13 JunOS and all the time we were unable to get it working as it should... 


I have attached our topology, and I want to explain a little bit, how our network works:

Hosts are connected in an access switch which inserts Options82 in DHCP packets, then EX8208 is acting as a DHCP Relay and relays dhcp packets to DHCP Server. On EX we have configured bootp as following:


show configuration forwarding-options helpers 
bootp {
    interface {



I've tried to confiure

set ethernet-switching-options secure-access-port vlan VLANxxx examine-dhcp


On thus vlans which are configured with relay, but it didn't work.. What I've noticed is that when hosts obtain IP through DHCP, in dhcp snooping bindings table I see a bind, but it has lease time of 4 seconds(actually we have a least time equal to 3 days), and it shows me my uplink interface(interface to DHCP Server) not the downlink interface which is going to the client:


show dhcp snooping binding
DHCP Snooping Information:
MAC Address             IP Address Lease   Type     VLAN    Interface
-----------------       ---------- -----   -------  ----    ---------
xx:xx:xx:xx:xx:xx  4      dynamic   VLAN55  xe-0/0/1.0



I think that the problem is that EX see all ports as trusted, while hosts ports should be untrusted,but if I set downlink port ge-4/0/4 as untrasted, then it is dropping DHCP packets with Options82... I've noticed the same on Cisco switches, but there is a command something like "dhcp snooping information options allow-untrusted", here I can't see such a command..


Does anybody know what is the problem ? And how to make DHCP Snooping Bindings works properly as we want to enable IP Source Guard and Dynamic Arp Inspection for security.


Ethernet Switching

Re: DHCP Snooping Binding on EX8208

03.20.17   |  
‎03-20-2017 01:20 AM

Someone managed to get DHCP Snooping Bindings work on the EX8208 ?!

Ethernet Switching

Re: DHCP Snooping Binding on EX8208

03.21.17   |  
‎03-21-2017 07:57 PM



By default all access ports are untrusted. You can make the port going towards the server trusted.

Can you add that configuration and check. Because the snooping binding table takes the lease information from the ACK packet.




Ethernet Switching

Re: DHCP Snooping Binding on EX8208

03.22.17   |  
‎03-22-2017 12:11 AM

Hi Partha,


I attached our topology in my first post here, if you take a look there, you can see that our EX8208's port that is connected to our Layer3 network is a trunk port(also this is the interface which goes to DHCP Server) so it is a trusted port. We don't have any access ports on EX, all the ports, either which are going up to DHCP server or down to our clients, are both trunk ports.