SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Srx300 cluster issue with DHCP server wrong IP assigned irb

Jump to Best Answer
  • 1.  Srx300 cluster issue with DHCP server wrong IP assigned irb

    Posted 10-12-2020 02:18
    Not sure what is wrong with my configuration
    I can't figure out why vlan.2(irb.2) on port ge-1/0/3.0 provide different IP range instead 192.168.2.1/24
     
    Anyone please can point the correct direction
     
    @srx-a> show chassis firmware 
    node0:
    --------------------------------------------------------------------------
    Part                     Type       Version
    FPC                      O/S        Version 18.4R3-S4.2 by builder on 2020-06-25 16:43:08 UTC
    FWDD                     O/S        Version 18.4R3-S4.2 by builder on 2020-06-25 16:43:08 UTC
    
    node1:
    --------------------------------------------------------------------------
    Part                     Type       Version
    FPC                      O/S        Version 18.4R3-S4.2 by builder on 2020-06-25 16:43:08 UTC
    FWDD                     O/S        Version 18.4R3-S4.2 by builder on 2020-06-25 16:43:08 UTC
    
    
    
    
    @srx-a> show vlans    
    
    Routing instance        VLAN name             Tag          Interfaces
    default-switch          default               1        
                                                               ge-0/0/3.0
                                                               reth0.0
    default-switch          vlan.2                2        
                                                               ge-1/0/3.0
    default-switch          vlan.5                5        
                                                               reth0.0
    
    
    
    
    @srx-a# show security zones security-zone trust 
    address-book {
        address LAN1-network 192.168.1.0/24;
        address LAN2-network 192.168.2.0/24;
    }
    host-inbound-traffic {
        system-services {
            all;
        }
        protocols {
            all;
        }
    }
    interfaces {
        irb.2 {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
        }
        irb.1;                              
        irb.5;
    }
    
    
    
    
    
    rx-a# run show interfaces terse irb 
    Interface               Admin Link Proto    Local                 Remote
    irb                     up    up
    irb.1                   up    down inet     192.168.1.1/24  
    irb.2                   up    down inet     192.168.2.1/24  
    irb.5                   up    down inet     192.168.5.1/24
    
    
    
    @srx-a# show system services dhcp-local-server 
    group jdhcp-group {
        interface fxp0.0;
        interface irb.1;
        interface irb.2;
        interface irb.5;
        interface reth0.0;
    }
    
    
    
    
    @srx-a# show interfaces                                              
    ge-0/0/3 {
        description ADMIN-LOCAL-SRX-A;
        unit 0 {
            family ethernet-switching {
                vlan {
                    members default;
                }
            }
        }
    }
    ge-0/0/4 {
        description WAN;
        gigether-options {
            redundant-parent reth1;
        }
    }
    ge-0/0/5 {
        description LAN;
        gigether-options {
            redundant-parent reth0;
        }
    }
    ge-1/0/3 {
        description ADMIN-LOCAL-SRX-B;      
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan.2;
                }
            }
        }
    }
    ge-1/0/4 {
        description WAN;
        gigether-options {
            redundant-parent reth1;
        }
    }
    ge-1/0/5 {
        description LAN;
        gigether-options {
            redundant-parent reth0;
        }
    }
    fab0 {
        fabric-options {
            member-interfaces {             
                ge-0/0/2;
            }
        }
    }
    fab1 {
        fabric-options {
            member-interfaces {
                ge-1/0/2;
            }
        }
    }
    irb {
        unit 1 {
            family inet {
                address 192.168.1.1/24;
            }
        }
        unit 2 {
            family inet {
                address 192.168.2.1/24;
            }
        }
        unit 5 {                            
            family inet {
                address 192.168.5.1/24;
            }
        }
    }
    reth0 {
        description LAN;
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ default vlan.5 ];
                }
            }
        }
    }
    
    
    
    
    @srx-a# show access    
    address-assignment {
        pool DHCPvlan1 {
            family inet {
                network 192.168.1.0/24;
                range junosRange {
                    low 192.168.1.50;
                    high 192.168.1.254;
                }
                dhcp-attributes {
                    maximum-lease-time 3600;
                    router {
                        192.168.1.1;
                    }
                }
            }
        }
        pool DHCPvlan2 {
            family inet {
                network 192.168.2.0/24;
                range junosRangeB {
                    low 192.168.2.50;
                    high 192.168.2.254;
                }
                dhcp-attributes {           
                    maximum-lease-time 3600;
                    router {
                        192.168.2.1;
                    }
                }
            }
        }
        pool DHCP-CLIENT {
            family inet {
                network 192.168.5.0/24;
                range RANGE-CLIENT {
                    low 192.168.5.50;
                    high 192.168.5.254;
                }
                dhcp-attributes {
                    maximum-lease-time 3600;
                    name-server {
                        8.8.8.8;
                        8.8.4.4;
                    }
                    router {
                        192.168.5.1;
                    }                       
                }
            }
        }
        pool junosDHCPPool-FXP0 {
            family inet {
                network 10.1.1.0/24;
                range junosRange-FXP0 {
                    low 10.1.1.50;
                    high 10.1.1.254;
                }
                dhcp-attributes {
                    router {
                        10.1.1.1;
                        10.1.1.2;
                    }
                    propagate-settings fxp0.0;
                }
            }
        }
    }
    

     

     

    PC with Linux OS
     
     
    srx-a# run monitor traffic interface ge-0/0/3    
    verbose output suppressed, use <detail> or <extensive> for full protocol decode
    Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
    Address resolution timeout is 4s.
    Listening on ge-0/0/3, capture size 96 bytes
    
    22:50:11.468288 Out IP truncated-ip - 259 bytes missing! [|ip]
    Reverse lookup for 0.0.0.0 failed (check DNS reachability).
    Other reverse lookup failures will not be reported.
    Use <no-resolve> to avoid reverse lookups on IP addresses.
    
    22:50:11.474052  In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request [|bootp]
    22:50:11.661977 Out IP truncated-ip - 259 bytes missing! [|ip]
    
    22:50:13.266879  In arp who-has 192.168.1.1 tell 192.168.1.50
    22:50:13.267047 Out arp reply 192.168.1.1 is-at 10:39:XX:XX:XX:XX
    
    
    
    ```
    @srx-a# run show dhcp server binding              
    IP address        Session Id  Hardware address   Expires     State      Interface
    192.168.1.50      25          c8:5b:XX:XX:XX:XX   3571        BOUND      irb.1          
    ```
    
    
    
    
    @srx-a# run monitor traffic interface ge-1/0/3    
    verbose output suppressed, use <detail> or <extensive> for full protocol decode
    Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
    Address resolution timeout is 4s.
    Listening on ge-1/0/3, capture size 96 bytes
    
    Reverse lookup for 0.0.0.0 failed (check DNS reachability).
    Other reverse lookup failures will not be reported.
    Use <no-resolve> to avoid reverse lookups on IP addresses.
    
    22:50:54.745038  In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request [|bootp]
    22:50:54.883732 Out IP truncated-ip - 259 bytes missing! [|ip]
    22:50:54.905072  In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request [|bootp]
    22:50:55.065738 Out IP truncated-ip - 259 bytes missing! [|ip]
    22:50:55.275156  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:50:56.284870  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:50:57.304646  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:50:58.333897  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:50:59.353839  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:00.373496  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:01.039329 Out arp who-has 192.168.2.51 tell 192.168.2.1
    22:51:01.403045  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:01.938851 Out arp who-has 192.168.2.51 tell 192.168.2.1
    22:51:02.422659  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:02.738574 Out arp who-has 192.168.2.51 tell 192.168.2.1
    22:51:03.438055 Out arp who-has 192.168.2.51 tell 192.168.2.1
    22:51:03.452054  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:04.038283 Out arp who-has 192.168.2.51 tell 192.168.2.1
    22:51:04.471963  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:04.937928 Out arp who-has 192.168.2.51 tell 192.168.2.1
    22:51:05.491711  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:06.521285  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:07.540812  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:08.570413  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:09.600210  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:10.619834  In arp who-has 192.168.1.1 tell 192.168.1.52
    22:51:11.639451  In arp who-has 192.168.1.1 tell 192.168.1.52
    
    
    
    
    @srx-a# run show dhcp server binding              
    IP address        Session Id  Hardware address   Expires     State      Interface
    192.168.1.50      25          c8:5b:XX:XX:XX:XX  3499        BOUND      irb.1               
    192.168.1.52      26          c8:5b:XX:XX:XX:XX  3543        BOUND      irb.2            <<<<<<<<<<  WRONG IP 
    
    
    
    
    @srx-a#clear arp
    @srx-a#clear dhcp server binding all
    

     

     

     

    Same PC with windows OS
     
     
    @srx-a# run monitor traffic interface ge-0/0/3
    verbose output suppressed, use <detail> or <extensive> for full protocol decode
    Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
    Address resolution timeout is 4s.
    Listening on ge-0/0/3, capture size 96 bytes
    
    22:56:04.123928  In
    Reverse lookup for 169.254.159.139 failed (check DNS reachability).
    Other reverse lookup failures will not be reported.
    Use <no-resolve> to avoid reverse lookups on IP addresses.
    
    22:56:04.329569  In arp who-has 169.254.159.139 tell 169.254.159.139
    22:56:07.142360  In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request [|bootp]
    22:56:07.307931 Out IP truncated-ip - 269 bytes missing! [|ip]
    22:56:07.310846  In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request [|bootp]
    22:56:07.516481 Out IP truncated-ip - 269 bytes missing! [|ip]
    22:56:07.551700  In arp who-has 192.168.5.1 tell 192.168.5.51
    22:56:07.841640  In arp who-has 192.168.5.51 tell 0.0.0.0
    22:56:07.949364  In arp who-has 192.168.5.1 tell 192.168.5.51
    22:56:08.334157  In arp who-has 192.168.5.1 tell 192.168.5.51
    22:56:08.828511  In arp who-has 192.168.5.51 tell 0.0.0.0
    22:56:09.328991  In arp who-has 192.168.5.1 tell 192.168.5.51
    22:56:09.835790  In arp who-has 192.168.5.51 tell 0.0.0.0
    22:56:10.589068  In arp who-has 192.168.5.1 tell 192.168.5.51
    22:56:10.835527  In arp who-has 192.168.5.51 tell 192.168.5.51
    22:56:11.338584  In arp who-has 192.168.5.1 tell 192.168.5.51
    22:56:11.833592  In arp who-has 192.168.5.1 tell 192.168.5.51
    22:56:12.330011  In arp who-has 192.168.5.1 tell 192.168.5.51
    22:56:13.338314  In arp who-has 192.168.5.1 tell 192.168.5.51
    22:56:13.400804  In arp who-has 192.168.5.1 tell 192.168.5.51
    22:56:14.338277  In arp who-has 192.168.5.1 tell 192.168.5.51
    
    
    
    @srx-a# run show dhcp server binding
    IP address        Session Id  Hardware address   Expires     State      Interface
    192.168.5.51      27          c8:5b:XX:XX:XX:XX  3479        BOUND      irb.1             <<<<<<<<<<<<<< WRONG IP 
    

     

     

     

     


    #DHCP
    #irb
    #srx300
    #cluster


  • 2.  Re: Srx300 cluster issue with DHCP server wrong IP assigned irb
    Best Answer

     
    Posted 10-12-2020 03:47

    Does 'set system services dhcp-local-server requested-ip-interface-match' help? If those hosts were previously on other subnets they may be requesting and recieving their old addresses even though they hgave changed vlans.



  • 3.  Re: Srx300 cluster issue with DHCP server wrong IP assigned irb

    Posted 10-12-2020 12:20

    worked thank you @smicker

     

    this scenario is also describe here

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB32226