SRX

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX320 / JDHCP / VLAN

    Posted 10-08-2020 04:28

    Hi everyone, 

     

    I configured one of my ports with multiple VLAN's and a native VLAN.. 

     

    I'm now trying to configure the JDHCP service, but whatever I do.. all my VLAN's receive the native VLAN DHCP scope..  I checked some earlier posts here.. and it looks like my config is the same.. .. 

     

    what am I missing?

     

    Junos: 18:4R3-S4.2
    ....
<interfaces>
ge-0/0/1 {
    flexible-vlan-tagging;
    native-vlan-id 1;
    unit 0 {
        vlan-id 1;
        family inet {
            address 172.16.1.1/24;
        }
    }
    unit 2 {
        vlan-id 2;
        family inet {
            address 172.16.2.1/24;
        }
    }
...
<system services>
dhcp-local-server {
    group internal {
        interface ge-0/0/1.0;
    }
    group guest-pool {
        interface ge-0/0/1.2;
    }
.....

<access address-assignments>
pool internal-pool {
    family inet {
        network 172.16.1.0/24;
        range range1 {
            low 172.16.1.20;
            high 172.16.1.200;
        }
        dhcp-attributes {
            name-server {
                172.16.1.1;
            }
            router {
                172.16.1.1;
            }
        }
    }
}

pool guest-pool {
    family inet {
        network 172.16.2.0/24;
        range guest-pool-2-24 {
            low 172.16.2.20;
            high 172.16.2.40;
        }
        dhcp-attributes {
            name-server {
                1.1.1.1;
                8.8.8.8;
            }
            router {
                172.16.2.1;
            }
        }
    }
}

     



  • 2.  Re: SRX320 / JDHCP / VLAN

    Posted 10-09-2020 16:52
    Have you tried vpls encapsulation? I'll post some code in a bit.


  • 3.  Re: SRX320 / JDHCP / VLAN

    Posted 10-09-2020 17:21

    This trunk was supposed to have 2 vlans on it. It seems to roll fine

    but I included the default vlan which I don't see in the srx300 series.

    This was srx240b2.

     

    Confirm if the default vlan exists. I think all boxes have vlan(0) .

    Better confirm. In srx240 11.47 and 12.xx it exists and is shown.

    Whats odd with my config however is that vlan-id 3 is the trust

    and this has changed to vlan 2 in 300 series.

    So you need to confirm traffic too. This seemed to convert

    id 3 to id 1 . But 1 is also present in the below units. Keep in

    mind that routers select routes by logical means.

     

    I used vlan-id 3 because srx240 uses this as I said before.

     

    Incidently the default vlan in srx240 is id 1. Go figure.

    Its still vlan(0) if you ask me. 😉

     

     

        ge-0/0/14 {
            flexible-vlan-tagging;
            encapsulation vlan-vpls;
            unit 0 {
                arp-resp;
                vlan-id 3;
                family ethernet-switching {
                    vlan {
                        members vlan-trust;
                    }
                }
            }
            unit 1 {
                arp-resp;
                vlan-id 1;
                family ethernet-switching {
                    vlan {
                        members vlan-trust;
                    }
                }
            }
            unit 2 {
                arp-resp;
                vlan-id 2;
                family ethernet-switching {
                    vlan {
                        members vlan-trust;
                    }
                }
            }
        }

     

     

     

     

    vlans {
        vlan-trust {
            vlan-id 3;
            l3-interface vlan.0;
        }
        vlan2 {
            vlan-id 2;
            l3-interface vlan.2;
        }
    }

     

     

    Please try to confirm vpls worked if you can. It does get things

    rolling. Id like to hear about the dhcp thing. Im diagnosing too.



  • 4.  Re: SRX320 / JDHCP / VLAN

    Posted 10-09-2020 22:41

    The VLAN configuration itself works.. I break-out the VLAN's in my Hyper-v server or managed switch and if I set a VM/computer to the right VLAN and set the IP address manually it all works.. 

     

    The problem is solely the DHCP which is giving the native vlan to all vlan's.. so a VM in vlan 2 gets 172.16.1.0/24  (from ge0/0/1 unit 0) - which then doesnt connect to the router/internet.. as it should have received a 172.16.2.x address.. (from ge0/0/1 unit 2) 

     

    setting the 172.16.2.x/24 on the VM makes it all work again.. so definitively a dhcp-interface mapping problem



  • 5.  Re: SRX320 / JDHCP / VLAN

    Posted 10-10-2020 03:07

    I would say you should assign the two interfaces to the same dhcp-local-server group. This is what I do on my own SRX300 as has done so since Junos 15.1x49 up to 20.2.

     

    user@srx300> show configuration system services dhcp-local-server
group int {
    interface irb.10;
    interface irb.20;
}

     

    Try this and let us know if this changes anything - hopefully it does 🙂



  • 6.  Re: SRX320 / JDHCP / VLAN

    Posted 10-11-2020 07:45
    Oh, please forgive me for the vlan 2 statement at the bottom. I was trying something at the time I saved this config. But it's still useful in the example. I was learning what to do and not to do. I was learning what to try, and what not to try.


    Adrian Aguinaga
    B.S.C.M. ITT Tech
    A.A.S. ITT Tech