SRX

Expand all | Collapse all

SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

Jump to Best Answer
  • 1.  SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 06-25-2014 12:59

    hi guys,

     

    its a really weird problem i've got.

     

    Sometimes out of nothing, the wan side of the SRX ( ge0-0-0) drops the IP that it gets from the modem and wont bind any ip-adress. i have to restart the modem couple of times, untill the SRX gets a ip-adress, but sometimes it wont work hours even days!!

     

    but when i always connect my laptop directly to the modem, i get a ip-adress in a SECOND!!

     

    Also i cant delete the command, when i type delete in the edit mode, it wont find anything after i type set,

    example:


    [edit]
    serdar@SRX210# delete set
                                                    ^
    syntax error................

     

    not working also...why?

     

     

     

    here is some configuration for the DHCP

     

    set interfaces ge-0/0/0 description UPC-INTERNET
    set interfaces ge-0/0/0 unit 0 family inet dhcp lease-time infinite
    set interfaces ge-0/0/0 unit 0 family inet dhcp retransmission-attempt 6
    set interfaces ge-0/0/0 unit 0 family inet dhcp retransmission-interval 20
    set interfaces ge-0/0/1 speed 1g
    set interfaces ge-0/0/1 mtu 9014
    set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24

     

     

    set security zones security-zone UNTRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
    set security zones security-zone UNTRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services bootp
    set security zones security-zone UNTRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services dns
    set security zones security-zone UNTRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services ike

     

     

    serdar@SRX210> show system services dhcp client

    Logical Interface name ge-0/0/0.0
    Hardware address 78:19:f7:d9:74:40
    Client status init
    Address obtained 0.0.0.0
    Update server disabled

     

    serdar@SRX210> show system services dhcp global
    Global settings:
    BOOTP lease length infinite

    DHCP lease times:
    Default lease time 1 day
    Minimum lease time 1 minute
    Maximum lease time infinite

    DHCP options:
    Name: name-server, Value: [ 208.67.222.222, 208.67.220.220 ]

     

    serdar@SRX210> show system services dhcp statistics
    Packets dropped:
    Total 664

    Messages received:
    BOOTREQUEST 0
    DHCPDECLINE 0
    DHCPDISCOVER 0
    DHCPINFORM 0
    DHCPRELEASE 0
    DHCPREQUEST 0

    Messages sent:
    BOOTREPLY 0
    DHCPOFFER 0
    DHCPACK 0
    DHCPNAK 0

     

     

     

    serdar@SRX210> show system software
    Information for junos:

    Comment:
    JUNOS Software Release [12.1R1.9]

     

     

     



  • 2.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 06-25-2014 14:54

    really weird occasion has occured now:

     

    when setting the modem in bridge mode, the SRX wont get any dhcp lease...

     

    when setting the modem in router mode, it get a 192.168.1.100/24 adress....

     

    really a pain in the @ss



  • 3.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 06-25-2014 21:54

    Hi Sedar,

     

    SRX not getting DHCP might be for many reasons.

     

    1. I have seen DHCP server sending the DHCP OFFER with Unicast flag set  and this is against RFC so SRX will not accept the offer . DHCP offer has to be Broadcast.

     

    2. I would suggest you to upgrade to latest 11.4 Junos code or 12.1X44-D35 (JTAC recommended) and test the DHCP settings.

     

    3. You cannot add set command after delete. Delete is used to delete specific configuration.

     

    set is used to configure new configuration line.

     

    Regards,

    rparthi

     

    [Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too] .....

     



  • 4.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 06-27-2014 06:37

    thx rparthi,

     

    1. i will look into the dhcp offer of the modem packets.

     

    2. i will also try to update, but where can i find the updat?

     

    3. how am i supposed to delete the command? its really weird. im in the edit mode, and cant delete any 'set' lines.. 

     

    run show configuration | display set   # this shows all the set command but cant delete them somehow.

     

     

     



  • 5.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 06-27-2014 19:36

    Hi Serdar,

     

    1. SRX upgrade procedures:

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB16652

     

    2.  how to delete configuration;

     

    show configuration | display set.

     

    will list all configuraton with set  at the starting of the line.

     

    replace set with delete and  it will delete that line :

     

    Example:

     

    show configuration| display set

    +++++++++++++++++++++++++++

    set system host-name testing

    set system time-zone GMT
    set system authentication-order password
    set system authentication-order tacplus
    set system ports console log-out-on-disconnect
    set system ports auxiliary disable

     

    Replace set with delete :

     

    delete system host-name testing
    delete system time-zone GMT
    delete system authentication-order password
    delete system authentication-order tacplus
    delete system ports console log-out-on-disconnect
    delete system ports auxiliary disable

     

    This should help you with deleting configuration.

     

    Thanks & Regards,

    rparthi


    [Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too] .....



  • 6.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 06-28-2014 17:12

    grrr....

     

    1. dont have the right access to download from the web... :(((

     

    2. haha thanks... i got so messed up... i didnt think of it... lol....



  • 7.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-04-2014 17:31

    i tried several firmwares, and all have the same problem.... they can get no assign to an WAN-IP from my modem. i checked also the packages and its not Unicast but Broadcast.

     

    what stays over? i even tried to change the modem, and i got the same problem again



  • 8.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-04-2014 20:50

    Hi Serdar,

    Thanks for the update.

     

    If your PC is able to get an ip address, then Sometimes ISP saves the MAC address of PC to the binded ip address.

    if that is the case , then ISP has to flush the MAC address of your machine so that SRX can get the ip address.

    Or note down your PC mac address and configure that mac address of your PC to SRX Ge-0/0/0 interface and try to renew the dhcp and verify if it works.


    set interfaces ge-0/0/0 mac PCmac

    commit

    and renew the dhcp process using the following command:

    request system services dhcp renew


    Then share the following output:

    show system services dhcp client statistics

     

    Regards
    rparthi

     

    [Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too] .....



  • 9.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-06-2014 10:07

    @rparthi

     

    It has the MAC address of the firewall, because it was working and suddenly at 2-3AM it stopped. the only binding was with my PC and Firewall. Its normal that those CMTS dhcp-servers learns minimal 2 MAC addresses. so i dont think thats the problem.

     

     



  • 10.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-06-2014 10:17

    Hi Sedar,

     

    Thanks for the update, as you still have 1 more week for ISP to get back you, i would suggest  the following as updated earlier:

     

    note down your PC mac address and configure that mac address of your PC to SRX Ge-0/0/0 interface and try to renew the dhcp and verify if it works.

     

    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too



  • 11.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-05-2014 02:10

    I would suggest you run this command. If you set the lease to infinite, then the IP address is not flushed when it ISP changes. You should allow system to use the dhcp lease set by ISP. Your situation is very strange. Would this happen to be a COX modem?

    delete interfaces ge-0/0/0 unit 0 family inet dhcp lease-time



  • 12.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-06-2014 10:09

    @lyndidon

     

    the lease-time i added after it didnt work anymore....

     

     

     

    I also have contacted my ISP about this problem, i hope they will contact me in 1 week, after then i update this topic again.

     

     

    Thanks for your help guys.

     

     



  • 13.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-06-2014 12:58

    Do you have screens enabled, specifically IP_Spoofing? If yes, try disabling that specific one and test.

    Try >clear system services dhcp binding ? and clear the address associated with mac.

    then >request system services dhcp renew

    Take a look at this article;

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB21713


    How to verify whether the DHCP packets are being detected as spoofed packets:

    I also noticed this, can you ensure that update server is enabled?

    serdar@SRX210> show system services dhcp client

    Logical Interface name ge-0/0/0.0
    Hardware address 78:19:f7:d9:74:40
    Client status init
    Address obtained 0.0.0.0
    Update server disabled

     



  • 14.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-08-2014 07:18

    1. there is nothing enabled for ip_spoofing

     

    2. even after i did get a WAN-IP on my laptop, i tried to clone the mac on the interface and then request wan-ip on SRX from the dhcp server that i read on the windows ipconfig:

     

    serdar@SRX210# run show system services dhcp client statistics
    Packets dropped:
    Total 0

    Messages received:
    DHCPOFFER 0
    DHCPACK 0
    DHCPNAK 0

    Messages sent:
    DHCPDECLINE 0
    DHCPDISCOVER 66
    DHCPREQUEST 0
    DHCPINFORM 0
    DHCPRELEASE 0
    DHCPRENEW 0
    DHCPREBIND 0

     

    [edit]
    serdar@SRX210# run show system services dhcp client

    Logical Interface name ge-0/0/0.0
    Hardware address xxxxxxx  #### LaptopMAC
    Client status init
    Server address 10.15.136.1
    Address obtained 0.0.0.0
    Update server enabled

     



  • 15.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-08-2014 07:27

    Hi Serdar,

     

    From the statistics, we can only see DHCP discover packets sent from SRX but no DHCP reply from ISP Router.

     

    I think you need to talk to ISP and verify if they are receiving DHCP Discover sent by SRX and why they are not replying with DHCP offer.

     

    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too



  • 16.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-08-2014 07:31

    its really a frustrating problem, because it worked in the beginning, and out of sudden it wont get any address.

     

    How can i see what kind of dhcp discover the interface is sending?

     

    is it possible that i can duplicate the packets to another interface? like span-port on the srx?



  • 17.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-08-2014 09:04

    i tried it with this... but no succes...

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB21833



  • 18.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-08-2014 10:35

    The situation is weird. It seems like the installation has become corrupted, especially the dhcp infrastructure. I have a few recommendations to try.

    BTW any relevant info in the messages log file?

    >show system storage (verify enough free disk space)
    >request system storage cleanup dry-run (see files that can be deleted to free up more disk space)
    >request system storage cleanup

    >restart dhcp

    >restart dhcp-service

    >show system services dhcp binding
    >show system services dhcp conflict

    >clear system services dhcp conflict

    >show system services dhcp client

    >show system connections (see if listening|established for dhcp ports 67 & 68)

    >show system process

     

    If no resolution, enable debugging:

     

    #set system services dhcp traceoptions file dhcp-fail
    #set system services dhcp traceoptions file files 3 size 2m
    #set system services dhcp traceoptions flag all

    1- If you have an option reset the modem. Follow same proceedures like powering it off for 1 minute. You can also try this; Plugh in cable to PC and get IP address; instead of using dhcp, delete the dhcp from the ge-0/0/0 interface and set family inet but use the IP address that the PC gets, then plug in the cable to SRX. And test that.

    2- use a different port, if you have one free port available. say for example, you have a port fe-0/0/6, plug in the cable to the port and from th top of the heirarchy, use the following command:

    user@srx#replace pattern ge-0/0/0 with fe-0/0/0

    commit confirmed


    where ge-0/0/0 is the existing interface being used fro dhcp and fe-0/0/0 is the new interface you will test with. Commit confirmed will appy the new configuration temporarily for 10 minutes. If it works and you wish to keep it, enter commit only before the expiration of 10 minutes.

    3- Resinstall the Junos OS but add these 3 options: "force reboot no-copy" . Do not use the switch "unlink"!

    BTW, do you have a firewall filter applied recently that could be blocking dhcp traffic? Can you post a sanitized output of your SRX configuration



  • 19.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-08-2014 12:32

    i think i found the problem..... its insidee the discover package of the firewall, pleaase compare it with my laptop discover package.

     

    firewall.PNG

     

     

     

     

     

    I got response to this package:

     

    laptop.PNG



  • 20.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-08-2014 13:09

    on srx: >show chassis mac-address and compare it to see if the SRX is sending the same address.
    run show interfaces ge-0/0/0 extensive | match address
    Current address: 78:19:f7:d9:74:40, Hardware address: 78:19:f7:d9:74:40
    Address spoofing: 0
    This will show any mac address conflicts
    Seems okay, just that Juniper is not getting a IP address.
    >show arp (verify that remote ISP is communicating properly with SRX)
    >clear arp
    BTW what results did you get from my previous suggestions?



  • 21.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-09-2014 08:40

    previously :

     

    1. system storage cleanupetc. tried so many times... 

     

     

     

    2. every service works great etc, as far as i can see....

     

    restart dhcp-service 

    ---> warning: dhcp-service subsystem not running - not needed by configuration.

     

     

    3.

     

    also replacing ge000 with fe005 didnt wotk

     

    serdar@SRX210# replace pattern ge-0/0/0 with fe-0/0/5
    error: target statement 'fe-0/0/5' already exists
    [edit interfaces]
    'ge-0/0/0'
    could not rename to 'fe-0/0/5'

     

    so i want to delete it before replacing but it wont...

     

    serdar@SRX210# delete interfaces fe-0/0/5

    [edit]
    serdar@SRX210# commit
    [edit security zones security-zone UNTRUST]
    'interfaces fe-0/0/5.0'
    Interface fe-0/0/5.0 must be configured under interfaces
    error: configuration check-out failed

     

     

    but i did configure the fe-0/0/5 as the ge0.0.0

    but no result

     

     

    4.       i already installed, 11.4 12.1 couple of times, also downgraded to 10.x

     

     

    5. arp doesnt show the Modem or some address of the ISP, shows only lan network connections.

    but i see the interface LED blinking, and im sure that i get alot of ARP request on my firewall through the Modem.



     

    6. chassis mac address is correct...

     

     

     

    i also checked the RFC, it defines that you only need to send option 53, dhcp discover, everything else MAY be sent and is not a MUST, so i know definitely that the ISP has to change something.

     

     

     

     

     



  • 22.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]
    Best Answer

    Posted 07-09-2014 10:51

    Problem SOLVED!!!

     

     

    TTL is 1 in the DHCP-Discover !!!!!!

     

    need to change it... have changed it to 64....

     

     

    root@SRX% vi /etc/rc.custom     # cat doesnt work
    #!/sbin/sh sysctl -w net.inet.ip.mcast_ttl=64 root@SRX% chmod 777 /cf/etc/rc.custom


  • 23.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-09-2014 12:36

    Excellent work. I never even though about that at allt!! I followed up your work and found out this is a problem not new to you and that manifes itself in specific situations and it seems with specific vendors and ISPs.

    http://networkengineering.stackexchange.com/questions/874/srx-dhcp-client-compatibility-with-hp-procurve-dhcp-relay
    http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-DHCP-client-sends-discover-request-with-TTL-1/td-p/99180
    http://www.juniperforum.com/index.php?topic=8129.5;wap2

    As you correctly observed, the SRX as a DHCP client sends the DHCP Discover packet with a TTL of 1 whereas a PC (and maybe other vendors) send the DHCP Discover packet with TTL= 128. The modem from the ISP decrements the TTL = 0, hence the packet is dropped and never gets sent to the ISP. (I bet you could see it if you looked in the logs on the Modem. it seems also to be a problem with COMCAST modems). Why it stopped working is anyones guess. But my thoughts is that an update pushed to the modem resulted in the problem, since it was working before, because it seems the SRX has always sent the DHCP Discover TTL=1. The real fix is that the ISP should ensure that their modem do not drop DHCP Discover packets with TTL=1. That brings up how some modem works by cloning the client MAC address.

    The other solutions is that Juniper could update the code so the SRX now sends DHCP Discover TTL=3 (that should be sufficent number of hops for a firewall, or a value greater than 1).

    The next solution is what you have done which is to manually change the TTL.

    SOLUTION:
    Manually change the TTL value that the SRX uses on its DHCP requests from the shell.
    >start shell
    %su root
    root@% sysctl -w net.inet.ip.mcast_ttl=64



  • 24.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-09-2014 12:40

    well i did it through a shell...

     

    when you only edit the sysctl, at the next reboot it will forget it...

     

    if you need to do it permanentely, also after a firmware update i think, you have to do this as in your link it says...

     

    root@SRX% vi /etc/rc.custom     # cat doesnt work
    #!/sbin/sh sysctl -w net.inet.ip.mcast_ttl=64 root@SRX% chmod 777 /cf/etc/rc.custom


  • 25.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-09-2014 12:44

    Now i have to work out another problem, Port forwarding doesnt work 🙂 

     

    i will leave it to tomorrow, now im really enough tired....

     

    have to watch the WC NED_ARG 



  • 26.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 12-08-2015 05:12

     

    A year later but exactly the same issue SRX not getting an address from a FritzBox (backup ADSL connection)

     

    Model: srx220h2
    JUNOS Software Release [12.1X44-D35.5]

     

    Changing the TTL fixed it...

     

    Thank you !!!



  • 27.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 12-08-2015 06:31

    Im very happy that it also helped you 🙂

     

    also please note:

     

    there are UPC/Ziggo modems like thompson/ubee etc, that this will NOT work.

     

    in my case it worked only with a cisco 3825(something like that)



  • 28.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-02-2017 04:09

    Hello serdar,

     

    I appreciate that this is a very old post however I have just joint the world of Juniper and have bought an SRX210 to use as my home internet router so i can remote access it for studying/practice but cant for the life of me get the WAN inerface to obtaine a DHCP address from my Virgin Media Modem.

     

    I have managed to change the TTL to 64 but when I try to action the perminant fix I get a blank screen with just loads of ~ on it this is after submitting the command:

    vi /etc/rc.custom

     

    I would be very grateful if you could help me work out what I am doing wrong.

     

    many thanks 

     

    Peter



  • 29.  RE: SRX210 problem getting wan-ip DHCP from modem and problem deleting comands [12.1R1.9]

    Posted 07-20-2017 21:23

    As with Peter, my /etc/rc.custom file gets wiped out during a device reboot.  I am not trying to solve the issue of DHCP IP Address, instead I am turning off SSLv3 and TLS 1.0.  This is needed to pass a PCI scan.  I can run my script manually, but I need to run it after a system boot to update a configuration file.

     

    I have tried crontab as well as putting it in /etc/rc.custom.  Neither work.  I just need the script to run when the system starts up.

     

    We are running 12.3X48-D36 on a SRX 210HE2

     

    Thanks in advance.

    Walt