SRX

Expand all | Collapse all

SRX300 DHCP Client issue

  • 1.  SRX300 DHCP Client issue

    Posted 06-26-2018 06:43

    Dear Experts,

     

    I'm strugling with dhcp client setup on SRX300 (JunOS 15.1X49-D130.6).Any help will be appretiated. 

    I've 2 ISP's, connected to ge-0/0/0 and ge-0/0/1 and I'm not able to obtain IP address from their networks with my brand new SRX. Everything works as expected with other devices if I place them as dhcp clients instead of SRX (Mikrotik and Huawei AR3) and If I plug ge-0/0/1 in my internal network switch, it will obtain IP address.

     

    I've tryed various configurations, including https://www.juniper.net/documentation/en_US/junos/topics/example/security-device-dhcp-client-configuring.html . There are no suspicious messages in the log and I'm really puzzled what is wrong.

    What is the minimal working dhcp client configuration for this version ?

     

    My configuration is:

    root@srx300> show configuration interfaces ge-0/0/1
    description External2;
    speed 100m;
    link-mode full-duplex;
    mac c4:6e:1f:xx:xx:xx;
    gigether-options {
    no-auto-negotiation;
    }
    unit 0 {
    family inet {
    dhcp-client {
    lease-time 86400;
    retransmission-attempt 6;
    retransmission-interval 5;
    update-server;
    vendor-id ether;
    force-discover;
    options {

    no-hostname;}}}}

     

    This is show interface:

    root@srx300> show interfaces ge-0/0/1
    Physical interface: ge-0/0/1, Enabled, Physical link is Up
    Interface index: 138, SNMP ifIndex: 512
    Description: External2
    Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Full-duplex, Speed: 100mbps, BPDU Error: None, MAC-REWRITE Error: None,
    Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Online
    Device flags : Present Running
    Interface flags: SNMP-Traps Internal: 0x0
    Link flags : None
    CoS queues : 8 supported, 8 maximum usable queues
    Current address: c4:6e:1f:xx:xx:xx, Hardware address: d8:b1:22:xx:xx:xx
    Last flapped : 2018-06-26 15:06:31 EEST (01:30:03 ago)
    Input rate : 6536 bps (12 pps)
    Output rate : 0 bps (0 pps)
    Active alarms : None
    Active defects : None
    Interface transmit statistics: Disabled

    Logical interface ge-0/0/1.0 (Index 75) (SNMP ifIndex 520)
    Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
    Input packets : 245351
    Output packets: 39
    Security: Zone: untrust
    Allowed host-inbound traffic : dhcp
    Protocol inet, MTU: 1500
    Flags: Sendbcast-pkt-to-re

     

    security-zone untrust {
    ge-0/0/1.0 {
    host-inbound-traffic {
    system-services {
    dhcp; }}}}

     

    Kind regards,

    D



  • 2.  RE: SRX300 DHCP Client issue

    Posted 06-26-2018 10:47

    Just found https://forums.juniper.net/t5/SRX-Services-Gateway/SRX300-legacy-DHCP-vs-JDHCP-client-identifier/td-p/312455 .

    Probably this is the problem, format of the client-identifier (from the PCAP seems that my SRX never got DHCPOFFER):

    dhcp-client client-identifier

    Are there any updates on this topic, is it known ussue or I'm lucky to be from the very limited set of affected customers?

     



  • 3.  RE: SRX300 DHCP Client issue

     
    Posted 06-26-2018 10:59
    To make sure the issue is same, can you share the below output?

    root@srx> monitor traffic interface ge-0/0/1 no-resolve matching udp


  • 4.  RE: SRX300 DHCP Client issue

    Posted 06-27-2018 03:18

    Here is output of monitoring:

     

    root@srx300> monitor traffic interface ge-0/0/1 no-resolve matching udp
    verbose output suppressed, use <detail> or <extensive> for full protocol decode
    Address resolution is OFF.
    Listening on ge-0/0/1, capture size 96 bytes

    13:17:49.972502 Out IP truncated-ip - 227 bytes missing! 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
    13:17:50.566062 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:17:50.906842 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:17:51.618186 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:17:53.967700 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:17:54.150080 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:17:54.775443 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:17:54.788166 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:17:56.731943 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:17:57.973722 Out IP truncated-ip - 227 bytes missing! 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
    13:17:58.078341 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:06.148443 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:06.237035 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:08.003315 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:09.147342 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:10.690920 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:10.824397 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:11.424669 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:12.718007 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:13.975075 Out IP truncated-ip - 227 bytes missing! 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
    13:18:14.762646 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:21.204740 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:22.775247 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:28.035983 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    13:18:29.252263 In IP 85.11.142.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
    ^C
    470 packets received by filter
    0 packets dropped by kernel



  • 5.  RE: SRX300 DHCP Client issue

     
    Posted 06-27-2018 04:21
    From this output we can see you are getting some DHCP reply. On the other link you posted the server was completely ignoring the DHCP request sent from SRX. This could be a different issue.

    Can you remove below options from your config and test?

    lease-time 86400;
    retransmission-attempt 6;
    retransmission-interval 5;
    update-server;
    vendor-id ether;
    force-discover;
    options {

    no-hostname;}}}}
    If you still see same behavior, please share below output to understand whats the DHCP reply we receive from server.

    root@srx300> monitor traffic interface ge-0/0/1 no-resolve matching udp extensive


  • 6.  RE: SRX300 DHCP Client issue

    Posted 06-27-2018 05:35

    Interface configuration:

     

    root@srx300> show configuration interfaces ge-0/0/1
    description External2;
    speed 100m;
    link-mode full-duplex;
    mac c4:6e:1f:57:ba:4a;
    gigether-options {
    no-auto-negotiation;
    }
    unit 0 {
    family inet {
    dhcp-client;
    }
    }

     

    This is the result:

    (request with Hostname Option 12, length 6: "srx300").

     

    As you wrote, DHCP server is not replying to the requests, in the same time it is sending valid ACK's to the other clients (90:f6:52:c0:63:5d) ... 

     

    15:21:41.472260 Out
    Juniper PCAP Flags [Ext], PCAP Extension(s) total length 16
    Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
    Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
    Device Interface Index Extension TLV #1, length 2, value: 35328
    Logical Interface Index Extension TLV #4, length 4, value: 75
    -----original packet-----
    c4:6e:1f:57:ba:4a > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 301: (tos 0x0, ttl 64, id 30479, offset 0, flags [none], proto: UDP (17), length: 287) 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from c4:6e:1f:57:ba:4a, length 259, xid 0x67cb140, Flags [Broadcast] (0x8000)
    Client-Ethernet-Address c4:6e:1f:57:ba:4a
    Vendor-rfc1048 Extensions
    Magic Cookie 0x63825363
    DHCP-Message Option 53, length 1: Discover
    Lease-Time Option 51, length 4: 86400
    Hostname Option 12, length 6: "srx300"
    15:21:42.636540 In
    Juniper PCAP Flags [Ext, no-L2, In], PCAP Extension(s) total length 16
    Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
    Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
    Device Interface Index Extension TLV #1, length 2, value: 35328
    Logical Interface Index Extension TLV #4, length 4, value: 75
    -----original packet-----
    PFE proto 2 (ipv4): (tos 0x0, ttl 16, id 0, offset 0, flags [none], proto: UDP (17), length: 328) 85.11.142.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x599b5271, Flags [Broadcast] (0x8000)
    Client-IP 85.11.142.99
    Your-IP 85.11.142.99
    Server-IP 85.11.142.1
    Client-Ethernet-Address 90:f6:52:c0:63:5d
    Vendor-rfc1048 Extensions
    Magic Cookie 0x63825363
    DHCP-Message Option 53, length 1: ACK
    Server-ID Option 54, length 4: 85.11.142.1
    Lease-Time Option 51, length 4: 600
    Subnet-Mask Option 1, length 4: 255.255.255.0
    Default-Gateway Option 3, length 4: 85.11.142.1
    Domain-Name-Server Option 6, length 4: 8.8.8.8
    15:21:46.548897 In
    Juniper PCAP Flags [Ext, no-L2, In], PCAP Extension(s) total length 16
    Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
    Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
    Device Interface Index Extension TLV #1, length 2, value: 35328
    Logical Interface Index Extension TLV #4, length 4, value: 75
    -----original packet-----
    PFE proto 2 (ipv4): (tos 0x0, ttl 16, id 0, offset 0, flags [none], proto: UDP (17), length: 328) 85.11.142.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x12cb543, Flags [Broadcast] (0x8000)
    Client-IP 85.11.142.138
    Your-IP 85.11.142.138
    Server-IP 85.11.142.1
    Client-Ethernet-Address b0:48:7a:b5:15:59
    Vendor-rfc1048 Extensions
    Magic Cookie 0x63825363
    DHCP-Message Option 53, length 1: ACK
    Server-ID Option 54, length 4: 85.11.142.1
    Lease-Time Option 51, length 4: 600
    Subnet-Mask Option 1, length 4: 255.255.255.0
    Default-Gateway Option 3, length 4: 85.11.142.1
    Domain-Name-Server Option 6, length 4: 8.8.8.8



  • 7.  RE: SRX300 DHCP Client issue

    Posted 07-09-2018 13:51

    Update:

    Issue was fixed:

    -ISP1 have to restart local equipment

    -ISP2 (most probably) changed something, everything was back to normal 30min after my service call.

     

    Probably I have to have 3rd ISP to avoid such a situations Smiley Happy