SRX

Expand all | Collapse all

DHCP over VLANS issue

Jump to Best Answer
  • 1.  DHCP over VLANS issue

    Posted 07-30-2018 00:04

    Hello,

    I'll briefly explain the situation - i have DC servers which proviodes DHCP adresses to all VLANS, SRX works as gateway ( also as DHCP server for guest network which doesn't have any issues - every device gets IP addresses and so on...), but devices which are in networks can't get dynamic address - if i set to device address to static - works ( it can connect to internet, servers and etc.). I checked my cfg can't see any issues, but it feels like i'm missing something. (DC server is in Servers zone, LAN in Internal)

     

    set security zones security-zone Servers host-inbound-traffic system-services all
    set security zones security-zone Servers host-inbound-traffic protocols all
    set security zones security-zone Servers interfaces ge-0/0/4.400 host-inbound-traffic system-services all
    set security zones security-zone Servers interfaces ge-0/0/4.400 host-inbound-traffic protocols all
    
    set security policies from-zone Servers to-zone Internal policy servers_to_internal match source-address any
    set security policies from-zone Servers to-zone Internal policy servers_to_internal match destination-address any
    set security policies from-zone Servers to-zone Internal policy servers_to_internal match application any
    set security policies from-zone Servers to-zone Internal policy servers_to_internal match source-identity any
    set security policies from-zone Servers to-zone Internal policy servers_to_internal then permit
    set security policies from-zone Internal to-zone Servers policy internal_to_serv match source-address any
    set security policies from-zone Internal to-zone Servers policy internal_to_serv match destination-address any
    set security policies from-zone Internal to-zone Servers policy internal_to_serv match application any
    set security policies from-zone Internal to-zone Servers policy internal_to_serv match source-identity any
    set security policies from-zone Internal to-zone Servers policy internal_to_serv then permit set security nat source rule-set nsw_srcnat from zone DMZ set security nat source rule-set nsw_srcnat from zone IPcam set security nat source rule-set nsw_srcnat from zone Internal set security nat source rule-set nsw_srcnat from zone Servers set security nat source rule-set nsw_srcnat from zone Voip set security nat source rule-set nsw_srcnat from zone WiFi set security nat source rule-set nsw_srcnat to zone untrust set security nat source rule-set nsw_srcnat rule nsw-src-interface match source-address 0.0.0.0/0 set security nat source rule-set nsw_srcnat rule nsw-src-interface match destination-address 0.0.0.0/0 set security nat source rule-set nsw_srcnat rule nsw-src-interface then source-nat interface

     



  • 2.  RE: DHCP over VLANS issue
    Best Answer

    Posted 07-30-2018 01:47

    Hi,

     

    sounds like you are missing DHCP relay. DHCP clients broadcasts for a DHCP-server so it will not work across vlans. There you need the SRX to forward the DHCP request to the Domain controller.

     

    Information regarding configuration of dhcp relay can be found here:

    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-dhcp-relay-agent-minimum-configuration.html



  • 3.  RE: DHCP over VLANS issue

    Posted 07-31-2018 23:15

    Thanks DHCP relay helped 🙂