SRX

Expand all | Collapse all

SRX340 DHCP and Cisco WLC relay - No network access to clients

Jump to Best Answer
  • 1.  SRX340 DHCP and Cisco WLC relay - No network access to clients

    Posted 03-23-2018 06:09

    Hi,

     

    I have configured new SRX 340 with DHCP and VLANs for internal and guest access. I can not get the DHCP clients to access the network when using wifi. LAN DHCP is fine. However, if the clients are configured with static IPs(both wired and wireless) the connectivity is alright.

    I have a Cisco WLC configured as DHCP proxy and was working fine with SRX240 which had similar config. DHCP bindings seems ok. SRX240 is with vlans not irb, with old dhcp not new.

     

    Tried with DHCP option 43 too. Any one who is using Cisco WLC as DHCP relay for SRX340 DHCP server?

     

    set vlans VLAN10 vlan-id 10
    set vlans VLAN10 l3-interface irb.10

     

    set interfaces irb unit 10 family inet address 192.168.10.1/24

    set system services dhcp-local-server group Group10 interface irb.10
    set access address-assignment pool VLAN10Pool family inet dhcp-attributes name-server 192.168.10.1
    set access address-assignment pool VLAN10Pool family inet dhcp-attributes name-server 8.8.8.8
    set access address-assignment pool VLAN10Pool family inet dhcp-attributes router 192.168.10.1
    set access address-assignment pool VLAN10Pool family inet network 192.168.10.0/24

     

    set security nat source rule-set guest-wifi-ap from zone FC-GUEST-NET

    set security nat source rule-set guest-wifi-ap to zone untrust-zone

     

    set security policies from-zone FC-GUEST-NET to-zone untrust-zone policy FC-GUEST-NET match source-address any
    set security policies from-zone FC-GUEST-NET to-zone untrust-zone policy FC-GUEST-NET match destination-address any
    set security policies from-zone FC-GUEST-NET to-zone untrust-zone policy FC-GUEST-NET match application any
    set security policies from-zone FC-GUEST-NET to-zone untrust-zone policy FC-GUEST-NET then permit


    set security zones security-zone FC-GUEST-NET interfaces irb.10 host-inbound-traffic system-services ping
    set security zones security-zone FC-GUEST-NET interfaces irb.10 host-inbound-traffic system-services dhcp

     

    Similar config for other vlans.

     

     


    #notconnecting
    #srx340
    #wireless
    #DHCP
    #SRX
    #WLC


  • 2.  RE: SRX340 DHCP and Cisco WLC relay - No network access to clients

     
    Posted 03-24-2018 00:04
    Hi, Which version of SRX340 are you running? Starting with 15.1X49-D60, DHCP CLI has been changed. Please check the DHCP configuration part in this App Note: https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/ethernet_switching_srx_app_note.pdf Thanks Rahul R


  • 3.  RE: SRX340 DHCP and Cisco WLC relay - No network access to clients

    Posted 03-25-2018 08:05

    Hi Rahul,

     

    Thank you for the reply. My DHCP is running, clients are taking IPs and IP binding is showing the results. But I can not even ping to the default gateway. My version is D70 and I used new method. Static IPs are working fine for the same client.

     

    (BTW the new version of SRX does not allow old way of configuring. ) Therefore, I will edit my original post. Thanks for reminding me. 

     

     

     

    set system services dhcp-local-server group Group10 interface irb.10
    set access address-assignment pool VLAN10Pool family inet dhcp-attributes name-server 192.168.10.1
    set access address-assignment pool VLAN10Pool family inet dhcp-attributes name-server 8.8.8.8
    set access address-assignment pool VLAN10Pool family inet dhcp-attributes router 192.168.10.1
    set access address-assignment pool VLAN10Pool family inet network 192.168.10.0/24

     

    Cheers,



  • 4.  RE: SRX340 DHCP and Cisco WLC relay - No network access to clients
    Best Answer

    Posted 03-25-2018 16:29

    Hi,

     

    The issue is resolved. It was the Cisco WLC working as a DHCP proxy. Remove the proxy and clients can go to Internet, etc. Kudos to my mate, Sam. 

     

    1. Test connectivity to wireless clients with a wireless L2 device. (not as relay or proxy for DHCP)

    2. Change settings of WLC for interfaces to "Proxy->Dissabled"

     

    Cheers,