SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  DHCP server configuration

    Posted 04-15-2019 23:02

    Ex8208 (DHCP pool configured) <--- SRX 3400 <-- Client (10.1.128.1) 

    Clients are coneetced through SRX 3400 (vlan tag config) with L2 switch. 

    Firewall# show interfaces reth4
    description To-test;
    vlan-tagging;
    redundant-ether-options {
    redundancy-group 4;
    }
    unit 128 {
    vlan-id 128;
    family inet {
    address 10.1.128.1/24;
    }
    }

     

     

     

    DHCP pool is configured on EX8208 as 10.1.128.10 - 10.1.128.255

    Core-Switch#pool 10.1.128.0/24 {
    address-range low 10.1.128.10 high 10.1.128.255;
    name-server {
    4.2.2.2;
    }
    router {
    10.1.128.1;
    }
    }

     

    Clients are unable to receive IPs from DHCP (EX-8208)

     

    Please help.



  • 2.  RE: DHCP server configuration



  • 3.  RE: DHCP server configuration
    Best Answer

    Posted 04-15-2019 23:20

    Hi,

     

    Is reth4 facing the clients or the EX8208 switch? 

     

    The DHCP clients will send broadcast messages (DHCP Discover) that need to reach the DHCP Server (EX8208). With the configuration provided, if the reth4 is facing the EX siwtch then we are breaking the layer 2 domain between the clients and the server because the reth interface is a Layer 3 interface. Broadcast messages sent by the clients will not pass the SRX.

     

    If the reth4 is facing the clients, then we need to implment DHCP relay in the SRX. Clients will send the DHCP Discover messages that will be received by reth4. From there the DHCP Discover will be sent Unicast to the EX switch that will be on a subnet different than 10.1.128.0/24:

     

     

    Please let us know so we can help you further.

     



  • 4.  RE: DHCP server configuration

    Posted 04-15-2019 23:36

    Yes cliets are connected through reth4 to SRX then SRX connected to EX by reth3 but on ex8208 it ae3. 

     

    clients (trunk)---->(reth4) SRX3400 (reth3) ---> (ae3) Ex8208

     

    I configured as you mention above :

     

    dhcp-relay {
    server-group {
    dhcp-server {
    ex-8208-ip;
    }
    }
    active-server-group dhcp-server;
    group dhcp_hostel {
    interface reth4.0;
    }
    }

     

    But still its not working



  • 5.  RE: DHCP server configuration

    Posted 04-15-2019 23:42

    The interface should be reth4.128 and dhcp should be allowed in reth4.128  security zone host-inbound-traffic 

     



  • 6.  RE: DHCP server configuration

    Posted 04-15-2019 23:48

    If the issue still happens after applying the changes suggested by Nellikka, please gather:

     

    > show dhcp relay bindings
    > show dhcp relay statistics

     



  • 7.  RE: DHCP server configuration

    Posted 04-15-2019 23:52

    Firewall# run show dhcp relay statistics
    Packets dropped:
    Total 0

    Messages received:
    BOOTREQUEST 0
    DHCPDECLINE 0
    DHCPDISCOVER 0
    DHCPINFORM 0
    DHCPRELEASE 0
    DHCPREQUEST 0

    Messages sent:
    BOOTREPLY 0
    DHCPOFFER 0
    DHCPACK 0
    DHCPNAK 0
    DHCPFORCERENEW 0

     



  • 8.  RE: DHCP server configuration

    Posted 04-15-2019 23:58

    Its working team.

     

    Really appreciate your support.



  • 9.  RE: DHCP server configuration

    Posted 04-15-2019 23:59

    Note that DHCP has to be enabled at interface level for host-inbound-traffic for reth4.128, please confirm this is the case.

     

    Also note that you have reth4 instead of reth4.128:

     

    set forwarding-options dhcp-relay group dhcp_hostel interface reth4.0

    Also the Gateway for the clients has to be the SRX on reth4.128 (10.1.128.1). Because this subnet is present between the SRX and the clients, you need to have a different subnet between the SRX and the EX switch. Please let us know if this is correct.

     



  • 10.  RE: DHCP server configuration

    Posted 04-15-2019 23:51

    Yes .. it is allowed on reth4.128 

     

    I configured router-IP on ex-8208 is 10.1.128.1. should I set interface or VLAN for 128 on core switch. 

    set interfaces vlan unit 128 family inet address 10.1.128.1/24
    or

    set vlans Ruckus-Hostel vlan-id 128
    set vlans Ruckus-Hostel l3-interface vlan.128

     

    Because I already configured reth4 in the firewall as 

    set interfaces reth4 vlan-tagging
    set interfaces reth4 redundant-ether-options redundancy-group 4
    set interfaces reth4 unit 128 vlan-id 128
    set interfaces reth4 unit 128 family inet address 10.1.128.1/24

     

    I am doing any wrong configuration? please let me know i am new in juniper.



  • 11.  RE: DHCP server configuration

    Posted 04-15-2019 23:30

    Hi,

     

    To be clear, following is your topology:-

    Ex8208 (DHCP pool .10-.255) <---> SRX 3400(reth4)(.1) <--> Client (10.1.128.x)

     

    SRX should be configured as a relay-agent for DHCP requests.

     

    You may follow the following document:-

    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-dhcp-relay-agent-minimum-configuration.html

     

    Regards,

     

    Rahul