Forgive me here I am new to Junos but I believe I have created a network that is vlaned and is inter vlan routed but I cannot relay DHCP requests to a server. Attached is my config can anyone give me any pointers ?
Please remove relay-agent-option as it will add option-82 and some server doesn't understand it.
Are you seeing DHCP/Bootp request hitting client facing interface and server facing interface?
Use monitor traffic interface <client facing> no-resolve size 1500 and monitor traffic <server facing> no-resolve size 1500.
file bootp size 100m;
I have removed the remove relay-agent-option and have added the trace option.
I have attached the client and server logs. I believe their is requests hitting the interfaces. this DHCP server we are using is Windows Server 2012 R2 Server
From the monitor traffic, I can DHCP Discover is sent to the server but there is no OFFER coming from server.
Did you checked why server is not responding?
To check the bootp, you can use "show log bootp" here bootp is filename.
Ther server is sending responces back.
Do a traceroute on the server to the client subnet. Does it pass the SRX or go an alternate path?
it passes the SXR
Since we know the packet hits the SRX, could you setup flow trace options during the exchange so we can see how the packet flow engine handles the traffic.
I am a little confused how to set up setup flow trace options.
I have ran:
set security flow traceoptions packet-filter MatchTraffic source-prefix 10.15.100.0/22
set security flow traceoptions packet-filter MatchTrafficReverse source-prefix 10.15.12.130
Just to add information every so random time I do get a DHCP ACK then the IP Address goes in. Then other times the client keeps going to the DHCP server then the DHCP server sends a offer but than nothing else happens.
From your packet captures it looks like the forward is working but the reply packets back from the dhcp server are not making it through the SRX. So we want to see if they are being dropped by some sequence. I think the trace options you need are:
set security flow traceoptions file DebugTrafficset security flow traceoptions flag basic-datapathset security flow traceoptions packet-filter MatchTraffic source-prefix 10.15.12.130/32 destination-prefix 10.15.100.0/22
Found the issue in the end a device with the same address as the route. Thank you all for your help.
Can you compare the configuration with the below KB?