SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  DHCP exclude address range & only user mac address

    Posted 02-24-2021 01:48
    Edited by obercik 02-24-2021 01:51
    Hi, I'm in the new SRX-240H owner and just learning . I wanted to ask if you could help me in the matter related to the configuration of DHCP in Junos:
    1. can it be set excluded-address in DHCP - but for a range? Because now I can only for single addresses, as in the following code:
    address-range low 192.168.1.1 high 192.168.1.254;
                    exclude-address {
                        192.168.1.22;
                        192.168.1.2;
                        192.168.1.8;
                        192.168.1.9;           
    and I would like not to enter many individual addresses like this: 192.168.1.1 - 192.168.1.100
    2. Is it possible in DHCP to set the possibility that it will assign an address ONLY to those users who have entered mac-addresses in SRX? Because now it is so that when my users connect, everyone receives an ip address from this DHCP - and I would like to somehow secure it, so that only the CI, what the mac address of the computer has entered.


    ------------------------------
    obercik
    ------------------------------


  • 2.  RE: DHCP exclude address range & only user mac address
    Best Answer

     
    Posted 02-24-2021 02:21
    You will want to use the "new"dhcp configuration style. For #2 you should enter every host in the remaining range as a host reservation entry.

    system {
        services {
            dhcp-local-server {
                group dhcp-server {
                    interface ge-0/0/0.0;   
                }
            }
        }
    }
    access {
        address-assignment {                
            pool test {
                family inet {
                    network 192.168.1.0/24;
                    range test {
                        low 192.168.1.1;
                        high 192.168.1.254;
                    }
                    host host1 {
                        hardware-address aa:bb:cc:dd:ee:01;
                        ip-address 192.168.1.101;
                    }
                    host host2 {
                        hardware-address aa:bb:cc:dd:ee:02;
                        ip-address 192.168.1.102;
                    }
                    host host3 {
                        hardware-address aa:bb:cc:dd:ee:03;
                        ip-address 192.168.1.103;
                    }
                    excluded-range excl {
                        low 192.168.1.1;
                        high 192.168.1.100;
                    }                       
                }
            }
        }
    }
    ​​





  • 3.  RE: DHCP exclude address range & only user mac address

    Posted 02-24-2021 02:42
    Edited by obercik 02-24-2021 03:34
    So according to your example - only addresses with the entered mac address from 192.168.1.101 ... 102, 103, etc. will be given away and will be excluded from 192.168.1.1 - 192.168.1.100?


    ------------------------------
    obercik
    ------------------------------



  • 4.  RE: DHCP exclude address range & only user mac address

     
    Posted 02-24-2021 03:33
    In the example above, no addresses from 1-100 will be offered. Addresses 101-103 will only be given to those specific hosts. Addresses 104-254 will be given away to any device that requests them. to prevent 104-254 from being offered, you would need to either configure a host assignment for each, or add them to the exclusion range.


  • 5.  RE: DHCP exclude address range & only user mac address

    Posted 02-24-2021 03:34
    Edited by obercik 02-24-2021 03:34
    The only question is whether it will work on this version of the OS:
    Software Version: JUNOS Software Release [12.1X44-D40.2]

    ------------------------------

    ------------------------------



  • 6.  RE: DHCP exclude address range & only user mac address

     
    Posted 02-24-2021 04:05
    Yes, I believe this feature was introduced with the original release of 12.1 with DHCPD routing instance support.

    https://apps.juniper.net/feature-explorer/feature-info.html?fKey=4076&fn=DHCP%20support%20for%20routing%20instance