I'm currently trying out the dhcp relay feature on my ex2300.
I have configured the dhcp-relay like this:
set forwarding-options dhcp-relay server-group dhcp-server 192.168.1.1set forwarding-options dhcp-relay group dhcp interface ge-0/0/1.0set forwarding-options dhcp-relay group dhcp active-server-group dhcp-server
I have the following vlan configuration:
set vlans default vlan-id 1set vlans default l3-interface irb.0set interfaces irb unit 0 family inet address 192.168.1.200/24set vlans vlan10 vlan-id 10set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan10
The switch (192.168.1.200) port 0 is connected to the router (192.168.1.1). I can ping the router from the switch CLI successfully.
For testing the dhcp-relay, I have now attached a device (dhcp client) to port 1 of the switch. However, it does not get an IP, and "show dhcp relay statistics" shows 0 packets received/sent.
What is causing this? I would be glad about some tips to get this fixed.
I'm a bit confused about this, because I found multiple places in the juniper documentation that also physical interfaces in dhcp relay:https://www.juniper.net/documentation/us/en/software/junos/dhcp/topics/topic-map/dhcp-relay-agent-security-devices.html#id-example-minimum-dhcp-relay-agent-configurationhttps://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-dhcp-relay-agent-minimum-configuration.html
Can you explain why it is in the documentation but you say it's not supported?
I would go about adding a l3 interface like this:set interfaces irb unit 10 family inetset vlans vlan10 l3-interface irb.10set forwarding-options dhcp-relay group dhcp interface irb.10
Do I have to add a ip address to the interface (set interfaces irb unit 10 family inet adress xxx)?If I had to do that, I would end up with having to coordinate 50 ip adresses for this (5 vlans that should use dhcp relay across 10 switches).Is there another way to solve this without having to coordinate a huge amount of static ips between switches?Could I use the same l3-interface ips for the vlans on all switches?
Finally, wouldn't the switch be reachable on that l3-interface IP from within the vlan?I would probably have to set up additional acl to prevent access to the switch (with an exception for dhcp traffic)?
Hi Steve, you are right, in my current lab setup, the dhcp server and switch mgmt port are on the same subnet. In production the switch will be in a mgmt vlan, the dhcp server in another vlan, and the clients will be in multiple vlans by purpose (voip, corp, byod, etc.).
Is it correct that I need to assign the switch an IP in each vlans subnet that I want to use the dhcp relay in, and these IPs need to differ between switches?
Example vlans:servers (the dhcp server is in here): 10.10.10.0/24 - vlan id 10mgmt (the switch is in here): 10.10.20.0/24 - vlan id 20voip: 10.10.30.0/24 - vlan id 30corp: 10.10.40.0/24 - vlan id 40byod: 10.10.50.0/24 - vlan id 50cctv: 10.10.60.0/24 - vlan id 60
Let's say I have 10 switches each having access ports in vlan 30/40/50/60.
Switch 1:irb.30: 10.10.30.200irb.40: 10.10.40.200irb.50: 10.10.50.200irb.60: 10.10.50.200Switch 2:irb.30: 10.10.30.201irb.40: 10.10.40.201irb.50: 10.10.50.201irb.60: 10.10.50.201Switch 3:irb.30: 10.10.30.202irb.40: 10.10.40.202irb.50: 10.10.50.202irb.60: 10.10.50.202etc.Is that the correct and required way, or can I get around configuring about 40 (4 vlans times 10 switches) static ips?
yes, it totally makes sense! Thank you.