Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

dhcp relay configuration (ex2300)

  • 1.  dhcp relay configuration (ex2300)

    Posted 05-23-2021 15:26

    Hi,

    I'm currently trying out the dhcp relay feature on my ex2300.

    I have configured the dhcp-relay like this:

    set forwarding-options dhcp-relay server-group dhcp-server 192.168.1.1
    set forwarding-options dhcp-relay group dhcp interface ge-0/0/1.0
    set forwarding-options dhcp-relay group dhcp active-server-group dhcp-server

    I have the following vlan configuration:

    set vlans default vlan-id 1
    set vlans default l3-interface irb.0
    set interfaces irb unit 0 family inet address 192.168.1.200/24
    set vlans vlan10 vlan-id 10
    set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan10

    The switch (192.168.1.200) port 0 is connected to the router (192.168.1.1). I can ping the router from the switch CLI successfully.

    For testing the dhcp-relay, I have now attached a device (dhcp client) to port 1 of the switch. However, it does not get an IP,  and "show dhcp relay statistics" shows 0 packets received/sent.

    What is causing this? I would be glad about some tips to get this fixed.



  • 2.  RE: dhcp relay configuration (ex2300)

     
    Posted 05-23-2021 22:16
    Hi Yannik,

    You need to add a L3 interface in the dhcp-relay config instead of ge-0/0/1 which is L2.


  • 3.  RE: dhcp relay configuration (ex2300)

    Posted 05-24-2021 03:42

    Hi avishm,

    I'm a bit confused about this, because I found multiple places in the  juniper documentation that also physical interfaces in dhcp relay:
    https://www.juniper.net/documentation/us/en/software/junos/dhcp/topics/topic-map/dhcp-relay-agent-security-devices.html#id-example-minimum-dhcp-relay-agent-configuration
    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-dhcp-relay-agent-minimum-configuration.html

    Can you explain why it is in the documentation but you say it's not supported?

    I would go about adding a l3 interface like this:
    set interfaces irb unit 10 family inet
    set vlans vlan10 l3-interface irb.10
    set forwarding-options dhcp-relay group dhcp interface irb.10

    Do I have to add a ip address to the interface (set interfaces irb unit 10 family inet adress xxx)?

    If I had to do that, I would end up with having to coordinate 50 ip adresses for this (5 vlans that should use dhcp relay across 10 switches).
    Is there another way to solve this without having to coordinate a huge amount of static ips between switches?

    Could I use the same l3-interface ips for the vlans on all switches?

    Finally, wouldn't the switch be reachable on that l3-interface IP from within the vlan?
    I would probably have to set up additional acl to prevent access to the switch (with an exception for dhcp traffic)?





  • 4.  RE: dhcp relay configuration (ex2300)

     
    Posted 05-24-2021 05:33
    Based on your description above dhcp forwarding is not necessary at all since the dhcp server you want to hit can be configured layer 2 adjacent to your switch.  I see the switch has an ip address in the same subnet as the dhcp server itself.  The forwarding operation is only needed when the dhcp request needs to transit at least one hop on a layer 3 network to reach the dhcp server itself.

    For the configuration when it is needed, the interface for the dhcp group is the layer 3 interface on the Junos device where the dhcp scope will be applied.  This becomes the ip address of the request transiting the network and is used by the dhcp server to choose the scope from which to serve the reply.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: dhcp relay configuration (ex2300)

    Posted 05-24-2021 05:49

    Hi Steve, you are right, in my current lab setup, the dhcp server and switch mgmt port are on the same subnet. In production the switch will be in a mgmt vlan, the dhcp server in another vlan, and the clients will be in multiple vlans by purpose (voip, corp, byod,  etc.).

    Is it correct that I need to assign the switch an IP in each vlans subnet that I want to use the dhcp relay in, and these IPs need to differ between switches?

    Example vlans:
    servers (the dhcp server is in here): 10.10.10.0/24 - vlan id 10
    mgmt (the switch is in here): 10.10.20.0/24 - vlan id 20
    voip: 10.10.30.0/24 - vlan id 30
    corp: 10.10.40.0/24 - vlan id 40
    byod: 10.10.50.0/24 - vlan id 50
    cctv: 10.10.60.0/24 - vlan id 60

    Let's say I have 10 switches each having access ports in vlan 30/40/50/60.

    Switch 1:
    irb.30: 10.10.30.200
    irb.40: 10.10.40.200
    irb.50: 10.10.50.200
    irb.60: 10.10.50.200

    Switch 2:
    irb.30: 10.10.30.201
    irb.40: 10.10.40.201
    irb.50: 10.10.50.201
    irb.60: 10.10.50.201

    Switch 3:
    irb.30: 10.10.30.202
    irb.40: 10.10.40.202
    irb.50: 10.10.50.202
    irb.60: 10.10.50.202

    etc.

    Is that the correct and required way, or can I get around configuring about 40 (4 vlans times 10 switches) static ips?






  • 6.  RE: dhcp relay configuration (ex2300)

    Posted 05-25-2021 03:40
    Hi All,
    Steve is correct, consider this.

    You only need a forwarder when you cross a L3 boundary. At L2, it is not required.
    If you have 10 or 20 switches with multiple VLANs on each switch and trunked to each other and back to another switch, only the switch with the irb configured for that VLAN and subnet needs the forwarder, from your example:

    Core /Aggregation or just another switch or VC
    servers (the dhcp server is in here): 10.10.10.0/24 - vlan id 10
    mgmt (the switch is in here): 10.10.20.0/24 - vlan id 20
    voip: 10.10.30.0/24 - vlan id 30
    corp: 10.10.40.0/24 - vlan id 40
    byod: 10.10.50.0/24 - vlan id 50
    cctv: 10.10.60.0/24 - vlan id 60
    irb.30: 10.10.30.200
    irb.40: 10.10.40.200
    irb.50: 10.10.50.200
    irb.60: 10.10.50.200
    The forwarder for ALL vlans would point to the DHCP servers IP address defined in the L3 10.10.10.0/24 subnet (VL:10)

    Switch 1 (Trunked to above)
    voip:  - vlan id 30
    corp:  - vlan id 40
    byod:  - vlan id 50
    cctv:  - vlan id 60

    No forwarder required
    No irb's required for 30, 40, 50 & 60
    mgmt irb: 10.10.20.x/24 - vlan id 20 required


    Switch 2 - 10 trunked to Core /Aggregation or just another switch or VC at L2
    No forwarder required
    No irb's required for 30, 40, 50 & 60
    mgmt irb: 10.10.20.x/24 - vlan id 20 required

    A forwarder is only required where the L3 for the VLAN is configured.

    Hope this makes sense.



  • 7.  RE: dhcp relay configuration (ex2300)

    Posted 05-25-2021 04:28

    Hi Peter, 

    yes, it totally makes sense! Thank you.