Was reviewing a sample configuration for a DHCP Server in the Juniper SRX Series Book by O'Reilly. In the book they want to provide dhcp to ports 1-7 on a SRX 100. The dhcp server is setup, but the propogate settings command is set to the interface of fe-0/0/0.0. This is the outside interface aka untrusted interface. Why would you place this setting here and, how would it propogate to the other ports. Is it because 0.0 is the default VLAN? Normally when I setup a DHCP server on a SRX I propogate it to the sub interface or specified VLAN. What are the security concerns with setting the propogate to interface 0.0?
That configuration comes as factory default configuration since fe-0/0/0.0 is in default VLAN . You can change the configuration according to your conveninece and need . Its not mandatory to use the same factory default configuration .
Enable or disable the propagation of TCP/IP settings received on the device acting as Dynamic Host Configuration Protocol (DHCP) client. The settings can be propagated to the server pool running on the device. Use the system services dhcp statement to set this feature globally. Use the system services dhcp pool statement to set the feature for the address pool and override the global setting.
an example is using the dns servers you get by dhcp from your ISP and reuse them on the "internal" dhcp scope. So when the ISP decides to changes them they will automaticly be changed on your lan also
The below URL will help you to understand the working of DHCP propagate-settings option.
You know? This really never got a good answer. Suraj's link to the seemingly only other page dealing with the topic was ... unimpressive. Yeah, the gent showed his commands but it really didn't deal with the question either --and it is from 2010.
The TOPIC of how the command works has had scant dialogue.Frankly, why use it at all? Rhetorical, but still.Who can explain, with some detail and eloquence and not just link to a page as equally non-elucidating? With all due respect ...
Sorry for all the confusion. I think what you are asking is what does the propagate setting on the trust dhcp server pointing to the untrust interface actually do.
This setting will get the DNS servers that the untrust dhcp setting receives from upstream and use these same dns servers as the setting to give to dhcp clients on the trust interface.
The second definition to the word "propagate" tells you what this does: "spread and promote".
The propagate-settings clause takes data from where the DHCP lease was originally received, and uses it when clients query for DHCP on other interfaces / zones.
So the reason ge-0/0/0 is the default is that's where your ISP would connect (at least in Juniper's instructions but you can connect it wherever). Items you want to be propagated are done automatically, any overrides, you need to specify. So you'll want your network IP range/CIDR, "inside" router address, etc. to be different, but things like SIP settings, or DNS settings, Connection-specific DNS Suffix, etc. from your ISP will be propagates (spread and promoted) from the untrusted interface to the trusted interface(s).