Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.

SRX DHCP Relay not working

  • 1.  SRX DHCP Relay not working

    Posted 05-11-2021 14:59
    Hi,
    can you please point me where I'm wrong in my relay setup on SRX:
    I've got external DHCP server (ping from host are OK)
    forwarding-options {
        dhcp-relay {
            server-group {
                DHCP {
                    10.0.1.122;
                }
            }
            group OFFICE {
                active-server-group DHCP;
                interface ae0.1515;
            }
        }
    }​

    And very simple policy
    policies {
        from-zone Internal to-zone External {
            policy GoingForTheInternet {
                match {
                    source-address net_10_0_7;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                    log {
                        session-init;
                    }
                }
            }                               
        }
    }
    
    zones {
        security-zone External {
            interfaces {
                ae0.936 {
                    host-inbound-traffic {  
                        system-services {
                            ping;
                            dhcp;
                        }
                    }
                }
            }
        }
        security-zone Internal {
            address-book {
                address net_10_0_7 10.0.7.0/27;
            }
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                ae0.1515 {
                    host-inbound-traffic {
                        system-services {
                            dhcp;
                            ping;
                        }
                    }
                }
            }
        }
    }​
    But nothing works.
    Using tcpdump on 10.0.1.122 and telnet to any port works but server but UDP testing with the help of nc fails from the same host.