SRX

 View Only
last person joined: 21 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX multiple DHCP relay configurations

    Posted 03-27-2013 04:43

    Seems like I cannot find an answer to this simple question. Can an SRX 240 device have multiple different DHCP helper configurations?

     

    Our SRX 240 cluster serves multiple (100+) customer networks and we need to route DHCP packets from different VLAN interfaces to different customer DHCP servers, some behind VPN tunnels and some in other networks at the local site. In SSG series it was possible to configure the DHCP server IP for relay per interface, but SRX only seems to have global relay configuration?

     

    So, is there a way to configure per-interface destination/helper for DHCP packets?



  • 2.  RE: SRX multiple DHCP relay configurations
    Best Answer

    Posted 03-27-2013 13:34

    Yes, you can.

     

    You can configure the server and other options under the context of the interfaces...

     

    forwarding-options -> helpers -> bootp -> ...   [server, description, ttl, options, etc.]

     

    ** anything configured at this level is global.

     

    forwarding-options -> helpers -> bootp -> interface <xxx> -> ...   [server, description, ttl, options, etc.]

     

    ** anything configured at this level is specific to the interface, and overrides global settings.

     

     

    Be sure your interfaces have host-inbound-traffic -> system-services -> dhcp enabled and that you have the proper security policies in place if your clients and servers are in different zones.

     

     



  • 3.  RE: SRX multiple DHCP relay configurations

    Posted 03-27-2013 13:45

    Aa, ok I missed the fact that there is also a server directive under the interface-specific configuration. Thanks. 🙂

     

    By the way, is it really so that "host-inbound-traffic system-services all" does not include dhcp? I think I had some SRX100 firewalls not giving IP addresses to clients even if the trust zone was set like that. They only started working after explicitly configuring dhcp as an allowed service.



  • 4.  RE: SRX multiple DHCP relay configurations

    Posted 03-27-2013 13:47

    "all" should cover it.

     

    With DHCP relays I've typically found that the issue is security policies... it's confusing to get your head around the flows.

     

    client -> broadcast

    srx -> server

    server -> srx

    srx -> client

    client -> server

    server -> client

     



  • 5.  RE: SRX multiple DHCP relay configurations

    Posted 03-27-2013 13:49

    Ok thanks.



  • 6.  RE: SRX multiple DHCP relay configurations

    Posted 03-28-2013 10:06

    Hi,

     

    Unfortunately your configuration isn't supported. I ran into this problem when I needed to open a case at JTAC. They told me that DHCP (relay, server and client) is not supported when running a chassis cluster. And it is true I found this on the KB and as well in the 11.4 and 12.1 release notes. In my opinion this is unacceptable.

     

    Z.

     


    #dhcpchassiscluster


  • 7.  RE: SRX multiple DHCP relay configurations

    Posted 03-28-2013 19:26

    It looks like that's still the case for 12.1X44 as well.  See here.



  • 8.  RE: SRX multiple DHCP relay configurations

    Posted 04-26-2013 16:29

    I agree that this is unacceptable,  what is worse it that the DHCP still seems to work fine in cluster mode for us just JTAC will not support it

     

     

    Not a happy camper on this one



  • 9.  RE: SRX multiple DHCP relay configurations

    Posted 08-13-2013 11:16

    @keithr wrote:

    "all" should cover it.

     

    With DHCP relays I've typically found that the issue is security policies... it's confusing to get your head around the flows.

     

    client -> broadcast

    srx -> server

    server -> srx

    srx -> client

    client -> server

    server -> client

     


    The flow is what got me! Thanks for this!