SRX Next-Gen Firewalls

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  SRX345 FXP0 DHCPV6 - Not binding

    Posted 05-20-2022 13:36
    Hello Everyone, 

    FXP0 binding is not happening | But ge-0/0/0 works fine 

    We have a SRX DHCPv6 client. Below are the configurations 

    root> show configuration | match fxp | display set
    set interfaces fxp0 unit 0 description "uplink from office guest network"
    set interfaces fxp0 unit 0 family inet dhcp
    set interfaces fxp0 unit 0 family inet6 dhcpv6-client client-type autoconfig
    set interfaces fxp0 unit 0 family inet6 dhcpv6-client client-ia-type ia-na
    set interfaces fxp0 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
    set interfaces fxp0 unit 0 family inet6 dhcpv6-client req-option dns-server
    set interfaces fxp0 unit 0 family inet6 dhcpv6-client update-server
    set forwarding-options access-security router-advertisement-guard interface fxp0.0 mark-interface trusted
    set protocols router-advertisement interface fxp0.0

    root> show configuration | match ge-0/0/0 | display set
    set security ike gateway paloAlto external-interface ge-0/0/0
    set security zones security-zone upstream interfaces ge-0/0/0.0
    set interfaces ge-0/0/0 unit 0 description "uplink from office guest network"
    set interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-type autoconfig
    set interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-ia-type ia-na
    set interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
    set interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client req-option dns-server
    set forwarding-options access-security router-advertisement-guard interface ge-0/0/0.0 mark-interface trusted
    set protocols router-advertisement interface ge-0/0/0.0

    root> show dhcpv6 client binding

    IP/prefix Expires State ClientType Interface Client DUID
    2a00:c320:2:1:4e6d:58ff:fe3d:5307/128 86333 BOUND AUTO ge-0/0/0.0 LL0x3-4c:6d:58:3d:5d:07
    2a00:c320:2:1::/64 86333 BOUND AUTO ge-0/0/0.0 LL0x3-4c:6d:58:3d:5d:07

    root> show version
    Model: srx345
    Junos: 21.3R1-S2.2
    JUNOS Software Release [21.3R1-S2.2]

    DHCPv6 Trace logs :

    May 20 14:36:35.453439 [INIT][DEBUG] jdhcpd_cfg_do_top_client_interface_cb1: Entering for app CLIENT action 1 lr default ri mgmt_junos int fxp0 unit 0 obj dhcp
    May 20 14:36:35.455231 [INIT][DEBUG] jdhcpd_configure_client_group_interface: **** START group jdhcp_fxp0.0 ****
    May 20 14:36:35.455291 [INIT][DEBUG] jdhcpd_configure_client_group_interface: Creating new group jdhcp_fxp0.0
    May 20 14:36:35.455955 [INIT][DEBUG] jdhcpd_process_client_group: Process configuration in group jdhcp_fxp0.0 for app CLIENT flags 1e000
    May 20 14:36:35.456187 [INIT][DEBUG] jdhcpd_configure_client_group_interface: Exiting **** STOP group jdhcp_fxp0.0 retval 0
    May 20 14:36:35.457631 [INIT][DEBUG] jdhcpd_update_groups: update_group jdhcp_fxp0.0, flgs 0x1e000
    May 20 14:36:35.457678 [INIT][DEBUG] jdhcpd_update_groups: update_group jdhcp_fxp0.0, NO service_profile
    May 20 14:36:35.457698 [INIT][DEBUG] jdhcpd_update_groups: update_group jdhcp_fxp0.0, ROUTE_SUPPRESSION not configured
    May 20 14:36:35.457719 [INIT][INFO] jdhcpd_update_groups: update_group jdhcp_fxp0.0, NO access_profile
    May 20 14:36:35.457738 [INIT][INFO] jdhcpd_update_groups: update_group jdhcp_fxp0.0, NO short cycle protection
    May 20 14:36:35.457784 [INIT][INFO] jdhcpd_update_groups: update_group jdhcp_fxp0.0, ROUTE_SUPPRESSION not configured
    May 20 14:36:35.457810 [INIT][DEBUG] jdhcpd_update_groups: update_group jdhcp_fxp0.0, REMOTE_ID_MATCH not updated from global
    May 20 14:36:35.457833 [INIT][DEBUG] jdhcpd_client_update_cfg_group_handler: update_group jdhcp_fxp0.0 for app CLIENT, update server isn't set
    May 20 14:36:35.457854 [INIT][DEBUG] jdhcpd_client_update_cfg_group_handler: update_group jdhcp_fxp0.0 for app CLIENT, vendor id
    May 20 14:36:35.457878 [INIT][DEBUG] jdhcpd_client_update_cfg_group_handler: update_group jdhcp_fxp0.0 for app CLIENT, server_addr 0.0.0.0
    May 20 14:36:35.457900 [INIT][DEBUG] jdhcpd_client_update_cfg_group_handler: update_group jdhcp_fxp0.0 for app CLIENT, client_id:
    May 20 14:36:35.461655 [INIT][DEBUG] dhcpv6_cfg_do_top_client_interface_cb: Entering for app CLIENT action 1 lr default ri mgmt_junos int fxp0 unit 0 objname dhcpv6-client
    May 20 14:36:35.462369 [INIT][DEBUG] dhcpv6_configure_client_group_interface: **** START group jdhcp_fxp0.0 ****
    May 20 14:36:35.462438 [INIT][DEBUG] dhcpv6_configure_client_group_interface: Creating new group jdhcp_fxp0.0
    May 20 14:36:35.463464 [INIT][DEBUG] dhcpv6_process_client_group: Process configuration in group jdhcp_fxp0.0 for app CLIENT flags 6000
    May 20 14:36:35.463537 [INIT][DEBUG] dhcpv6_configure_client_group_interface: Exiting **** STOP group jdhcp_fxp0.0 retval 0
    May 20 14:36:41.551853 [MSTR][DEBUG] jdhcpd_cfg_top_client_interface_present: Group jdhcp_fxp0.0 seen in RC /default/mgmt_junos/
    May 20 14:36:41.553049 [MSTR][DEBUG] dhcpv6_cfg_top_client_interface_present: Group jdhcp_fxp0.0 seen in RC /default/mgmt_junos/
    May 20 14:36:41.554862 [MSTR][DEBUG] jdhcpd_look_for_the_missing: DHCP group: jdhcp_fxp0.0, keeping
    May 20 14:36:41.554959 [MSTR][DEBUG] jdhcpd_look_for_the_missing: DHCP group: jdhcp_fxp0.0, keeping

    Please let me know , what am i missing here ?

    Regards
    Ruban Prasat Johnson

    ------------------------------
    RUBAN JOHNSON
    ------------------------------


  • 2.  RE: SRX345 FXP0 DHCPV6 - Not binding

    Posted 14 days ago

    DHCPv6 client feature for fxp0 is not supported on SRX, it's only supported on MX platforms:

    https://apps.juniper.net/feature-explorer/feature-info.html?fKey=8748&fn=DHCP%20support%20for%20management%20interface%20in%20non-default%20routing%20instance

    ------------------------------
    RUBAN JOHNSON
    ------------------------------