Hi all,
So I am trying to get an IP address for my MistAP through my DHCP server which is my SRX Router. I have my MistAP in a security zone and also Vlan Id 99 (Native Vlan). The problem is that I cannot get my MistAP to get an IP address. I have done Packet Capture on the interfaces irb.99 on my SRX, and to ge-0/0/47 in my ex2300 which is where my MistAP is getting power from (PoE). Here is my config for a more in-depth review :
SRX
services {
ssh;
xnm-clear-text;
dhcp-local-server {
group MistAP {
overrides {
no-unicast-replies; SRX - DHCP-Client-not-accepting-unicast-DHCP-offer
}
interface irb.99;
}
{...}
security
zones {
security-zone DMZ {
address-book {
address MistAP-Net 10.10.99.0/29;
}
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
irb.99 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
}
}
interfaces
irb {
unit 99 {
family inet {
address 10.10.99.1/29;
}
}
}
access {
address-assignment {
pool MistAP {
family inet {
network 10.10.99.0/29;
range APs {
low 10.10.99.2;
high 10.10.99.4;
}
dhcp-attributes {
server-identifier 10.10.99.1;
name-server {
10.10.100.21;
203.22.124.73;
}
router {
10.10.99.1;
}
}
}
}
}
}
vlans {
Mist-APs {
vlan-id 99;
l3-interface irb.99;
}
}
Trunk Interfaces
EX2300 - INTERFACES
ge-0/0/0 {
native-vlan-id 99;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ MistAP ];
}
storm-control default;
}
}
}
ge-0/0/47 { (CONNECTED TO MISTAP)
native-vlan-id 99;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ MistAP ];
}
storm-control default;
}
}
}
SRX - INTERFACES
ge-0/0/5 {
native-vlan-id 99;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ Mist-APs ];
}
}
}
}
When I went to check, I can reach 10.10.99.1 Gateway; Plus, here are the Packet Captures I got from my ge-0/0/47 at my EX2300 && SRX irb.99 interface
EX2300 CAPTURE:
EX2300 - Packet Capture on ge-0/0/47 - MistAP-Juniper AP34 Directly Connected + PoE
11:52:21.525968 In
Juniper PCAP Flags [Ext, no-L2, In], PCAP Extension(s) total length 28
Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
Device Interface Index Extension TLV #1, length 2, value: 695
Logical Interface Index Extension TLV #4, length 4, value: 545
Logical Unit Number Extension TLV #5, length 4, value: 99
IRB Information Extension TLV #9, length 4, value: Logical Interface Index: 545
-----original packet-----
PFE proto 2 (ipv4): (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 396) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from ac:23:16:85:cb:b6, length 300, xid 0x26e83697, Flags [none] (0x0000)
Client-Ethernet-Address ac:23:16:85:cb:b6
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether ac:23:16:85:cb:b6
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 9:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, NTP, Vendor-Option
Option 180
Vendor-Class Option 60, length 12: "Mist AP43-WW"
--- DIDN'T RECEIVED (DHCP-Message: Offer) frame from SRX [DHCP Server] ---
SRX CAPTURE:
SRX [DHCP Server]- tcpdump -vvvns 9600 -c 20 -i irb.99 (Packet Capture)
11:52:22.539668 In
Juniper PCAP Flags [Ext, no-L2, In], PCAP Extension(s) total length 28
Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
Device Interface Index Extension TLV #1, length 2, value: 33536
Logical Interface Index Extension TLV #4, length 4, value: 81
Logical Unit Number Extension TLV #5, length 4, value: 99
IRB Information Extension TLV #9, length 4, value: Logical Interface Index: 81
-----original packet-----
IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto: UDP (17), length: 328) 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from ac:23:16:85:cb:b6, length 300, xid 0x26e83697, Flags [none] (0x0000)
Client-Ethernet-Address ac:23:16:85:cb:b6 (MAC ADDRESS OF MISTAP)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether ac:23:16:85:cb:b6
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 9:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, NTP, Vendor-Option
Option 180
Vendor-Class Option 60, length 12: "Mist AP43-WW"
END Option 255, length 0
PAD Option 0, length 0, occurs 18
11:52:22.540182 Out
Juniper PCAP Flags [Ext], PCAP Extension(s) total length 34
Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
Device Interface Index Extension TLV #1, length 2, value: 33536
Logical Interface Index Extension TLV #4, length 4, value: 81
Logical Unit Number Extension TLV #5, length 4, value: 99
IRB Information Extension TLV #9, length 4, value: Logical Interface Index: 81
L2 Output Logical Interface Index Extension TLV #11, length 4, value: 75
-----original packet-----
IP (tos 0x0, ttl 64, id 7877, offset 0, flags [none], proto: UDP (17), length: 307) 10.10.99.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length 279, xid 0x26e83697, Flags [none] (0x0000)
Your-IP 10.10.99.3
Client-Ethernet-Address ac:23:16:85:cb:b6
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Lease-Time Option 51, length 4: 86400
Subnet-Mask Option 1, length 4: 255.255.255.248
Server-ID Option 54, length 4: 10.10.99.1
Default-Gateway Option 3, length 4: 10.10.99.1
Domain-Name-Server Option 6, length 8: 10.10.100.21
END Option 255, length 0
PAD Option 0, length 0
Also, if I do #show dhcp server bindings, it says this:
10.10.99.3 48 ac:23:16:85:cb:b6 71987 SELECTING irb.99
My SRX can get the DHCP Discover frames from the MIST Access Point; however, the Offer is not being received by the EX2300 switch... How can it be possible? They are on the same VLAN, there are native VLAN 99 on all trunks from Access Point to Router. The network 10.10.99.0/29 irb.99 is in the same security zone and host-inbound-traffic is set to all for system-services and protocols!
Strangely, if I reboot the Access Point a couple of times, at first it is like the MistAP has gotten an IP, but then after a couple of seconds, it flashed 3 times yellow which indicates not IP address Assigned.
I am out of ideas of what could be the problem... I would appreciate it if someone can help me Troubleshooting this issue :)
------------------------------
Nick Cuervo Vanin
------------------------------