SRX

 View Only
last person joined: 13 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Expand all | Collapse all

Home Lab DHCP not working

  • 1.  Home Lab DHCP not working

    Posted 10-21-2022 20:15
    I am trying to get DHCP working on a SRX-300 but it is not working. Any help will be appreciated: 

    admin@Home-FW> show configuration
    version 20.2R3.9;

    }
    services {
    ftp;
    ssh;
    telnet;
    netconf {
    ssh;
    }
    dhcp-local-server {
    group homelab {
    interface irb.0;
    }
    }
    web-management {
    https {
    system-generated-certificate;
    interface [ vlan.0 ge-0/0/5.0 ];
    }
    }
    }
    name-server {
    8.8.8.8;
    8.8.4.4;
    }
    syslog {
    archive size 100k files 3;
    user * {
    any emergency;
    }
    file messages {
    any notice;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
    autoupdate {
    url https://ae1.juniper.net/junos/key_retrieval;
    }
    }
    phone-home {
    server https://redirect.juniper.net;
    rfc-compliant;
    }
    }
    security {
    screen {
    ids-option untrust-screen {
    icmp {
    ping-death;
    }
    ip {
    source-route-option;
    tear-drop;
    }
    tcp {
    syn-flood {
    alarm-threshold 1024;
    attack-threshold 200;
    source-threshold 1024;
    destination-threshold 2048;
    timeout 20;
    }
    land;
    }
    }
    }
    nat {
    source {
    rule-set trust-to-untrust {
    from zone trust;
    to zone untrust;
    rule source-nat-rule {
    match {
    source-address 0.0.0.0/0;
    }
    then {
    source-nat {
    interface;
    }
    }
    }
    }
    }
    }
    policies {
    from-zone trust to-zone trust {
    policy trust-to-trust {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone trust to-zone untrust {
    policy trust-to-untrust {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    }
    zones {
    security-zone trust {
    host-inbound-traffic {
    system-services {
    all;
    }
    protocols {
    all;
    }
    }
    interfaces {
    irb.0 {
    host-inbound-traffic {
    system-services {
    dhcp;
    }
    }
    }
    irb.4;
    irb.5;
    irb.6;
    ge-0/0/5.0;
    }
    }
    security-zone untrust {
    screen untrust-screen;
    interfaces {
    ge-0/0/0.0 {
    host-inbound-traffic {
    system-services {
    dhcp;
    tftp;
    https;
    }
    }
    }
    ge-0/0/7.0 {
    host-inbound-traffic {
    system-services {
    dhcp;
    tftp;
    }
    }
    }
    }
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    description Internet;
    unit 0 {
    family inet {
    dhcp {
    vendor-id Juniper-srx300;
    }
    }
    }
    }
    ge-0/0/1 {
    description to-netgear-poe-sw-port8;
    unit 0 {
    family ethernet-switching {
    interface-mode trunk;
    vlan {
    members all;
    }
    }
    }
    }
    ge-0/0/2 {
    unit 0 {
    family ethernet-switching {
    interface-mode access;
    vlan {
    members vlan-trust;
    }
    }
    }
    }
    ge-0/0/3 {
    unit 0 {
    family ethernet-switching {
    interface-mode access;
    vlan {
    members homelab-vlan4;
    }
    }
    }
    }
    ge-0/0/4 {
    unit 0 {
    family ethernet-switching {
    vlan {
    members vlan-trust;
    }
    }
    }
    }
    ge-0/0/5 {
    unit 0 {
    family inet {
    address 192.168.100.1/24;
    }
    }
    }
    ge-0/0/6 {
    unit 0 {
    family ethernet-switching {
    vlan {
    members vlan-trust;
    }
    }
    }
    }
    ge-0/0/7 {
    unit 0 {
    family inet {
    dhcp {
    vendor-id Juniper-srx300;
    }
    }
    }
    }
    irb {
    unit 0 {
    family inet {
    address 192.168.1.1/24;
    }
    }
    unit 4 {
    family inet {
    address 192.168.2.1/24;
    }
    }
    unit 5 {
    family inet {
    address 192.168.3.1/24;
    }
    }
    unit 6 {
    family inet {
    address 192.168.6.1/24;
    }
    }
    }
    }
    access {
    address-assignment {
    pool pool-trust {
    family inet {
    network 192.168.1.0/24;
    range r1 {
    low 192.168.1.20;
    high 192.168.1.254;
    }
    dhcp-attributes {
    maximum-lease-time 7200;
    name-server {
    8.8.8.8;
    8.8.4.4;
    }
    router {
    192.168.1.1;
    }
    }
    }
    }
    }
    }
    vlans {
    homelab-vlan4 {
    vlan-id 4;
    l3-interface irb.4;
    }
    homelab-vlan5 {
    vlan-id 5;
    l3-interface irb.5;
    }
    homelab-vlan6 {
    vlan-id 6;
    l3-interface irb.6;
    }
    vlan-trust {
    vlan-id 3;
    l3-interface irb.0;
    }
    }
    protocols {
    l2-learning {
    global-mode switching;
    }
    rstp {
    interface all;
    }
    }


  • 2.  RE: Home Lab DHCP not working

    Posted 10-22-2022 12:29
    Looks like the only dhcp server setup here is the original defaul trust one in 192.168.1.0/24.

    If you are looking to have this in the other vlans you need to create the server and attribute configuration for the other subnets as outline here.
    https://www.juniper.net/documentation/us/en/software/junos/dhcp/topics/topic-map/dhcp-server-configuration.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Home Lab DHCP not working

    Posted 10-22-2022 19:55
    Thank you Steve, 

    I only configured one pool to test before proceeding to setup the other subnets. i just cannot get the client to obtain ip address from pool 192.168.1.0/24 when plugging into ge-0/0/2 

    Server group is configured 
    Address pool is configured 
    vlan configured 
    IRB configured with the default gateway for the subnet 192.168.1.1 
    IRB added to the security zone trust 
    allowed host-inbound protocol and services all. 
    security policy trust to trust permitting any to any 

    I am not sure what i am missing. I got it to work before using an old code 15.4 but upgraded to 20.2R3.9. 

    Thank you once again for checking 
    Nils. 



  • 4.  RE: Home Lab DHCP not working

    Posted 10-24-2022 18:17
    found the issue i deleted the following and DHCP started working. 

    [edit protocols]
    - l2-learning {
    - global-mode switching;
    - }


  • 5.  RE: Home Lab DHCP not working

    Posted 11-15-2022 12:03
    Hi Steve.
    I have similar issue:
    If I am in vlan 31 I get IP address but in vlan 29 no.  I have more POOLS configured but only two give me no IP. has srx345 or junos version 19.4R3.11 some limits? or do I need somehow activate new pool? How can I do some reset of only this pool?, Thanks for answer.
    BR
    Tomas

    set system services dhcp-local-server group POOL18 interface reth2.29
    set system services dhcp-local-server group POOL7 interface reth2.31

    set access address-assignment pool POOL18 family inet network 192.168.37.64/26
    set access address-assignment pool POOL18 family inet range RANGE18 low 192.168.37.66
    set access address-assignment pool POOL18 family inet range RANGE18 high 192.168.37.100
    set access address-assignment pool POOL18 family inet dhcp-attributes name-server 192.168.5.5
    set access address-assignment pool POOL18 family inet dhcp-attributes name-server 192.168.21.21
    set access address-assignment pool POOL18 family inet dhcp-attributes router 192.168.37.126
    set access address-assignment pool POOL18 family inet dhcp-attributes propagate-settings reth2.29
    set protocols ospf area 0.0.0.1 interface reth2.29 passive
    set access address-assignment pool POOL7 family inet network 192.168.31.0/26
    set access address-assignment pool POOL7 family inet range RANGE7 low 192.168.31.2
    set access address-assignment pool POOL7 family inet range RANGE7 high 192.168.31.55
    set access address-assignment pool POOL7 family inet dhcp-attributes name-server 192.168.5.5
    set access address-assignment pool POOL7 family inet dhcp-attributes name-server 192.168.21.21
    set access address-assignment pool POOL7 family inet dhcp-attributes router 192.168.31.62
    set access address-assignment pool POOL7 family inet dhcp-attributes propagate-settings reth2.31
    set protocols ospf area 0.0.0.1 interface reth2.31 passive
    set security zones security-zone MANAGEMENT-OFFICE interfaces reth2.29
    set security zones security-zone MEETING interfaces reth2.31
    set interfaces reth2 unit 29 vlan-id 29
    set interfaces reth2 unit 29 family inet address 192.168.37.126/26
    set interfaces reth2 unit 31 vlan-id 31
    set interfaces reth2 unit 31 family inet address 192.168.31.62/26
    
    show dhcp statistics interface reth2.29
    Packets dropped:
    Total 2118
    No available addresses 2118

    Messages received:
    BOOTREQUEST 4281
    DHCPDECLINE 0
    DHCPDISCOVER 4281
    DHCPINFORM 0
    DHCPRELEASE 0
    DHCPREQUEST 0
    DHCPLEASEACTIVE 0
    DHCPLEASEUNASSIGNED 0
    DHCPLEASEUNKNOWN 0
    DHCPLEASEQUERYDONE 0

    Messages sent:
    BOOTREPLY 0
    DHCPOFFER 0
    DHCPACK 0
    DHCPNAK 0
    DHCPFORCERENEW 0

    reth2.31 no packet drops


    ------------------------------
    TOMAS JUHAS
    ------------------------------



  • 6.  RE: Home Lab DHCP not working

    Posted 11-15-2022 12:17
    Hi Spuluka.

    I have a similar problem. I have configured more pools and subinterface for different vlan. The last two configured don't work. Configuration is the same as functionally pools.  I did not configure previous pools. I did last two.  Do I need to activate this pool somehow?

    I would like to ask you if there some limitation of number of pools or some junos version limitation?

    I have SRX345 with version 19.4R3.11

    Many Thanks

    ------------------------------
    TOMAS JUHAS
    ------------------------------



  • 7.  RE: Home Lab DHCP not working

    Posted 11-15-2022 20:22
    I'm not aware of any limits.

    Do your two new zones allow dhcp for the zone in host inbound?

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 8.  RE: Home Lab DHCP not working

    Posted 11-16-2022 01:55
    Hi Steve,
    yes, it is allowed. I am struggling with this, because I can't find anything wrong...

    security-zone MANAGEMENT-OFFICE {
                description RECEPCE;
                host-inbound-traffic {
                    system-services {
                        all;
                    }
                    protocols {
                        all;
                    }
                }
                interfaces {
                    reth2.29;

            security-zone MEETING {
                host-inbound-traffic {
                    system-services {
                        all;
                    }
                    protocols {
                        all;
                    }
                }
                interfaces {
                    reth2.31;
    


    ------------------------------
    TOMAS JUHAS
    TOMASTOMASTOMASJUHASTOMAS
    ------------------------------



  • 9.  RE: Home Lab DHCP not working

    Posted 11-21-2022 07:14
    Hi.

    Nobody any suggestion?

    Some additional info. If I put manually IP from pool to host. GW is reachable. I tried to deactivate pool and to activate it again but no influence. Still not working...

    this is for me weird...:
    show dhcp statistics interface reth2.29
    Packets dropped:
    Total 12770
    No available addresses 12770

    thanks for any suggestion

    ------------------------------
    TOMAS
    ------------------------------



  • 10.  RE: Home Lab DHCP not working

    Posted 11-23-2022 05:24
    Hi .
    Another additional info:
    On dhcp server GW interface I can see only this but no response (OUT)
    11:20:46.092665 In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from a4:4c:xx:70:f8:64, length 300
    11:20:46.102734 In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from a4:4c:xx:70:f8:64, length 300
    11:21:02.115768 In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from a4:4c:xx:70:f8:64, length 300
    11:21:02.115792 In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from a4:4c:xx:70:f8:64, length 300

    anybody some sugestion?

    ------------------------------
    TOMAS
    ------------------------------



  • 11.  RE: Home Lab DHCP not working

    Posted 11-24-2022 03:51
    HI

    now I think that I found where is the issue but not the solution, how to fix it...

    What are you thinking, can this help me without influence to another pools?
    set forwarding-options dhcp-relay forward-snooped-clients non-configured-interfaces

    debugging DHCP
    Nov 23 15:33:08.434680 [MSTR][DEBUG][default:default][SVR][INET][reth2.29] jdhcpd_find_client_from_client_pdu: BOOTPREQUEST could not find client table ent
    Nov 23 15:33:08.439553 [MSTR][DEBUG] jdhcpd_packet_map_to_wholesale_client: No wholesale clients moved out routing instance default:default
    Nov 23 15:33:08.439732 [MSTR][DEBUG] jdhcpd_packet_map_to_wholesale_client: Client entry NOT found
    Nov 23 15:33:08.439772 [MSTR][NOTE] jdhcpd_packet_handle: RECEIVE DISCOVER: stats_safd 0x0 , safd 0x2a36c00 reth2.29
    Nov 23 15:33:09.525525 [MSTR][DEBUG][default:default][SVR][INET][reth2.29] jdhcpd_process_forward_only_or_drop: Returning ... forward-only flags not set (flags=deaddead, rc_flags 8a40809) for routing context 0
    Nov 23 15:33:09.525594 [MSTR][DEBUG] jdhcpd_short_cycle_protection_config_get: Short cycle protection NOT configured for reth2.29

    DHCP pool

    Nov 23 15:31:17.390540 [INIT][DEBUG] jdhcpd_cfg_do_attrs_common: Doing Attributes LR:default RI:default Pool:POOL18 - action 1, INET
    Nov 23 15:31:17.390616 [INIT][DEBUG] jdhcpd_pool_find: cfg 25c0000, pool_name 5bfed528, POOL18
    Nov 23 15:31:17.390644 [INIT][DEBUG] jdhcpd_pool_find: Pool POOL18 NOT found 0x0 w/ cfg container 0x25c0000
    Nov 23 15:31:17.390781 [INIT][DEBUG] jdhcpd_server_attributes_process: got name-server 192.168.5.5
    Nov 23 15:31:17.390855 [INIT][DEBUG] jdhcpd_server_attributes_process: got name-server 192.168.21.21
    Nov 23 15:31:17.390914 [INIT][DEBUG] jdhcpd_server_attributes_process: got router 192.168.37.126
    Nov 23 15:31:17.390972 got propagate-settings reth2.29
    Nov 23 15:31:17.391057 [INIT][DEBUG] jdhcpd_platform_process_local_server_attributes_cfg_han: propagate settings done - number of ifls in pool are 0
    Nov 23 15:31:17.391242 [INIT][DEBUG] jdhcpd_cfg_get_pool_subnet_mask: Got subnet mask, Mask:255.255.255.192, LR:default RI:default Pool:POOL18
    Nov 23 15:31:17.391288 [INIT][DEBUG] jdhcpd_cfg_do_attrs_common: Adding NEW POOL in LR:default RI:default, type SERVER, POOL POOL18 to INET, cfg_ptr 0x25c0000
    Nov 23 15:31:17.391319 [INIT][DEBUG] sus_name_get: Extracted ifd_name = reth2
    Nov 23 15:31:17.391338 jdhcpd_propagate_setting_to_pool_if_needed: Can't get interface by interface name reth2.29



    ------------------------------
    TOMAS
    ------------------------------



  • 12.  RE: Home Lab DHCP not working

     
    Posted 12-01-2022 05:57
    Hi,

    can you attach your complete srx config ? (minus passwords etc etc) so we can have a "complete" look to see if we can give you some advice.

    Cheers,

    Marcel

    ------------------------------
    Marcel ten Berg
    ------------------------------



  • 13.  RE: Home Lab DHCP not working

    Posted 12-01-2022 08:10
    Hi Marcel.
    We found another issue with DHCP so we decided to move DHCP server from srx to new ex2300( in VC). Here works everything fine without issue. SRX is still GW.
    From my point of view is everything configured same for each member. It looks like DHCP server stuck... I have on this firewall important traffic, so I couldn't play with it. 
    I will do junos upgrade to last recommended version and with this I do restart as well.  My opinion is, that restart help...

    Just for info what was the second issue:
    I had configured fix IP according MAC from pool which is working, and I needed to change it. After change configuration pc always got the same old IP. It ignored new configuration.. Everything else work, I had issue only with DHCP...

    BR
    Tomas

    ------------------------------
    TOMAS
    ------------------------------