SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series.
Expand all | Collapse all

Home Lab DHCP not working

  • 1.  Home Lab DHCP not working

    Posted 10-21-2022 20:15
    I am trying to get DHCP working on a SRX-300 but it is not working. Any help will be appreciated: 

    admin@Home-FW> show configuration
    version 20.2R3.9;

    }
    services {
    ftp;
    ssh;
    telnet;
    netconf {
    ssh;
    }
    dhcp-local-server {
    group homelab {
    interface irb.0;
    }
    }
    web-management {
    https {
    system-generated-certificate;
    interface [ vlan.0 ge-0/0/5.0 ];
    }
    }
    }
    name-server {
    8.8.8.8;
    8.8.4.4;
    }
    syslog {
    archive size 100k files 3;
    user * {
    any emergency;
    }
    file messages {
    any notice;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
    autoupdate {
    url https://ae1.juniper.net/junos/key_retrieval;
    }
    }
    phone-home {
    server https://redirect.juniper.net;
    rfc-compliant;
    }
    }
    security {
    screen {
    ids-option untrust-screen {
    icmp {
    ping-death;
    }
    ip {
    source-route-option;
    tear-drop;
    }
    tcp {
    syn-flood {
    alarm-threshold 1024;
    attack-threshold 200;
    source-threshold 1024;
    destination-threshold 2048;
    timeout 20;
    }
    land;
    }
    }
    }
    nat {
    source {
    rule-set trust-to-untrust {
    from zone trust;
    to zone untrust;
    rule source-nat-rule {
    match {
    source-address 0.0.0.0/0;
    }
    then {
    source-nat {
    interface;
    }
    }
    }
    }
    }
    }
    policies {
    from-zone trust to-zone trust {
    policy trust-to-trust {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone trust to-zone untrust {
    policy trust-to-untrust {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    }
    zones {
    security-zone trust {
    host-inbound-traffic {
    system-services {
    all;
    }
    protocols {
    all;
    }
    }
    interfaces {
    irb.0 {
    host-inbound-traffic {
    system-services {
    dhcp;
    }
    }
    }
    irb.4;
    irb.5;
    irb.6;
    ge-0/0/5.0;
    }
    }
    security-zone untrust {
    screen untrust-screen;
    interfaces {
    ge-0/0/0.0 {
    host-inbound-traffic {
    system-services {
    dhcp;
    tftp;
    https;
    }
    }
    }
    ge-0/0/7.0 {
    host-inbound-traffic {
    system-services {
    dhcp;
    tftp;
    }
    }
    }
    }
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    description Internet;
    unit 0 {
    family inet {
    dhcp {
    vendor-id Juniper-srx300;
    }
    }
    }
    }
    ge-0/0/1 {
    description to-netgear-poe-sw-port8;
    unit 0 {
    family ethernet-switching {
    interface-mode trunk;
    vlan {
    members all;
    }
    }
    }
    }
    ge-0/0/2 {
    unit 0 {
    family ethernet-switching {
    interface-mode access;
    vlan {
    members vlan-trust;
    }
    }
    }
    }
    ge-0/0/3 {
    unit 0 {
    family ethernet-switching {
    interface-mode access;
    vlan {
    members homelab-vlan4;
    }
    }
    }
    }
    ge-0/0/4 {
    unit 0 {
    family ethernet-switching {
    vlan {
    members vlan-trust;
    }
    }
    }
    }
    ge-0/0/5 {
    unit 0 {
    family inet {
    address 192.168.100.1/24;
    }
    }
    }
    ge-0/0/6 {
    unit 0 {
    family ethernet-switching {
    vlan {
    members vlan-trust;
    }
    }
    }
    }
    ge-0/0/7 {
    unit 0 {
    family inet {
    dhcp {
    vendor-id Juniper-srx300;
    }
    }
    }
    }
    irb {
    unit 0 {
    family inet {
    address 192.168.1.1/24;
    }
    }
    unit 4 {
    family inet {
    address 192.168.2.1/24;
    }
    }
    unit 5 {
    family inet {
    address 192.168.3.1/24;
    }
    }
    unit 6 {
    family inet {
    address 192.168.6.1/24;
    }
    }
    }
    }
    access {
    address-assignment {
    pool pool-trust {
    family inet {
    network 192.168.1.0/24;
    range r1 {
    low 192.168.1.20;
    high 192.168.1.254;
    }
    dhcp-attributes {
    maximum-lease-time 7200;
    name-server {
    8.8.8.8;
    8.8.4.4;
    }
    router {
    192.168.1.1;
    }
    }
    }
    }
    }
    }
    vlans {
    homelab-vlan4 {
    vlan-id 4;
    l3-interface irb.4;
    }
    homelab-vlan5 {
    vlan-id 5;
    l3-interface irb.5;
    }
    homelab-vlan6 {
    vlan-id 6;
    l3-interface irb.6;
    }
    vlan-trust {
    vlan-id 3;
    l3-interface irb.0;
    }
    }
    protocols {
    l2-learning {
    global-mode switching;
    }
    rstp {
    interface all;
    }
    }


  • 2.  RE: Home Lab DHCP not working

    Posted 10-22-2022 12:29
    Looks like the only dhcp server setup here is the original defaul trust one in 192.168.1.0/24.

    If you are looking to have this in the other vlans you need to create the server and attribute configuration for the other subnets as outline here.
    https://www.juniper.net/documentation/us/en/software/junos/dhcp/topics/topic-map/dhcp-server-configuration.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Home Lab DHCP not working

    Posted 10-22-2022 19:55
    Thank you Steve, 

    I only configured one pool to test before proceeding to setup the other subnets. i just cannot get the client to obtain ip address from pool 192.168.1.0/24 when plugging into ge-0/0/2 

    Server group is configured 
    Address pool is configured 
    vlan configured 
    IRB configured with the default gateway for the subnet 192.168.1.1 
    IRB added to the security zone trust 
    allowed host-inbound protocol and services all. 
    security policy trust to trust permitting any to any 

    I am not sure what i am missing. I got it to work before using an old code 15.4 but upgraded to 20.2R3.9. 

    Thank you once again for checking 
    Nils. 



  • 4.  RE: Home Lab DHCP not working

    Posted 10-24-2022 18:17
    found the issue i deleted the following and DHCP started working. 

    [edit protocols]
    - l2-learning {
    - global-mode switching;
    - }


  • 5.  RE: Home Lab DHCP not working

    Posted 22 days ago
    Hi Steve.
    I have similar issue:
    If I am in vlan 31 I get IP address but in vlan 29 no.  I have more POOLS configured but only two give me no IP. has srx345 or junos version 19.4R3.11 some limits? or do I need somehow activate new pool? How can I do some reset of only this pool?, Thanks for answer.
    BR
    Tomas

    set system services dhcp-local-server group POOL18 interface reth2.29
    set system services dhcp-local-server group POOL7 interface reth2.31

    set access address-assignment pool POOL18 family inet network 192.168.37.64/26
    set access address-assignment pool POOL18 family inet range RANGE18 low 192.168.37.66
    set access address-assignment pool POOL18 family inet range RANGE18 high 192.168.37.100
    set access address-assignment pool POOL18 family inet dhcp-attributes name-server 192.168.5.5
    set access address-assignment pool POOL18 family inet dhcp-attributes name-server 192.168.21.21
    set access address-assignment pool POOL18 family inet dhcp-attributes router 192.168.37.126
    set access address-assignment pool POOL18 family inet dhcp-attributes propagate-settings reth2.29
    set protocols ospf area 0.0.0.1 interface reth2.29 passive
    set access address-assignment pool POOL7 family inet network 192.168.31.0/26
    set access address-assignment pool POOL7 family inet range RANGE7 low 192.168.31.2
    set access address-assignment pool POOL7 family inet range RANGE7 high 192.168.31.55
    set access address-assignment pool POOL7 family inet dhcp-attributes name-server 192.168.5.5
    set access address-assignment pool POOL7 family inet dhcp-attributes name-server 192.168.21.21
    set access address-assignment pool POOL7 family inet dhcp-attributes router 192.168.31.62
    set access address-assignment pool POOL7 family inet dhcp-attributes propagate-settings reth2.31
    set protocols ospf area 0.0.0.1 interface reth2.31 passive
    set security zones security-zone MANAGEMENT-OFFICE interfaces reth2.29
    set security zones security-zone MEETING interfaces reth2.31
    set interfaces reth2 unit 29 vlan-id 29
    set interfaces reth2 unit 29 family inet address 192.168.37.126/26
    set interfaces reth2 unit 31 vlan-id 31
    set interfaces reth2 unit 31 family inet address 192.168.31.62/26
    
    show dhcp statistics interface reth2.29
    Packets dropped:
    Total 2118
    No available addresses 2118

    Messages received:
    BOOTREQUEST 4281
    DHCPDECLINE 0
    DHCPDISCOVER 4281
    DHCPINFORM 0
    DHCPRELEASE 0
    DHCPREQUEST 0
    DHCPLEASEACTIVE 0
    DHCPLEASEUNASSIGNED 0
    DHCPLEASEUNKNOWN 0
    DHCPLEASEQUERYDONE 0

    Messages sent:
    BOOTREPLY 0
    DHCPOFFER 0
    DHCPACK 0
    DHCPNAK 0
    DHCPFORCERENEW 0

    reth2.31 no packet drops


    ------------------------------
    TOMAS JUHAS
    ------------------------------



  • 6.  RE: Home Lab DHCP not working

    Posted 22 days ago
    Hi Spuluka.

    I have a similar problem. I have configured more pools and subinterface for different vlan. The last two configured don't work. Configuration is the same as functionally pools.  I did not configure previous pools. I did last two.  Do I need to activate this pool somehow?

    I would like to ask you if there some limitation of number of pools or some junos version limitation?

    I have SRX345 with version 19.4R3.11

    Many Thanks

    ------------------------------
    TOMAS JUHAS
    ------------------------------



  • 7.  RE: Home Lab DHCP not working

    Posted 22 days ago
    I'm not aware of any limits.

    Do your two new zones allow dhcp for the zone in host inbound?

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 8.  RE: Home Lab DHCP not working

    Posted 21 days ago
    Hi Steve,
    yes, it is allowed. I am struggling with this, because I can't find anything wrong...

    security-zone MANAGEMENT-OFFICE {
                description RECEPCE;
                host-inbound-traffic {
                    system-services {
                        all;
                    }
                    protocols {
                        all;
                    }
                }
                interfaces {
                    reth2.29;

            security-zone MEETING {
                host-inbound-traffic {
                    system-services {
                        all;
                    }
                    protocols {
                        all;
                    }
                }
                interfaces {
                    reth2.31;
    


    ------------------------------
    TOMAS JUHAS
    TOMASTOMASTOMASJUHASTOMAS
    ------------------------------



  • 9.  RE: Home Lab DHCP not working

    Posted 16 days ago
    Hi.

    Nobody any suggestion?

    Some additional info. If I put manually IP from pool to host. GW is reachable. I tried to deactivate pool and to activate it again but no influence. Still not working...

    this is for me weird...:
    show dhcp statistics interface reth2.29
    Packets dropped:
    Total 12770
    No available addresses 12770

    thanks for any suggestion

    ------------------------------
    TOMAS
    ------------------------------



  • 10.  RE: Home Lab DHCP not working

    Posted 14 days ago
    Hi .
    Another additional info:
    On dhcp server GW interface I can see only this but no response (OUT)
    11:20:46.092665 In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from a4:4c:xx:70:f8:64, length 300
    11:20:46.102734 In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from a4:4c:xx:70:f8:64, length 300
    11:21:02.115768 In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from a4:4c:xx:70:f8:64, length 300
    11:21:02.115792 In IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from a4:4c:xx:70:f8:64, length 300

    anybody some sugestion?

    ------------------------------
    TOMAS
    ------------------------------



  • 11.  RE: Home Lab DHCP not working

    Posted 13 days ago
    HI

    now I think that I found where is the issue but not the solution, how to fix it...

    What are you thinking, can this help me without influence to another pools?
    set forwarding-options dhcp-relay forward-snooped-clients non-configured-interfaces

    debugging DHCP
    Nov 23 15:33:08.434680 [MSTR][DEBUG][default:default][SVR][INET][reth2.29] jdhcpd_find_client_from_client_pdu: BOOTPREQUEST could not find client table ent
    Nov 23 15:33:08.439553 [MSTR][DEBUG] jdhcpd_packet_map_to_wholesale_client: No wholesale clients moved out routing instance default:default
    Nov 23 15:33:08.439732 [MSTR][DEBUG] jdhcpd_packet_map_to_wholesale_client: Client entry NOT found
    Nov 23 15:33:08.439772 [MSTR][NOTE] jdhcpd_packet_handle: RECEIVE DISCOVER: stats_safd 0x0 , safd 0x2a36c00 reth2.29
    Nov 23 15:33:09.525525 [MSTR][DEBUG][default:default][SVR][INET][reth2.29] jdhcpd_process_forward_only_or_drop: Returning ... forward-only flags not set (flags=deaddead, rc_flags 8a40809) for routing context 0
    Nov 23 15:33:09.525594 [MSTR][DEBUG] jdhcpd_short_cycle_protection_config_get: Short cycle protection NOT configured for reth2.29

    DHCP pool

    Nov 23 15:31:17.390540 [INIT][DEBUG] jdhcpd_cfg_do_attrs_common: Doing Attributes LR:default RI:default Pool:POOL18 - action 1, INET
    Nov 23 15:31:17.390616 [INIT][DEBUG] jdhcpd_pool_find: cfg 25c0000, pool_name 5bfed528, POOL18
    Nov 23 15:31:17.390644 [INIT][DEBUG] jdhcpd_pool_find: Pool POOL18 NOT found 0x0 w/ cfg container 0x25c0000
    Nov 23 15:31:17.390781 [INIT][DEBUG] jdhcpd_server_attributes_process: got name-server 192.168.5.5
    Nov 23 15:31:17.390855 [INIT][DEBUG] jdhcpd_server_attributes_process: got name-server 192.168.21.21
    Nov 23 15:31:17.390914 [INIT][DEBUG] jdhcpd_server_attributes_process: got router 192.168.37.126
    Nov 23 15:31:17.390972 got propagate-settings reth2.29
    Nov 23 15:31:17.391057 [INIT][DEBUG] jdhcpd_platform_process_local_server_attributes_cfg_han: propagate settings done - number of ifls in pool are 0
    Nov 23 15:31:17.391242 [INIT][DEBUG] jdhcpd_cfg_get_pool_subnet_mask: Got subnet mask, Mask:255.255.255.192, LR:default RI:default Pool:POOL18
    Nov 23 15:31:17.391288 [INIT][DEBUG] jdhcpd_cfg_do_attrs_common: Adding NEW POOL in LR:default RI:default, type SERVER, POOL POOL18 to INET, cfg_ptr 0x25c0000
    Nov 23 15:31:17.391319 [INIT][DEBUG] sus_name_get: Extracted ifd_name = reth2
    Nov 23 15:31:17.391338 jdhcpd_propagate_setting_to_pool_if_needed: Can't get interface by interface name reth2.29



    ------------------------------
    TOMAS
    ------------------------------



  • 12.  RE: Home Lab DHCP not working