SRX

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX 300

    Posted 10-04-2023 10:31

    Hi guys, 

    I have setup the VLAN on my juniper SRX 300 and uplink to my switch. I am able to do an access mode to each of the port but once i want to change to a different VLAN my laptop/pc will be using the previous VLAN instead. For example my first laptop connect to VLAN 3 and the DHCP is 192.168.3.0/24 but once i change the cable to different port to test VLAN 2 the DHCP should be 192.168.2.0/24 but instead i got the IP from VLAN 3.  I need to delete the DHCP pool from VLAN 3 first then i am able to enter different VLAN. 

    Can anyone assist me on this ? I suspect its the propagate settings on the DHCP pool but correct me if i am wrong. Thank you

    P.S Yes I have done ipconfig/release /renew



    ------------------------------
    Imran Asri
    ------------------------------


  • 2.  RE: SRX 300

    Posted 10-06-2023 17:25

    Hi Imran, 

    Assuming you have trunking configured for your uplink port. There are several ways you can configure the VLAN termination in the SRX (SRX is doing DHCP right?) 
    Are you using IRB interfaces or flexible-vlan-tagging in the uplink port to terminate the VLANs? 
    Make sure to have the interfaces defined under the DHCP group configuration and an access profile for each pool. 

    Regards,

    Gavin White



    ------------------------------
    GAVIN WHITE
    ------------------------------

    Original Message


  • 3.  RE: SRX 300

    Posted 10-09-2023 05:42

    Hi Gavin,

    Yes, the Juniper SRX is providing the DHCP. 

    I am using IRB interfaces instead and the issue already been solve because I change the DHCP global configuration. 
    I believe the 3 option is option-82, ip-address-first and external authority.

    Once i enable these 3 option, the issue already fix. May i know why once i enable this option suddenly it works ?

    Thank you.



    ------------------------------
    Imran Asri
    ------------------------------

    Original Message


  • 4.  RE: SRX 300

    Posted 10-11-2023 16:27

    Hi Imran, 

    Glad you were able to resolve the issue, 

    The DHCP Server, by default, will use ip-address-first, Unless there is a specific override, this should apply. The other options are for external RADIUS and DHCP relaying. 

    You can find more information on these commands here...
    https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-sessions/topics/topic-map/dhcp-client-address-attribute-assignment.html#id-configuring-dhcp-client-specific-attributes-applied-when-clients-obtain-an-address

    Kind Regards,

    Gavin White



    ------------------------------
    GAVIN WHITE
    ------------------------------

    Original Message


  • 5.  RE: SRX 300

    This message was posted by a user wishing to remain anonymous
    Posted 10-11-2023 19:23
    This message was posted by a user wishing to remain anonymous

    You might want to make sure you have "set system services dhcp-local-server requested-ip-interface-match" in your SRX configuration.  I have run in to that issue a few times where the SRX assigned an IP address from the wrong DHCP pool.  The above command blocks the SRX from accepting a client requested IP that is outside the range for the interface the request comes in on. 

    As I understood it.  When your computer has a DHCP IP from VLAN 3 and it moves to a VLAN 2 port, your computer is asking the SRX if it can use the IP it had before again, not understanding it's on a new VLAN.  The SRX allows it as it's a valid request.  The reqest-ip-interface-match command makes the SRX check the request against what the range is allowed on that VLAN or interface.  So it would not allow the IP and assign it a new DHCP address that's appropriate for that VLAN.


    Original Message