SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX does not want to service DHCP clients

    Posted 03-03-2025 10:12

    I have SRX4200 with JunOS 23.4R2-S3.9 and trying to setup DHCP server for some vlan

    here is the config:

    set access address-assignment pool Public-VM family inet network 11.11.182.0/24
set access address-assignment pool Public-VM family inet range test low 11.11.182.200
set access address-assignment pool Public-VM family inet range test high 11.11.182.205
set access address-assignment pool Public-VM family inet dhcp-attributes maximum-lease-time 7200
set access address-assignment pool Public-VM family inet dhcp-attributes name-server 1.1.1.1
set access address-assignment pool Public-VM family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool Public-VM family inet dhcp-attributes router 11.11.182.250
set access address-assignment pool Public-VM family inet host test hardware-address 8e:28:5b:e0:b2:7a
set access address-assignment pool Public-VM family inet host test ip-address 11.11.182.202
set interfaces reth0 unit 210 vlan-id 210
set interfaces reth0 unit 210 family inet no-redirects
set interfaces reth0 unit 210 family inet address 11.11.182.250/24
set security zones security-zone Internet interfaces reth0.210 host-inbound-traffic system-services dhcp
set security zones security-zone Internet interfaces reth0.210 host-inbound-traffic system-services ping
set security zones security-zone Internet interfaces reth0.210 host-inbound-traffic system-services bootp
set system services dhcp-local-server group Public-VM interface reth0.210

    I have 2 other DHCP servers running on the same SRX and they are working perfectly.

    But this one specific is not working.

    I see some weird statistics:

    Packets dropped:
    Total                      92
    No available addresses     80
    dhcp-service total         12

    there is another DHCP server in the same vlan for another static leases. When I set this particular static record on it, it works. But not when it is configured on SRX.

    ARP cleared, DHCP lease table is empty.

    Any thoughts?



    ------------------------------
    // BR, dtsname
    ------------------------------


  • 2.  RE: SRX does not want to service DHCP clients

    Posted 03-03-2025 13:56

    You have 2 active DHCP servers in the same VLAN?



    ------------------------------
    David Divins
    ------------------------------

    Original Message


  • 3.  RE: SRX does not want to service DHCP clients

    Posted 03-03-2025 19:18

    Yes, we need to migrate from old Mikrotik DHCP to new SRX. DHCP servers use different sets of static leases, but SRX does not respond even if it has simple dynamic config. 


    Other vlan pools work. Connected to bridge overlay EVPN VXLAN fabric.



    ------------------------------
    // BR, dtsname
    ------------------------------

    Original Message


  • 4.  RE: SRX does not want to service DHCP clients

    Posted 03-04-2025 10:30
    Edited by Jodi Meier 03-04-2025 10:29

    You really shouldn't have 2 active dhcp servers in the same vlan. Its possible the other server just responds faster or is a renew so it uses other server- it's up to the client to decide. 

    You can enable traceoptions for DHCP or take packet captures at the SRX to see if you are receiving and responding to requests.  Also possibly taking the other server offline and force a dhcp request from a client and see what logs and tcpdump say  

    Edit: your output says not enough addresses. Are you sure there are no bindings and free addresses in the pool? Are your clients requesting a renew with a specific mask that is invalid?  Packet capture at SRX will tell all.



    ------------------------------
    David Divins
    ------------------------------

    Original Message