Knowledge Center Search


 

[SRX] How to set up a DHCP server on SRX with the DHCP clients in a non-default routing instance

  [KB21169] Show KB Properties

  [KB21169] Hide KB Properties

Categories:
Knowledge Base ID: KB21169
Last Updated: 24 Jan 2014
Version: 9.0

Summary:

This article provides information on how to set up the DHCP server on an SRX with DHCP clients in a non-default routing instance.

Problem or Goal:

With SRX as the DHCP server and DHCP clients in a non-default routing instance, DHCP requests are dropped by the DHCP daemon.

The configuration on the SRX device is as follows:

root@SRX210# show interfaces | display set
set interfaces fe-0/0/5 unit 0 family inet address 192.168.222.1/24

root@SRX210# show routing-instances | display set
set routing-instances test instance-type virtual-router
set routing-instances test interface fe-0/0/5.0

root@SRX210# show system services dhcp display set
set system services dhcp pool 192.168.222.0/24 address-range low 192.168.222.20
set system services dhcp pool 192.168.222.0/24 address-range high 192.168.222.200
set system services dhcp pool 192.168.222.0/24 router 192.168.222.1
Error message:
Jun 6 10:58:03 received packet from 0.0.0.0 port 68 interface fe-0/0/5.0 routing instance test
Jun 6 10:58:03 packet from 0.0.0.0 discarded: not default routing instance

Cause:

Solution:
Instead of placing the fe-0/0/5 interface in the non-default routing instance, use a firewall filter to direct the traffic to the routing instance.

The configuration on the SRX device will be as follows:
root@SRX210# show interfaces | display set
set interfaces fe-0/0/5 unit 0 family inet address 192.168.222.1/24
set interfaces fe-0/0/5 unit 0 family inet filter input test-vr

root@SRX210# show routing-instances | display set
set routing-instances test instance-type virtual-router <<<note fe-0/0/5 is not imported into the routing-instance

root@SRX210# show firewall | display set
set firewall family inet filter test-vr term skip-dhcp from protocol udp <<<this term sends dhcp requests to default instance
set firewall family inet filter test-vr term skip-dhcp from port 68
set firewall family inet filter test-vr term skip-dhcp from port 67
set firewall family inet filter test-vr term skip-dhcp then count dhcp-packet
set firewall family inet filter test-vr term skip-dhcp then accept
set firewall family inet filter test-vr term any then routing-instance test <<<this term sends all other traffic to routing-instance test

root@SRX210# show routing-options | display set
set routing-options rib-groups interface-routes import-rib inet.0
set routing-options rib-groups interface-routes import-rib test.inet.0
set routing-options rib-groups interface-routes import-policy import-vlan-interfaces

root@SRX210# show policy-options | display set
set policy-options policy-statement import-vlan-interfaces term accept-local from route-filter 192.168.222.0/24 orlonger
set policy-options policy-statement import-vlan-interfaces term accept-local then accept
set policy-options policy-statement import-vlan-interfaces term reject-all then reject
The logs from DHCP now show that the DHCP client is receiving the DHCP address:
Jun 6 11:40:32 received packet from 0.0.0.0 port 68 interface fe-0/0/5.0 routing instance default
Jun 6 11:40:32 -- looking for pool with subnet 192.168.222.1, prefix length 32
Jun 6 11:40:32 -- [pfxlen 24] Found pool `192.168.222.0/24'
Jun 6 11:40:32 Decoding packet from 0.0.0.0
Jun 6 11:40:32 parsing options from packet
Jun 6 11:40:32 option `dhcp-message-type' code 53 extracted from buffer
Jun 6 11:40:32 looking for overloaded options
Jun 6 11:40:32 looking up message type
Jun 6 11:40:32 Processing DHCP packet
Jun 6 11:40:32 <== DHCPDISCOVER
Jun 6 11:40:32 Looking for a lease w/hardware address `00:23:9c:0f:4e:40'
Jun 6 11:40:32 ...and no client identifier
Jun 6 11:40:32 ...and subnet 192.168.222.0/24
Jun 6 11:40:32 Found matching lease entry for `00:23:9c:0f:4e:40'
Jun 6 11:40:32 Lease #1...
Jun 6 11:40:32 ...correctly has no client identifier
Jun 6 11:40:32 ...has the correct subnet
Jun 6 11:40:32 found: 08, satisfies: 0a, exact: 0a
Jun 6 11:40:32 Exact match
Jun 6 11:40:32 ==> DHCPOFFER
Jun 6 11:40:32 -- looking for pool with subnet 192.168.222.20, prefix length 32
Jun 6 11:40:32 -- [pfxlen 24] Found pool `192.168.222.0/24'
Jun 6 11:40:32 flushed options on binding
Jun 6 11:40:32 set next server address to 0.0.0.0
Jun 6 11:40:32 set client address to 192.168.222.20
Jun 6 11:40:32 Default lease time 1 day obtained from `Global' scope

Note: DHCP is not supported on J and SRX series devices in the chassis cluster.  Refer to  KB25925 - DHCP is not supported on J and SRX series devices in the chassis cluster for more details.

Purpose:
Configuration
Implementation

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.