Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Unable to configure DHCP Server on sub-interfaces. Why is the DHCP option not available?

0

0

Article ID: KB14185 KB Last Updated: 29 May 2009Version: 1.0
Summary:

Unable to configure DHCP Server on sub-interfaces. Why is the DHCP option not available?

Symptoms:

The SSG20 firewall is running Screen OS 6.1r5. When trying to configure a DHCP Server on the sub-interface, there is no available option.

For example, when running the following commands, the only option available is to enable DHCP relay on the sub-interface eth0/0.1. There is no option to enable the DHCP Server.

SSG20-6-1(M)-> get int | i "eth0/0.1
eth0/0.1        192.168.1.1/24                Trust                0010.dbff.2000          700 D 0

SSG20-6-1(M)-> get sys | i version
Software Version: 6.1.0r5.0, Type: Firewall+VPN

SSG20-6-1(M)-> set int e0/0.1 dhcp ?
relay       dhcp relay agent setup

Solution:

This is by design. As seen from the following command:

SSG20-6-1(M)-> get int | i "eth0/0.1"
eth0/0.1       192.168.1.1/24               Trust               0010.dbff.2000          700 D 0

The above SSG20 firewall has been set up in a NSRP cluster. Screen OS does not support DHCP server configuration on VSI interfaces for Screen OS 6.1 and below.
Note that if the firewall is not in an NSRP cluster, the DHCP server option is available:

SSG20-6-1(M)-> unset nsrp cluster id
SSG20-6-1->
SSG20-6-1-> set int e0/0.1 dhcp ?
relay         dhcp relay agent setup
server      dhcp server setup


Starting with ScreenOS 6.2, enhanced support has been implemented for DHCP options on VSI interfaces. Refer to the following link for the Release Notes from 6.2r1 on Page 20:

An Exerpt of this new Feature listed in the Screen OS 6.2r1 Release Notes is as follows:

■  Extended Support for DHCP in NSRP Clusters

Prior ScreenOS releases implemented some basic functions to support DHCP functionalities in NSRP cluster deployments; these functions include configuration sync and RTO sync for both DHCP client and DHCP server.
ScreenOS 6.2.0 included additional enhancements to fully support DHCP functionalities in complex NSRP cluster environments. Starting with this release, admins can enable the DHCP client on VSI interfaces, use a configurable client ID to support multiple NSRP clusters in the same DHCP realm, and enable the DHCP server on VSI subinterfaces.

Below are the results after an upgrade to ScreenOS 6.2:

SSG20-6-1(M)-> get sys | i ver
Hardware Version: 0710(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
Software Version: 6.2.0r1.0, Type: Firewall+VPN

SSG20-6-1(M)-> set int e0/0.1 dhcp ?
client      dhcp client setup
relay       dhcp relay agent setup
server    dhcp server setup


SSG20-6-1(M)-> set int e0/0.1 dhcp

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search