Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to configure and understand DHCP6 debugs

0

0

Article ID: KB21572 KB Last Updated: 29 Aug 2011Version: 1.0
Summary:
This article provides information on how to configure and understand DHCP6 debugs.
Symptoms:
Environment:
  • Configuring the ScreenOS firewall as DHCP6 client and server.
  • Interpreting different DHCP6 components from the debugs.
Solution:
  1. Configuring the ScreenOS firewall as the DHCP6 client:

    The below configuration explains how to configure the ScreenOS firewall (DHCPv6 client) to receive a set of IPV6 subnets and other network and interface parameters from a DHCPv6-PD server using the DHCPv6 Prefix Delegation (DHCPv6-PD). With the below configuration, the juniper firewall acting as a DHCP6 client receives 2001:908e:abcd:a::/64 from a DHCPv6-PD server.

    set interface "ethernet0/2" ipv6 mode "host"
    set interface "ethernet0/2" ipv6 enable
    set interface ethernet0/2 dhcp6 client
    set interface ethernet0/2 ipv6 ra accept
    set interface ethernet0/2 ipv6 nd nud
    set interface ethernet0/2 dhcp6 client options rapid-commit
    set interface ethernet0/2 dhcp6 client options request pd
    set interface ethernet0/2 dhcp6 client pd iapd-id 110 prefix 2001:908e:abcd:a::/64 4294967295 4294967295
    set interface ethernet0/2 dhcp6 client enable

    We can also configure the firewall to send the request to the preferred server. See the below command:

    set interface ethernet0/2 dhcp6 client prefer-server 00:03:00:01:00:10:db:ff:20:60


    00:03:00:01:00:10:db:ff:20:60 is the DUID (DHCP Unique Identifier), which is used to identify the device when exchanging DHCPv6 messages. The DUID is designed to be unique around all DHCPv6 servers and clients and must be stable for any specific client or server. See the below output of debug dhcp6 all when the ScreenOS firewall is receiving the DHCPv6 IP from the server:

    ## 2011-07-16 07:07:00 : dhcp6 event timer on ethernet0/2, state=SOLICIT
    ## 2011-07-16 07:07:00 : add an IAPD.
    ## 2011-07-16 07:07:00 : set client ID
    ## 2011-07-16 07:07:00 : set rapid commit
    ## 2011-07-16 07:07:00 : set elapsed time
    ## 2011-07-16 07:07:00 : DHCP6 ORO, pd, no dns, no search list.
    ## 2011-07-16 07:07:00 : set option request
    ## 2011-07-16 07:07:00 : set IA_PD
    ## 2011-07-16 07:07:00 : client sending from fe80::217:cbff:fe4d:ad06 to ff02::1:2,len 50 through ethernet0/2 with xid 1cd92d4
    ## 2011-07-16 07:07:00 : send solicit to ff02::1:2-client transmitting solicit message to the
    reserved link-local “ff02::1:2” multicast address
    ## 2011-07-16 07:07:00 : reset a timer on ethernet0/2, state=SOLICIT, timeo=1, retrans=2054
    ## 2011-07-16 07:08:12 : DHCP6 client: got incoming packet on interface ethernet0/2
    ## 2011-07-16 07:08:12 : DHCPv6 client received packet(len 117) thro interface ethernet0/2
    ## 2011-07-16 07:08:12 : received reply from fe80::210:dbff:feff:2060 with xid 7cd92d4
    ## 2011-07-16 07:08:12 : get DHCP option client ID, len 10
    ## 2011-07-16 07:08:12 : DUID: 00:03:00:01:00:17:cb:4d:ad:06clients DUID
    ## 2011-07-16 07:08:12 : get DHCP option server ID, len 10
    ## 2011-07-16 07:08:12 : DUID: 00:03:00:01:00:10:db:ff:20:60---Server’s DUID
    ## 2011-07-16 07:08:12 : get DHCP option rapid commit, len 0
    ## 2011-07-16 07:08:12 : get DHCP option opt_11, len 28
    ## 2011-07-16 07:08:12 : unknown or unexpected DHCP6 option opt_11, len 28
    ## 2011-07-16 07:08:12 : get DHCP option IA_PD, len 41
    ## 2011-07-16 07:08:12 : copy DHCP option IA_PD prefix, len 25
    ## 2011-07-16 07:08:12 : IA_PD prefix: 2001:908e:abcd:a::/64 pltime=4294967295 vltime=4294967295
    ## 2011-07-16 07:08:12 : DHCP: Actions on received information:
    ## 2011-07-16 07:08:12 : make an IA: PD-110
    ## 2011-07-16 07:08:12 : create a prefix 2001:908e:abcd:a::/64 pltime=4294967295, vltime=4294967295----->Prefix received from the server.

  2. Configuring the ScreenOS firewall as the DHCPv6 server:

    The configuration below explains how to configure the ScreenoS firewall as the DHCPv6 server:

    set interface "ethernet0/2" ipv6 mode "router"
    set interface "ethernet0/2" ipv6 enable
    set interface ethernet0/2 dhcp6 server
    set interface ethernet0/2 dhcp6 server enable
    set interface ethernet0/2 ipv6 ra link-address
    set interface ethernet0/2 ipv6 ra transmit
    set interface ethernet0/2 ipv6 nd nud
    set interface ethernet0/2 dhcp6 server options client-duid 00:03:00:01:00:17:cb:4d:ad:06 name client
    set interface ethernet0/2 ipv6 ra prefix 2001:908e:abcd:a::/64 autonomous onlink
    set interface ethernet0/2 dhcp6 server options pd duid 00:03:00:01:00:17:cb:4d:ad:06 iapd-id 110 prefix 2001:908e:abcd:a::/64 0


    See the below output of debug dhcp6 all when the ScreenOS firewall is sending the DHCPv6 prefix to the DHCPv6 client:

    ## 2011-07-15 16:38:59 : DHCP6 server: got incoming packet on interface ethernet0/2
    ## 2011-07-15 16:38:59 : DHCPv6 server received packet(len 50) thro interface ethernet0/2
    ## 2011-07-15 16:38:59 : received solicit from fe80::217:cbff:fe4d:ad06 with xid 1cd92d4
    ## 2011-07-15 16:38:59 : get DHCP option client ID, len 10
    ## 2011-07-15 16:38:59 : DUID: 00:03:00:01:00:17:cb:4d:ad:06
    ## 2011-07-15 16:38:59 : get DHCP option rapid commit, len 0
    ## 2011-07-15 16:38:59 : get DHCP option elapsed time, len 2
    ## 2011-07-15 16:38:59 : client ID 00:03:00:01:00:17:cb:4d:ad:06
    ## 2011-07-15 16:38:59 : Locate host duid<00:03:00:01:00:17:cb:4d:ad:06>
    ## 2011-07-15 16:38:59 : found a host configuration for client
    ## 2011-07-15 16:38:59 : add a new binding [IA: duid=00:03:00:01:00:17:cb:4d:ad:06, type=PD, iaid=110, duration=4294967295]
    ## 2011-07-15 16:38:59 : DHCP: add route for newly assigned prefix:
    ## 2011-07-15 16:38:59 : DHCP: add route for prefix 2001:908e:abcd:a::/64, ifp <ethernet0/2> gate fe80::217:cbff:fe4d:ad06.
    ## 2011-07-15 16:38:59 : DHCP: pd request iapd-id<110> found <1> new.
    ## 2011-07-15 16:38:59 : DHCP: got <1> from iapd exact matching.
    ## 2011-07-15 16:38:59 : ######################printing optinfo###############################
    ## 2011-07-15 16:38:59 : CLIENT DUID: 00:03:00:01:00:17:cb:4d:ad:06
    ## 2011-07-15 16:38:59 : SERVER DUID: 00:03:00:01:00:10:db:ff:20:60
    ## 2011-07-15 16:38:59 : rapid commit set
    ## 2011-07-15 16:38:59 : IAPD option: ID 6e t1: -1 t2: -1
    ## 2011-07-15 16:38:59 : ######################end optinfo###############################
    ## 2011-07-15 16:38:59 : set client ID
    ## 2011-07-15 16:38:59 : set server ID
    ## 2011-07-15 16:38:59 : set rapid commit
    ## 2011-07-15 16:38:59 : set opt_20
    ## 2011-07-15 16:38:59 : set opt_11
    ## 2011-07-15 16:38:59 : DHCP6 ORO, no pd, no dns, no search list.
    ## 2011-07-15 16:38:59 : set IA_PD prefix
    ## 2011-07-15 16:38:59 : set IA_PD
    ## 2011-07-15 16:38:59 : server sending response from fe80::210:dbff:feff:2060 to fe80::217:cbff:fe4d:ad06(0017cb4dad06),len 117 through ethernet0/2 with xid 1cd92d4


The image below of Wireshark illustrates the DHCPv6 server's reply to the client’s solicit message:

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search