This article provides information on how to configure and understand DHCP6 debugs.
- Configuring the ScreenOS firewall as the DHCP6 client:
The below configuration explains how to configure the ScreenOS firewall (DHCPv6 client) to receive a set of IPV6 subnets and other network and interface parameters from a DHCPv6-PD server using the DHCPv6 Prefix Delegation (DHCPv6-PD). With the below configuration, the juniper firewall acting as a DHCP6 client receives 2001:908e:abcd:a::/64 from a DHCPv6-PD server.
set interface "ethernet0/2" ipv6 mode "host"
set interface "ethernet0/2" ipv6 enable
set interface ethernet0/2 dhcp6 client
set interface ethernet0/2 ipv6 ra accept
set interface ethernet0/2 ipv6 nd nud
set interface ethernet0/2 dhcp6 client options rapid-commit
set interface ethernet0/2 dhcp6 client options request pd
set interface ethernet0/2 dhcp6 client pd iapd-id 110 prefix 2001:908e:abcd:a::/64 4294967295 4294967295
set interface ethernet0/2 dhcp6 client enable
We can also configure the firewall to send the request to the preferred server. See the below command:
set interface ethernet0/2 dhcp6 client prefer-server 00:03:00:01:00:10:db:ff:20:60
00:03:00:01:00:10:db:ff:20:60 is the DUID (DHCP Unique Identifier), which is used to identify the device when exchanging DHCPv6 messages. The DUID is designed to be unique around all DHCPv6 servers and clients and must be stable for any specific client or server. See the below output of debug dhcp6 all
when the ScreenOS firewall is receiving the DHCPv6 IP from the server:
## 2011-07-16 07:07:00 : dhcp6 event timer on ethernet0/2, state=SOLICIT
## 2011-07-16 07:07:00 : add an IAPD.
## 2011-07-16 07:07:00 : set client ID
## 2011-07-16 07:07:00 : set rapid commit
## 2011-07-16 07:07:00 : set elapsed time
## 2011-07-16 07:07:00 : DHCP6 ORO, pd, no dns, no search list.
## 2011-07-16 07:07:00 : set option request
## 2011-07-16 07:07:00 : set IA_PD
## 2011-07-16 07:07:00 : client sending from fe80::217:cbff:fe4d:ad06 to ff02::1:2,len 50 through ethernet0/2 with xid 1cd92d4
## 2011-07-16 07:07:00 : send solicit to ff02::1:2-ïƒ client transmitting solicit message to the
reserved link-local “ff02::1:2” multicast address
## 2011-07-16 07:07:00 : reset a timer on ethernet0/2, state=SOLICIT, timeo=1, retrans=2054
## 2011-07-16 07:08:12 : DHCP6 client: got incoming packet on interface ethernet0/2
## 2011-07-16 07:08:12 : DHCPv6 client received packet(len 117) thro interface ethernet0/2
## 2011-07-16 07:08:12 : received reply from fe80::210:dbff:feff:2060 with xid 7cd92d4
## 2011-07-16 07:08:12 : get DHCP option client ID, len 10
## 2011-07-16 07:08:12 : DUID: 00:03:00:01:00:17:cb:4d:ad:06—clients DUID
## 2011-07-16 07:08:12 : get DHCP option server ID, len 10
## 2011-07-16 07:08:12 : DUID: 00:03:00:01:00:10:db:ff:20:60---Server’s DUID
## 2011-07-16 07:08:12 : get DHCP option rapid commit, len 0
## 2011-07-16 07:08:12 : get DHCP option opt_11, len 28
## 2011-07-16 07:08:12 : unknown or unexpected DHCP6 option opt_11, len 28
## 2011-07-16 07:08:12 : get DHCP option IA_PD, len 41
## 2011-07-16 07:08:12 : copy DHCP option IA_PD prefix, len 25
## 2011-07-16 07:08:12 : IA_PD prefix: 2001:908e:abcd:a::/64 pltime=4294967295 vltime=4294967295
## 2011-07-16 07:08:12 : DHCP: Actions on received information:
## 2011-07-16 07:08:12 : make an IA: PD-110
## 2011-07-16 07:08:12 : create a prefix 2001:908e:abcd:a::/64 pltime=4294967295, vltime=4294967295
----->Prefix received from the server.
- Configuring the ScreenOS firewall as the DHCPv6 server:
The configuration below explains how to configure the ScreenoS firewall as the DHCPv6 server:
set interface "ethernet0/2" ipv6 mode "router"
set interface "ethernet0/2" ipv6 enable
set interface ethernet0/2 dhcp6 server
set interface ethernet0/2 dhcp6 server enable
set interface ethernet0/2 ipv6 ra link-address
set interface ethernet0/2 ipv6 ra transmit
set interface ethernet0/2 ipv6 nd nud
set interface ethernet0/2 dhcp6 server options client-duid 00:03:00:01:00:17:cb:4d:ad:06 name client
set interface ethernet0/2 ipv6 ra prefix 2001:908e:abcd:a::/64 autonomous onlink
set interface ethernet0/2 dhcp6 server options pd duid 00:03:00:01:00:17:cb:4d:ad:06 iapd-id 110 prefix 2001:908e:abcd:a::/64 0
See the below output of debug dhcp6 all
when the ScreenOS firewall is sending the DHCPv6 prefix to the DHCPv6 client:
## 2011-07-15 16:38:59 : DHCP6 server: got incoming packet on interface ethernet0/2
## 2011-07-15 16:38:59 : DHCPv6 server received packet(len 50) thro interface ethernet0/2
## 2011-07-15 16:38:59 : received solicit from fe80::217:cbff:fe4d:ad06 with xid 1cd92d4
## 2011-07-15 16:38:59 : get DHCP option client ID, len 10
## 2011-07-15 16:38:59 : DUID: 00:03:00:01:00:17:cb:4d:ad:06
## 2011-07-15 16:38:59 : get DHCP option rapid commit, len 0
## 2011-07-15 16:38:59 : get DHCP option elapsed time, len 2
## 2011-07-15 16:38:59 : client ID 00:03:00:01:00:17:cb:4d:ad:06
## 2011-07-15 16:38:59 : Locate host duid<00:03:00:01:00:17:cb:4d:ad:06>
## 2011-07-15 16:38:59 : found a host configuration for client
## 2011-07-15 16:38:59 : add a new binding [IA: duid=00:03:00:01:00:17:cb:4d:ad:06, type=PD, iaid=110, duration=4294967295]
## 2011-07-15 16:38:59 : DHCP: add route for newly assigned prefix:
## 2011-07-15 16:38:59 : DHCP: add route for prefix 2001:908e:abcd:a::/64, ifp <ethernet0/2> gate fe80::217:cbff:fe4d:ad06.
## 2011-07-15 16:38:59 : DHCP: pd request iapd-id<110> found <1> new.
## 2011-07-15 16:38:59 : DHCP: got <1> from iapd exact matching.
## 2011-07-15 16:38:59 : ######################printing optinfo###############################
## 2011-07-15 16:38:59 : CLIENT DUID: 00:03:00:01:00:17:cb:4d:ad:06
## 2011-07-15 16:38:59 : SERVER DUID: 00:03:00:01:00:10:db:ff:20:60
## 2011-07-15 16:38:59 : rapid commit set
## 2011-07-15 16:38:59 : IAPD option: ID 6e t1: -1 t2: -1
## 2011-07-15 16:38:59 : ######################end optinfo###############################
## 2011-07-15 16:38:59 : set client ID
## 2011-07-15 16:38:59 : set server ID
## 2011-07-15 16:38:59 : set rapid commit
## 2011-07-15 16:38:59 : set opt_20
## 2011-07-15 16:38:59 : set opt_11
## 2011-07-15 16:38:59 : DHCP6 ORO, no pd, no dns, no search list.
## 2011-07-15 16:38:59 : set IA_PD prefix
## 2011-07-15 16:38:59 : set IA_PD
## 2011-07-15 16:38:59 : server sending response from fe80::210:dbff:feff:2060 to fe80::217:cbff:fe4d:ad06(0017cb4dad06),len 117 through ethernet0/2 with xid 1cd92d4
The image below of Wireshark illustrates the DHCPv6 server's reply to the client’s solicit message: