Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to configure DHCP on multiple VLANs in a SRX

0

0
Article ID: KB21909 KB Last Updated: 24 Feb 2020Version: 3.0 Summary:

This article provides information on how to configure the DHCP on multiple VLANs in a SRX.

  • Multiple address pools can be configured for a DHCP server. A different IP from separate address pools can be allocated to VLANs.

  • DHCP maintains the state information for all the configured pools.

  • Clients are assigned addresses from pools with subnets that match the interface on which the DHCPDISCOVER packet is received.

 

Symptoms:
  • Multiple switches each spanning over a plethora of hosts. Every switch connected to an interface on the SRX is working as a DHCP server.

  • This design requirement is not feasible due to extensive requirement of external switches.

  • The optimal solution to this issue would be to use multiple VLANs spanning over several hosts and each VLAN interface getting an IP from a DHCP server configured on the SRX.
Solution:
For version before 12.1 (DHCPD):  
    system {
      host-name DHCP_VLAN;
      root-authentication {
        encrypted-password "$ABC123"; ## SECRET-DATA
        }
     
      services {
        dhcp {
          pool 192.168.15.0/24 {
            address-range low 192.168.15.100 high 192.168.15.254;
            router {
              192.168.15.1;
            }
            propagate-settings vlan.300;
          }
          pool 192.168.16.0/24 {
            address-range low 192.168.16.100 high 192.168.16.254;
            router {
              192.168.16.1;
            }
            propagate-settings vlan.100;
          }
        }
      }
    }

    interfaces {
      ge-2/0/0 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test;
            }
          }
        }
      }
      ge-2/0/1 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test2;
            }
          }
        }
      }
    }

    vlan {
      unit 100 {
        family inet {
          address 192.168.16.1/24;
        }
      }
      unit 300 {
        family inet {
          address 192.168.15.1/24;
        }
      }
    }
    
    security {
      zones {
        security-zone trust {
          interfaces {
            vlan.300 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
            vlan.100 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
          }
        }
      }
    }
    
    vlans {
      test {
        vlan-id 300;
        interface {
          ge-2/0/0.0;
        }
        l3-interface vlan.300;
      }
      test2 {
        vlan-id 100;
        interface {
          ge-2/0/1.0;
        }
        l3-interface vlan.100;
      }
    }

    SRX-650

    VERSION: 10.4R3.4


    root@DHCP_VLAN# run show system services dhcp statistics
    Sep 22 20:38:57
    Packets dropped:
    Total 0

    Messages received:
    BOOTREQUEST 0
    DHCPDECLINE 0
    DHCPDISCOVER 4
    DHCPINFORM 7
    DHCPRELEASE 0
    DHCPREQUEST 5

    Messages sent:
    BOOTREPLY 0
    DHCPOFFER 4
    DHCPACK 12
    DHCPNAK 0

    [edit]
    root@DHCP_VLAN# run show route
    Sep 22 20:39:02

    inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    192.168.15.0/24 *[Direct/0] 00:02:43
    > via vlan.300
    192.168.15.1/32 *[Local/0] 01:44:13
    Local via vlan.300
    192.168.16.0/24 *[Direct/0] 00:05:07
    > via vlan.100
    192.168.16.1/32 *[Local/0] 00:16:45
    Local via vlan.100
For version after 12.1, user may opt for using JDHCPD: 
    system {
      host-name DHCP_VLAN;
      root-authentication {
        encrypted-password "$ABC123"; ## SECRET-DATA
        }
      services {
        dhcp-local-server {
          group test {
            interface vlan.100;
            interface vlan.300;
          }
        }
      }
    }

    interfaces {
      ge-2/0/0 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test;
            }
          }
        }
      }
      ge-2/0/1 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test2;
            }
          }
        }
      }
    }

    vlan {
      unit 100 {
        family inet {
          address 192.168.16.1/24;
        }
      }
      unit 300 {
        family inet {
          address 192.168.15.1/24;
        }
      }
    }
    
    security {
      zones {
        security-zone trust {
          interfaces {
            vlan.300 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
            vlan.100 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
          }
        }
      }
    }
    
    access {
      address-assignment {
        pool p1 {
          family inet {
            network 192.168.15.0/24;
            range r1 {
              low 192.168.15.100; 
              high 192.168.15.254;
            }
          }
        }
        pool p2 {
          family inet {
            network 192.168.16.0/24;
            range r2 {
              low 192.168.16.100;
              high 192.168.16.254;
            }
          }
        }
      }
    }

    vlans {
      test {
        vlan-id 300;
        interface {
          ge-2/0/0.0;
        }
        l3-interface vlan.300;
      }
      test2 {
        vlan-id 100;
        interface {
          ge-2/0/1.0;
        }
        l3-interface vlan.100;
      }
    }

lab@SRX# run show dhcp statistics interface vlan.100 
Packets dropped:
    Total                      0

Messages received:
    BOOTREQUEST                2
    DHCPDECLINE                0
    DHCPDISCOVER               1
    DHCPINFORM                 0
    DHCPRELEASE                0
    DHCPREQUEST                1

Messages sent:
    BOOTREPLY                  2
    DHCPOFFER                  1
    DHCPACK                    1
    DHCPNAK                    0
    DHCPFORCERENEW             0

lab@SRX# run show dhcp statistics interface vlan.300    
Packets dropped:
    Total                      0

Messages received:
    BOOTREQUEST                2
    DHCPDECLINE                0
    DHCPDISCOVER               1
    DHCPINFORM                 0
    DHCPRELEASE                0
    DHCPREQUEST                1

Messages sent:
    BOOTREPLY                  2
    DHCPOFFER                  1
    DHCPACK                    1
    DHCPNAK                    0
    DHCPFORCERENEW             0

lab@SRX# run show interfaces terse vlan     
Interface               Admin Link Proto    Local                 Remote
vlan                    up    up
vlan.100                up    up   inet     192.168.16.1/24 
vlan.300                up    up   inet     192.168.15.1/24

lab@SRX# run show dhcp server binding           

IP address        Session Id  Hardware address   Expires     State      Interface
192.168.16.100    3           00:24:dc:d9:7d:4f  82992       BOUND      vlan.100            
192.168.15.100    4           00:24:dc:d9:5d:41  82993       BOUND      vlan.300
Modification History:
2017-03-22: Added sample configuration and output for JDHCPD. 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search