Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SRX Configuration Example: Two interfaces on SRX need DHCP IP Address assignment from different ISPs

0

1
Article ID: KB22642 KB Last Updated: 24 Feb 2020Version: 2.0 Summary:

Often there is the requirement where two interfaces are required to receive a Dynamic IP address and default route from two different DHCP servers. Mostly in a dual ISP scenario. To resolve this situation, there is the option of putting the interface requesting the Dynamic IP address in the Routing Instance (Junos 11.1R2 and above).

Symptoms:

Goal:

DHCP Client with more than one interface on which it needs to assign an IP addresses through separate DHCP Pools, and each interface is in a separate routing instance.
Solution:

Refer to the sample configuration of the DHCP Server and Client below.
Two VLAN interfaces on both devices (Server & Client) were created. Each VLAN interface (on DHCP Client) is in a separate routing-instance.  

Topology:

  DHCP_SERVER----------------------------------DHCP_CLIENT
  SRX 650                                      SRX 220
  ge-2/0/1.0                                   ge-0/0/0.0
 (Ethernet switching)Port-mode->trunk         (Ethernet switching)Port-mode->trunk

  vlan.10(192.168.3.1)(dhcp pool_192.168.3.0) 
  vlan.10(dhcp) -routing-instance-rs1

  vlan.20(172.16.1.1)(dhcp_pool_172.16.1.0) 
  vlan.20(dhcp) - routing-instance-rs2

DHCP Server (SRX 650) Configuration: 
root@server# show | no-more 

system {
    root-authentication {
         encrypted-password "$ABC123"; ## SECRET-DATA
    }
    services {
        ssh;
        telnet;
        dhcp {
            traceoptions {
                file jtac123;
                flag packet;
            }
            pool 172.16.1.0/24 {
                address-range low 172.16.1.2 high 172.16.1.100;
                router {
                    172.16.1.1;
                }
                propagate-settings vlan.20;
            }
            pool 192.168.3.0/24 {
                address-range low 192.168.3.2 high 192.168.3.100;
                router {
                    192.168.3.1;
                }
                propagate-settings vlan.10;
            }
        }
    }
}
interfaces {
    ge-2/0/1 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ vlan10 vlan20 ];
                }
            }
        }
    }
    vlan {
        unit 10 {
            family inet {
                address 192.168.3.1/24;
            }
        }
        unit 20 {
            family inet {
                address 172.16.1.1/24;
            }
        }
    }
}
security {
    policies {
        default-policy { 
            permit-all;
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
        }
        security-zone untrust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.10;
                vlan.20;
            }
        }
    }
}
vlans {
    vlan10 {
        vlan-id 10;
        l3-interface vlan.10;
    }
    vlan20 {
        vlan-id 20;
        l3-interface vlan.20;
    }
}


DHCP Client (SRX 220):

root@client# show | no-more
version 11.1R2.3;
system {
    root-authentication {
        encrypted-password "$ABC123"; ## SECRET-DATA
    }
    services {
        ssh;
        telnet;
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ vlan10 vlan20 ];
                }
            }
        }
    }
    vlan {
        unit 10 {
            family inet {
                dhcp;
            }
        }
        unit 20 {
            family inet {
                dhcp;
            }
        }
    }
}
security {
    policies {
        default-policy {
            permit-all;
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.20;
            }
        }
        security-zone trust1 {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.10;
            } 
        }
    }
}
routing-instances {
    rs1 {
        instance-type virtual-router;
        interface vlan.20;
    }
    rs2 {
        instance-type virtual-router;
        interface vlan.10;
    }
}
vlans {
    vlan10 {
        vlan-id 10;
        l3-interface vlan.10;
    }
    vlan20 {
        vlan-id 20;
        l3-interface vlan.20;
    }
}

Troubleshooting:

>>>>>>>>>>> Below is the output that each VLAN interface getting IP address from separate DHCP pool>>>>>>>>>>>> 
root# run show interfaces terse vlan.10
Interface Admin Link Proto Local Remote
vlan.10 up up inet 192.168.3.3/24 <<<<<<<<<<<<<<<<<<< From Pool1

[edit]
root#
root# run show interfaces terse vlan.20
Interface Admin Link Proto Local Remote
 vlan.20    up   up   inet 172.16.1.3/24 <<<<<<<<<<<<<<<<<<< From Pool2

>>>>>>>>>>>>>And in route table default route shows separately for each routing instance as below>>>>>>>>>>>>>>>>> 
root# run show route | no-more

rs1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Access-internal/12] 00:07:21
> to 172.16.1.1 via vlan.20 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
172.16.1.0/24 *[Direct/0] 00:10:28
> via vlan.20
172.16.1.3/32 *[Local/0] 00:10:28
Local via vlan.20

rs2.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Access-internal/12] 00:07:21
> to 192.168.3.1 via vlan.10 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
192.168.3.0/24 *[Direct/0] 00:07:21
> via vlan.10
192.168.3.3/32 *[Local/0] 00:07:21
Local via vlan.10
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search