Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Resolution Guide - EX - Troubleshoot Dynamic Host Configuration Protocol (DHCP)

0

0

Article ID: KB23335 KB Last Updated: 24 Aug 2017Version: 3.0
Summary:

This article will assist with Dynamic Host Configuration Protocol (DHCP) troubleshooting in a step-by-step approach with EX Series Ethernet switches.

The DHCP features ease the concept of assigning IP addresses to the clients connected in a network.

Symptoms:

Client does not receive IP address from the DHCP server

Solution:

Important Note:

JUNOS supports two different DHCP software and different configuration per each. One is Legacy DHCP (dhcpd) and the other is Extended DHCP (jdhcpd). Depending on platform and JUNOS version, either one or both of them are supported. This article is written based on Legacy DHCP software. If you are using Extended DHCP configuration, it may be different from the contents in this article. For more information about Extended DHCP, refer to Understanding DHCP Services for Switches.

 


Perform the following steps to troubleshoot DHCP issue with EX Series Ethernet switches:

Step 1. Map out the network topology and identify the components.

  • DHCP Server
  • DHCP Relay Agent
  • DHCP Client

Below are DHCP Network Topology examples.

Example 1: DHCP Server and Clients in same subnet

Example 2: DHCP Server and Clients in different subnets
 

Step 2.  Is the DHCP client connected to the DHCP Server with a DHCP Relay Agent?

  • Yes - Continue to Step 3.
    The DHCP server is connected to the DHCP client through the Relay Agent as in Example 2.

  • No  - Jump to Step 5. The DHCP client is in the same subnet as that of the DHCP server as in Example 1.




Step 3.  Verify the DHCP Relay Agent configuration. A DHCP Relay Agent needs to be configured if the DHCP client and the DHCP Servers are connected in different broadcast domains.

Issue the following command to verify the relay agent configuration:

juniper@EX> show configuration forwarding-options
helpers {
    bootp {
        server 20.20.20.2;  
        interface {
            vlan.20;
        }
    }
}

Verify the highlighted information from the output above:

  • IP address of the DHCP server
  • VLAN Interface
To configure and verify relay agent configuration refer to the following KB's:
KB11020 - How to configure and verify DHCP Relay for EX Series switches
KB13206 - Configuring the EX-series Switch to act as a DHCP/BOOTP Relay Agent



Step 4.  Verify the communication between devices on the Routed VLAN interfaces.  In other words, verify that a device on the client VLAN can communicate with a device on DHCP server VLAN.     

There should be basic communication between the clients of differents VLANs with the DHCP server. This is achieved by configuring Routed VLAN Interface on the Relay Agent for every VLAN in the network.  For example, if the DHCP Server and the DHCP clients are in VLAN 20 and VLAN 10 respectively as in the Example 2, then the client in VLAN 10 should be able to reach the DHCP server on VLAN 10.  Without the Routed VLAN Interface configured, the Relay Agent will not relay information between the DHCP Client and the DHCP Server.

Refer to the following link to configure the Routed VLAN interface configured on the switch:
http://www.juniper.net/techpubs/en_US/junos11.4/topics/task/configuration/bridging-routed-vlan-interfaces-ex-series-cli.html

Refer to the following link to verify the Routed VLAN interface configured on the switch.
http://www.juniper.net/techpubs/en_US/junos11.4/topics/task/verification/bridging-routed-vlan-interface.html



Step 5.  Is the DHCP Server an EX switch?

 

  • Yes - Continue to Step 6
  • No - The DHCP server is not an EX switch. Configuration on the DHCP Server needs to be checked.

     

 



Step 6.  Verify the EX DHCP Server configuration and check if it has enough IP addresses to assign it to the client.

Multiple address pools can be configured for a DHCP server. The DHCP server dynamically distributes the IP address and configuration information such as gateway, subnet mask, host name, domain name, name servers, and time servers to the clients. Addresses in a pool are available to clients on the same subnet. DHCP maintains the state information for all pools configured. Clients are assigned addresses from pools with subnets that match the interface on which the DHCPDISCOVER packet is received. When more than one pool exists on the same interface, addresses are assigned on a rotating basis from all available pools.
 

To verify the DHCP pool configuration, issue the following commands:

Switch@juniper>show configuration system services dhcp
{
    pool 10.10.10.0/24 {
        address-range low 10.10.10.5 high 10.10.10.253;
    }
    pool 20.20.20.0/24 {                                
        address-range low 20.20.20.5 high 20.20.20.253;
    }                      
}

Switch@juniper>show system services dhcp pool 
Pool name      Low address    High address    Excluded addresses             
10.0.0.0/24    10.10.10.5     10.10.10.253 
20.0.0.0/24    20.20.20.5     20.20.20.253


To configure and verify DHCP operations on an EX switch, refer to the KB11386 - Configuring EX series switch as DHCP server.

 For configuring address pools for DHCP dynamic bindings, refer to:
http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-system-basics/dhcp-dynamic-bindings-address-pool-configuring.html#id-10948131

 

Is the DHCP server configured correctly?

  • Yes - The DHCP Server configuration is correct and there are available IPs to be assigned to clients.
    Continue to Step 7

  • No - The DHCP Server configuration is not correct. There are no available IPs to be assigned to clients. Correct the configuration. Increase the size of the pool, or create a new pool.

 

Step 7.  Does the DHCP server have a route to the DHCP client network?

  • Yes - Continue to Step 8
  • No - Configure a static route on the DHCP client to check the reachabilty between the DHCP Client and the DHCP Server.



Step 8. Is Port Security with DHCP Snooping and dynamic ARP inspection (DAI) being used?

Port security features such as DHCP snooping and DAI are configured to protect the switch and the Ethernet LAN against address spoofing and Layer 2 denial-of-service (DoS) attacks.
Refer to the following link to configure and verify Port Security with DHCP Snooping, DAI, MAC Limiting, and MAC Move Limiting, on an EX-series Switch: http://www.juniper.net/techpubs/en_US/junos11.4/topics/example/port-security-configuring.html

  • Yes - Continue to Step 9
  • No - Jump to Step 10



Step 9. Run 'show dhcp snooping binding'. Do you see the MAC address of the client?

The command show dhcp snooping binding is issued to verify the assignment of the IP addresses by the DHCP server against the MAC addresses specified by the user for security reasons.

  • Yes - Continue to Step 10
  • No - Add the MAC address if it misses in the table or disable DHCP snooping.



Step 10. Do a packet capture on the interfaces to analyze if the DORA process works.

                                                       DORA PROCESS

The following tools can be used;

Step 11.  If the issue is not resolved, collect the following information and call your technical support representative.
  1. Network Topology/Diagram labeling DHCP roles of each device.

  2. Collect the logs on the EX device:

    DHCP client in the same broadcast domain as the DHCP Server:
    show configuration system services dhcp
    show system services dhcp pool
    show system services dhcp binding
    show system services dhcp conflict
    show system services dhcp global
    show system services service-deployment


    DHCP client connected to the DHCP Server through a Relay Agent:
    show configuration forwarding-options
    show helper statistics

  3. Request Support Information and Log messages
    request support information all-member | no-more
    show log messages
Modification History:

2017-08-22: Added note to clarify difference between Legacy DHCP (dhcpd) and Extended DHCP (jdhcpd)

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search