Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles[SRX] Troubleshooting Checklist - DHCP
A basic checklist for troubleshooting DHCP on Branch SRX devices. It includes the common mistakes made while configuring DHCP.
DHCP client, Server, or Relay Agent is not working on SRX:
Note: For DHCP configuration help, refer to the articles here: SRX Getting Started - Configure DHCP
root# set firewall filter DHCP term 1 from destination-port 67
root# set firewall filter DHCP term 1 from destination-port 68
root# set firewall filter DHCP term 1 then accept
root# set interfaces <ingress interface> family inet filter input DHCP
If your issue is not one of the common issues, then configure DHCP Server traceoptions to get more information on why the DHCP Server is not working:
The following DHCP Server traceoptions can be configured:
root# set system services dhcp traceoptions file dhcp.dbg
root# set system services dhcp traceoptions flag all
root# set system services dhcp traceoptions level all
For help on how to configure traceoptions and view debug output, refer to KB16108 - Configuring Traceoptions for Debugging and Trimming Output.
root# run show log dhcp.dbg |no-more
Jan 16 19:39:09 650-2 clear-log[2505]: logfile cleared
Jan 16 19:39:33 rtsock ifd message for ge-0/0/0
Jan 16 19:39:33 changed ifd ge-0/0/0 to down
Jan 16 19:39:49 rtsock ifd message for ge-0/0/0
Jan 16 19:39:49 changed ifd ge-0/0/0 to up
Jan 16 19:39:51 received packet from 0.0.0.0 port 68 interface ge-0/0/0.0 routing instance default
Jan 16 19:39:51 Link local IP: 0
Jan 16 19:39:51 -- looking for pool with subnet 192.168.1.1, prefix length 32
Jan 16 19:39:51 -- [pfxlen 24] Found pool `192.168.1.0/24'
Jan 16 19:39:51 Decoding packet from 0.0.0.0
Jan 16 19:39:51 parsing options from packet
Jan 16 19:39:51 option `dhcp-message-type' code 53 extracted from buffer
Jan 16 19:39:51 looking for overloaded options
Jan 16 19:39:51 looking up message type
Jan 16 19:39:51 Processing DHCP packet
Jan 16 19:39:51 <== DHCPDISCOVER
Jan 16 19:39:51 Looking for a lease w/hardware address `b0:c6:9a:8a:0c:00'
Jan 16 19:39:51 ...and no client identifier
Jan 16 19:39:51 ...and subnet 192.168.1.0/24
Jan 16 19:39:51 Found matching lease entry for `b0:c6:9a:8a:0c:00' <- MAC Address of Client
Jan 16 19:39:51 Lease #1...
Jan 16 19:39:51 ...correctly has no client identifier
Jan 16 19:39:51 ...has the correct subnet
Jan 16 19:39:51 found: 08, satisfies: 0a, exact: 0a
Jan 16 19:39:51 Exact match
Jan 16 19:39:51 ==> DHCPOFFER
Jan 16 19:39:51 -- looking for pool with subnet 192.168.1.2, prefix length 32
Jan 16 19:39:51 -- [pfxlen 24] Found pool `192.168.1.0/24'
Jan 16 19:39:51 flushed options on binding
Jan 16 19:39:51 set next server address to 0.0.0.0
Jan 16 19:39:51 set client address to 192.168.1.2
Jan 16 19:39:51 Default lease time 1 day obtained from `Global' scope
Jan 16 19:39:51 Flag = 4 Expiry = 15722 days, 19 hours, 39 minutes, 51 seconds
Jan 16 19:39:51 Flag = 4 15722 days, 19 hours, 34 minutes, 19 seconds
Jan 16 19:39:51 Using default lease time of 1 day
Jan 16 19:39:51 Maximum lease time infinite obtained from `Global' scope
Jan 16 19:39:51 adding option `subnet-mask' code 1 to binding
Jan 16 19:39:51 adding option `broadcast-address' code 28 to binding
Jan 16 19:39:51 lease with IP address 192.168.1.2 changed state from active to offered
Jan 16 19:39:51 Packing 27 bytes of options
Jan 16 19:39:51 packing option `dhcp-message-type' code 53 with 1 bytes of data
Jan 16 19:39:51 packing option `server-identifier' code 54 with 4 bytes of data
Jan 16 19:39:51 packing option `dhcp-lease-time' code 51 with 4 bytes of data
Jan 16 19:39:51 packing option `subnet-mask' code 1 with 4 bytes of data
Jan 16 19:39:51 packing option `broadcast-address' code 28 with 4 bytes of data
Jan 16 19:39:51 broadcasting the response
Jan 16 19:39:51 sent packet from 192.168.1.1 to 255.255.255.255 port 68 out interface ge-0/0/0.0 routing instance default
Jan 16 19:39:51 ==> DHCPOFFER [done]
Jan 16 19:39:51 <== DHCPDISCOVER [done]
Jan 16 19:39:52 received packet from 0.0.0.0 port 68 interface ge-0/0/0.0 routing instance default
Jan 16 19:39:52 Link local IP: 0
Jan 16 19:39:52 -- looking for pool with subnet 192.168.1.1, prefix length 32
Jan 16 19:39:52 -- [pfxlen 24] Found pool `192.168.1.0/24'
Jan 16 19:39:52 Decoding packet from 0.0.0.0
Jan 16 19:39:52 parsing options from packet
Jan 16 19:39:52 option `server-identifier' code 54 extracted from buffer
Jan 16 19:39:52 option `dhcp-parameter-request-list' code 55 extracted from buffer
Jan 16 19:39:52 option `dhcp-requested-address' code 50 extracted from buffer
Jan 16 19:39:52 option `dhcp-message-type' code 53 extracted from buffer
Jan 16 19:39:52 looking for overloaded options
Jan 16 19:39:52 looking up message type
Jan 16 19:39:52 have client IP 192.168.1.2
Jan 16 19:39:52 have server identifier 192.168.1.1
Jan 16 19:39:52 Processing DHCP packet
Jan 16 19:39:52 <== DHCPREQUEST
Jan 16 19:39:52 requester 0.0.0.0 if ge-0/0/0.0 hw type 1 hw len 6 secs 0 hops 0 ciaddr 0.0.0.0 giaddr 0.0.0.0
Jan 16 19:39:52 Looking for a lease w/hardware address `b0:c6:9a:8a:0c:00'
Jan 16 19:39:52 ...and no client identifier
Jan 16 19:39:52 ...and address 192.168.1.2
Jan 16 19:39:52 ...and subnet 192.168.1.0/24
Jan 16 19:39:52 Found matching lease entry for `b0:c6:9a:8a:0c:00'
Jan 16 19:39:52 Lease #1...
Jan 16 19:39:52 ...correctly has no client identifier
Jan 16 19:39:52 ...has the correct address
Jan 16 19:39:52 ...has the correct subnet
Jan 16 19:39:52 found: 08, satisfies: 0b, exact: 0b
Jan 16 19:39:52 Exact match
Jan 16 19:39:52 Client is in SELECTING state
Jan 16 19:39:52 lease with IP address 192.168.1.2 changed state from offered to active
Jan 16 19:39:52 saving lease 0x57c100 to file `/var/db/leases/192.168.1.2-01b0c69a8a0c00.jdl'
Jan 16 19:39:52 ==>DHCPACK
If the root cause cannot be determined from reviewing the traceoptions output, then capture a PCAP on the SRX interface that is assigning the IP address. Also, a PCAP on the client side may be necessary.
For information on how to configure Packet Capture on SRX, refer to [SRX] How to Create a PCAP packet capture on a J-Series or SRX Branch device.
root> show system services dhcp binding | match <ip address>
root> clear system services dhcp binding <dynamic address which is associated with the configured MAC>
root#set forwarding-options helpers bootp minimum-wait-time <seconds>
If your issue is not one of the common issues, then configure DHCP Client traceoptions to get more information on why the DHCP Client is not working.
The following DHCP traceoptions can be configured:
root# set system services dhcp traceoptions file dhcp_client.dbg
root# set system services dhcp traceoptions flag client
root# set system services dhcp traceoptions level all
For help on how to configure traceoptions and view debug output, refer to KB16108 - Configuring Traceoptions for Debugging and Trimming Output.
root# run show log dhcp_client.dbg | no-more
Jan 16 19:49:28 Create Client ifl_name= ge-0/0/0.0 and ifd_name=ge-0/0/0 id 1102520059
Jan 16 19:49:28 New ifstate 0 Old ifstate 0
Jan 16 19:49:28 DHCP client config changed for ifl = ge-0/0/0.0 state = 0
Jan 16 19:49:28 Emptied the name_tree
Jan 16 19:50:44 Bringing down the client for IFD= ge-0/0/0
Jan 16 19:50:44 Lease filename to delete /var/db/leases/ge-0_0_0.0
Jan 16 19:50:46 Opened file for Writing /var/etc/dcd.dhcpd.conf
Jan 16 19:50:46 Closed file for Writing /var/etc/dcd.dhcpd.conf
Jan 16 19:50:46 signalled dcd (pid 1226) to overlay
Jan 16 19:51:04 rtsock notified state change for IFD= ge-0/0/0
Jan 16 19:51:04 interface = ge-0/0/0.0 mac = b0:c6:9a:8a:0c:00
Jan 16 19:51:04 construct DHCP CLIENT packet for ifl_index = 68 ifl_name=ge-0/0/0.0 , pkt code = 1
Jan 16 19:51:04 No lease file send discover for ifl ifl= ge-0/0/0.0
Jan 16 19:51:04 Send DHCPDISCOVER packet for ifl_index = 68 ifl_name=ge-0/0/0.0
Jan 16 19:51:04 Packing 3 bytes of options
Jan 16 19:51:04 dhcp client packet sent successfully bytes sent = 300 dci_ifl_name = ge-0/0/0.0 dest addr = 255.255.255.255 dest port = 67 dci_ifl_index = 68 Client MAC = b0:c6:9a:8a:0c:00
Jan 16 19:51:08 DCHP Server Identifier Stored 0xc0a80101
Jan 16 19:51:08 Send DHCPREQUEST packet for ifl_index = 68 ifl_name=ge-0/0/0.0 state=1
Jan 16 19:51:08 construct DHCP CLIENT packet for ifl_index = 68 ifl_name=ge-0/0/0.0 , pkt code = 2
Jan 16 19:51:08 Packing 24 bytes of options
Jan 16 19:51:08 dhcp client packet sent successfully bytes sent = 300 dci_ifl_name = ge-0/0/0.0 dest addr = 255.255.255.255 dest port = 67 dci_ifl_index = 68 Client MAC = b0:c6:9a:8a:0c:00
Jan 16 19:51:08 dhcpd_client_io_recv_packet:559
Jan 16 19:51:08 update nameserver from dhcp
Jan 16 19:51:08 router address is 192.168.1.1 DHCP Server IP
Jan 16 19:51:08 Client address/Subnet mask is 255.255.255.0/255.255.255.0
Jan 16 19:51:08 Found BPF device=/dev/bpf4 for ifl=ge-0/0/0.0 sock=15
Jan 16 19:51:13 DHCP client state timeout: ifl = ge-0/0/0.0
Jan 16 19:51:13 Written IP address 192.168.1.2 to file /var/db/leases/ge-0_0_0.0 Client Obtained IP Address
If the root cause cannot be determined from reviewing the traceoptions output, then capture a PCAP on the SRX interface that is acting as a client. Also, a PCAP on the server side may be necessary.
For information on how to configure Packet Capture on SRX, refer to [SRX] How to Create a PCAP packet capture on a J-Series or SRX Branch device.
Create a PCAP (packet capture) on the Relay Agent ingress and egress interfaces simultaneously and analyze the DHCP packets.
For information on how to configure Packet Capture on SRX, refer to [SRX] How to Create a PCAP packet capture on a J-Series or SRX Branch device.
Related Links
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search