Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to reserve an IP address for a network device when NetScreen firewall acts as a DHCP server

0

0
Article ID: KB28287 KB Last Updated: 19 Nov 2013Version: 1.0 Summary:

This article describes how to reserve an IP address for a network device/workstation when one of the firewall interfaces acts as a DHCP server. Directions for reserving an IP address are given for both WebUI and CLI interfaces.

Symptoms:

How to reserve an IP address for a network device when a NetScreen firewall acts as a DHCP server.

Cause:

Solution:

When acting as a DHCP server, a Juniper firewall allocates IP addresses in two modes:

  • Dynamic mode - Firewall assigns/leases an IP address from an address pool to a host DHCP client for a specified period of time or until the client relinquishes the address.

  • Reserved mode - Firewall assigns a designated IP address from an address pool exclusively to a specific client every time that client goes online.
Note: An address pool is a defined range of IP addresses within the same subnet from which the security device can draw DHCP address assignments. You can group up to 255 IP addresses.

The DHCP server supports up to 64 entries, which can include both single IP addresses and IP address ranges, for dynamic and reserved IP addresses. The security device saves every IP address assigned through DHCP in flash memory. Consequently, rebooting the security device does not affect address assignments

I. Configure Firewall as a DHCP Server

To configure your NetScreen firewall as a DHCP server, refer to KB4243 - How to configure the NetScreen firewall as a DHCP server

II. Reserve IP address for a network device

WebUI

  1. Navigate to Network > DHCP > Edit (interface) > DHCP Server > Addresses

  2. Select Reserved

  3. Enter IP address : <32-bit IPv4 address>

    4. Ethernet address : <48-bit MAC/Physical address>

  4. Click on OK.

  5. Navigate to Network > DHCP > Edit (bgroup0) > DHCP Server > Addresses

  6. Select Reserved

  7. Enter IP address: 192.168.1.10

    8. Ethernet address : 001f.16f5.b605

  8. Click on OK.



CLI

set interface <interface> dhcp server ip <ipv4_address> mac <mac_address>
save


Example:

[PC]----------------[Switch]--------------192.168.1.1/24----bgroup0[Firewall]
MAC
00:1F:16:F5:B6:05

  1. Assume a PC with MAC address ‘00:1F:16:F5:B6:05’ in your internal LAN 192.168.1.0/24.

  2. Your requirement is to reserve IP address 192.168.1.10/32 for this PC.

  3. Bgroup0 of your firewall is configured with ip 192.168.1.1/24.

  4. Bgroup0 is acting as a DHCP server with a dynamic IP address pool defined from 192.168.1.11-192.168.1.20.

    5. ssg20-wlan-> set interface bgroup0 dhcp server ip 192.168.1.10
                            mac 001f16f5b605
    ssg20-wlan->
    ssg20-wlan-> save

Observations:








Related Links

 Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search