Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Example: Configuring DHCP relay server on SRX where relay agent interface and DHCP server interfaces are in different routing-instances

0

0

Article ID: KB28642 KB Last Updated: 15 Jan 2014Version: 1.0
Summary:

This article provides a configuration example for DHCP relay on a SRX, where the DHCP server interface and DHCP relay interfaces are in different routing-instances.

Symptoms:


Cause:

Solution:

Topology

DHCP ----(10.10.10.1) ge-0/0/1.0 SRX ge-0/0/0.0 (192.168.1.5)----(192.168.1.254) DHCP
Clients                                                                          Servers

    
where:
DHCP Relay interface ge-0/0/1.0 is in custom virtual router dhcp-relay and
DHCP Server interface ge-0/0/0.0 is in default routing instance.



Configuration

1. In order to make this setup work, the DHCP server connecting route and relay agent interface route must be in both routing-instances.

For example, in the above topology, the server route 192.168.1.0/24 needs to be shared with the dhcp-relay VR, and the dhcp-relay interface route 10.10.10.0/24 needs to be shared with the default routing instance.

See configuration below.


2. Also, a dummy dhcp-relay config must be added in the routing instance with the DHCP server.
If this is not configured, dhcp-relay will not be able to receive packets from the DHCP server.

set forwarding-options dhcp-relay server-group dummy-config


Complete configuration :

Configuration to share routes between VRs:

set policy-options policy-statement export_dhcp_server_route term 1 from instance master
set policy-options policy-statement export_dhcp_server_route term 1 from route-filter 192.168.1.0/24 exact
set policy-options policy-statement export_dhcp_server_route term 1 then accept
set policy-options policy-statement export_dhcp_server_route term 2 then reject
set policy-options policy-statement import_relay_route_to_server_vr term 1 from instance dhcp-relay
set policy-options policy-statement import_relay_route_to_server_vr term 1 from route-filter 10.10.10.0/24 exact
set policy-options policy-statement import_relay_route_to_server_vr term 1 then accept
set policy-options policy-statement import_relay_route_to_server_vr term 2 then reject



Configuration in dhcp-relay VR:

set routing-instances dhcp-relay instance-type virtual-router
set routing-instances dhcp-relay interface ge-0/0/1.0
set routing-instances dhcp-relay routing-options instance-import export_dhcp_server_route
set routing-instances dhcp-relay forwarding-options dhcp-relay server-group wifi-server 192.168.1.254
set routing-instances dhcp-relay forwarding-options dhcp-relay active-server-group wifi-server
set routing-instances dhcp-relay forwarding-options dhcp-relay group relay-in-vr interface ge-0/0/1.0



Dummy dhcp-relay config in DHCP server VR (in this case default routing instance):

set forwarding-options dhcp-relay server-group dummy-config
set routing-options instance-import import_relay_route_to_server_vr



Verification

1. Check the DHCP relay statistics:

root@vsrx-1# run show dhcp relay statistics routing-instance dhcp-relay
Packets dropped:
Total 0

Messages received:
BOOTREQUEST 1
DHCPDECLINE 0
DHCPDISCOVER 0
DHCPINFORM 0
DHCPRELEASE 0
DHCPREQUEST 1

Messages sent:
BOOTREPLY 1
DHCPOFFER 0
DHCPACK 1
DHCPNAK 0
DHCPFORCERENEW 0

For more information, refer to show dhcp relay statistics.


2. Check the DHCP client bindings in the routing instance:

root@vsrx-1# run show dhcp relay binding routing-instance dhcp-relay

IP address   Session Id  Hardware address   Expires   State     Interface
10.10.10.2   14          00:0c:29:e9:6d:00  86381     BOUND     ge-0/0/1.0


For more information, refer to show dhcp relay binding.



Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search