Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles[SRX] Example - Configuring DHCPv6 PD over PPPoE
This article provides an example on how to configure DHCPv6 PD over PPPoE.
To provide a configuration suite using SRX devices for a DHCPv6 topology as described below:
- DHCPv6 server configration
set system services dhcp-local-server dhcpv6 overrides interface-client-limit 100
set system services dhcp-local-server dhcpv6 group my-group overrides interface-client-limit 200
set system services dhcp-local-server dhcpv6 group my-group overrides delegated-pool v6-pd-pool
set system services dhcp-local-server dhcpv6 group my-group interface pp0.0- PPPoE configuratinon
Host-name is needed to establish PPPoE session
set system host-name SRX1
set interfaces ge-0/0/1 unit 0 encapsulation ppp-over-ether
set interfaces pp0 unit 0 ppp-options chap access-profile prof-ge001
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/1.0
set interfaces pp0 unit 0 pppoe-options server
set interfaces pp0 unit 0 family inet6 address 3000::1/64- Router advertisement configuration
set protocols router-advertisement interface pp0.0 max-advertisement-interval 20
set protocols router-advertisement interface pp0.0 min-advertisement-interval 10
set protocols router-advertisement interface pp0.0 managed-configuration
set protocols router-advertisement interface pp0.0 other-stateful-configuration
set protocols router-advertisement interface pp0.0 prefix 3000::1/64- Enable IPv6 (chassis reboot is required)
set security forwarding-options family inet6 mode flow-based
- PPPoE profile configuration
set access profile prof-ge001 client test_user chap-secret test
- PD address pool configuration
set access address-assignment pool v6-pd-pool family inet6 prefix 2001:1:1::/48
set access address-assignment pool v6-pd-pool family inet6 range vp-pd prefix-length 48
set access address-assignment pool v6-pd-pool family inet6 dhcp-attributes dns-server 3000::1- Security zone configuration
DHCPv6 is needed to permit in host-inbound-traffic configuration to receive DHCPv6 packet
set security zones security-zone trust interface pp0.0 host-inbound-traffic system-services dhcpv6
- DHCPv6 server configuration for autoconfig device
set system services dhcp-local-server dhcpv6 overrides interface-client-limit 10
set system services dhcp-local-server dhcpv6 overrides process-inform pool p1
set system services dhcp-local-server dhcpv6 group ipv6 interface ge-0/0/2.0- PPPoE configuration
Host-name is needed to establish PPPoE session
set system host-name SRX2
set interfaces ge-0/0/1 unit 0 encapsulation ppp-over-ether
set interfaces pp0 unit 0 ppp-options chap default-chap-secret test
set interfaces pp0 unit 0 ppp-options chap local-name test_user
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/1.0
set interfaces pp0 unit 0 pppoe-options client- DHCPv6 client configuration
set interfaces pp0 unit 0 family inet6 dhcpv6-client client-type statefull
set interfaces pp0 unit 0 family inet6 dhcpv6-client client-ia-type ia-pd
set interfaces pp0 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/2.0 other-stateful-configuration
set interfaces pp0 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/2.0 max-advertisement-interval 10
set interfaces pp0 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/2.0 min-advertisement-interval 5
set interfaces pp0 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
set interfaces pp0 unit 0 family inet6 dhcpv6-client req-option dns-server
set interfaces pp0 unit 0 family inet6 dhcpv6-client update-server set protocols router-advertisement interface pp0.0- Enable ipv6(Chassis reboot is required)
set security forwarding-options family inet6 mode flow-based
- DHCPv6 server propagate configuration
This is to propagate DNS server information to end device
set access address-assignment pool p1 family inet6 prefix 2001::/16
set access address-assignment pool p1 family inet6 dhcp-attributes propagate-settings pp0.0- Security zone configuration
DHCPv6 is needed to permit in host-inbound-traffic configuration to receive DHCPv6 packet
set security zones security-zone untrust interface pp0.0 host-inbound-traffic system-services dhcpv6
set security zones security-zone trust interface ge-0/0/2.0 host-inbound-traffic system-services dhcpv6
- DHCPv6 client configuration
set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client client-type autoconfig
set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client client-ia-type ia-na
set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client req-option dns-server- Router advertisement configuration
This is to receive router advertisement from PD device to create default route automatically.
set protocols router-advertisement interface fe-0/0/0.0
- Enable IPv6(Chassis reboot is required)
set security forwarding-options family inet6 mode flow-based
- Security zone configuration
DHCPv6 is needed to permit in host-inbound-traffic configuration to receive DHCPv6 packet
set security zones security-zone trust interface fe-0/0/0.0 host-inbound-traffic system-services dhcpv6
Note: On DHCPv6 Server SRX, for Router advertisement configuration, "prefix 3000::/64
" is configured in this article.
If "equal or less than /48 prefix" is preferred, see PR1161394 (addressed from 12.1X46-D50, 12.1X47-D40, 12.3X48-D30).
root@SRX1> show dhcpv6 server binding detail Session Id: 75 Client IPv6 Prefix: 2001:1:1::/48 Client DUID: LL0x1-3c:94:d5:98:90:01 State: BOUND(DHCPV6_LOCAL_SERVER_STATE_BOUND) Lease Expires: 2016-03-26 10:12:37 JST Lease Expires in: 86213 seconds Lease Start: 2016-03-25 10:12:37 JST Last Packet Received: 2016-03-25 10:12:50 JST Incoming Client Interface: pp0.0 Server Ip Address: 0.0.0.0 Client Prefix Pool Name: v6-pd-pool Client Id Length: 10 Client Id: /0x00030001/0x3c94d598/0x9001 root@SRX1> show route table inet6.0 inet6.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2001:1:1::/48 *[Access/13] 00:03:45 <<<<<< Route for end device will be automatically generated > to fe80::3e94:d50f:fc98:8600 via pp0.0 3000::/64 *[Direct/0] 00:04:04 > via pp0.0 3000::1/128 *[Local/0] 19:53:18 Local via pp0.0 fe80::b2c6:9a0f:fc7d:6900/128 *[Local/0] 19:53:18 Local via pp0.0 root@SRX1> show interfaces pp0.0 terse Interface Admin Link Proto Local Remote pp0.0 up up inet6 3000::1/64 fe80::b2c6:9a0f:fc7d:6900/64
root@SRX2> show dhcpv6 client binding detail Client Interface: pp0.0 Hardware Address: 3c:94:d5:98:86:01 State: BOUND(DHCPV6_CLIENT_STATE_BOUND) <<<<< SRX is bound to prefix via pp0.0 ClientType: STATEFUL Lease Expires: 2016-03-26 10:12:50 JST Lease Expires in: 86232 seconds Lease Start: 2016-03-25 10:12:50 JST Bind Type: IA_PD Client DUID: LL0x29-3c:94:d5:98:86:01 Rapid Commit: Off Server Ip Address: fe80::b2c6:9a0f:fc7d:6900 Update Server Yes Client IP Prefix: 2001:1:1::/48 DHCP options: Name: server-identifier, Value: VENDOR0x00000583-0x41453530 Name: dns-recursive-server, Value: 3000::1 root@SRX2> show dhcpv6 server binding detail root@SRX2> show route table inet6.0 inet6.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both ::/0 *[Access-internal/12] 00:03:35 > to fe80::b2c6:9a0f:fc7d:6900 via pp0.0 2001:1:1:1::/64 *[Direct/0] 00:03:48 > via ge-0/0/2.0 2001:1:1:1::1/128 *[Local/0] 00:03:48 <<<<<< IPv6 address allocated by Prefix delegation Local via ge-0/0/2.0 3000::/64 *[Access-internal/12] 00:03:35 > to fe80::b2c6:9a0f:fc7d:6900 via pp0.0 fe80::/64 *[Direct/0] 00:03:48 > via ge-0/0/2.0 fe80::3e94:d50f:fc98:8600/128 *[Local/0] 19:05:19 Local via pp0.0 fe80::3e94:d5ff:fe98:8602/128 *[Local/0] 00:03:48 Local via ge-0/0/2.0 root@SRX2> show interfaces pp0.0 terse Interface Admin Link Proto Local Remote pp0.0 up up inet6 fe80::3e94:d50f:fc98:8600/64 root@SRX2> show interfaces ge-0/0/2.0 terse Interface Admin Link Proto Local Remote ge-0/0/2.0 up up inet6 2000:1:1:1::1/64 fe80::3e94:d5ff:fe98:8602/64 root@SRX2> show ipv6 router-advertisement Interface: pp0.0 Advertisements sent: 3, last sent 00:01:56 ago Solicits received: 0 Advertisements received: 10 Advertisement from fe80::b2c6:9a0f:fc7d:6900, heard 00:00:08 ago Managed: 1 [0] Other configuration: 1 [0] Reachable time: 0 ms Default lifetime: 60 sec [1800 sec] Retransmit timer: 0 ms Current hop limit: 64 Prefix: 3000::/64 Valid lifetime: 2592000 sec Preferred lifetime: 604800 sec On link: 1 Autonomous: 1 Interface: ge-0/0/2.0 Advertisements sent: 24, last sent 00:00:03 ago Solicits received: 0 Advertisements received: 0
root@SRX3> show dhcpv6 client binding detail
Client Interface: fe-0/0/0.0
Hardware Address: 00:26:88:38:b5:00
State: BOUND(DHCPV6_CLIENT_STATE_BOUND)
ClientType: AUTO
Lease Expires: 2016-03-26 10:15:35 JST
Lease Expires in: 86395 seconds
Lease Start: 2016-03-25 10:15:35 JST
Bind Type: IA_NA
Client DUID: LL0x3-00:26:88:38:b5:00
Rapid Commit: Off
Server Ip Address: fe80::3e94:d5ff:fe98:8602
Client IP Address: 2001:1:1:1:226:88ff:fe38:b500/128
Client IP Prefix: 2001:1:1:1::/64
DHCP options:
Name: server-identifier, Value: VENDOR0x00000583-0x414c3131
Name: dns-recursive-server, Value: 3000::1 <<<<< DNS information will be shown here when SRX successfully acquired DNS information from PD device by DHCPv6
root@SRX3> show route table inet6.0
inet6.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
::/0 *[Access-internal/12] 00:02:36
> to fe80::3e94:d5ff:fe98:8602 via fe-0/0/0.0
2001:1:1:1::/64 *[Access-internal/12] 00:02:36
> to fe80::3e94:d5ff:fe98:8602 via fe-0/0/0.0
2001:1:1:1:226:88ff:fe38:b500/128
*[Direct/0] 00:02:36
> via fe-0/0/0.0
[Local/0] 00:02:36
Local via fe-0/0/0.0
fe80::/64 *[Direct/0] 1w3d 15:51:19
> via fe-0/0/0.0
fe80::226:88ff:fe38:b500/128
*[Local/0] 1w3d 15:51:19
Local via fe-0/0/0.0
root@SRX3> show ipv6 router-advertisement
Interface: fe-0/0/0.0
Advertisements sent: 1, last sent 00:02:45 ago
Solicits received: 0
Advertisements received: 8
Advertisement from fe80::3e94:d5ff:fe98:8602, heard 00:00:02 ago
Managed: 0
Other configuration: 1 [0]
Reachable time: 0 ms
Default lifetime: 30 sec [1800 sec]
Retransmit timer: 0 ms
Current hop limit: 64
Prefix: 2001:1:1:1::/64
Valid lifetime: 86400 sec
Preferred lifetime: 86400 sec
On link: 1
Autonomous: 1
If dhcpv6 state does not change to BOUND after configuring or system reboot, please try following commands first.
- Server device
>clear dhcpv6 server binding all- Client device
clear dhcpv6 client binding all
request dhcpv6 client renew all
2017-09-19: Minor edit. Added link to technical documentation in the Summary section.
Related Links
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search