Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] SRX assigns an IP address from a wrong DHCP pool to DHCP client in certain scenario

0

0

Article ID: KB32226 KB Last Updated: 07 Oct 2019Version: 2.0
Summary:

The SRX, acting as a DHCP server, assigns an IP address from an incorrect pool because the end-user device is requesting an specific address inside that pool. This article explains that this happens when using a JDHCP configuration in the SRX.

Symptoms:

Network Diagram

SRX Interface and JDHCP pool configuration

root@SRX> show configuration interfaces ge-0/0/7
vlan-tagging;
unit 1245 {
   vlan-id 1245;
   family inet {
      address 1.1.1.1/24;
   }
}
unit 1246 {
   vlan-id 1246;
   family inet {
      address 2.2.2.1/24;
   }
}


root@SRX> show configuration access
address-assignment {
    pool VLAN_A {
       family inet {
          network 1.1.1.0/24; 
          range r1 {
             low 1.1.1.10;
             high 1.1.1.20;
          }
          dhcp-attributes {
              router {
                  1.1.1.1;
              }
            }
         }
     }
     pool VLAN_B {
       family inet {
          network 2.2.2.0/24; 
          range r1 {
             low 2.2.2.10;
             high 2.2.2.20;
          }
          dhcp-attributes {
              router {
                  2.2.2.1;
              }
            }
         }
       }
  } 

                
Scenario #1

The server is connected to the EX switch in vlan A (vlan-id 1245) and receives an IP address from the SRX in the subnet linked to vlan A: 1.1.1.0/24.

Scenario #2

The server is then connected to EX switch in vlan B.  It requests the same IP address that was previously assigned to it in vlan A (this behavior is explained in RFC 2131, section 3.2). At this point, the SRX will provide an IP address of the pool related to vlan A even though the request will reach the SRX via vlan B.

Cause:

This happens when using a JDHCP configuration in the SRX.

Solution:

Work-around: Configuring the following command will address this problem. The command will keep the SRX from providing an IP address from an incorrect pool just because the end-user device is requesting it.

set system services dhcp-local-server requested-ip-interface-match

For fixed versions, see PR1097909.

Modification History:
2019-10-07: Updated solution field.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search