Knowledge Search


×
 

[SRX] SRX assigns an IP address from a wrong DHCP pool to DHCP client in certain scenario

  [KB32226] Show Article Properties


Summary:

The SRX, acting as a DHCP server, assigns an IP address from an incorrect pool because the end-user device is requesting an specific address inside that pool. This article explains that this happens when using a JDHCP configuration in the SRX.

Symptoms:

Network Diagram

SRX Interface and JDHCP pool configuration

root@SRX> show configuration interfaces ge-0/0/7
vlan-tagging;
unit 1245 {
   vlan-id 1245;
   family inet {
      address 1.1.1.1/24;
   }
}
unit 1246 {
   vlan-id 1246;
   family inet {
      address 2.2.2.1/24;
   }
}


root@SRX> show configuration access
address-assignment {
    pool VLAN_A {
       family inet {
          network 1.1.1.0/24; 
          range r1 {
             low 1.1.1.10;
             high 1.1.1.20;
          }
          dhcp-attributes {
              router {
                  1.1.1.1;
              }
            }
         }
     }
     pool VLAN_B {
       family inet {
          network 2.2.2.0/24; 
          range r1 {
             low 2.2.2.10;
             high 2.2.2.20;
          }
          dhcp-attributes {
              router {
                  2.2.2.1;
              }
            }
         }
       }
  } 

                
Scenario #1

The server is connected to the EX switch in vlan A (vlan-id 1245) and receives an IP address from the SRX in the subnet linked to vlan A: 1.1.1.0/24.

Scenario #2

The server is then connected to EX switch in vlan B.  It requests the same IP address that was previously assigned to it in vlan A (this behavior is explained in RFC 2131, section 3.2). At this point, the SRX will provide an IP address of the pool related to vlan A even though the request will reach the SRX via vlan B.

Cause:

This happens when using a JDHCP configuration in the SRX.

Solution:

Work-around: Configuring the following command will address this problem. The command will keep the SRX from providing an IP address from an incorrect pool just because the end-user device is requesting it.

set system services dhcp-local-server requested-ip-interface-match

For fixed versions, see PR1097909.

Modification History:
2019-10-07: Updated solution field.
Related Links: