Knowledge Search


×
 

[SRX] Example - Configure SRX to propagate DNS address obtained by PPP to DHCPv4 client

  [KB32435] Show Article Properties


Summary:

This article provides an example for how to configure SRX to ​propagate DNS address obtained by PPP to a DHCPv4 client.

Solution:

The configuration and verification steps are provided below:


Topology:

Configurations:

SRX PPPoE server

Use "group-profile" to advertise DNS address to PPPoE client.

set interfaces ge-0/0/4 unit 0 encapsulation ppp-over-ether
​​set interfaces pp0 unit 0 ppp-options chap access-profile prof-ge004
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/4.0
set interfaces pp0 unit 0 pppoe-options server
set interfaces pp0 unit 0 family inet address 192.168.30.1/32 destination 192.168.40.1
set interfaces pp0 unit 0 family inet address 192.168.30.1/32 destination-profile profile1set access group-profile profile1 ppp primary-dns 1.1.1.1
set access group-profile profile1 ​ppp secondary-dns 1.1.1.2
set access profile prof-ge004 client "jtac@juniper.net" chap-secret jtac

set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust interfaces ge-0/0/4.0

SRX PPPoE Client & DHCPv4 Server

The "propagate-ppp-settings" option in the dhcp-attributes hierarchy instructs the SRX to propagate a DNS address to the DHCPv4 client.

set system services dhcp-local-server group JDHCP interface ge-0/0/5.0

set interfaces ge-0/0/4 unit 0 encapsulation ppp-over-ether​
set interfaces ge-0/0/5 unit 0 family inet address 192.168.10.1/27

set interfaces pp0 unit 0 ppp-options chap default-chap-secret jtac
set interfaces pp0 unit 0 ppp-options chap local-name "jtac@juniper.net"
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/4.0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 10
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 family inet negotiate-address​

set access address-assignment pool DHCPPool family inet network 192.168.10.0/27
set access address-assignment pool DHCPPool family inet range junosRange low 192.168.10.2
set access address-assignment pool DHCPPool family inet range junosRange high 192.168.10.30
set access address-assignment pool DHCPPool family inet dhcp-attributes router 192.168.10.1
set access address-assignment pool DHCPPool family inet dhcp-attributes propagate-ppp-settings pp0.0​

set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust interfaces ge-0/0/5.0​
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust interfaces pp0.0

set security policies from-zone trust to-zone untrust policy tr-un match source-address any
set security policies from-zone trust to-zone untrust policy tr-un match destination-address any
set security policies from-zone trust to-zone untrust policy tr-un match application any
set security policies from-zone trust to-zone untrust policy tr-un then permit
*/permit transit traffic only from PC
 

Verification:

SRX PPPoE Client & DHCPv4 Server

PPPoE status:

The following command shows the DNS addresses obtained from the PPPoE server.
Check the DHCPv4 client has the same DNS address as shown in this command.

>show ppp interface <ppp interface name> extensive

Example:

root> show ppp interface pp0.0 extensive
  Session pp0.0, Type: PPP, Phase: Network
    LCP
      State: Opened
      Last started: 2018-01-11 09:03:27 UTC
      Last completed: 2018-01-11 09:03:27 UTC
      Negotiated options:
        Authentication protocol: CHAP, Authentication algorithm: MD5,
        Magic number: 1516255516, Local MRU: 1492
    Authentication: CHAP
      State: Success
      Last completed: 2018-01-11 09:03:27 UTC
    IPCP
      State: Opened
      Last started: 2018-01-11 09:03:30 UTC
      Last completed: 2018-01-11 09:03:30 UTC
      Negotiated options:
        Local address: 192.168.40.1, Remote address: 192.168.30.1,
        Primary DNS: 1.1.1.1, Secondary DNS: 1.1.1.2

DHCPv4 status:

The following command shows the DHCPv4 server binding information. Note that when the DHCPv4 client is successfully bound with the DHCPv4 server, the state in the command shows "BOUND".

>show dhcp server binding detail

Example:

root> show dhcp server binding detail

Client IP Address:  192.168.10.15
     Hardware Address:             00:50:56:85:d2:47
     State:                        BOUND(LOCAL_SERVER_STATE_BOUND)
     Protocol-Used:                DHCP
     Lease Expires:                2018-01-12 09:16:18 UTC
     Lease Expires in:             86392 seconds
     Lease Start:                  2018-01-11 09:16:18 UTC
     Last Packet Received:         2018-01-11 09:16:25 UTC
     Incoming Client Interface:    ge-0/0/5.0
     Server Identifier:            192.168.10.1
     Session Id:                   16
     Client Pool Name:             DHCPPool
Related Links: