Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Example - Configure SRX to propagate DNS address obtained by PPP to DHCPv4 client

1

0

Article ID: KB32435 KB Last Updated: 22 Feb 2018Version: 1.0
Summary:

This article provides an example for how to configure SRX to ​propagate DNS address obtained by PPP to a DHCPv4 client.

Solution:

The configuration and verification steps are provided below:


Topology:

Configurations:

SRX PPPoE server

Use "group-profile" to advertise DNS address to PPPoE client.

set interfaces ge-0/0/4 unit 0 encapsulation ppp-over-ether
​​set interfaces pp0 unit 0 ppp-options chap access-profile prof-ge004
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/4.0
set interfaces pp0 unit 0 pppoe-options server
set interfaces pp0 unit 0 family inet address 192.168.30.1/32 destination 192.168.40.1
set interfaces pp0 unit 0 family inet address 192.168.30.1/32 destination-profile profile1set access group-profile profile1 ppp primary-dns 1.1.1.1
set access group-profile profile1 ​ppp secondary-dns 1.1.1.2
set access profile prof-ge004 client "jtac@juniper.net" chap-secret jtac

set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust interfaces ge-0/0/4.0

SRX PPPoE Client & DHCPv4 Server

The "propagate-ppp-settings" option in the dhcp-attributes hierarchy instructs the SRX to propagate a DNS address to the DHCPv4 client.

set system services dhcp-local-server group JDHCP interface ge-0/0/5.0

set interfaces ge-0/0/4 unit 0 encapsulation ppp-over-ether​
set interfaces ge-0/0/5 unit 0 family inet address 192.168.10.1/27

set interfaces pp0 unit 0 ppp-options chap default-chap-secret jtac
set interfaces pp0 unit 0 ppp-options chap local-name "jtac@juniper.net"
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/4.0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 10
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 family inet negotiate-address​

set access address-assignment pool DHCPPool family inet network 192.168.10.0/27
set access address-assignment pool DHCPPool family inet range junosRange low 192.168.10.2
set access address-assignment pool DHCPPool family inet range junosRange high 192.168.10.30
set access address-assignment pool DHCPPool family inet dhcp-attributes router 192.168.10.1
set access address-assignment pool DHCPPool family inet dhcp-attributes propagate-ppp-settings pp0.0​

set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust interfaces ge-0/0/5.0​
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust interfaces pp0.0

set security policies from-zone trust to-zone untrust policy tr-un match source-address any
set security policies from-zone trust to-zone untrust policy tr-un match destination-address any
set security policies from-zone trust to-zone untrust policy tr-un match application any
set security policies from-zone trust to-zone untrust policy tr-un then permit
*/permit transit traffic only from PC
 

Verification:

SRX PPPoE Client & DHCPv4 Server

PPPoE status:

The following command shows the DNS addresses obtained from the PPPoE server.
Check the DHCPv4 client has the same DNS address as shown in this command.

>show ppp interface <ppp interface name> extensive

Example:

root> show ppp interface pp0.0 extensive
  Session pp0.0, Type: PPP, Phase: Network
    LCP
      State: Opened
      Last started: 2018-01-11 09:03:27 UTC
      Last completed: 2018-01-11 09:03:27 UTC
      Negotiated options:
        Authentication protocol: CHAP, Authentication algorithm: MD5,
        Magic number: 1516255516, Local MRU: 1492
    Authentication: CHAP
      State: Success
      Last completed: 2018-01-11 09:03:27 UTC
    IPCP
      State: Opened
      Last started: 2018-01-11 09:03:30 UTC
      Last completed: 2018-01-11 09:03:30 UTC
      Negotiated options:
        Local address: 192.168.40.1, Remote address: 192.168.30.1,
        Primary DNS: 1.1.1.1, Secondary DNS: 1.1.1.2

DHCPv4 status:

The following command shows the DHCPv4 server binding information. Note that when the DHCPv4 client is successfully bound with the DHCPv4 server, the state in the command shows "BOUND".

>show dhcp server binding detail

Example:

root> show dhcp server binding detail

Client IP Address:  192.168.10.15
     Hardware Address:             00:50:56:85:d2:47
     State:                        BOUND(LOCAL_SERVER_STATE_BOUND)
     Protocol-Used:                DHCP
     Lease Expires:                2018-01-12 09:16:18 UTC
     Lease Expires in:             86392 seconds
     Lease Start:                  2018-01-11 09:16:18 UTC
     Last Packet Received:         2018-01-11 09:16:25 UTC
     Incoming Client Interface:    ge-0/0/5.0
     Server Identifier:            192.168.10.1
     Session Id:                   16
     Client Pool Name:             DHCPPool
Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search