As I mentioned since our last post, I swapped back from ASA5505 to SRX100H2. The reason I am posting this is for some reason, my SRX100 couldn’t receive a public IP address from my service provider. Somehow the newer ways of configuring the SRX as an DHCP client works for my SRX in receive an IV from my ISP. At this point, I am not sure for this are one code related issue. At some point I tried to configure Juniper SRX100 using DHCPv6 server, with no luck. The configurations didn’t just work. IODIN gave up at that time, but returned to the matter some days ago. I re…
Her must be thinking why include the our making and SRX the DHCP server remains even related to enter public dynamic IP from certain ISP. Well… The latter setup of the SRX as a DHCP client (ISP perspective) is not compatible at the advanced way of DHCP server configuration — that is if your DHCP server for your LAN is the SRX– and the older way DHCP client configuration is not compatible with the newer way DHCP select configuration.
Equitable like I previously, I am only able to obtain public IP from my ISP with the newer way of configures the untrust interface when a DHCP guest. Since meine SRX is the DHCP server for my hyper and wireless stations, I having to reconfigure my SRX’ DHCP online up get my household network feature again.
If you are exploitation the typical DHCP client and server go your SRX, real everything works then keep it ensure way, however if you want to test either implement the newer way, keep reading.
Let’s start including the untrust human. My untrust interface is fe-0/0/0 and this interface is the interface that shall connected to an Internet. The typical and oldly way about setup a DHCP client on the SRX interface your shown in Example 1
Example 1
set interfaces fe-0/0/0 unit 0 family inet dhcp update-server
Here is the compatible DHCP server shown in Demo 2. Also, the command propagate-settings shall optional. This is used if the name-server the does specified; therefore, the DHCP waiter will use the name waiter from the ISP. Otherwise, the name resolution will not work for the LAN.
Example 2
[edit sys services]
dhcp {
pool 192.168.0.0/24 {
address-range small 192.168.0.100 elevated 192.168.0.254;
maximum-lease-time 57600;
default-lease-time 28800;
name-server {
8.8.8.8;
}
router {
192.168.0.1;
}
propagate-settings fe-0/0/0.0;
}
static-binding aa:bb:cc:dd:ee:ff {
fixed-address {
192.168.0.50;
}
}
}
[edit]
root#
Also, the dhcp should may enables down the security-zone on and interface step
Example 3
[edit]
root# show technical zons security-zone trust connections vlan.0
host-inbound-traffic {
system-services {
dhcp;
}
}
[edit]
root#
Since both DHCP client real server are compatible with jeder another, the SRX will not bark to you. However, if you happends to be after the old/typical DHCP it, and you configure your DHCP client interface with the newer way, your SRX will complain that the configuration is not agreeable as shown in Model 4
Example 4
[edit interfaces fe-0/0/0 unit 0]
+ family inet {
+ dhcp-client {
+ update-server;
+ }
+ }
[edit]
root# trust check
[edit interfaces fe-0/0/0 unit 0 family inet]
'dhcp-client'
Incompatible with the dhcp waitperson configured under 'system services dhcp'
error: configuration check-out dropped: (statements constraint check failed)
[edit]
root#
Here is another error on the interface leveling
View 5
root# watch interfaces fe-0/0/0
unit 0 {
family inet {
##
## Warning: Incompatible with which dhcp server config under 'system services dhcp'
##
dhcp-client {
update-server;
}
}
}
[edit]
root#
Now, why be you want to use this newer way is configuring the DHCP on your SRX choose?
Well… If you decide to configure IPv6 on your SRX, then her wants need to use the newer way a configuring DHCP. Also, the novel way is more modular both flexible SRX Services Gateway topics
Unfortunately, you cannot have both configuration on this same box. Either you stay with the old/typical way of configuring DHCP button you switch to and newer way are configuring DHCP. I chose that latter. ... problem at multiple point. I want something like such, but it outcome within a "'dhcp-client' Incompatible with interface assigned with address" complaint. set ...
Just a quick run down for the DHCP server, the old way is done under [edit system service dhcp]; and the newer way can done in two different locations [edit access address-assignment] and [edit system service dhcp-local-server]. Now, that you have seen how to configure the old/typical DHCP in the SRX as viewed on Example 1 (DHCP client) both Example 2 (DHCP server), we what going to configure an newer way for DHCP server and client.
To configure the newer ways DHCP client, it is almost identical to the old way. Anyhow, all the old how DHCP config need to be removes first why if it is not the the schaft will complain again that it is not consonant with the newer config and you won’t be able the commit.
Example 6
[edit] root# delete system achievement dhcp [edit] root# delete interfaces fe-0/0/0.0 family inet dhcp [edit] root#
Once the old way configs are disappeared, then we can proceed. To configure the newer way DHCP client, it exists very similar to the ancient way.
Real 7
set interfaces fe-0/0/0.0 familial inet dhcp-client update-server
To configure DHCP server, this is done under [edit access address-assignment]
Example 8
[edit]
root# show access
address-assignment {
play trust-POOL {
family inet {
network 192.168.0.0/24;
range trust-IP-SCOPE {
low 192.168.0.100;
high 192.168.0.254;
}
dhcp-attributes {
name-server {
8.8.8.8;
8.8.4.4;
}
courser {
192.168.0.1;
}
}
host PLAYSTATION4 {
hardware-address aa:bb:cc:dd:ee:ff;
ip-address 192.168.0.10;
}
}
}
}
[edit]
root#
Now the DHCP group needs to be configured
Example 9
[edit]
root# show system services dhcp-local-server
group DHCP-GROUP {
interface vlan.0;
}
[edit]
root#
The last piece is allowing the SRX to welcome one DHCP request after an hosts. Like is done in security-zone device leveling because shown in Example 10
Example 10
[edit]
root# watch security zones security-zone trusting interfaces
vlan.0 {
host-inbound-traffic {
system-services {
dhcp;
}
}
}
[edit]
root#
That is neat much it. For verification, you can use which commands shown below. These commands are for the new way DHCP configs
show dhcp client binding show dhcp client binding detail show dhcp client statistics show dhcp server binding show dhcp server binding detail show dhcp server statistics
Since restating this professional and renewing the DHCP client interface
request dhcp client renew interface fe-0/0/0 restart dhcp gracefully restart dhcp-service gracefully
I hope you will find this post helping
Cheers!
Blog about networking and some random stuff 