DHCP server (SRX)

Just a quick one today about setting up an SRX as a DHCP server.
First you need to define the DHCP parameters..

                   dhcp {
            router {
                192.168.1.1;
            }
            pool 192.168.1.0/24 {
                address-range low 192.168.1.2 high 192.168.1.254;
                default-lease-time 3600;
                domain-name blogger.net.au;
                name-server {
                    192.168.1.1;
                }
            }
        }


Then you need to add DHCP as an allowed inbound service under the interface that will receive the request. The new section is added in bold.

    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    telnet;
                    ssh;
                    ping;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.0 {
                    host-inbound-traffic {
                        system-services {

                            dhcp;
                        }
                    }
                }
            }
        }


Naturally the IP address of the interface in question (vlan.0) is in the same subnet as the pool. The DHCP assigned router is the actual interface of vlan.0

    vlan {
        unit 0 {
            family inet {
                address 192.168.1.1/24;
            }
        }
    }


Finally, if as in this case, DHCP is the first thing your adding as an allowed service under the interface, you will lock yourself out of your device (inband) unless you duplicate the system services currently under the zone to be under the interface as well..

security-zone trust {
    host-inbound-traffic {
        system-services {
            telnet;
            ssh;
            ping;
        }
        protocols {
            all;
        }
    }
    interfaces {
        vlan.0 {
            host-inbound-traffic {
                system-services {
                   
dhcp;
                    ssh;
                    telnet;

                    ping;
                }
            }
        }
    }
}


Here is the evidence that the DHCP is working..

root> show system services dhcp binding
IP address       Hardware address   Type     Lease expires at
192.168.1.2      00:26:b9:b6:61:af  dynamic  2012-02-14 12:57:28 UTC

root> show system services dhcp binding detail
IP address       Hardware address   Type     Lease expires            State
192.168.1.2      00:26:b9:b6:61:af  dynamic  2012-02-14 12:57:28 UTC  active

root> show system services dhcp statistics
Packets dropped:
    Total                      12

Messages received:
    BOOTREQUEST                0
    DHCPDECLINE                0
    DHCPDISCOVER               6
    DHCPINFORM                 2
    DHCPRELEASE                0
    DHCPREQUEST                13

Messages sent:
    BOOTREPLY                  0
    DHCPOFFER                  6
    DHCPACK                    12
    DHCPNAK                    0


Model: srx210he
JUNOS Software Release [11.4R1.6]

No comments: