Junos
Reply
mjc
Visitor
mjc
Posts: 4
Registered: ‎01-21-2011
0

DHCP relay problems in M20 router

I'm trying to clean up the dhcp infrastructure at the office, and run into problems (actually one, it doesn't work :-)).

My set-up is essentially this:

I have one subnet that contains my dhcp server (ISC DHCP, Debian box). Clients are in that subnet, and also in some other subnets.

All subnets are connected by a Juniper M20 router (8.4R2.3).

           ae0.2 +-----------+ ge-1/1/0
dhcp ------------+   M20     +---------- client
                 +-----------+


The dhcp server lives in 192.168.0.5/22, the client in 192.168.11.252/30

ae0.2 config:
vlan-id 2;
family inet {
   filter {
       input OFFICE-in;
       output OFFICE-out;
   }
   sampling {
       input;
   }
   address 192.168.0.2/22;
}

Both input and output filters contain a term allowing any traffic to/from udp ports 67 and 68


ge-1/1/0 config:
unit 0 {
   family inet {
       sampling {
           input;
       }
       address 192.168.11.253/30;
   }
}

Under forwarding-options I have:
dhcp-relay {
   server-group {
       kantoor {
           192.168.0.5;
           192.168.0.63;
       }
   }
   active-server-group kantoor;
   group wireless {
       active-server-group kantoor;
       interface ae0.3;
       interface ae0.11;
       interface ae0.31;
       interface ae0.32;
       interface ae0.33;
       interface ge-1/1/0.0;
   }
}

I see no forwarded dhcp packets arrive at my dhcp server, and when I look on the router with 'monitor traffic interface blah the only thing I see broadcast are ARP requests.

It must be something very simple that I overlook, something like a master ON switch that is set to OFF.

Has anyone been succesful in getting the dhcp relay to work? Config examples?
Of is it just broken in the M20 8.4R2.3 release?

--maarten

Distinguished Expert
aarseniev
Posts: 1,631
Registered: ‎08-21-2009
0

Re: DHCP relay problems in M20 router

Hello,

DHCP relay is supported on MX-series only

 

http://www.juniper.net/techpubs/en_US/junos10.4/topics/reference/configuration-statement/dhcp-relay-...

 

 

Release Information

Statement introduced in JUNOS Release 9.4 (MX Series routers only).

 

You can use BOOTP relay agent instead of DHCP relay agent

http://www.juniper.net/techpubs/en_US/junos10.4/topics/reference/configuration-statement/bootp-edit-...

 

 

HTH

Rgds

Alex

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
mjc
Visitor
mjc
Posts: 4
Registered: ‎01-21-2011
0

Re: DHCP relay problems in M20 router

Strange that dhcp-relay statements are accepted without comments by the M20.

 

I changed config to use the bootp helper config like this:

 

bootp {

    server 192.168.0.5;

    server 192.168.0.62;

    client-response-ttl 4;

    interface {

        ae0.3;

        ae0.11;

        ae0.31;

        ae0.32;

        ae0.33;

        ge-1/1/0.0;

    }

}

 

 

My dhcp requests still don't arrive at the dhcp servers. I must be missing some simple thing.

 

Relevant parts of the config are attached, Hopefully someone sees the missing bit

 

--maarten

Recognized Expert
benb
Posts: 205
Registered: ‎11-05-2007
0

Re: DHCP relay problems in M20 router

I believe your output filter (OFFICE-out), applied to the ae0.2 interface, would block DHCPOFFER and DHCPACK messages, sent from the DHCP server.  Both of those use source udp port 67, and destination port 68.  Your output filter only accepts destination-port 67.  So, both of those packets from the server would get dropped by term discard-udp.

 

For troubleshooting, It might be easier to deactivate both input/output f/w filters until DHCP is functional, then go back and narrow down the filtering.

 

 

        filter OFFICE-out {
            /* many more terms */
            term dhcp {
                from {
                    protocol udp;
                    destination-port 67;
                }
                then accept;
            }
            term discard-udp {
                from {
                    protocol udp;
                }
                then {
                    syslog;
                    discard;
                }
            }

 

Ben

mjc
Visitor
mjc
Posts: 4
Registered: ‎01-21-2011
0

Re: DHCP relay problems in M20 router

Thanks for the suggestion. I made the dhcp term first in the filter, and changed it to allow both source and destination ports 67 and 68.

 

It still doesn't relay dhcp.

 

It gets fishier as I added ae0.2 (where the dhcp server is located) to the Forwarding-options -> helpers -> bootp -> interface list.

 

For that network all dhcp broadcasts are received two times by the dhcp server, one by the direct broadcast, one via the dhcp relay.

 

That seems right, but on the other interfaces nothing.

 

So it seems that the problem is related to routing, to the traffic needing to go from one interface to another.

The 'protect-router' filter on interface lo0 permits dhcp traffic:

 

 

term dhcp {
    from {
        protocol udp;
        source-port [ 68 67 ];
        destination-port [ 67 68 ];
    }
    then {
        accept;
    }               
}                   

 

 

--maarten

 

Recognized Expert
benb
Posts: 205
Registered: ‎11-05-2007
0

Re: DHCP relay problems in M20 router

I think you might have the hierarchy wrong.  If  you specify interfaces, the server should be specified under the interfaces (where the clients are attached).

 

Try this, and keeping those f/w fixes I stated earlier. Let me know if it works for you.

 

forwarding-options {
    helpers {
        bootp {
            interface {
                ge-1/1/0.0 {
                    server 192.168.0.5;
                    server 194.109.0.62;
                }
            }
        }
    }
}

 

I also noticed your attached config shows the bootp statement configured at [edit forwarding-options].  That shouldn't even be allowed in the cli, or commit.  So, I think that might have just been a cut and paste issue.

mjc
Visitor
mjc
Posts: 4
Registered: ‎01-21-2011
0

Re: DHCP relay problems in M20 router

Thank you for your suggestions, I moved the server statements to be under the interface. That makes no difference, dhcp requests are not seen at the dhcp server.

 

(the helpers section is under forwarding-options helpers, so that was indeed a cur-and-paste issue)

 

Either I'm still missing some config option, or dhcp forwarding is broken.

 

 

Recognized Expert
benb
Posts: 205
Registered: ‎11-05-2007
0

Re: DHCP relay problems in M20 router

A software issue is always possible.  But, the version of Junos reached end of life (EOL) status a long time ago.  At this point I would recommend upgrading to a version that is supported, and try opening a case with JTAC.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.