Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0

JNCIE-Harry · ‎10-02-2008

I've run into a problem and would like to query the forum about a possible work around or configuration correction.

When using the above specs, the DHCP configuration becomes unavailable after initial configuration. In the web interface the "edit" option shows up as available but when any change is made you receive an error indicating that the "DHCP" variable is not valid.

On the CLI when I attempt a command such as "set interface eth1.1 dhcp server enable" the output indicates that the "DHCP" variable is not recognized.

When the same command is executed without using sub-interfaces, the configuation is accepted.Example, "set interface eth1 dhcp server enable"

The goal of this configuration was to have multiple VLANs handled by the firewall and served DHCP over a single physical interface.

Thank you.

WL · ‎07-26-2008

Hi

I managed to get this working on NS25 :

00-> get conf | i dhcp
set interface ethernet3.1 dhcp server service
set interface ethernet3.2 dhcp server service
set interface ethernet3.1 dhcp server enable
set interface ethernet3.2 dhcp server enable
unset interface ethernet3.1 dhcp server config next-server-ip
unset interface ethernet3.2 dhcp server config next-server-ip
00-> get sys | i ver
Hardware Version: 4010(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
Software Version: 5.4.0r10.0, Type: Firewall+VPN
00-> get sys
Product Name: NetScreen-25

Could you show us what you did via the cli?

****pls click the button " Accept as Solution" if my post helped to solve your problem****

JNCIE-Harry · ‎10-02-2008

The result of the below configuration was not being able to edit the DHCP configurations. The "DHCP" variable was no longer accepted.

set interface ethernet1.2 ip 172.30.2.1/24
set interface ethernet1.4 ip 172.30.4.1/24
set interface ethernet2.6 ip 172.30.6.1/24
set interface ethernet2.8 ip 172.30.8.1/24
set interface ethernet4 ip 10.63.247.2/30
set interface ethernet1.2 dhcp server service
set interface ethernet1.4 dhcp server service
set interface ethernet2.6 dhcp server service
set interface ethernet2.8 dhcp server service
set interface ethernet1.2 dhcp server enable
set interface ethernet1.4 dhcp server enable
set interface ethernet2.6 dhcp server enable
set interface ethernet2.8 dhcp server enable
set interface ethernet1.2 dhcp server option lease 1440000
set interface ethernet1.2 dhcp server option gateway 172.30.2.1
set interface ethernet1.2 dhcp server option netmask 255.255.255.0
set interface ethernet1.2 dhcp server option dns1 10.6.51.1
set interface ethernet1.2 dhcp server option dns2 4.2.2.2
set interface ethernet1.4 dhcp server option lease 1440000
set interface ethernet1.4 dhcp server option gateway 172.30.4.1
set interface ethernet1.4 dhcp server option netmask 255.255.255.0
set interface ethernet1.4 dhcp server option dns1 10.6.51.1
set interface ethernet1.4 dhcp server option dns2 4.2.2.2
set interface ethernet2.6 dhcp server option lease 1440000
set interface ethernet2.6 dhcp server option gateway 172.30.6.1
set interface ethernet2.6 dhcp server option netmask 255.255.255.0
set interface ethernet2.6 dhcp server option dns1 10.6.51.1
set interface ethernet2.6 dhcp server option dns2 4.2.2.2
set interface ethernet2.8 dhcp server option lease 1440000
set interface ethernet2.8 dhcp server option gateway 172.30.8.1
set interface ethernet2.8 dhcp server option netmask 255.255.255.0
set interface ethernet2.8 dhcp server option dns1 10.6.51.1
set interface ethernet2.8 dhcp server option dns2 4.2.2.2
set interface ethernet1.2 dhcp server ip 172.30.2.200 to 172.30.2.224
set interface ethernet1.4 dhcp server ip 172.30.4.200 to 172.30.4.224
set interface ethernet2.6 dhcp server ip 172.30.6.200 to 172.30.6.224
set interface ethernet2.8 dhcp server ip 172.30.8.200 to 172.30.8.224
unset interface ethernet1.2 dhcp server config next-server-ip
unset interface ethernet1.4 dhcp server config next-server-ip
unset interface ethernet2.6 dhcp server config next-server-ip
unset interface ethernet2.8 dhcp server config next-server-ip

set nsrp cluster id 1
set nsrp vsd-group id 0 priority 100
set nsrp vsd-group id 0 preempt

ns25-> get sys
Product Name: NetScreen-25

Hardware Version: 4010(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
Software Version: 5.4.0r12.0, Type: Firewall+VPN

WL · ‎07-26-2008

I realised why. If you have NSRP configured, we dont support DHCP on the subinterfaces which are also VSI interfaces.

If you remove the NSRP settings. then it will work. Try and see.

This feature is supported int 6.2 unfortunately, so I dont think there will be a workaround for you as the NS25 can not run that screenOS.

****pls click the button " Accept as Solution" if my post helped to solve your problem****

JNCIE-Harry · ‎10-02-2008

Well, that explains it. I can't go without NSRP, do I worked around it by reducing the VLANs handled by the NS25 and routed behind it. Thank you for the information.

Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0

Re: Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0

Re: Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0

Re: Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0

Re: Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0