Ethernet Switching
Highlighted
Ethernet Switching

Can't configure static IP addresses on devices when DHCP relay is configured in the specified VLAN

‎04-06-2020 11:53 PM

Hello all,

 

I'm experiencing a weird issue with DHCP relay. I've recently added a VLAN where I set DHCP relay to active. In this VLAN we've got both devices that use DHCP (sometimes via a reservation), but sometimes requiring a static IP address. Whenever I activate DHCP relay, the static IP addresses stop working after a few seconds. After troubleshooting we traced it back to the core switch. If we connect the devices without the Junipers EX2300 switch the devices can send and receive ICMP requests and access the network just fine. If we use the EX2300 switch however (which is required for access to the whole network) the connection drops after a few seconds. Running JunOS version 18.2R3-S2.9

 

We haven't enabled anything like DHCP Snooping or Dynamic ARP inspection. Anybody that knows whether this is a known bug or something like DHCP Snooping or Dynamic ARP inspection is enabled by default when enabling DHCP relay on a Access port, and if so how to disable it? As I've tried playing around with the allow-snooping-clients option, but has no effect on both global and the relay level.

 

Required configuration snippets

 

ge-0/0/8 {
description KNX;
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members 18;
}
storm-control default;
}
}
}
ge-0/0/9 {
description "Camera Server";
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members 18;
}
storm-control default;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members 18;
}
storm-control default;
}
}

 

irb {
unit 18 {
family inet {
address 10.0.18.254/24;
}
}
unit 19 {
family inet {
address 10.0.19.254/24;
}
}
unit 98 {
family inet {
address 192.168.1.254/24;
}
}
}

 

forwarding-options {
storm-control-profiles default {
all;
}
dhcp-relay {
overrides;
server-group {
dhcp-servers {
10.0.14.1;
}
}
active-server-group dhcp-servers;
group dhcp-interfaces {
overrides;
interface irb.18;
interface irb.19;
}
}
}
routing-options {
static {
route 0.0.0.0/0 {
next-hop 10.0.10.254;
retain;
}
}

 

vlans {

misc {
vlan-id 18;
l3-interface irb.18;
}

old {
vlan-id 98;
l3-interface irb.98;
}

}

8 REPLIES 8
Highlighted
Ethernet Switching

Re: Can't configure static IP addresses on devices when DHCP relay is configured in the specified VLAN

‎04-07-2020 01:24 AM

Have you checked that your new scope isn't overlapping with these static addresses, or the subnet gateway?

Highlighted
Ethernet Switching

Re: Can't configure static IP addresses on devices when DHCP relay is configured in the specified VLAN

‎04-07-2020 03:11 AM

Yes, all the subnets have a /24 mask. That's been verified. This switch has been in use for a while already. VLAN18 has been added recently with mixed static and dynamic IP addresses. All the other VLAN's have either static or dynamic IP addresses. The subnets that are used are 10.0.10.0/24 - 10.0.18.0/24.

Highlighted
Ethernet Switching

Re: Can't configure static IP addresses on devices when DHCP relay is configured in the specified VLAN

‎04-07-2020 04:01 AM

My question is whether the new dhcp scope encompasses the static addresses as well, resulting in a conflict that would cause the static clients to stop working. Otherwise it does sound like DAI. Does 'show arp inspection statistics' return anything insteresting on either the EX2300 or the core switch?

Highlighted
Ethernet Switching

Re: Can't configure static IP addresses on devices when DHCP relay is configured in the specified VLAN

[ Edited ]
‎04-07-2020 04:31 AM

- The DHCP scope is set to 10.0.18.1 - 10. All IP addresses that are static are 10.0.18.11 and above, so they don't overlap.

- The command show are inspection statistics does not exist in either global or configure mode.

 

P.S.: The EX2300 is the core switch.

Highlighted
Ethernet Switching

Re: Can't configure static IP addresses on devices when DHCP relay is configured in the specified VLAN

‎04-08-2020 01:09 PM

Hey nvaert1986,

 

Greetings, try this:  show dhcp-security arp inspection statistics

 

If you believe that this is related to a port security issue, you can configure your Syslog file messages to any any and check the logs they will definitely tell you if there is a port security conflict.

 

Any entries in the binding table? show dhcp-security binding 

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \Smiley Happy/

Regards,

Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

Highlighted
Ethernet Switching

Re: Can't configure static IP addresses on devices when DHCP relay is configured in the specified VLAN

‎04-10-2020 12:55 AM

Unfortunately no entries there either. I'm receiving the response below:

 

administrator@swt01> show dhcp-security binding

{master:0}

Highlighted
Ethernet Switching

Re: Can't configure static IP addresses on devices when DHCP relay is configured in the specified VLAN

‎04-10-2020 12:24 PM

Hey nvaert1986

 

Where you able to accomplish the Syslog configuration and check the logs with any any?

Do you see any arp marked as permanent in the arp table perhaps?

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \Smiley Happy/

Regards,

Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

Highlighted
Ethernet Switching

Re: Can't configure static IP addresses on devices when DHCP relay is configured in the specified VLAN

‎04-14-2020 06:45 AM

Hi ,

 

Good day !

my guess here is that when you say static ip address you mean that there is no DHCP server involved when the users connected on those port come up ,

can we disable the relay agent on those ports and check 

hence is the link to it :

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/dhcp-subscriber-access-d...

 

Regards ,

Sharanya