Ethernet Switching
Ethernet Switching

EX4200 - DHCP relay with vlans

‎06-20-2019 12:57 PM

Hey,

I'm having trouble getting DHCP relay with vlans to work.

I have two vlans, vlan.0(ge-0/0/1) for the dhcp server and vlan.1(ge-0/0/2) for the client that needs to receive the DHCP reply.

Looking on the traffic on the dhcp server with dhcpdump, it seems like a reply is sent to the correct address however, the client itself does not see it.

When moving the client to vlan.0, the client gets the reply and responds as it should.

 

My config:

interfaces {
    ge-0/0/1 {
        ether-options {
            auto-negotiation;
        }
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members 0;
                }
            }
        }
    }
    ge-0/0/2 {
        ether-options {
            auto-negotiation;
        }
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members 1;
                }
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 192.168.0.1/24;
            }
        }
        unit 1 {
            family inet {
                address 192.168.1.1/24;
            }
        }
    }
}
forwarding-options {
    helpers {
        bootp {
            server 192.168.0.2;
            interface {
                vlan.1;
            }
        }
    }
}
ethernet-switching-options {
    secure-access-port {
        interface ge-0/0/1.0 {
            dhcp-trusted;
        }
    }
    voip;
    storm-control {
        interface all;
    }
}
vlans {
    default {
        l3-interface vlan.0;
    }
    vlan.1 {
        vlan-id 1;
        l3-interface vlan.1;
    }
}

Any help is appreciated!

37 REPLIES 37
Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-20-2019 03:23 PM

Does the dhcp server on 192.168.0.2 have a return route back to the switch for the 192.168.1.0/24 subnet.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-20-2019 03:56 PM

It should have, how would I test that?

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-20-2019 04:18 PM

On the server.

ping 192.168.1.1

traceroute 192.168.1.1

 

What is the default gateway on the server ?

Are there any other interfaces on the server?

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-20-2019 04:33 PM

Yeah, there is a trace from the DHCP server to the client server.

It both pings and shows a traceroute (one hop which is the switch)

The default gateway is an external one (the config I've sent above is the same one but with different IPs)

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-20-2019 04:46 PM

If I understand the situation, you see the server replying to the request back to the switch ip address, but you don't see the packet recieved by the client?

 

What do the dhcp stats and bindings show

show dhcp relay statistics

show dhcp relay bindings

 

All your configuration elements are present and the request is being forwarded as you see it on the server.

So do the statistics show the replies being seen and processed by the switch.

 

I assume there are no firewalls in the path from the dhcp server to the switch.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Ethernet Switching

Re: EX4200 - DHCP relay with vlans

[ Edited ]
‎06-20-2019 04:58 PM

@spuluka wrote:

If I understand the situation, you see the server replying to the request back to the switch ip address, but you don't see the packet recieved by the client?


 

Yeah, that's exactly the problem.

 


@spuluka wrote:

What do the dhcp stats and bindings show

show dhcp relay statistics

show dhcp relay bindings


 

I'm using the legacy bootp version, should I change back to dhcp relay? (I've tried with both, both had the same issue)

root@sw01> show helper statistics
BOOTP:
  Received packets: 514
  Forwarded packets: 514
  Dropped packets: 0
    Due to no interface in DHCP Relay database: 0
    Due to no matching routing instance: 0
    Due to an error during packet read: 0
    Due to an error during packet send: 0
    Due to invalid server address: 0
    Due to no valid local address: 0
    Due to no route to server/client: 0
    Due to received on ICL interface: 0

@spuluka wrote:

I assume there are no firewalls in the path from the dhcp server to the switch.


 

Yeah, no firewalls at all and no filters on the switch.

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-20-2019 07:33 PM

Hi AmitC,

 

Could you please try with vlan-ids 1 and 2 for example? The vlan-id 0 doesn't seem to be valid although no tagging involved here.

 

Also validate whether the helper statistic incremement when you force a client to do DHCP.  You can clear the statistics and retry to be sure:

clear helper statistics
show helper statistics

 

Hope this helps.

 

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy.

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-21-2019 02:50 AM

Hey,

It there a way to create the vlan 1 with the same subnet as vlan 0?

because that's the main subnet of the switch that I access it with.

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-21-2019 03:10 AM

Hello Amit,

 

Please find the below KB to troubleshoot dhscp relay issue. I believe this will help you.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB11020&cat=TECHNOLOGY

 

Regards,
Akash


'Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!'

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-21-2019 08:26 AM

Good Day Amit,

 

According to the next KB: https://kb.juniper.net/InfoCenter/index?page=content&id=KB24928 even though you could configure same subnet on different interfaces and commit would be successful, this configuration will not work properly.

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

[ Edited ]
‎06-21-2019 12:29 PM

@akashy wrote:

Hello Amit,

 

Please find the below KB to troubleshoot dhscp relay issue. I believe this will help you.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB11020&cat=TECHNOLOGY


Not sure why, but after enabling it and running a test, the /var/log/helper file is empty.

 


@Deimos74 wrote:

Good Day Amit,

 

According to the next KB: https://kb.juniper.net/InfoCenter/index?page=content&id=KB24928 even though you could configure same subnet on different interfaces and commit would be successful, this configuration will not work properly.


Yeah, I figured it won't be a good idea.

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-22-2019 06:24 AM

I've switched to dhcp-relay, no luck with it either.

 

forwarding-options {
    dhcp-relay {
        server-group {
            dhcpserver {
                192.168.0.2;
            }
        }
        active-server-group dhcpserver;
        group dhcprelay {
            interface vlan.1;
        }
    }
}

The command show dhcp relay statistics returns the following:

Packets dropped:
    Total                      0

Messages received:
    BOOTREQUEST                4
    DHCPDECLINE                0
    DHCPDISCOVER               4
    DHCPINFORM                 0
    DHCPRELEASE                0
    DHCPREQUEST                0
    DHCPLEASEACTIVE            0
    DHCPLEASEUNASSIGNED        0
    DHCPLEASEUNKNOWN           0
    DHCPLEASEQUERYDONE         0

Messages sent:
    BOOTREPLY                  0
    DHCPOFFER                  0
    DHCPACK                    0
    DHCPNAK                    0
    DHCPFORCERENEW             0
    DHCPLEASEQUERY             0
    DHCPBULKLEASEQUERY         0

I can't try on a different subnet because then I wouldn't have a subnet for the actual switch itself (since you can't use the same subnet on two vlans).

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-22-2019 06:28 AM

DHCP Dump packets:

 

    IP: 192.168.1.1 (.......) > 192.168.0.2 (......)
    OP: 1 (BOOTPREQUEST)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 1
   XID: 336e1638
  SECS: 18
 FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 192.168.1.1
CHADDR: CLIENT_MAC:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
    IP: 192.168.0.2 (......) > 192.168.1.1 (.......)
    OP: 2 (BOOTPREPLY)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 1
   XID: 336e1638
  SECS: 18
 FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 192.168.1.2
SIADDR: 192.168.0.2
GIADDR: 192.168.1.1
CHADDR: CLIENT_MAC:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: pxelinux.0.
Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-22-2019 09:05 PM

Hey Amit,

 

A few things:

 

First, staying on dhcp-relay is preferred compared to bootp, as the dhcp daemon is enhanced relatively.

 

Second, no subnet change is needed. What you need to change is the vlan-id used.

Meaning, bind the same set of subnets to vlan-id 2 and 3 or anything 2 and later.

This will need no subnet changes for you, and you aren't tagging on here, so it's not like the tags will need to match the devices next-door.

 

Is this how the topology is?

 

Dhcp server (192.168.0.2) --- ge001 vlan.0 EX vlan.1 ge002--- Client

 

Have you enabled any dhcp-security features on the EX; dhcp snooping or ip source guard of sorts?

Can you run a similar pcap/tcpdump on the outgoing interface of this EX, vlan.1?

 

When you see the Boot-Request counter increment on the relay statistics, do you also observe any counters increment on the output of 'show interface ge-0/0/2 extensive' ?

 

 

Cheers

Pooja

 

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

[ Edited ]
‎06-23-2019 01:14 AM

@pmallya wrote:

Hey Amit,

 

A few things:

 

First, staying on dhcp-relay is preferred compared to bootp, as the dhcp daemon is enhanced relatively.

 

Second, no subnet change is needed. What you need to change is the vlan-id used.

Meaning, bind the same set of subnets to vlan-id 2 and 3 or anything 2 and later.

This will need no subnet changes for you, and you aren't tagging on here, so it's not like the tags will need to match the devices next-door.

 

Is this how the topology is?

 

Dhcp server (192.168.0.2) --- ge001 vlan.0 EX vlan.1 ge002--- Client

 

Have you enabled any dhcp-security features on the EX; dhcp snooping or ip source guard of sorts?

Can you run a similar pcap/tcpdump on the outgoing interface of this EX, vlan.1?

 

When you see the Boot-Request counter increment on the relay statistics, do you also observe any counters increment on the output of 'show interface ge-0/0/2 extensive' ?

 

 

Cheers

Pooja

 


Hey,

Thank you for your reply.

I've changed the vlan id to 5 to test.

Unfortuantely, the issue was not solved, I'm getting a BOOTREPLY but the client doesn't "take" it.

Yes, your topology is correct (just that now the vlan of the DHCP server is vlan.5).

I don't have any security features enabled.

 

TCPDUMP on client:

20:55:56.451823  In IP truncated-ip - 516 bytes missing! 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request [|bootp]

 

'show interface ge-0/0/2 extensive'

Yes, the input and output packets counter has gone up.


Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-23-2019 02:53 AM

I assume you sanatized the output here and there is a valid client mac that matches the client making the request?

CHADDR: CLIENT_MAC:00:00:00:00:00:00:00:00:00:00

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-23-2019 10:28 AM

Thanks Amit

 

The interface extensive output is to look for any error counter increments, to be more specific.

 

Also, can get 2 PCAPs, one on the client facing interface on the relay & the second on the client itself and upload them both on here?

 

We want to look for the dhcp related information, the client mac address, etc to be sure this packet was meant for the client in question.

Cheers

Pooja

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-23-2019 04:46 PM

@pmallya wrote:

Thanks Amit

 

The interface extensive output is to look for any error counter increments, to be more specific.

 

Also, can get 2 PCAPs, one on the client facing interface on the relay & the second on the client itself and upload them both on here?

 

We want to look for the dhcp related information, the client mac address, etc to be sure this packet was meant for the client in question.

Cheers

Pooja


All of the error counters seem to be 0

I can't upload PCAPs because the IPs are public (thats why I sent output of dhcpdump instead of a pcap).

Ethernet Switching

Re: EX4200 - DHCP relay with vlans

‎06-24-2019 08:00 AM

Hey Amit,

 

This was a tcpdump you collected on the client machine, is that right?

I am just trying to understand why we observe a bootp request (client -> server) in the inbound direction on the client.

 

TCPDUMP on client:

20:55:56.451823  In IP truncated-ip - 516 bytes missing! 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request [|bootp]

 

I understand that providing PCAPs wouldn't be possible, do you think a similar tcpdump can be collected on all 3, server, relay and the client simultaneously during a test perhaps, of course after you sanitize some information?

 

Cheers

Pooja