SRX Services Gateway
Highlighted
SRX Services Gateway

DHCP server not leasing IP if applied filter on the vlan interface where the instance type is forwarding SRX100

‎11-21-2019 07:10 AM

Hi,

DHCP stops leasing IP when I apply the below-mentioned filter to the VLAN interface, My requirement is all the traffic (0.0.0.0/0) from a certain vlan 20 should go through the VPN tunnel where other VLAN traffic should move through untrust interface, everything works fine but when I apply the FBF filter DHCP stops. Do I need to change the instance type to virtual router and create the DHCP inside the Virtual router? to get things works or is there any other method.

 

set system services dhcp pool 172.30.10.64/27 address-range low 172.30.10.66
set system services dhcp pool 172.30.10.64/27 address-range high 172.30.10.94
set system services dhcp pool 172.30.10.64/27 default-lease-time 3600
set system services dhcp pool 172.30.10.64/27 name-server 172.30.10.65
set system services dhcp pool 172.30.10.64/27 router 172.30.10.65

set interfaces vlan unit 20 family inet filter input Kochi-TV-Phone

set interfaces vlan unit 20 family inet address 172.30.10.65/27
set firewall filter Kochi-TV-Phone term Route-Over-KKD from source-address 172.30.10.64/27
set firewall filter Kochi-TV-Phone term Route-Over-KKD from destination-address 0.0.0.0/0
set firewall filter Kochi-TV-Phone term Route-Over-KKD then log
set firewall filter Kochi-TV-Phone term Route-Over-KKD then routing-instance Kochi-KKD-Routing-table

set routing-options interface-routes rib-group inet FBF-Group
set routing-options rib-groups FBF-Group import-rib Kochi-KKD-Routing-table.inet.0
set routing-options rib-groups FBF-Group import-rib inet.0

set routing-instances Kochi-KKD-Routing-table instance-type forwarding
set routing-instances Kochi-KKD-Routing-table routing-options static route 0.0.0.0/0 next-hop st0.0

 

Thanks,
Jsree

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
2 REPLIES 2
Highlighted
SRX Services Gateway

Re: DHCP server not leasing IP if applied filter on the vlan interface where the instance type is forwarding SRX100

‎11-21-2019 08:20 AM

Try to modify your filter

 

set firewall filter Kochi-TV-Phone term Route-Over-KKD from source-address 172.30.10.64/27
set firewall filter Kochi-TV-Phone term Route-Over-KKD from destination-address 0.0.0.0/0
set firewall filter Kochi-TV-Phone term Route-Over-KKD then log
set firewall filter Kochi-TV-Phone term Route-Over-KKD then routing-instance Kochi-KKD-Routing-table

set firewall filter Kochi-TV-Phone term Route-Over-KKD then accept
set firewall filter Kochi-TV-Phone term Other-Traffic then accept


Mengzhe Hu
JNCIE x 3 (SP DC ENT)
Highlighted
SRX Services Gateway

Re: DHCP server not leasing IP if applied filter on the vlan interface where the instance type is forwarding SRX100

‎11-21-2019 10:10 PM

Hi,

Thank you very much

It solved my problem after adding the last line, now the DHCP server is leasing IP.  Does it affect the traffic flow, what I mean is, all the traffic originated from 172.30.10.64/27 will still go through VPN tunnel right!. I didn't get a chance to test it, I will test it and let you know.

Thanks,
Jsree

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
Feedback