DHCP stops working when multiple computers are introduced

last person joined: 14 hours ago

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

DHCP stops working when multiple computers are introduced

Jump to Best Answer

1. DHCP stops working when multiple computers are introduced

Recommend

Erdem

Posted 01-28-2014 23:57

My setup is as follows.

SRX210

Internet via ge-0/0/0 and dhcp client.

ge-0/0/1 has is connected to a switch with ~50 computers behind it.

My configuration works fine with just a few computers connected to a test switch, however once I introduce the actual production switch with lots of computers behind it the DHCP stops working completely.

There's also a SSL VPN MAG2600 working in this setup, but removing that doesn't seem to make any difference.

Can you see something wrong with my configuration?

## Last changed: 2014-01-28 11:39:23 UTC version 11.4R7.5;
system {
    root-authentication {
        encrypted-password ""; ## SECRET-DATA
    }
    name-server {
         1.1.1.1;#changed
         1.1.1.1;
    }
    services {
        ssh {
            protocol-version v2;
        }
        telnet;
        xnm-clear-text;
        web-management {
            http {
                interface vlan.0;
            }
            https {
                system-generated-certificate;
                interface [ vlan.0 vlan.100 ];
            }
        }
        dhcp {
            router {
                192.168.1.1;
            }
            pool 192.168.1.0/24 {
                address-range low 192.168.1.40 high 192.168.1.254;
                default-lease-time 3600;
                domain-name domain.info;
                name-server {
                    1.1.1.1;#changed
                    1.1.1.1;
                }
                router {
                    192.168.1.1;
                }
                propagate-settings ge-0/0/0.0;
            }
        }
    }
    syslog {
        archive size 100k files 3;
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
interfaces {
    interface-range interface-trust {
        member ge-0/0/1;
		member fe-0/0/3;
		member fe-0/0/4;
		member fe-0/0/5;
		member fe-0/0/6;
        member fe-0/0/7;
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/0 {
        description Internet_Link;
        unit 0 {
            family inet {
                dhcp {
                    update-server;
                }
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/2 {
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/3 {
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/4 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/5 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/6 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/7 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    vlan {
        unit 0 {
            family inet;
        }
        unit 100 {
            family inet {
                address 192.168.1.1/24;
            }
        }
    }
}
protocols {
    stp;
}
security {
    address-book {
        ssl-vpn {
            address external-port 192.168.1.3/32;
            address vpn-external 192.168.1.3/32;
            address vpn-internal 192.168.1.2/32;
            attach {
                zone trust;
            }
        }
    }
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
                }
                land;
            }
        }
    }
    nat {
        source {
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
                rule internet-access {
                    match {
                        source-address 0.0.0.0/0;
                        destination-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
        static {
            rule-set ssl-vpn {
                from zone untrust;
                rule allow-ssl {
                    match {
                        destination-address 1.1.1.2/32; #changed
                        destination-port 443;
                    }
                    then {
                        static-nat {
                            prefix {
                                192.168.1.3/32;
                                mapped-port 443;
                            }
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy trust-to-untrust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone untrust {
            policy untrust-allow-all {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone trust {
            policy allow-ssl {
                match {
                    source-address any;
                    destination-address vpn-external;
                    application [ junos-http junos-https junos-ping ];
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.0;
                vlan.100;
            }
        }
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            dhcp;
                            tftp;
                            https;
                        }
                    }
                }
                fe-0/0/2.0 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }
            }
        }
    }
}
vlans {
    vlan-trust {
        vlan-id 100;
        l3-interface vlan.100;
    }
}

Edit: DHCP log sample

Jan 29 08:19:59 <== DHCPREQUEST
Jan 29 08:19:59 requester 0.0.0.0 if ge-0/0/1.0 hw type 1 hw len 6 secs 0 hops 0 ciaddr 0.0.0.0 giaddr 0.0.0.0
Jan 29 08:19:59 Looking for a lease w/hardware address `b4:b5:2f:7b:5c:59'
Jan 29 08:19:59 ...and client identifier:
Jan 29 08:19:59   01 b4 b5 2f 7b 5c 59
Jan 29 08:19:59 ...and address 192.168.1.40
Jan 29 08:19:59 ...and subnet 192.168.1.0/24
Jan 29 08:19:59 Found matching lease entry for `b4:b5:2f:7b:5c:59'
Jan 29 08:19:59 Lease #1...
Jan 29 08:19:59 ...has the correct client identifier
Jan 29 08:19:59 ...has the correct address
Jan 29 08:19:59 ...has the correct subnet
Jan 29 08:19:59 found: 04, satisfies: 07, exact: 07
Jan 29 08:19:59 Exact match
Jan 29 08:19:59 Client is in INIT-REBOOT state
Jan 29 08:19:59 saving lease 0x585200 to file `/var/db/leases/01b4b52f7b5c59.jdl'
Jan 29 08:19:59 ==> DHCPACK
Jan 29 08:19:59 -- looking for pool with subnet 192.168.1.40, prefix length 32
Jan 29 08:19:59 -- [pfxlen 24] Found pool `192.168.1.0/24'
Jan 29 08:19:59 flushed options on binding
Jan 29 08:19:59 set next server address to 0.0.0.0
Jan 29 08:19:59 set client address to 192.168.1.40
Jan 29 08:19:59 Default lease time 1 hour obtained from `Pool' scope
Jan 29 08:19:59 Flag = 4 Expiry = 16099 days, 9 hours, 19 minutes, 59 seconds
Jan 29 08:19:59 Flag = 4 16099 days, 8 hours, 44 minutes, 46 seconds
Jan 29 08:19:59 Using default lease time of 1 hour
Jan 29 08:19:59 Maximum lease time infinite obtained from `Global' scope
Jan 29 08:19:59 adding option `subnet-mask' code 1 to binding
Jan 29 08:19:59 adding option `broadcast-address' code 28 to binding
Jan 29 08:19:59 client requested option `subnet-mask' code 1
Jan 29 08:19:59 client requested option `domain-name' code 15
Jan 29 08:19:59 client requested option `router' code 3
Jan 29 08:19:59 client requested option `name-server' code 6
Jan 29 08:19:59 client requested option `wins-server' code 44
Jan 29 08:19:59 client requested option `netbios-node-type' code 46
Jan 29 08:19:59 client requested option `netbios-scope' code 47
Jan 29 08:19:59 client requested option `router-discovery' code 31
Jan 29 08:19:59 client requested option `static-routes' code 33
Jan 29 08:19:59 client requested option code 121
Jan 29 08:19:59 client requested option code 249
Jan 29 08:19:59 client requested option code 252
Jan 29 08:19:59 client requested option `vendor-encap-options' code 43
Jan 29 08:19:59 found option `subnet-mask' code 1 in `Binding' scope 0x56e400
Jan 29 08:19:59 serving option `subnet-mask' code 1 to client
Jan 29 08:19:59 found option `router' code 3 in `Pool' scope 0x56f000
Jan 29 08:19:59 serving option `router' code 3 to client
Jan 29 08:19:59 found option `name-server' code 6 in `Pool' scope 0x56f000
Jan 29 08:19:59 serving option `name-server' code 6 to client
Jan 29 08:19:59 found option `domain-name' code 15 in `Pool' scope 0x56f000
Jan 29 08:19:59 serving option `domain-name' code 15 to client
Jan 29 08:19:59 skipping option code 31, not found in scope
Jan 29 08:19:59 skipping option code 33, not found in scope
Jan 29 08:19:59 skipping option code 43, not found in scope
Jan 29 08:19:59 skipping option code 44, not found in scope
Jan 29 08:19:59 skipping option code 46, not found in scope
Jan 29 08:19:59 skipping option code 47, not found in scope
Jan 29 08:19:59 skipping option code 121, not found in scope
Jan 29 08:19:59 skipping option code 249, not found in scope
Jan 29 08:19:59 skipping option code 252, not found in scope
Jan 29 08:19:59 saving lease 0x585200 to file `/var/db/leases/01b4b52f7b5c59.jdl'
Jan 29 08:19:59 Packing 56 bytes of options
Jan 29 08:19:59 packing option `dhcp-message-type' code 53 with 1 bytes of data
Jan 29 08:19:59 packing option `server-identifier' code 54 with 4 bytes of data
Jan 29 08:19:59 packing option `dhcp-lease-time' code 51 with 4 bytes of data
Jan 29 08:19:59 packing option `subnet-mask' code 1 with 4 bytes of data
Jan 29 08:19:59 packing option `router' code 3 with 4 bytes of data
Jan 29 08:19:59 packing option `name-server' code 6 with 8 bytes of data
Jan 29 08:19:59 packing option `domain-name' code 15 with 17 bytes of data
Jan 29 08:19:59 broadcasting the response
Jan 29 08:19:59 sendmsg() from 192.168.1.15 to port 68 at 255.255.255.255 via routing instance default sucess
Jan 29 08:19:59 sent packet from 192.168.1.15 to 255.255.255.255 port 68 out interface ge-0/0/1.0 routing instance default
Jan 29 08:19:59 ==> DHCPACK [done]

2. RE: DHCP stops working when multiple computers are introduced

0 Recommend
Raveen
Posted 01-29-2014 00:52

Reply Reply Privately
What is the Junos version that you are running?

Regards,

Raveen
3. RE: DHCP stops working when multiple computers are introduced

0 Recommend
Erdem
Posted 01-29-2014 01:02

Reply Reply Privately
11.4R7.5
4. RE: DHCP stops working when multiple computers are introduced

0 Recommend
kashifnawaz
Posted 01-29-2014 07:09

Reply Reply Privately
There is bit confusion in your configuration, in dhcp hierarchy prorate-setting is defined for ge-0/0/0 where as it should be vlan.100 , as vlan.100 is router interface for subnet connected to clients computers through switch. For interface ge-0/0/1 - fe-0/0/7 interfaces are part of interface-rang which is configured for switching mode and member of vlan "vlan-trust" , retain only portion either configuration for each individual interface or interface range
5. RE: DHCP stops working when multiple computers are introduced

0 Recommend
Erdem
Posted 01-31-2014 07:43

Reply Reply Privately
I've changed the configuration as you suggested. At first it seemed like everything started working but then I restarted the router and now once again it doesn't assign IP addresses to the clients. Is there something further wrong with my config.

The workings of the router seem very strange, how with the same configuration it can first work fine and then stop working and even rebooting/resetting the config doesn't help.

The only line I changed was

propagate-settings ge-0/0/0;

into

propagate-settings vlan.100;
6. RE: DHCP stops working when multiple computers are introduced
Best Answer

0 Recommend
kashifnawaz
Posted 01-31-2014 20:38

Reply Reply Privately
Please also amend configuration about interface , as suggested my in previous post. Either delete interface-range or interface specfic configuration as you done configuration for interface , switching mode and vlan member and same for interface range. If problem still persists you may upgrade your Juons with JTAC recommended version . In my personal experience SRX usually creates problems in DHCP and switching features
7. RE: DHCP stops working when multiple computers are introduced

0 Recommend
Erdem
Posted 02-01-2014 07:47

Reply Reply Privately
Ah I see, so my interfaces should be like this:

I'll test this on monday. Thx for your help!

interfaces { interface-range interface-trust { member ge-0/0/1; member fe-0/0/3; member fe-0/0/4; member fe-0/0/5; member fe-0/0/6; member fe-0/0/7; unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } vlan { unit 0 { family inet; } unit 100 { family inet { address 192.168.1.1/24; } } } }

SRX

DHCP stops working when multiple computers are introduced

Erdem01-28-2014 23:57

Raveen01-29-2014 00:52

Erdem01-29-2014 01:02

kashifnawaz01-29-2014 07:09

Erdem01-31-2014 07:43

kashifnawaz01-31-2014 20:38Best Answer

Erdem02-01-2014 07:47

1. DHCP stops working when multiple computers are introduced

2. RE: DHCP stops working when multiple computers are introduced

3. RE: DHCP stops working when multiple computers are introduced

4. RE: DHCP stops working when multiple computers are introduced

5. RE: DHCP stops working when multiple computers are introduced

6. RE: DHCP stops working when multiple computers are introduced Best Answer

7. RE: DHCP stops working when multiple computers are introduced

6. RE: DHCP stops working when multiple computers are introduced
Best Answer