SRX

Hi  folks

I have to say i can solve this one.

I have an SRX110, its hooked up to a cable internet provider, and it works just fine. I have a ge interface in the untrust zone, as a DHCP client. It gets assigned an IP - code below.

set system services dhcp propagate-settings fe-0/0/6
set interfaces fe-0/0/6 fastether-options auto-negotiation
set interfaces fe-0/0/6 unit 0 family inet filter input protect-srx
set interfaces fe-0/0/6 unit 0 family inet dhcp update-server
set security zones security-zone untrust interfaces fe-0/0/6.0

This works on any code in the X44 train, D15, D35, D55 etc

As soon as i move to code in the X46 train, the interface will NOT get any address.'

I did a little digging, and did a trace on that fe-0/0/6 interface....

Oct 28 17:19:42 signalled dcd (pid 1392) to overlay
Oct 28 17:19:44 rtsock notified state change for IFD= fe-0/0/6
Oct 28 17:19:44  interface  = fe-0/0/6.0  mac = b0:a8:6e:68:c3:86
Oct 28 17:19:44 construct DHCP CLIENT packet for ifl_index = 76 ifl_name=fe-0/0/6.0 , pkt code = 1
Oct 28 17:19:44 DHCP CLIENT packet construct failed forifl = fe-0/0/6.0 code = 1
Oct 28 17:19:44 Found BPF device=/dev/bpf5 for ifl=fe-0/0/6.0 sock=9

So far though, that means very little to me (or at least from what i can see with some Googling). Also, i changed the TTL from 1 to 64 for the hell of it, made no difference (read that in another post)

Why cant the SRX get an IP assigned with the same config in any branch of X46, but it works just fine in X44?

Would really love to understand what i am missing here....cheers!

Hi Valacer,

Can you try and use dhcp-client instead of dhcp, i.e;

set interfaces fe-0/0/6 unit 0 family inet dhcp-client update-server

If that does not help, can you check by restarting the dhcp daemon?

Hi ssn

Thank you for the reply

As soon as i can get to that SRX I'll do exactly that.

I dont want to do it remotely as it might kill the connection (as it has in the past)

Hopefully i will report back tonight!

Cheers 🙂

Hi

I logged in remotely to do a commit confirmed

oxxy# commit confirmed 4
[edit interfaces fe-0/0/6 unit 0 family inet]
  'dhcp-client'
    Incompatible with the dhcp server configured under 'system services dhcp'
error: commit failed: (statements constraint check failed)

Can i not have the SRX as a DHCP server for the local LAN, and a client of the ISP?

Hi Valacer,

To answer your query;

Although a Juniper Networks device can act as a DHCP server, a DHCP client, or DHCP relay agent at the same time, you cannot configure more than one DHCP role on a single interface.

from;

http://www.juniper.net/documentation/en_US/junos12.1/topics/concept/security-dhcp-server-client-relay-agent-overivew.html

Thanks ssn

I just came back here to say i seem to have managed to move DHCP to the 'set access'  hierarchy.

I will muck with this for the moment, and will confirm if the changes work when i move back to the X46 train

Thanks again!

Ok, i can report back that i now can get an IP address under the X46 train from the cable provider. So thank you ssn 🙂

But I had to move DHCP services to the local EX2200 switches, which is annoying.

Now they are complaining about no routes, even though they are directly connected on a VLAN to the SRX (all have a VLAN interface in the same /24)...and i cant telnet or SSH to them from the LAN, only the SRX .....might just roll it back for now.

It does beg the question though - why could i get an IP address from the ISP with dhcp-client set on the fe-0/0/6 interface on the X44 code train, but not on the X46?

Not sure if I can un mark as solved

Rebooted SRX, and it wont get an address. Restarted Daemon, roll back config, rolled back to X44, wont get IP via DHCP

I used a piece of junk consumer router, it works just fine

So left with the site down, and the SRX just sitting there....

hello,

Below is the working config for DHCP local server and DHCP client on same SRX (on different interfaces though 🙂 😞

access {
    address-assignment {
        pool P1 {
            family inet {
                network 192.168.1.0/24;
                range R1 {
                    low 192.168.1.15;
                    high 192.168.1.250;
                }
                dhcp-attributes {
                    name-server {
                        8.8.4.4;
                    }
                    router {
                        192.168.1.1;
                    }
                }
            }
        }
    }
}
system {
    services {
        dhcp-local-server {
            group G1 {
                interface vlan.0;
            }
        }
	}
}
interfaces {
    vlan {
        unit 0 {
            family inet {
                address 192.168.1.1/24;
            }
        }
        unit 2 {
            family inet {
                dhcp-client;
            }
        }
    }
}

Tested on JUNOS 12.1X47, works fine.

HTH

Thx

Alex

Hi Valacer,

Sorry to hear that after the reboot the device became totally unresponsive wrt DHCP.

Is it possible to look into the issue again ?

Can you check if the dhcp process was running?

Are there any core dumps?

Hiya 🙂

I will get some core dumps as soon as i can.

This might have partly been a fault of the consumer cable modem on the site. I rebooted the thing quite a few times, and it made no difference (it was operating in bridge mode)

I rolled back the SRX to X44 and put back the config the way it was originally (having tried many different configuration combinations). I if now configured as just 'dhcp' not 'dhcp-client' under the fe-0/0/6 interface

I put the consumer cable modem back into its default mode, then put it back again into bridge mode, and got an IP.

So the second lot of problems i had might have been due to that modem.

I'll need to arrange time at the site though to take it offline again, return the router to X46 (and do any core dumps) and see if it works, or it fails

What gets me is that if the cable modem was the cause, why did rebooting the SRX affect the outcome (essentially triggering the issue)?

It has been rebooted before without issue, its horribly co-incidental and doesnt at all make sense that moving to X46 and configuring 'dhcp-client' had any impact on that device, but i cant rule it out at this stage.

I will report back as soon as able, as this might help others, and thanks again for your assistance 🙂

I have the same problem at my parents'.

They have a SRX connected to a cable modem.

When the cable modem is in bridge mode the SRX doesn't get an IP address. Setting the cable modem to router mode it gets a private IP address.

Of course this works fine, but I really do not like double NAT.