SRX Services Gateway
Highlighted
SRX Services Gateway

Unique dhcp-attributes on SRX using JDHCP (new daemon) Server

‎01-30-2020 04:26 PM

Folks,

 

I have an older SRX that uses the old style DHCP configuration under system->services->dhcp and it works great. I have some static bindings that have a unique DNS server required for my particular use case. For example:

 

        static-binding b0:a7:37:73:ab:48 {
                fixed-address {
                    10.0.0.46;
                }
                host-name remote-basement;
                name-server {
                    4.2.2.2;
                }
                router {
                    10.0.0.1;
                }

 

 

But, my general pool and other static bindings use the more 'global' pool settings.

 

 

dhcp {
            maximum-lease-time 345600;
            default-lease-time 259200;
            domain-name lab.net;
            name-server {
                10.0.0.2;
            }
             pool 10.0.0.0/24 {
address-range low 10.0.0.2 high 10.0.0.254;
name-server {
10.0.0.2;
}
router {
10.0.0.1;
}
server-identifier 10.0.0.1;
}

 

 

 

Now that I'm upgrading to a 300 series with 18.2, how do I do this?

 

[edit access address-assignment pool mainnet]
SRX300# show 
family inet {
    network 10.0.0.0/24;
    range general {
        low 10.0.0.100;
        high 10.0.0.199;
    }
    dhcp-attributes {
        maximum-lease-time 86400;
        domain-name lab.net;
        name-server {
            10.0.0.2;
        }
        router {
            10.0.0.1;
        }
    }
    host alder {
        hardware-address 70:4d:7a:29:6f:f1;
        ip-address 10.0.0.2;
        ! I want a unique DNS server here
    }
}

 

 

 

I want a unique DNS server for this particular static binding, but there does NOT appear to be an option to do this under the host name hierarchy.

 

SRX300# set family inet host alder ?
Possible completions:
  <[Enter]>            Execute this command
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  hardware-address     Hardware address
  ip-address           Reserved address
  |                    Pipe through a command

It appears that I can only set the hardware-address and the ip-address at this level.

 

Any recommendations on how best to accomplish this with the newer DHCP server?

 

Thanks.

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: Unique dhcp-attributes on SRX using JDHCP (new daemon) Server

‎01-31-2020 07:52 AM

Another example/use case would be, I want to only provide option 67 for a couple of devices based on their hardware address.

 

With the new DHCP configuration, how do we do that?

Highlighted
SRX Services Gateway

Re: Unique dhcp-attributes on SRX using JDHCP (new daemon) Server

‎01-31-2020 04:27 PM

So, I'm a little annoyed...

 

I opened up a ticket with JTAC to go over the configuration, and it looks like the *newer* JDHCP Server configuration will NOT support having unique dhcp options for any static reservations.

So basically, we are losing functionality with the  *newer* method of DHCP.

 
DHCPD in the BSD & Linux world has supported special DHCP options for specific host reservations for years...so this is telling me that the Junos JDHCP server actually has less functionality than the old DHCP server that was working fine on older SRX hardware / Junos releases. But...the old DHCP server is deprecated; otherwise I'd still be using it.
 
In Linux/BSD ISC DHCPD, you can do this under the host stanza:
 
   host DC1-R1-LEAF-A {
                option dhcp-client-identifier 00:0c:30:8d:5e:0d;
                fixed-address 192.168.100.103;
                option bootfile-name "http://192.168.100.130/bootstrap";
        }

 

We could do this with the old JUNOS configuration with:

system {
    services {
dhcp static-binding 18:a6:f7:56:21:18
     {
     fixed-address {
        10.0.0.5;
        }
host-name tplink-office;
name-server {
    10.0.0.2;
}
router {
    10.0.0.1;
}
option 67 string http://192.168.100.130/bootstrap;
}

JTAC's solution is to create another pool and change my subnet strategy, which I'm sorry, is really not a good answer. 

 

Can someone please tell me this is all wrong and that there is a way to deal with this? I'm shocked that this doesn't have a solution.

 

I could have a small Linux box to do this...but for a branch site, I don't want to put compute out there, just for DHCP services. That is just crazy.

 

-J

Feedback