Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0

    Posted 05-12-2009 14:52

    I've run into a problem and would like to query the forum about a possible work around or configuration correction.

     

    When using the above specs, the DHCP configuration becomes unavailable after initial configuration. In the web interface the "edit" option shows up as available but when any change is made you receive an error indicating that the "DHCP" variable is not valid.

     

    On the CLI when I attempt a command such as "set interface eth1.1 dhcp server enable" the output indicates that the "DHCP" variable is not recognized.

     

    When the same command is executed without using sub-interfaces, the configuation is accepted.Example, "set interface eth1 dhcp server enable"

     

    The goal of this configuration was to have multiple VLANs handled by the firewall and served DHCP over a single physical interface.

     

    Thank you.


    #5.4
    #screenos
    #netscreen
    #25
    #NS25


  • 2.  RE: Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0

    Posted 05-12-2009 15:25

    Hi

     

    I managed to get this working on NS25 :

    00-> get conf | i dhcp
    set interface ethernet3.1 dhcp server service
    set interface ethernet3.2 dhcp server service
    set interface ethernet3.1 dhcp server enable
    set interface ethernet3.2 dhcp server enable
    unset interface ethernet3.1 dhcp server config next-server-ip
    unset interface ethernet3.2 dhcp server config next-server-ip
    00-> get sys | i ver
    Hardware Version: 4010(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
    Software Version: 5.4.0r10.0, Type: Firewall+VPN
    00-> get sys
    Product Name: NetScreen-25

     

    Could you show us what you did via the cli?



  • 3.  RE: Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0

    Posted 05-13-2009 06:29

    The result of the below configuration was not being able to edit the DHCP configurations. The "DHCP" variable was no longer accepted.

     

     

     

     

     

    set interface ethernet1.2 ip 172.30.2.1/24
    set interface ethernet1.4 ip 172.30.4.1/24
    set interface ethernet2.6 ip 172.30.6.1/24
    set interface ethernet2.8 ip 172.30.8.1/24
    set interface ethernet4 ip 10.63.247.2/30
    set interface ethernet1.2 dhcp server service
    set interface ethernet1.4 dhcp server service
    set interface ethernet2.6 dhcp server service
    set interface ethernet2.8 dhcp server service
    set interface ethernet1.2 dhcp server enable
    set interface ethernet1.4 dhcp server enable
    set interface ethernet2.6 dhcp server enable
    set interface ethernet2.8 dhcp server enable
    set interface ethernet1.2 dhcp server option lease 1440000 
    set interface ethernet1.2 dhcp server option gateway 172.30.2.1 
    set interface ethernet1.2 dhcp server option netmask 255.255.255.0 
    set interface ethernet1.2 dhcp server option dns1 10.6.51.1 
    set interface ethernet1.2 dhcp server option dns2 4.2.2.2 
    set interface ethernet1.4 dhcp server option lease 1440000 
    set interface ethernet1.4 dhcp server option gateway 172.30.4.1 
    set interface ethernet1.4 dhcp server option netmask 255.255.255.0 
    set interface ethernet1.4 dhcp server option dns1 10.6.51.1 
    set interface ethernet1.4 dhcp server option dns2 4.2.2.2 
    set interface ethernet2.6 dhcp server option lease 1440000 
    set interface ethernet2.6 dhcp server option gateway 172.30.6.1 
    set interface ethernet2.6 dhcp server option netmask 255.255.255.0 
    set interface ethernet2.6 dhcp server option dns1 10.6.51.1 
    set interface ethernet2.6 dhcp server option dns2 4.2.2.2 
    set interface ethernet2.8 dhcp server option lease 1440000 
    set interface ethernet2.8 dhcp server option gateway 172.30.8.1 
    set interface ethernet2.8 dhcp server option netmask 255.255.255.0 
    set interface ethernet2.8 dhcp server option dns1 10.6.51.1 
    set interface ethernet2.8 dhcp server option dns2 4.2.2.2 
    set interface ethernet1.2 dhcp server ip 172.30.2.200 to 172.30.2.224 
    set interface ethernet1.4 dhcp server ip 172.30.4.200 to 172.30.4.224 
    set interface ethernet2.6 dhcp server ip 172.30.6.200 to 172.30.6.224 
    set interface ethernet2.8 dhcp server ip 172.30.8.200 to 172.30.8.224 
    unset interface ethernet1.2 dhcp server config next-server-ip
    unset interface ethernet1.4 dhcp server config next-server-ip
    unset interface ethernet2.6 dhcp server config next-server-ip
    unset interface ethernet2.8 dhcp server config next-server-ip

     

     set nsrp cluster id 1
    set nsrp vsd-group id 0 priority 100
    set nsrp vsd-group id 0 preempt

     

     ns25-> get sys
    Product Name: NetScreen-25

    Hardware Version: 4010(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
    Software Version: 5.4.0r12.0, Type: Firewall+VPN



  • 4.  RE: Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0
    Best Answer

    Posted 05-13-2009 10:00

    I realised why. If you have NSRP configured, we dont support DHCP on the subinterfaces which are also VSI interfaces.

    If you remove the NSRP settings. then it will work. Try and see.

     

    This feature is supported int 6.2 unfortunately, so I dont think there will be a workaround for you as the NS25 can not run that screenOS.



  • 5.  RE: Netscreen 25 [NS25] DHCP over sub-interfaces ScreenOS 5.4.0r12.0 & 5.4.0r10.0

    Posted 05-13-2009 10:33
    Well, that explains it. I can't go without NSRP, do I worked around it by reducing the VLANs handled by the NS25 and routed behind it. Thank you for the information.