Ano-Tech Computers

Enter keyword:

Juniper SRX: DHCP Relay with multiple client and server sets
Problem: Tried setting up a DHCP relay service on an SRX 3400 cluster as per this documentation: http://www.juniper.net/techpubs/en_US/junos9.3/topics/example/dhcp-subscriber-access-dhcp-relay-multiple-client-configuration.html dhcp-relay { traceoptions { file dhcp.log size 10k files 2 world-readable; flag all; } overrides { layer2-unicast-replies; } server-group { Intern { 10.80.2.41; 10.80.2.42; } Sikret { 10.80.4.41; 10.80.4.42; } Elev { 10.80.6.41; 10.80.6.42; } } group Intern { active-server-group Intern; interface reth1.32; } group IKT { active-server-group Intern; interface reth1.9; } group Sikret { active-server-group Sikret; interface reth1.56; } group Elev { active-server-group Elev; interface reth1.16; } } DHCP refused to work on the clients, tracing the activity on the SRX revealed messages like these: Jun 22 08:04:48 07:12:42.1018227:CID-01:FPC-05:PIC-00:THREAD_ID-15:RT: packet dropped, packet dropped: for self but not interested. We then confirmed our growing suspicion that the service was not even running: {primary:node0} root@raradh-fw-02> show system services dhcp relay-statistics node0: -------------------------------------------------------------------------- warning: dhcp subsystem not running - not needed by configuration. {primary:node0} root@raradh-fw-02> restart dhcp warning: dhcp subsystem not running - not needed by configuration.
Solution: Use "`helper bootp`" instead, like so: forwarding-options { helpers { bootp { interface { reth1.9 { description "`IKT klient`"; server 10.80.2.41; server 10.80.2.42; } reth1.32 { description "`INTERN klient`"; server 10.80.2.41; server 10.80.2.42; } reth1.56 { description "`SIKRET klient`"; server 10.80.4.41; server 10.80.4.42; } reth1.16 { description "`ELEV klient`"; server 10.80.6.41; server 10.80.6.42; } } } } } Also, remember to enable the system-service "`bootp`" on the relevant zones, like so: security { zones { security-zone vlan9_ikt_klienter { interfaces { reth1.9 { host-inbound-traffic { system-services { ping; bootp; } } } } } } }
Discuss this solution
Did this article solve your problem? Yes No Did not apply

This is free technical advice without any warranties. Use at your own risk. Solutions offered may not apply to your particular problem at all. Opinions and views expressed in the articles are the authors' personal and may not necessarily reflect or coincide with those of Ano-Tech Computers. We take no responsibility if anything bad happens from following any of the intructions given. If you don't understand and accept this, please contact us for personal assistance instead.
To read our full disclaimer, go here.

We welcome anyone who is willing to contribute to this public knowledge base, contact siteadmin@atc.no if you have information you would like to share. The idea is not to replace the commercial support sites, but to publish those hard-to-find solutions you've found yourself looking for over and over again.

Show all articles