Juniper SRX DHCP設定範例




Juniper SRX DHCP設定範例


-------- 設定VLAN會用到的DHCP pool address ----------------


set system services dhcp name-server 168.95.1.1      ##指定DNS SERVER,會套用到子網路(若子網路個別設定了以個別子網路的設定為主)
set system services dhcp name-server 168.95.192.1      ##指定DNS Server
set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.11      ##指定地址池範圍
set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.111
set system services dhcp pool 192.168.1.0/24 router 192.168.1.1             ##指定子網路的default gateway
set system services dhcp pool 192.168.1.0/24 propagate-settings vlan.0      ##指定套用設定之介面
set system services dhcp pool 192.168.66.0/24 address-range low 192.168.66.11
set system services dhcp pool 192.168.66.0/24 address-range high 192.168.66.111
set system services dhcp pool 192.168.66.0/24 router 192.168.66.1
set system services dhcp pool 192.168.66.0/24 propagate-settings fe-0/0/5.0
set system services dhcp pool 192.168.67.0/24 address-range low 192.168.67.11
set system services dhcp pool 192.168.67.0/24 address-range high 192.168.67.111
set system services dhcp pool 192.168.67.0/24 router 192.168.67.1
set system services dhcp pool 192.168.67.0/24 propagate-settings fe-0/0/5.1
set system services dhcp pool 192.168.68.0/24 address-range low 192.168.68.11
set system services dhcp pool 192.168.68.0/24 address-range high 192.168.68.111
set system services dhcp pool 192.168.68.0/24 router 192.168.68.1
set system services dhcp pool 192.168.68.0/24 propagate-settings fe-0/0/5.2

---------------- 設定VLAN會用到的DHCP pool address ----------------END


Multiple dhcp statements:


For version before 12.1 (DHCPD): 
    system {
      host-name DHCP_VLAN;
      root-authentication {
        encrypted-password "$1$hCUuf9ks$sFfLVgLbQUNMvobX.jGlx0"; ## SECRET-DATA
        }
    
      services {
        dhcp {
          pool 192.168.15.0/24 {
            address-range low 192.168.15.100 high 192.168.15.254;
            router {
              192.168.15.1;
            }
            propagate-settings vlan.300;
          }
          pool 192.168.16.0/24 {
            address-range low 192.168.16.100 high 192.168.16.254;
            router {
              192.168.16.1;
            }
            propagate-settings vlan.100;
          }
        }
      }
    }

    interfaces {
      ge-2/0/0 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test;
            }
          }
        }
      }
      ge-2/0/1 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test2;
            }
          }
        }
      }
    }

    vlan {
      unit 100 {
        family inet {
          address 192.168.16.1/24;
        }
      }
      unit 300 {
        family inet {
          address 192.168.15.1/24;
        }
      }
    }
   
    security {
      zones {
        security-zone trust {
          interfaces {
            vlan.300 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
            vlan.100 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
          }
        }
      }
    }
   
    vlans {
      test {
        vlan-id 300;
        interface {
          ge-2/0/0.0;
        }
        l3-interface vlan.300;
      }
      test2 {
        vlan-id 100;
        interface {
          ge-2/0/1.0;
        }
        l3-interface vlan.100;
      }
    }

    SRX-650
    VERSION: 10.4R3.4

propagate-settings interface-name;
Hierarchy Level
[edit system services dhcp]
[edit system services dhcp pool]
Release Information
Statement introduced in Junos OS Release 8.5.
Description
Enable or disable the propagation of TCP/IP settings received on the device acting as Dynamic Host Configuration Protocol (DHCP) client. The settings can be propagated to the server pool running on the device.
Use the system services dhcp to set this feature globally.
Use the system services dhcp pool to set the feature for the address pool and override the global setting.
Options
logical-interface-name —Name of the logical interface to receive TCP/IP settings from the external network for propagation to the DHCP pool running on the device.

    root@DHCP_VLAN# run show system services dhcp statistics
    Sep 22 20:38:57
    Packets dropped:
    Total 0

    Messages received:
    BOOTREQUEST 0
    DHCPDECLINE 0
    DHCPDISCOVER 4
    DHCPINFORM 7
    DHCPRELEASE 0
    DHCPREQUEST 5

    Messages sent:
    BOOTREPLY 0
    DHCPOFFER 4
    DHCPACK 12
    DHCPNAK 0

    [edit]
    root@DHCP_VLAN# run show route
    Sep 22 20:39:02

    inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    192.168.15.0/24 *[Direct/0] 00:02:43
    > via vlan.300
    192.168.15.1/32 *[Local/0] 01:44:13
    Local via vlan.300
    192.168.16.0/24 *[Direct/0] 00:05:07
    > via vlan.100
    192.168.16.1/32 *[Local/0] 00:16:45
    Local via vlan.100


For version after 12.1, user may opt for using JDHCPD:
    system {
      host-name DHCP_VLAN;
      root-authentication {
        encrypted-password "$1$hCUuf9ks$sFfLVgLbQUNMvobX.jGlx0"; ## SECRET-DATA
        }
      services {
        dhcp-local-server {
          group test {
            interface vlan.100;
            interface vlan.300;
          }
        }
      }
    }

    interfaces {
      ge-2/0/0 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test;
            }
          }
        }
      }
      ge-2/0/1 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test2;
            }
          }
        }
      }
    }

    vlan {
      unit 100 {
        family inet {
          address 192.168.16.1/24;
        }
      }
      unit 300 {
        family inet {
          address 192.168.15.1/24;
        }
      }
    }
   
    security {
      zones {
        security-zone trust {
          interfaces {
            vlan.300 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
            vlan.100 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
          }
        }
      }
    }
   
    access {
      address-assignment {
        pool p1 {
          family inet {
            network 192.168.15.0/24;
            range r1 {
              low 192.168.15.100;
              high 192.168.15.254;
            }
          }
        }
        pool p2 {
          family inet {
            network 192.168.16.0/24;
            range r2 {
              low 192.168.16.100;
              high 192.168.16.254;
            }
          }
        }
      }
    }

    vlans {
      test {
        vlan-id 300;
        interface {
          ge-2/0/0.0;
        }
        l3-interface vlan.300;
      }
      test2 {
        vlan-id 100;
        interface {
          ge-2/0/1.0;
        }
        l3-interface vlan.100;
      }
    }

lab@SRX# run show dhcp statistics interface vlan.100
Packets dropped:
    Total                      0

Messages received:
    BOOTREQUEST                2
    DHCPDECLINE                0
    DHCPDISCOVER               1
    DHCPINFORM                 0
    DHCPRELEASE                0
    DHCPREQUEST                1

Messages sent:
    BOOTREPLY                  2
    DHCPOFFER                  1
    DHCPACK                    1
    DHCPNAK                    0
    DHCPFORCERENEW             0

lab@SRX# run show dhcp statistics interface vlan.300   
Packets dropped:
    Total                      0

Messages received:
    BOOTREQUEST                2
    DHCPDECLINE                0
    DHCPDISCOVER               1
    DHCPINFORM                 0
    DHCPRELEASE                0
    DHCPREQUEST                1

Messages sent:
    BOOTREPLY                  2
    DHCPOFFER                  1
    DHCPACK                    1
    DHCPNAK                    0
    DHCPFORCERENEW             0

lab@SRX# run show interfaces terse vlan    
Interface               Admin Link Proto    Local                 Remote
vlan                    up    up
vlan.100                up    up   inet     192.168.16.1/24
vlan.300                up    up   inet     192.168.15.1/24

lab@SRX# run show dhcp server binding          

IP address        Session Id  Hardware address   Expires     State      Interface
192.168.16.100    3           00:24:dc:d9:7d:4f  82992       BOUND      vlan.100           
192.168.15.100    4           00:24:dc:d9:5d:41  82993       BOUND      vlan.300


Verification
To verify the DHCP service configuration, use the following operational commands:
root@srx210> show system services dhcp pool
root@srx210> show system services dhcp binding
root@srx210> show system services dhcp statistics
root@srx210> show system services dhcp conflict

Troubleshooting
Use the following commands to troubleshoot your DHCP server configuration:
root@srx210# set system services dhcp traceoptions file dhcp.dbg
root@srx210# set system services dhcp traceoptions flag all




Symptoms:
Customer has a DHCP server in ISP which provides IP address details to the PC behind the SRX. The topology is as given below.
Topology:
ISP(DHCP_SERVER)---20.1.1.0/24-----(ge-0/0/1)SRX(ge-0/0/2)----30.1.1.0/24------PC

This article provides details to configure and verify the settings to provide DNS details from DHCP server to the PC.
Solution:
The following setting example is for SRX345.

set version 15.1X49-D60.7
set system services dhcp pool 30.1.1.0/24 address-range low 30.1.1.2
set system services dhcp pool 30.1.1.0/24 address-range high 30.1.1.10
set system services dhcp pool 30.1.1.0/24 default-lease-time 1800
set system services dhcp pool 30.1.1.0/24 router 30.1.1.1
set system services dhcp pool 30.1.1.0/24 propagate-settings ge-0/0/1.0
set security policies default-policy permit-all
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces irb.0 host-inbound-traffic system-services all
set interfaces ge-0/0/1 unit 0 family inet dhcp server-address 20.1.1.1
set interfaces ge-0/0/1 unit 0 family inet dhcp update-server
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 3
set interfaces irb unit 0 family inet address 30.1.1.1/24
set protocols l2-learning global-mode switching
set vlans vlan3 vlan-id 3
set vlans vlan3 l3-interface irb.0

Verification in SRX:
root@SRX-345-1# run show system services dhcp client ge-0/0/1.0

Logical Interface name ge-0/0/1.0
Hardware address 30:b6:4f:2d:7b:42
Client status bound
Server address 20.1.1.1
Address obtained 20.1.1.2
Update server enabled
Lease obtained at 2016-11-16 11:13:45 HKT
Lease expires at 2016-11-30 11:13:45 HKT

DHCP options:
Name: server-identifier, Value: 20.1.1.1
Code: 1, Type: ip-address, Value: 255.255.255.0
Name: router, Value: [ 20.1.1.1 ]
Name: name-server, Value: [ 8.8.8.8 ]  <--From the ISP


這個網誌中的熱門文章

如何測試網路連線--網路斷線了怎麼辦?

筆記電腦刷BIOS失敗無法開機—用CH341A編程器重刷BIOS教學!

查理王的電腦部落格-首頁