Juniper SRX DHCP設定範例

-



Juniper SRX DHCP設定範例


-------- 設定VLAN會用到的DHCP pool address ----------------


set system services dhcp name-server 168.95.1.1      ##指定DNS SERVER,會套用到子網路(若子網路個別設定了以個別子網路的設定為主)
set system services dhcp name-server 168.95.192.1      ##指定DNS Server
set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.11      ##指定地址池範圍
set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.111
set system services dhcp pool 192.168.1.0/24 router 192.168.1.1             ##指定子網路的default gateway
set system services dhcp pool 192.168.1.0/24 propagate-settings vlan.0      ##指定套用設定之介面
set system services dhcp pool 192.168.66.0/24 address-range low 192.168.66.11
set system services dhcp pool 192.168.66.0/24 address-range high 192.168.66.111
set system services dhcp pool 192.168.66.0/24 router 192.168.66.1
set system services dhcp pool 192.168.66.0/24 propagate-settings fe-0/0/5.0
set system services dhcp pool 192.168.67.0/24 address-range low 192.168.67.11
set system services dhcp pool 192.168.67.0/24 address-range high 192.168.67.111
set system services dhcp pool 192.168.67.0/24 router 192.168.67.1
set system services dhcp pool 192.168.67.0/24 propagate-settings fe-0/0/5.1
set system services dhcp pool 192.168.68.0/24 address-range low 192.168.68.11
set system services dhcp pool 192.168.68.0/24 address-range high 192.168.68.111
set system services dhcp pool 192.168.68.0/24 router 192.168.68.1
set system services dhcp pool 192.168.68.0/24 propagate-settings fe-0/0/5.2

---------------- 設定VLAN會用到的DHCP pool address ----------------END


Multiple dhcp statements:


For version before 12.1 (DHCPD): 
    system {
      host-name DHCP_VLAN;
      root-authentication {
        encrypted-password "$1$hCUuf9ks$sFfLVgLbQUNMvobX.jGlx0"; ## SECRET-DATA
        }
    
      services {
        dhcp {
          pool 192.168.15.0/24 {
            address-range low 192.168.15.100 high 192.168.15.254;
            router {
              192.168.15.1;
            }
            propagate-settings vlan.300;
          }
          pool 192.168.16.0/24 {
            address-range low 192.168.16.100 high 192.168.16.254;
            router {
              192.168.16.1;
            }
            propagate-settings vlan.100;
          }
        }
      }
    }

    interfaces {
      ge-2/0/0 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test;
            }
          }
        }
      }
      ge-2/0/1 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test2;
            }
          }
        }
      }
    }

    vlan {
      unit 100 {
        family inet {
          address 192.168.16.1/24;
        }
      }
      unit 300 {
        family inet {
          address 192.168.15.1/24;
        }
      }
    }
   
    security {
      zones {
        security-zone trust {
          interfaces {
            vlan.300 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
            vlan.100 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
          }
        }
      }
    }
   
    vlans {
      test {
        vlan-id 300;
        interface {
          ge-2/0/0.0;
        }
        l3-interface vlan.300;
      }
      test2 {
        vlan-id 100;
        interface {
          ge-2/0/1.0;
        }
        l3-interface vlan.100;
      }
    }

    SRX-650
    VERSION: 10.4R3.4

propagate-settings interface-name;
Hierarchy Level
[edit system services dhcp]
[edit system services dhcp pool]
Release Information
Statement introduced in Junos OS Release 8.5.
Description
Enable or disable the propagation of TCP/IP settings received on the device acting as Dynamic Host Configuration Protocol (DHCP) client. The settings can be propagated to the server pool running on the device.
Use the system services dhcp to set this feature globally.
Use the system services dhcp pool to set the feature for the address pool and override the global setting.
Options
logical-interface-name —Name of the logical interface to receive TCP/IP settings from the external network for propagation to the DHCP pool running on the device.

    root@DHCP_VLAN# run show system services dhcp statistics
    Sep 22 20:38:57
    Packets dropped:
    Total 0

    Messages received:
    BOOTREQUEST 0
    DHCPDECLINE 0
    DHCPDISCOVER 4
    DHCPINFORM 7
    DHCPRELEASE 0
    DHCPREQUEST 5

    Messages sent:
    BOOTREPLY 0
    DHCPOFFER 4
    DHCPACK 12
    DHCPNAK 0

    [edit]
    root@DHCP_VLAN# run show route
    Sep 22 20:39:02

    inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    192.168.15.0/24 *[Direct/0] 00:02:43
    > via vlan.300
    192.168.15.1/32 *[Local/0] 01:44:13
    Local via vlan.300
    192.168.16.0/24 *[Direct/0] 00:05:07
    > via vlan.100
    192.168.16.1/32 *[Local/0] 00:16:45
    Local via vlan.100


For version after 12.1, user may opt for using JDHCPD:
    system {
      host-name DHCP_VLAN;
      root-authentication {
        encrypted-password "$1$hCUuf9ks$sFfLVgLbQUNMvobX.jGlx0"; ## SECRET-DATA
        }
      services {
        dhcp-local-server {
          group test {
            interface vlan.100;
            interface vlan.300;
          }
        }
      }
    }

    interfaces {
      ge-2/0/0 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test;
            }
          }
        }
      }
      ge-2/0/1 {
        unit 0 {
          family ethernet-switching {
            port-mode access;
            vlan {
              members test2;
            }
          }
        }
      }
    }

    vlan {
      unit 100 {
        family inet {
          address 192.168.16.1/24;
        }
      }
      unit 300 {
        family inet {
          address 192.168.15.1/24;
        }
      }
    }
   
    security {
      zones {
        security-zone trust {
          interfaces {
            vlan.300 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
            vlan.100 {
              host-inbound-traffic {
                system-services {
                  dhcp;
                }
                protocols {
                  all;
                }
              }
            }
          }
        }
      }
    }
   
    access {
      address-assignment {
        pool p1 {
          family inet {
            network 192.168.15.0/24;
            range r1 {
              low 192.168.15.100;
              high 192.168.15.254;
            }
          }
        }
        pool p2 {
          family inet {
            network 192.168.16.0/24;
            range r2 {
              low 192.168.16.100;
              high 192.168.16.254;
            }
          }
        }
      }
    }

    vlans {
      test {
        vlan-id 300;
        interface {
          ge-2/0/0.0;
        }
        l3-interface vlan.300;
      }
      test2 {
        vlan-id 100;
        interface {
          ge-2/0/1.0;
        }
        l3-interface vlan.100;
      }
    }

lab@SRX# run show dhcp statistics interface vlan.100
Packets dropped:
    Total                      0

Messages received:
    BOOTREQUEST                2
    DHCPDECLINE                0
    DHCPDISCOVER               1
    DHCPINFORM                 0
    DHCPRELEASE                0
    DHCPREQUEST                1

Messages sent:
    BOOTREPLY                  2
    DHCPOFFER                  1
    DHCPACK                    1
    DHCPNAK                    0
    DHCPFORCERENEW             0

lab@SRX# run show dhcp statistics interface vlan.300   
Packets dropped:
    Total                      0

Messages received:
    BOOTREQUEST                2
    DHCPDECLINE                0
    DHCPDISCOVER               1
    DHCPINFORM                 0
    DHCPRELEASE                0
    DHCPREQUEST                1

Messages sent:
    BOOTREPLY                  2
    DHCPOFFER                  1
    DHCPACK                    1
    DHCPNAK                    0
    DHCPFORCERENEW             0

lab@SRX# run show interfaces terse vlan    
Interface               Admin Link Proto    Local                 Remote
vlan                    up    up
vlan.100                up    up   inet     192.168.16.1/24
vlan.300                up    up   inet     192.168.15.1/24

lab@SRX# run show dhcp server binding          

IP address        Session Id  Hardware address   Expires     State      Interface
192.168.16.100    3           00:24:dc:d9:7d:4f  82992       BOUND      vlan.100           
192.168.15.100    4           00:24:dc:d9:5d:41  82993       BOUND      vlan.300


Verification
To verify the DHCP service configuration, use the following operational commands:
root@srx210> show system services dhcp pool
root@srx210> show system services dhcp binding
root@srx210> show system services dhcp statistics
root@srx210> show system services dhcp conflict

Troubleshooting
Use the following commands to troubleshoot your DHCP server configuration:
root@srx210# set system services dhcp traceoptions file dhcp.dbg
root@srx210# set system services dhcp traceoptions flag all




Symptoms:
Customer has a DHCP server in ISP which provides IP address details to the PC behind the SRX. The topology is as given below.
Topology:
ISP(DHCP_SERVER)---20.1.1.0/24-----(ge-0/0/1)SRX(ge-0/0/2)----30.1.1.0/24------PC

This article provides details to configure and verify the settings to provide DNS details from DHCP server to the PC.
Solution:
The following setting example is for SRX345.

set version 15.1X49-D60.7
set system services dhcp pool 30.1.1.0/24 address-range low 30.1.1.2
set system services dhcp pool 30.1.1.0/24 address-range high 30.1.1.10
set system services dhcp pool 30.1.1.0/24 default-lease-time 1800
set system services dhcp pool 30.1.1.0/24 router 30.1.1.1
set system services dhcp pool 30.1.1.0/24 propagate-settings ge-0/0/1.0
set security policies default-policy permit-all
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces irb.0 host-inbound-traffic system-services all
set interfaces ge-0/0/1 unit 0 family inet dhcp server-address 20.1.1.1
set interfaces ge-0/0/1 unit 0 family inet dhcp update-server
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 3
set interfaces irb unit 0 family inet address 30.1.1.1/24
set protocols l2-learning global-mode switching
set vlans vlan3 vlan-id 3
set vlans vlan3 l3-interface irb.0

Verification in SRX:
root@SRX-345-1# run show system services dhcp client ge-0/0/1.0

Logical Interface name ge-0/0/1.0
Hardware address 30:b6:4f:2d:7b:42
Client status bound
Server address 20.1.1.1
Address obtained 20.1.1.2
Update server enabled
Lease obtained at 2016-11-16 11:13:45 HKT
Lease expires at 2016-11-30 11:13:45 HKT

DHCP options:
Name: server-identifier, Value: 20.1.1.1
Code: 1, Type: ip-address, Value: 255.255.255.0
Name: router, Value: [ 20.1.1.1 ]
Name: name-server, Value: [ 8.8.8.8 ]  <--From the ISP


這個網誌中的熱門文章

如何測試網路連線--網路斷線了怎麼辦?

-
圖片
如何測試網路連線--網路斷線了怎麼辦? 如何測試網路連線 -- 網路不通了 DIY 自行檢測網路連線 當我們打開電腦,卻發現無法上網了,這時候我們該怎麼辦呢 ? 如果在公司的話,我們可以請電腦人員來處理,而若是在家裡,我們就必須 DIY 先自行檢查一遍,如果檢查後仍然不能上網的話,我們也只能請朋友或是廠商來維修了。 而我們又要如何 DIY 先自行檢查呢 ? 請您依照下列步驟來進行: 第一步:進入 DOS 命令列模式。 按 " 視窗鍵 +R 鍵 " ,開啟執行視窗並輸入 " cmd " 後按 enter 鍵來進入 DOS 命令列模式。 第二步:檢查 ip 是否正常。 請輸入 " ipconfig " 來 檢查有無取得正常 IP 或是 IP 設定是否正確。 若電腦要上網,則每台電腦 一 定都要配有一個 IP 位址才行,本例的 IP 位址為 192.168.1.11 。 而 IP 位址分成 公共 IP 與 私有 IP 兩種, 只有公共 IP 才能上網 ( 網際網路 ) ,私有 IP 是無法直接上網的,私有 IP 只能在區域網路中使用 。而因為公共 IP 太少,所以要搭配私有 IP 來上網才行,這樣就可以達到以 100 台電腦,或是以 10000 台電腦,使用私有 IP 經過網路設備的轉換而達成只需使用 1 個公共 IP 就能讓大家一起上網的目的了。 私有 IP 無法直接連接網際網路,需要使用 網絡地址轉換( Network Address Translator , NAT ) 或者 代理伺服器   ( proxy server ) 來實現。與公網 IP 相比,私有 IP 是免費的,同時節省了 IP 位址資源,適合在區域網使用。私有 IP 常被用於家庭,學校和企業的區域網。 私有 IP 的範圍: 192.168.XX. XX 172.16. XX.XX – - 172.31. XX.XX 10. XX.XX.XX 我們只要看到 IP 位址開頭為上述範圍的 IP ,就表示您的 IP 為私有 IP 。 還有一種 ip 位址為 169.254. X.X , 這種
閱讀完整內容

筆記電腦刷BIOS失敗無法開機—用CH341A編程器重刷BIOS教學!

-
圖片
ASUS 筆記電腦更新 BIOS 失敗無法開機 —用 CH341A 編程 器重刷 BIOS 教學! 前一陣子買了一台新的筆記電腦 (∩_∩) ,因此讓跟了我多年的 ASUS A42JA 筆電因此就被束之高閣沒有再被使用了 ヽ (´ ー ` )┌ ,後來想說反正放著不用也是浪費,乾脆就整理一下拿到拍賣網站給便宜賣掉算了 (¬ ‿ ¬) ,於是便動手開始移除個人的資料, 把 WINDOWS 7 系統還原到出廠狀態,順便一起更新 BIOS 的版本 ,而更新的過程很順利,在寫入 100% 後便自行重開機,重開機後小弟發現電源燈與硬碟燈皆恆亮,且螢幕沒有畫面,但小弟當然得等著它繼續開機更新 BIOS ,可是 2 分鐘 .. , 5 分鐘過了 .. ,情況還是一樣,此時心中不禁起了疑惑   (• ิ _• ิ )? ,不會吧 ! 會不會更新失敗了 ? 難道這麼倒楣的事都讓小弟我給碰上了 ? 一直等到十分鐘過後,小弟我終於失去耐性了,便下定決心長按電源鍵來讓筆記電腦強行關機   ( ╯‵ □′) ╯ ︵ ╧═╧ ,然後再開機,結果依然還是沒有畫面,電源燈與硬碟燈都恆亮的情況,小弟仍不死心的又重試了幾次,問題最後終於明朗化了,他媽的 BIOS 真的更新失敗了,對小弟來說一直是傳說中的問題竟被我給遇上了 !!!   。゜゜ (´ O `) ゜゜。 因為這台 ASUS A42JA 筆電已購置多年,早就過保固了,因此小弟先上網 GOOGLE 下,發現這類問題 ASUS 原廠通常是換主機板(這是在論壇上討論的內容),且一片要價 $5000 元   ( ⊙ _ ⊙ ) ,所以送回原廠維修的方案小弟就不考慮了(超出了筆電的價值沒有維修的必要),小弟接著再努力的 GOOGLE 幾下,終於發現 BIOS 更新失敗後似乎可以自行使用燒錄器來重刷 BIOS  (¬_¬;) ,於是這便成為小弟唯一可行的解決方案了。 從網路上找到的刷 BIOS 案例中,發現大多是使用 ”CH341A 編程器 ( 燒錄器 ) ” 來進行燒錄作業,其基本作法是用烙鐵將主機板上的 BIOS 晶片( 芯片 ) 拆下,再用 CH341A 燒錄器將原廠下載的 BIOS 檔案燒入芯片中,最後再將 BIOS 芯片焊接回筆電主機板上。而因為小弟也是電子相關科系出身,也曾拿烙鐵來焊接電子零件,所以
閱讀完整內容

INTEL XTU使用教學以及對筆電應具備的XTU設定概念

-
圖片
INTEL XTU 使用教學以及對筆電應具備的 XTU 設定概念 這篇文章除了教您如何使用 Intel XTU 之外,還告訴您許多 XTU 設定上的觀念,以及如何使用 XTU 來優化您的筆電等,在文中還有新、舊版本的 Intel XTU 開機自啟動相關的設定方法提供給大家來參考看看。 本篇文章主要是從初學者的角度出發來撰寫的,所以內容較為初淺,且繁雜,尚請各位大大多多體諒 ! 內容多為網路上蒐集而來,由小弟加以整理並加入個人的看法,若有校稿不力或是觀念錯誤的地方,尚請各位大大不吝指正,小弟必盡速更正 ! 在此先萬分感謝各位大大的愛護與支持,感謝您 !   內文開始   Intel 原廠網站是這樣說明的: Intel® 極致調整公用程式( Intel ® Extreme Tuning Utility - Intel® XTU )是一種簡易的 Windows 效能調整應用程式,可讓新手和經驗豐富的愛好者超頻、監控和壓力系統。軟體介面有一系列強大的功能,在大部分玩家平臺中都很常見。這種介面在新的 Intel® 處理器和主機板上也有特殊功能。 PS:上面這段話的意思是 -- Intel XTU 是 Intel 所推出的 一種簡易的 Windows 效能調整應用程式,透過對 CPU 電壓與功耗限制等的調整,可讓新手和經驗豐富的愛好者來對 Intel CPU 進行 超頻 、 監控 和 做壓力測試 。以小弟的電腦來說, CPU 經過 XTU 適當的調教之後,可以憑空增加約 30% 左右的效能,這可是得多花好幾千塊錢買更好的電腦才辦的到的事哦 ! 適用於下列產品。     Intel® Core™ i3-7350K 處理器 ( 4M 快取記憶體, 4.20 GHz)     Intel® Core™ i3-8350K 處理器( 8M 快取記憶體, 4.00 GHz )     Intel® Core™ i3-9350K 處理器( 8M 快取記憶體,最高 4.60 GHz )     Intel® Core™ i3-9350KF 處理器( 8M 快取記憶體,最高 4.60 GHz )     Intel® Core™ i5-3570K 處理器 ( 6M 快取記憶體,最高 3.80 GHz)     I
閱讀完整內容