SRX Services Gateway
Highlighted
SRX Services Gateway

Can DHCP Server and Relay be on the same SRX?

2 weeks ago

Greetings,

We're testing a new DHCP configuration and are trying to figure out if we can set up a DHCP relay for a specific subnet / irb / vlan and leave the rest of the DHCP configuration alone?

Basically we have the SRX acting as a DHCP server for all subnets, but we'd like to break off one subnet and send it's DHCP requests via relay to a DHCP server.  

Is this possible?

Thank you.

8 REPLIES 8
Highlighted
SRX Services Gateway

Re: Can DHCP Server and Relay be on the same SRX?

2 weeks ago

Hi A.Vanson,

 

Greetings, This should work, you just need to configure an IRB interface to encapsulate those discovers and send them to the server you desire, as a recommendation please eliminate the pool on the SRX acting as DHCP server for the VLAN you are trying to use the helper/relay function.

 

This is the minimum configuration needed

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-dhcp-relay-agen...

If relay agent interfaces and server are in different Routing instances you can use this KB

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB28642&cat=JUNOSV_FIREFLY&actp=LIST

 

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

 

 

Regards,

 

Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

Highlighted
SRX Services Gateway

Re: Can DHCP Server and Relay be on the same SRX?

2 weeks ago

Thanks, @lildexx,

I did look over that documentation, but it doesn't seem to tell me how to designate the specific subnet that I want to be relaying for?  Do you have any insights on this?  

Highlighted
SRX Services Gateway

Re: Can DHCP Server and Relay be on the same SRX?

2 weeks ago

 

Hi A.Vanson

 

 

 

Assuming that you already have the VLAN you want to be configured and the IRB associated with the VLAN you will just need to add the relay configuration and the security policies and the host inbound traffic to let the DHCP packets go back and forth. 

 

In this configuration we can see that we have two servers acting, one for Data-Vlan and another one for Voice-Vlan: 

 

forwarding-options {

    dhcp-relay {

        server-group {

            DATA{

                128.129.130.131;  ---------> remote dhcp server

                131.132.133.134; ---------> (optional) 2nd dhcp server

            }

            VOICE{

                168.167.169.170;

            }

        }

        group DATA{

            active-server-group DATA;       

            interface ge-0/0/0.0;    ---------> Iinterface working as the gateway on the Data VLAN 

        }

        group VOICE{

            active-server-group VOICE;

            interface irb.10;    ---------> Interface working as a gateway on Voice VLAN

        }

    }

}

 

 

If you had this command: set forwarding-options active-server-group <name> will allow only a single group of servers to work. Most of the time this is used, not always you have several DHCP servers 

Remember that  you cannot have a binding to two servers, the dhcp-relay agent will not let you do that unless you configure the following command: set forwarding-options dhcp-relay overrides delete-binding-on-renegotiation

 

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

 

Regards,

 

 

Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

Highlighted
SRX Services Gateway

Re: Can DHCP Server and Relay be on the same SRX?

2 weeks ago

Thank you, @lildexx,

Well, I tried something like

group all {
  interface irb.5
}

But then got an error, something like interface irb.5 already configured

Is this related to the access address-assignment?  I deleted the pool for that irb from the address-assignment node, so I'm missing something.

Highlighted
SRX Services Gateway

Re: Can DHCP Server and Relay be on the same SRX?

[ Edited ]
2 weeks ago

Hello Vanson,

 

Can you tell me whether you are using JDHCP or DHCP server? The difference is JDHCP is the latest one and DHCP is deprecated in the latest Junos version. For more information, please check the following TSB - https://kb.juniper.net/InfoCenter/index?page=content&id=TSB16991&actp=METADATA

 

If your configuration starts with "set access address-assignment" then it is JDHCP and if it starts with "set system services dhcp" then it is legacy DHCP.

 

Note: Although a Juniper Networks device can act as a DHCP server, a DHCP client, or DHCP relay agent at the same time, you cannot configure more than one DHCP role on a single interface.

 

It would be great if you can paste the exact error message so that we can take a look. Also, provide us with your existing DHCP configuration.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Can DHCP Server and Relay be on the same SRX?

[ Edited ]
2 weeks ago

Thanks for your assistance here.

 

We're using JDHCP.

The exact error is "Interface irb.5 already configured"

The config for the dhcp relay was like this:

 

 

dhcp-relay {
 server-group {
  dhcp-server {
   10.2.2.100;
  }
 }
 active-server-group dhcp-server;
 group dhcp {
  interface irb.5;
 }
}

 

 

 

IRB.5 is the L3 interface for a VLAN on the 192.168.5.0/24 subnet 

 

Our current DHCP config is something like this, minus all the other pools we've set up for different VLANs / IRBs.  This pool shown is the one that we removed before committing the relay rules:

access {
    address-assignment {
pool Pool3 { family inet { network 192.168.5.0/24; range Pool3Pool { low 192.168.5.100; high 192.168.5.199; } dhcp-attributes { name-server { 10.2.2.100; 10.2.2.101; } router { 192.168.5.1; } } } }
...

 

Highlighted
SRX Services Gateway
Solution
Accepted by topic author A.Vanson
2 weeks ago

Re: Can DHCP Server and Relay be on the same SRX?

[ Edited ]
2 weeks ago

Hi Vanson,

 

As I mentioned earlier, you can't configure more than one DHCP role on a single interface. i.e. Interface irb.5 can only act as either JDHCP server or JDHCP relay agent or JDHCP client.

 

The reason for the error is you have irb.5 configured both as JDHCP relay and JDHCP server because I believe you didn't get the IP address of irb.5 dynamically so I excluded the JDHCP client. Please correct me if I'm wrong on the last part.

 

So, under "set system services dhcp-local-server group" check whether you have irb.5 configured. If so, please delete that line and check whether the commit is happening. Please note that this line is important for JDHCP server to function and deleting this line will break your DHCP server.

 

If none of the above doesn't apply for your case, please provide me with the output of the following commands:

user@host>  show interfaces terse | match inet | no-more

user@host>  show configuration system services | display set | no-more

(If you are having routing-instance, please run the below commands under routing-instance)

user@host>  show configuration access address-assignment | display set | no-more

user@host>  show configuration dhcp-relay | display set | no-more



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Can DHCP Server and Relay be on the same SRX?

2 weeks ago

Thanks for your help, I think that's it, the dhcp-local-server node does have irb.5 configured there.  I will delete it, and keep moving forward.

Feedback