Re: [j-nsp] EX9200 DHCP Relay
My DHCP clients are all stuck in SELECTING state. Has anyone ever seen that, or
maybe know what causes it?
root@DVT-EX9200 show dhcp relay binding
IP addressSession Id Hardware address Expires State
Interface
0.0.0.0 18 00:25:90:3d:76:34 0 SELECTING irb.30
0.0.0.0 19 00:25:90:3d:e5:13 0 SELECTING irb.30
0.0.0.0 17 00:25:90:6d:f0:c3 0 SELECTING irb.30
0.0.0.0 23 d4:be:d9:95:b6:4f 0 SELECTING irb.16
On Sep 16, 2014, at 3:13 PM, William McLendon wimcl...@gmail.com wrote:
this is a working DHCP config on EX9200s — make sure you include the
forward-snooped-clients all-interfaces statement, or any transit DHCP packet
that traverses an interface without DHCP relay configured will be eaten by
the EX9200 — its the most asinine thing in the world to have (a carryover
from MX some sort of DHCP security i’m sure), but its completely undocumented
it does this from what i’ve seen.
dhcp-relay {
forward-snooped-clients all-interfaces;
server-group {
CAMPUS {
192.168.168.168;
}
}
active-server-group CAMPUS;
route-suppression {
destination;
}
group LOCAL-NETS {
interface ge-5/0/0.304;
interface irb.9;
}
}
}
the route-suppression destination statement also prevents it from installing
access-internal host routes and permanent ARP entries for every DHCP lease.
will
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: ch...@sdnessentials.com
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
http://www.utdallas.edu/~ravip/cs6390/fall01/dhcp.figure.pdf
On Thu, Sep 18, 2014 at 7:01 AM, Chris Jones ch...@sdnessentials.com wrote:
My DHCP clients are all stuck in SELECTING state. Has anyone ever seen that,
or maybe know what causes it?
root@DVT-EX9200 show dhcp relay binding
IP addressSession Id Hardware address Expires State
Interface
0.0.0.0 18 00:25:90:3d:76:34 0 SELECTING irb.30
0.0.0.0 19 00:25:90:3d:e5:13 0 SELECTING irb.30
0.0.0.0 17 00:25:90:6d:f0:c3 0 SELECTING irb.30
0.0.0.0 23 d4:be:d9:95:b6:4f 0 SELECTING irb.16
On Sep 16, 2014, at 3:13 PM, William McLendon wimcl...@gmail.com wrote:
this is a working DHCP config on EX9200s — make sure you include the
forward-snooped-clients all-interfaces statement, or any transit DHCP packet
that traverses an interface without DHCP relay configured will be eaten by
the EX9200 — its the most asinine thing in the world to have (a carryover
from MX some sort of DHCP security i’m sure), but its completely
undocumented it does this from what i’ve seen.
dhcp-relay {
forward-snooped-clients all-interfaces;
server-group {
CAMPUS {
192.168.168.168;
}
}
active-server-group CAMPUS;
route-suppression {
destination;
}
group LOCAL-NETS {
interface ge-5/0/0.304;
interface irb.9;
}
}
}
the route-suppression destination statement also prevents it from installing
access-internal host routes and permanent ARP entries for every DHCP lease.
will
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: ch...@sdnessentials.com
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
SELECTING means that an OFFER has been sent to the client (or at least the
switch thinks it has relayed it), but the REQUEST hasn't come back from the
client.
I have seen this in some instances where the client is expecting a Unicast
reply from the relay agent rather than a broadcast or vice-versa - fix with:
set forwarding-options dhcp-relay overrides layer2-unicast-replies
Nice tip on the route-suppression statement William - that one has been
annoying me for a while with JDHCPd on the SRX...
Cheers,
Ben
On 19 Sep 2014, at 12:01 am, Chris Jones ch...@sdnessentials.com wrote:
My DHCP clients are all stuck in SELECTING state. Has anyone ever seen that,
or maybe know what causes it?
root@DVT-EX9200 show dhcp relay binding
IP addressSession Id Hardware address Expires State
Interface
0.0.0.0 18 00:25:90:3d:76:34 0 SELECTING irb.30
0.0.0.0 19 00:25:90:3d:e5:13 0 SELECTING irb.30
0.0.0.0 17 00:25:90:6d:f0:c3 0 SELECTING irb.30
0.0.0.0 23 d4:be:d9:95:b6:4f 0 SELECTING irb.16
On Sep 16, 2014, at 3:13 PM, William McLendon wimcl...@gmail.com wrote:
this is a working DHCP config on EX9200s — make sure you include the
forward-snooped-clients all-interfaces statement, or any transit DHCP packet
that traverses an interface without DHCP relay configured will be eaten by
the EX9200 — its the most asinine thing in the world to have (a carryover
from MX some sort of DHCP security i’m sure), but its completely
undocumented it does this from what i’ve seen.
dhcp-relay {
forward-snooped-clients all-interfaces;
server-group {
CAMPUS {
192.168.168.168;
}
}
active-server-group CAMPUS;
route-suppression {
destination;
}
group LOCAL-NETS {
interface ge-5/0/0.304;
interface irb.9;
}
}
}
the route-suppression destination statement also prevents it from installing
access-internal host routes and permanent ARP entries for every DHCP lease.
will
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: ch...@sdnessentials.com
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] EX9200 DHCP Relay
Juniper Geniuses, I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the forwarding-options bootp syntax, saying unsupported platform. Googling for some documentation, I came across DHCP Relay Minimum Configuration: http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working. Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this? Regards, Chris Chris Jones, JNCIE-ENT #272 / JNCIP-SP SDN Engineer www.sdnessentials.com Cell: 858-888-0373 E-Mail: ch...@sdnessentials.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
1) are you running 13.3? 2) are you using a routing instance? On Sep 16, 2014, at 8:02 AM, ch...@sdnessentials.com wrote: Juniper Geniuses, I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the forwarding-options bootp syntax, saying unsupported platform. Googling for some documentation, I came across DHCP Relay Minimum Configuration: http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working. Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this? Regards, Chris Chris Jones, JNCIE-ENT #272 / JNCIP-SP SDN Engineer www.sdnessentials.com Cell: 858-888-0373 E-Mail: ch...@sdnessentials.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
Hi, Bootp is not supported on new version of junos. You need to use dhcp-relay with 9200. You may use 13.3r5 which has almost all dhcp related fix. Config is same as mentioned in kb. You need to define active server group and define as forwarding option for each rvi. Regards, Iftikhar Sent from my iPhone On Sep 16, 2014, at 6:51 PM, ch...@sdnessentials.com ch...@sdnessentials.com wrote: Juniper Geniuses, I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the forwarding-options bootp syntax, saying unsupported platform. Googling for some documentation, I came across DHCP Relay Minimum Configuration: http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working. Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this? Regards, Chris Chris Jones, JNCIE-ENT #272 / JNCIP-SP SDN Engineer www.sdnessentials.com Cell: 858-888-0373 E-Mail: ch...@sdnessentials.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
Okay, so the syntax is what I'm seeing on that doc for the most part (plus your recommended overrides). Thank you! Chris Jones, JNCIE-ENT #272 / JNCIP-SP SDN Engineer www.sdnessentials.com Cell: 858-888-0373 E-Mail: ch...@sdnessentials.com - Original Message - Subject: Re: [j-nsp] EX9200 DHCP Relay From: Tim Jackson jackson@gmail.com Date: 9/16/14 8:04 am To: ch...@sdnessentials.com Cc: jnsp juniper-nsp@puck.nether.net Basically everything is moving to jdhcpd.. It's only really licensed on MX iirc (shouldn't be on 9200?) set forwarding-options dhcp-relay overrides allow-snooped-clients set forwarding-options dhcp-relay overrides always-write-giaddr set forwarding-options dhcp-relay overrides trust-option-82 set forwarding-options dhcp-relay overrides send-release-on-delete set forwarding-options dhcp-relay server-group DHCP-1 1.2.3.4 set forwarding-options dhcp-relay group DYNAMIC active-server-group DHCP-1 set forwarding-options dhcp-relay group DYNAMIC interface ae1.101 For most networks, you probably don't need those overrides, but if you have something else downstream doing DHCP snooping and option 82 insertion, you have to tell it to trust it.. On Tue, Sep 16, 2014 at 7:02 AM, ch...@sdnessentials.com wrote: Juniper Geniuses, I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the forwarding-options bootp syntax, saying unsupported platform. Googling for some documentation, I came across DHCP Relay Minimum Configuration: http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working. Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this? Regards, Chris Chris Jones, JNCIE-ENT #272 / JNCIP-SP SDN Engineer www.sdnessentials.com Cell: 858-888-0373 E-Mail: ch...@sdnessentials.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
Basically everything is moving to jdhcpd.. It's only really licensed on MX iirc (shouldn't be on 9200?) set forwarding-options dhcp-relay overrides allow-snooped-clients set forwarding-options dhcp-relay overrides always-write-giaddr set forwarding-options dhcp-relay overrides trust-option-82 set forwarding-options dhcp-relay overrides send-release-on-delete set forwarding-options dhcp-relay server-group DHCP-1 1.2.3.4 set forwarding-options dhcp-relay group DYNAMIC active-server-group DHCP-1 set forwarding-options dhcp-relay group DYNAMIC interface ae1.101 For most networks, you probably don't need those overrides, but if you have something else downstream doing DHCP snooping and option 82 insertion, you have to tell it to trust it.. On Tue, Sep 16, 2014 at 7:02 AM, ch...@sdnessentials.com wrote: Juniper Geniuses, I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the forwarding-options bootp syntax, saying unsupported platform. Googling for some documentation, I came across DHCP Relay Minimum Configuration: http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working. Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this? Regards, Chris Chris Jones, JNCIE-ENT #272 / JNCIP-SP SDN Engineer www.sdnessentials.com Cell: 858-888-0373 E-Mail: ch...@sdnessentials.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
1) 13.2R5.10 (latest recommended) 2) Nope Chris Jones, JNCIE-ENT #272 / JNCIP-SP SDN Engineer www.sdnessentials.com Cell: 858-888-0373 E-Mail: ch...@sdnessentials.com - Original Message - Subject: Re: [j-nsp] EX9200 DHCP Relay From: Will O'Brien will.obr...@noaa.gov Date: 9/16/14 8:03 am To: ch...@sdnessentials.com Cc: juniper-nsp@puck.nether.net 1) are you running 13.3? 2) are you using a routing instance? On Sep 16, 2014, at 8:02 AM, ch...@sdnessentials.com wrote: Juniper Geniuses, I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the forwarding-options bootp syntax, saying unsupported platform. Googling for some documentation, I came across DHCP Relay Minimum Configuration: http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working. Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this? Regards, Chris Chris Jones, JNCIE-ENT #272 / JNCIP-SP SDN Engineer www.sdnessentials.com Cell: 858-888-0373 E-Mail: ch...@sdnessentials.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX9200 DHCP Relay
this is a working DHCP config on EX9200s — make sure you include the
forward-snooped-clients all-interfaces statement, or any transit DHCP packet
that traverses an interface without DHCP relay configured will be eaten by the
EX9200 — its the most asinine thing in the world to have (a carryover from MX
some sort of DHCP security i’m sure), but its completely undocumented it does
this from what i’ve seen.
dhcp-relay {
forward-snooped-clients all-interfaces;
server-group {
CAMPUS {
192.168.168.168;
}
}
active-server-group CAMPUS;
route-suppression {
destination;
}
group LOCAL-NETS {
interface ge-5/0/0.304;
interface irb.9;
}
}
}
the route-suppression destination statement also prevents it from installing
access-internal host routes and permanent ARP entries for every DHCP lease.
will
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
