Discussion:
[j-nsp] EX9200 DHCP Relay
chris
2014-09-16 14:02:34 UTC
Permalink
Juniper Geniuses,

I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the "forwarding-options bootp" syntax, saying "unsupported platform".

Googling for some documentation, I came across "DHCP Relay Minimum Configuration":

http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html

Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working.

Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this?

Regards,

Chris


Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com
Will O'Brien
2014-09-16 15:03:21 UTC
Permalink
1) are you running 13.3?
2) are you using a routing instance?
Post by chris
Juniper Geniuses,
I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the "forwarding-options bootp" syntax, saying "unsupported platform".
http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html
Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working.
Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this?
Regards,
Chris
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Tim Jackson
2014-09-16 15:04:06 UTC
Permalink
Basically everything is moving to jdhcpd.. It's only really licensed
on MX iirc (shouldn't be on 9200?)

set forwarding-options dhcp-relay overrides allow-snooped-clients
set forwarding-options dhcp-relay overrides always-write-giaddr
set forwarding-options dhcp-relay overrides trust-option-82
set forwarding-options dhcp-relay overrides send-release-on-delete
set forwarding-options dhcp-relay server-group DHCP-1 1.2.3.4
set forwarding-options dhcp-relay group DYNAMIC active-server-group DHCP-1
set forwarding-options dhcp-relay group DYNAMIC interface ae1.101

For most networks, you probably don't need those overrides, but if you
have something else downstream doing DHCP snooping and option 82
insertion, you have to tell it to trust it..
Post by chris
Juniper Geniuses,
I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the "forwarding-options bootp" syntax, saying "unsupported platform".
http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html
Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working.
Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this?
Regards,
Chris
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Iftikhar Ahmed
2014-09-16 15:00:45 UTC
Permalink
Hi,

Bootp is not supported on new version of junos.
You need to use dhcp-relay with 9200.
You may use 13.3r5 which has almost all dhcp related fix.

Config is same as mentioned in kb. You need to define active server group and define as forwarding option for each rvi.

Regards,
Iftikhar

Sent from my iPhone
Post by chris
Juniper Geniuses,
I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the "forwarding-options bootp" syntax, saying "unsupported platform".
http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html
Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working.
Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this?
Regards,
Chris
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
chris
2014-09-16 15:08:21 UTC
Permalink
1) 13.2R5.10 (latest recommended)
2) Nope



Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com



--------- Original Message --------- Subject: Re: [j-nsp] EX9200 DHCP Relay
From: "Will O'Brien" <will.obrien at noaa.gov>
Date: 9/16/14 8:03 am
To: chris at sdnessentials.com
Cc: juniper-nsp at puck.nether.net

1) are you running 13.3?
2) are you using a routing instance?
Post by chris
Juniper Geniuses,
I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the "forwarding-options bootp" syntax, saying "unsupported platform".
http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html
Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working.
Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this?
Regards,
Chris
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
chris
2014-09-16 15:09:07 UTC
Permalink
Okay, so the syntax is what I'm seeing on that doc for the most part (plus your recommended overrides).

Thank you!


Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com



--------- Original Message --------- Subject: Re: [j-nsp] EX9200 DHCP Relay
From: "Tim Jackson" <jackson.tim at gmail.com>
Date: 9/16/14 8:04 am
To: chris at sdnessentials.com
Cc: "jnsp" <juniper-nsp at puck.nether.net>

Basically everything is moving to jdhcpd.. It's only really licensed
on MX iirc (shouldn't be on 9200?)

set forwarding-options dhcp-relay overrides allow-snooped-clients
set forwarding-options dhcp-relay overrides always-write-giaddr
set forwarding-options dhcp-relay overrides trust-option-82
set forwarding-options dhcp-relay overrides send-release-on-delete
set forwarding-options dhcp-relay server-group DHCP-1 1.2.3.4
set forwarding-options dhcp-relay group DYNAMIC active-server-group DHCP-1
set forwarding-options dhcp-relay group DYNAMIC interface ae1.101

For most networks, you probably don't need those overrides, but if you
have something else downstream doing DHCP snooping and option 82
insertion, you have to tell it to trust it..
Post by chris
Juniper Geniuses,
I'm trying to set up some basic DHCP relay on an EX9200. The CLI rejects the "forwarding-options bootp" syntax, saying "unsupported platform".
http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/dhcp-subscriber-access-dhcp-relay-minimum-configuration.html
Now, while I've come to understand that this DHCP Relay configuration was specifically meant to be for MX subscriber management, this particular page happens to be under the EX9200 documentation (I also realize the EX9200 is basically an MX). I've also read that it's kind of buggy (or was in 2012...). I also tried labbing this using some Fireflies and a VMX in Junosphere but couldn't get it working.
Anybody out there know if this is the correct way to do DHCP relaying on an EX9200? If not, could somebody please provide a config example of how to do this?
Regards,
Chris
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
William McLendon
2014-09-16 19:13:59 UTC
Permalink
this is a working DHCP config on EX9200s ? make sure you include the forward-snooped-clients all-interfaces statement, or any transit DHCP packet that traverses an interface without DHCP relay configured will be eaten by the EX9200 ? its the most asinine thing in the world to have (a carryover from MX some sort of DHCP security i?m sure), but its completely undocumented it does this from what i?ve seen.

dhcp-relay {
forward-snooped-clients all-interfaces;
server-group {
CAMPUS {
192.168.168.168;
}
}
active-server-group CAMPUS;
route-suppression {
destination;
}
group LOCAL-NETS {
interface ge-5/0/0.304;
interface irb.9;
}
}
}


the route-suppression destination statement also prevents it from installing access-internal host routes and permanent ARP entries for every DHCP lease.


will
Chris Jones
2014-09-18 14:01:15 UTC
Permalink
My DHCP clients are all stuck in SELECTING state. Has anyone ever seen that, or maybe know what causes it?

root at DVT-EX9200> show dhcp relay binding

IP address Session Id Hardware address Expires State Interface
0.0.0.0 18 00:25:90:3d:76:34 0 SELECTING irb.30
0.0.0.0 19 00:25:90:3d:e5:13 0 SELECTING irb.30
0.0.0.0 17 00:25:90:6d:f0:c3 0 SELECTING irb.30
0.0.0.0 23 d4:be:d9:95:b6:4f 0 SELECTING irb.16
Post by William McLendon
this is a working DHCP config on EX9200s ? make sure you include the forward-snooped-clients all-interfaces statement, or any transit DHCP packet that traverses an interface without DHCP relay configured will be eaten by the EX9200 ? its the most asinine thing in the world to have (a carryover from MX some sort of DHCP security i?m sure), but its completely undocumented it does this from what i?ve seen.
dhcp-relay {
forward-snooped-clients all-interfaces;
server-group {
CAMPUS {
192.168.168.168;
}
}
active-server-group CAMPUS;
route-suppression {
destination;
}
group LOCAL-NETS {
interface ge-5/0/0.304;
interface irb.9;
}
}
}
the route-suppression destination statement also prevents it from installing access-internal host routes and permanent ARP entries for every DHCP lease.
will
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com
Tim Jackson
2014-09-18 14:47:04 UTC
Permalink
http://www.utdallas.edu/~ravip/cs6390/fall01/dhcp.figure.pdf
Post by Chris Jones
My DHCP clients are all stuck in SELECTING state. Has anyone ever seen that, or maybe know what causes it?
root at DVT-EX9200> show dhcp relay binding
IP address Session Id Hardware address Expires State Interface
0.0.0.0 18 00:25:90:3d:76:34 0 SELECTING irb.30
0.0.0.0 19 00:25:90:3d:e5:13 0 SELECTING irb.30
0.0.0.0 17 00:25:90:6d:f0:c3 0 SELECTING irb.30
0.0.0.0 23 d4:be:d9:95:b6:4f 0 SELECTING irb.16
Post by William McLendon
this is a working DHCP config on EX9200s ? make sure you include the forward-snooped-clients all-interfaces statement, or any transit DHCP packet that traverses an interface without DHCP relay configured will be eaten by the EX9200 ? its the most asinine thing in the world to have (a carryover from MX some sort of DHCP security i?m sure), but its completely undocumented it does this from what i?ve seen.
dhcp-relay {
forward-snooped-clients all-interfaces;
server-group {
CAMPUS {
192.168.168.168;
}
}
active-server-group CAMPUS;
route-suppression {
destination;
}
group LOCAL-NETS {
interface ge-5/0/0.304;
interface irb.9;
}
}
}
the route-suppression destination statement also prevents it from installing access-internal host routes and permanent ARP entries for every DHCP lease.
will
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Ben Dale
2014-09-19 04:19:03 UTC
Permalink
SELECTING means that an OFFER has been sent to the client (or at least the switch thinks it has relayed it), but the REQUEST hasn't come back from the client.

I have seen this in some instances where the client is expecting a Unicast reply from the relay agent rather than a broadcast or vice-versa - fix with:

set forwarding-options dhcp-relay overrides layer2-unicast-replies

Nice tip on the route-suppression statement William - that one has been annoying me for a while with JDHCPd on the SRX...

Cheers,

Ben
Post by Chris Jones
My DHCP clients are all stuck in SELECTING state. Has anyone ever seen that, or maybe know what causes it?
root at DVT-EX9200> show dhcp relay binding
IP address Session Id Hardware address Expires State Interface
0.0.0.0 18 00:25:90:3d:76:34 0 SELECTING irb.30
0.0.0.0 19 00:25:90:3d:e5:13 0 SELECTING irb.30
0.0.0.0 17 00:25:90:6d:f0:c3 0 SELECTING irb.30
0.0.0.0 23 d4:be:d9:95:b6:4f 0 SELECTING irb.16
Post by William McLendon
this is a working DHCP config on EX9200s ? make sure you include the forward-snooped-clients all-interfaces statement, or any transit DHCP packet that traverses an interface without DHCP relay configured will be eaten by the EX9200 ? its the most asinine thing in the world to have (a carryover from MX some sort of DHCP security i?m sure), but its completely undocumented it does this from what i?ve seen.
dhcp-relay {
forward-snooped-clients all-interfaces;
server-group {
CAMPUS {
192.168.168.168;
}
}
active-server-group CAMPUS;
route-suppression {
destination;
}
group LOCAL-NETS {
interface ge-5/0/0.304;
interface irb.9;
}
}
}
the route-suppression destination statement also prevents it from installing access-internal host routes and permanent ARP entries for every DHCP lease.
will
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Chris Jones, JNCIE-ENT #272 / JNCIP-SP
SDN Engineer
www.sdnessentials.com
Cell: 858-888-0373
E-Mail: chris at sdnessentials.com
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Loading...