DHCP Client
SRX Series device can act as a DHCP client, receiving its TCP/IP settings and the IP address for any physical interface in any security zone from an external DHCP server. The device can also act as a DHCP server, providing TCP/IP settings and IP addresses to clients in any zone. For more information, read this topic.
Understanding DHCP Client Operation
A Juniper Networks device can act as a DHCP client, receiving its TCP/IP settings and the IP address for any physical interface in any security zone from an external DHCP server. The device can also act as a DHCP server, providing TCP/IP settings and IP addresses to clients in any zone. When the device operates as a DHCP client and a DHCP server simultaneously, it can transfer the TCP/IP settings learned through its DHCP client module to its default DHCP server module. For the device to operate as a DHCP client, you configure a logical interface on the device to obtain an IP address from the DHCP server in the network. You set the vendor class ID, lease time, DHCP server address, retransmission attempts, and retry interval. You can renew DHCP client releases.
DHCP client operations are supported on all SRX Series Firewalls in chassis cluster mode.
Minimum DHCP Client Configuration
The following sample output shows the minimum configuration you must use to configure an SRX300, SRX320, SRX340, SRX345, SRX550M, or SRX1500 device as a DHCP client. In this output, the interface is ge-0/0/0 and the logical unit is 0.
[edit interfaces]
ge-0/0/0 {
unit 0 {
family inet {
dhcp-client
}
}
}
To configure a DHCP client in a routing instance, add
the interface in a routing instance using the [edit routing-instances] hierarchy.
Configuring a DHCP Client
A Dynamic Host Configuration Protocol (DHCP) server can provide many valuable TCP/IP network services. DHCP can dynamically allocate IP parameters, such as an IP address, to clients, and it can also deliver software upgrades to clients.
DHCP configuration consists of two components, configuration of DHCP clients and configuration of a DHCP server. Client configuration determines how clients send a message requesting an IP address, whereas a DHCP server configuration enables the server to send an IP address configuration back to the client. This topic describes configuring a DHCP client. For directions for configuring a DHCP server, see Configuring a DHCP Server on Switches or Configuring a Switch as a DHCP Server.
You can change DHCP client configurations from the switch, using client identifiers to indicate which clients you want to configure.
To configure a DHCP client, you configure an interface to belong to the DHCP family and specify additional attributes, as desired:
[edit] user@switch# set interfaces interface-name unit number family inet dhcp configuration-statement
Starting in Junos OS Release 18.1R1, DHCPv4 and DHCPv6
clients are supported on management interfaces (fxp0 and em0) configured
in the non-default management routing instance, mgmt_junos.
The options that you can configure are listed in Table 1. Replace the variable configuration-statement with one or more of the statements listed in this table. If you do not explicitly configure these options, the switch uses default values for them.
Configuration Statement |
Description |
|---|---|
Unique client ID—By default this consists of the hardware type (01 for Ethernet) and the MAC address (a.b.c.d). For this example, the value would be 01abcd. |
|
Time in seconds that a client holds the lease for an IP address assigned by a DHCP server. If a client does not request a specific lease time, then the server sends the default lease time. The default lease time on a Junos OS DHCP server is 1 day. Note:
Starting in Junos OS Release 23.4R1, the DHCP client silently discards the DHCP OFFER which has a lease-time less than 15 seconds. |
|
Number of times the client attempts to retransmit a DHCP packet. |
|
Time between transmission attempts. |
|
IP address of the server that the client queries for an IP address. |
|
TCP/IP settings learned from an external DHCP server to the DHCP server running on the switch are propagated. |
|
Vendor class ID (CPU's manufacturer ID string) for the DHCP client. |
For the device to operate as a DHCP client, you configure a logical interface on the device to obtain an IP address from the DHCP local server in the network. You can then set the client-identifier, options no-hostname, lease time, retransmission attempts, retry interval, preferred DHCP local server address, and vendor class ID.
To configure optional DHCP client attributes on SRX300, SRX320, SRX340, SRX550M, and SRX1500 devices:
Example: Configuring the Device as a DHCP Client
This example shows how to configure the device as a DHCP client.
Requirements
Before you begin:
Determine the IP address pools and the lease durations to use for each subnet. You can use the
show system services dhcp poolCLI command to view information on DHCP address pools.Obtain the MAC addresses of the clients that require permanent IP addresses. Determine the IP addresses to use for these clients.
List the IP addresses that are available for the servers and devices on your network; for example, DNS, NetBIOS servers, boot servers, and gateway devices. See the Understanding Management Predefined Policy Applications.
Determine the DHCP options required by the subnets and clients in your network.
Overview
In this example, you configure the device as a DHCP client. You specify the interface as ge-0/0/2, set the logical unit as 0, and create a DHCP inet family. You then specify the DHCP client identifier as 00:0a:12:00:12:12 in hexadecimal. You use hexadecimal if the client identifier is a MAC address. You set the options no-hostname if you do not want the DHCP client to send the hostname with the packets. You set the DHCP lease time as 86,400 seconds. The range is from 60 through 2,147,483,647 seconds.
Then you set the number of retransmission attempts to 6. The range is from 0 through 50,000, and the default is 4. You set the retransmission interval to 5 seconds. The range is from 4 through 64, and the default is 4 seconds. Set the force-discover option if you want to force the DHCP client to send a DHCP discover packet after one to three failed dhcp-request attempts. The force-discover option ensures that the DHCP server will assign the same or a new IP address to the client. Finally, you set the IPv4 address of the preferred DHCP server to 10.1.1.1 and the vendor class ID to ether.
Starting with Junos OS Release 15.1X49-D60 and Junos OS Release 17.3R1, the legacy DHCPD (DHCP daemon) configuration on all SRX Series Firewalls is being deprecated and only the new JDHCP CLI is supported. When you upgrade to Junos OS Release 15.1X49-D60 and later releases on a device that already has the DHCPD configuration, the following warning messages are displayed:
WARNING: The DHCP configuration command used will be deprecated in future Junos releases.
WARNING: Please see documentation for updated commands.
Starting with Junos OS Release 17.3R1, on all SRX Series Firewalls and vSRX Virtual Firewall
instances, the CLI option dhcp-client at [edit
interfaces interface-name unit logical-unit-number family inet]
hierarchy is changed to dhcp to align with other Junos
platforms. There is no change in the
functionality.
Configuration
Procedure
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces ge-0/0/2 unit 0 family inet dhcp-client client-identifier prefix host-name set interfaces ge-0/0/2 unit 0 family inet dhcp-client lease-time 86400 set interfaces ge-0/0/2 unit 0 family inet dhcp-client retransmission-attempt 6 set interfaces ge-0/0/2 unit 0 family inet dhcp-client retransmission-interval 5 set interfaces ge-0/0/2 unit 0 family inet dhcp-client force-discover set interfaces ge-0/0/2 unit 0 family inet dhcp-client server-address 192.168.2.1 set interfaces ge-0/0/2 unit 0 family inet dhcp-client vendor-id ether set interfaces ge-0/0/2 unit 0 family inet dhcp-client options no-hostname
GUI Quick Configuration
Step-by-Step Procedure
To configure the device as a DHCP client:
In the J-Web interface, select Configure > Services > DHCP > DHCP Client.
Under Interfaces, add
ge-0/0/2.0.Configure the DHCP client identifier as either an ASCII or hexadecimal value.
From the Client identifier choice list, select
hexadecimal.In the Hexadecimal box, type the client identifier—
00:0a:12:00:12:12.Set the DHCP lease time in seconds. This is the lease time in seconds requested in a DHCP client protocol packet; the range is 60 through 2,147,483,647. Type 86400.
Set the retransmission number of attempts to 6. This is the number of attempts to retransmit the DHCP client protocol packet. The range is 0 through 6.
Set the retransmission interval in seconds to 5. This is the number of seconds between successive transmissions. The range is 4 through 64. The default is 4 seconds.
Configure the force-discover option to force the DHCP client to send a DHCP discover packet after one to three failed
dhcp-requestattempts.Set the IPv4 address of the preferred DHCP server. Type 192.168.2.1.
Set the vendor class ID. This is the vendor class identification for the DHCP client. Type ether.
Configure options no-hostname if you do not want the client to send hostname in the packets (RFC option code 12).
Click OK.
If you are done configuring the device, click Commit >.
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure the device as a DHCP client:
Specify the DHCP client interface.
[edit] user@host# edit interfaces ge-0/0/2 unit 0 family inet dhcp-client
Configure the DHCP client identifier as a hexadecimal value.
[edit interfaces ge-0/0/2 unit 0 family inet dhcp-client] user@host# set client-identifier prefix host
Set the DHCP lease time.
[edit interfaces ge-0/0/2 unit 0 family inet dhcp-client] user@host# set lease-time 86400
Set the number of attempts allowed to retransmit a DHCP packet.
[edit interfaces ge-0/0/2 unit 0 family inet dhcp-client] user@host# set retransmission-attempt 6
Set the interval (in seconds) allowed between retransmission attempts. The range is 4 through 64. The default is 4 seconds.
[edit interfaces ge-0/0/2 unit 0 family inet dhcp-client] user@host# set retransmission-interval 5
Configure the force-discover option.
[edit interfaces ge-0/0/2 unit 0 family inet dhcp-client] user@host# set force-discover.
Set the IPv4 address of the preferred DHCP server.
[edit interfaces ge-0/0/2 unit 0 family inet dhcp-client] user@host# set server-address 192.168.2.1
Set the vendor class ID for the DHCP client.
[edit interfaces ge-0/0/2 unit 0 family inet dhcp-client] user@host# set vendor-id ether
Configure options no-hostname if you do not want the client to send the hostname in packets.
[edit interfaces ge-0/0/2 unit 0 family inet dhcp-client] user@host# set options no-hostname
Results
From configuration mode, confirm your configuration
by entering the show interfaces ge-0/0/2 unit 0 family inet command. If the output does not display the intended configuration,
repeat the configuration instructions in this example to correct it.
[edit]
user@host# show interfaces ge-0/0/2 unit 0 family inet
dhcp-client {
client-identifier hexadecimal 00:0a:12:00:12:12;
options no-hostname;
lease-time 86400;
retransmission-attempt 6;
retransmission-interval 5;
force-discover;
server-address 192.168.2.1;
update-server;
vendor-id ether;
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
Verifying the DHCP Client
Purpose
Verify that the DHCP client information has been configured.
Action
From operational mode, enter these commands:
show dhcp client bindingcommand to display the binding state of a Dynamic Host Configuration Protocol (DHCP) client.show dhcp client statisticscommand to display client statistics.
These commands produce the following sample output:
user@host> show dhcp client binding
IP address Hardware address Expires State Interface 192.168.2.2 88:a2:5e:0a:d6:03 2419093 BOUND ge-0/0/2.0
user@host> show dhcp client statistics
Packets dropped:
Total 2
Send error 2
Messages received:
BOOTREPLY 6
DHCPOFFER 4
DHCPACK 2
DHCPNAK 0
DHCPFORCERENEW 0
Messages sent:
BOOTREQUEST 39
DHCPDECLINE 0
DHCPDISCOVER 23
DHCPREQUEST 16
DHCPINFORM 0
DHCPRELEASE 0
DHCPRENEW 0
DHCPREBIND 0
Verifying and Managing DHCP Client Configuration
Purpose
View or clear information about client address bindings and statistics for the DHCP client on SRX300, SRX320, SRX340, SRX550M, and SRX1500 devices.
Action
To display the address bindings in the client table on the DHCP client:
user@host>
show dhcp client bindingTo display DHCP client statistics:
user@host>
show dhcp client statisticsTo clear the binding state of a DHCP client from the client table on the DHCP client:
user@host>
clear dhcp client bindingTo clear all DHCP client statistics:
user@host>
clear dhcp client statistics
To clear or view information about client bindings and statistics in a routing instance, run the following commands:
show dhcp client binding routing instance <routing-instance name>show dhcp client statistics routing instance <routing-instance name>clear dhcp client binding routing instance <routing-instance name>clear dhcp client statistics routing instance <routing-instance name>
Example: Configuring as a DHCP Client in Chassis Cluster Mode
This example shows how to configure the device as a DHCP client in chassis cluster mode.
Requirements
This example uses the following hardware and software components:
Two SRX Series Firewalls as DHCP client
One SRX Series Firewall as DHCP server
Junos OS Release 12.1X47-D10 or later for SRX Series Firewalls
Before you begin:
Determine the IP address pools and the lease durations to use for each subnet.
Obtain the MAC addresses of the clients that require permanent IP addresses. Determine the IP addresses to use for these clients.
List the IP addresses that are available for the servers and devices on your network; for example, DNS, NetBIOS servers, boot servers, and gateway devices.
Determine the DHCP options required by the subnets and clients in your network.
Overview
In this example, you configure two SRX Series Firewalls as DHCP clients and a third SRX Series Firewall as a DHCP server. Configure the two DHCP clients in chassis cluster mode.
For DHCP clients, you specify the interface as reth1, set the logical unit as 0, and create a DHCP inet family. You then specify the DHCP client identifier as 00:0a:12:00:12:12 in hexadecimal. You use hexadecimal if the client identifier is a MAC address. You set the options no-hostname if you do not want the DHCP client to send the hostname with the packets. You set the DHCP lease time as 86,400 seconds. The range is from 60 through 2,147,483,647 seconds. You set the number of retransmission attempts to 6. The range is from 0 through 6, and the default is 4. You set the retransmission interval to 5 seconds. The range is from 4 through 64, and the default is 4 seconds. Finally, you set the IPv4 address of the preferred DHCP server to 203.0.113.1 and the vendor class ID to ether.
For the DHCP server, configure the SRX Series Firewall as a DHCP local server with minimum DHCP local server configurations. You specify the server group as g1 and enable the DHCP local server on interface ge-0/0/2.0.
Configuration
Procedure
- CLI Quick Configuration
- Step-by-Step Procedure
- Step-by-Step Procedure
- Step-by-Step Procedure
- Results
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
Configure DHCP Client 1 and Client 2:
set interfaces reth1 unit 0 family inet dhcp-client set interfaces reth1 unit 0 family inet dhcp-client client-identifier user-id ascii 00:0a:12:00:12:12 set interfaces reth1 unit 0 family inet dhcp-client options no-hostname set interfaces reth1 unit 0 family inet dhcp-client lease-time 86400 set interfaces reth1 unit 0 family inet dhcp-client retransmission-attempt 6 set interfaces reth1 unit 0 family inet dhcp-client retransmission-interval 5 set interfaces reth1 unit 0 family inet dhcp-client server-address 203.0.113.1 set interfaces reth1 unit 0 family inet dhcp-client vendor-id ether
Configure chassis cluster on Client 1 and Client 2:
set chassis cluster reth-count 2 set chassis cluster control-link-recovery set chassis cluster heartbeat-interval 1000 set chassis cluster redundancy-group 1 node 0 priority 100 set chassis cluster redundancy-group 1 node 1 priority 1 set chassis cluster redundancy-group 0 node 0 priority 100 set chassis cluster redundancy-group 0 node 1 priority 1 set interfaces ge-0/0/1 gigether-options redundant-parent reth1 set interfaces ge-4/0/1 gigether-options redundant-parent reth1 set interfaces reth1 redundant-ether-options redundancy-group 1
Configure the DHCP server:
set system service dhcp-local-server group g1 interface ge-0/0/2.0 set interfaces ge-0/0/2 unit 0 family inet address 203.0.113.1/24 set access address-assignment pool p1 family inet network 203.0.113.0/24 set access address-assignment pool p1 family inet range r1 low 203.0.113.5 set access address-assignment pool p1 family inet range r1 high 203.0.113.20
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure the devices as DHCP clients:
Specify the DHCP client interface.
[edit] user@host# edit interfaces reth1 unit 0 family inet dhcp-client
Configure the DHCP client identifier as a hexadecimal value.
[edit interfaces reth1 unit 0 family inet dhcp-client] user@host# set client-identifier user-id ascii 00:0a:12:00:12:12
Set the hostname if you do not want the DHCP client to send hostname in the packets (RFC option code 12).
[edit interfaces reth1 unit 0 family inet dhcp-client] user@host# set options no-hostname
Set the DHCP lease time.
[edit interfaces reth1 unit 0 family inet dhcp-client] user@host# set lease-time 86400
Set the number of attempts allowed to retransmit a DHCP packet.
[edit interfaces reth1 unit 0 family inet dhcp-client] user@host# set retransmission-attempt 6
Set the interval (in seconds) allowed between retransmission attempts. The range is 4 through 64. The default is 4 seconds.
[edit interfaces reth1 unit 0 family inet dhcp-client] user@host# set retransmission-interval 5
Set the IPv4 address of the preferred DHCP server.
[edit interfaces reth1 unit 0 family inet dhcp-client] user@host# set server-address 203.0.113.1
Set the vendor class ID for the DHCP client.
[edit interfaces reth1 unit 0 family inet dhcp-client] user@host# set vendor-id ether
Step-by-Step Procedure
To configure the DHCP clients in chassis cluster mode:
Specify the number of redundant Ethernet interfaces for the chassis cluster.
{primary:node0}[edit] user@host# set chassis cluster reth-count 2Enable control link recovery.
{primary:node0}[edit] user@host# set chassis cluster control-link-recoveryConfigure heartbeat settings.
{primary:node0}[edit] user@host# set chassis cluster heartbeat-interval 1000Configure the redundancy groups.
{primary:node0}[edit] user@host# set chassis cluster redundancy-group 1 node 0 priority 100 user@host# set chassis cluster redundancy-group 1 node 1 priority 1 user@host# set chassis cluster redundancy-group 0 node 0 priority 100 user@host# set chassis cluster redundancy-group 0 node 1 priority 1Configure redundant Ethernet interfaces.
{primary:node0}[edit] user@host# set interfaces ge-0/0/1 gigether-options redundant-parent reth1 user@host# set interfaces reth1 redundant-ether-options redundancy-group 1
Step-by-Step Procedure
To configure the device as DHCP server:
Configure the DHCP local server.
[edit system services] user@host# set dhcp-local-server group g1 interface ge-0/0/2.0
Configure IP address of the server.
[edit interfaces] user@host# set interfaces ge-0/0/2 unit 0 family inet address 203.0.113.1/24
Configure an address pool.
[edit access] user@host# set address-assignment pool p1 family inet network 203.0.113.0/24 user@host# set address-assignment pool p1 family inet range r1 low 203.0.113.5 user@host# set address-assignment pool p1 family inet range r1 high 203.0.113.20
Results
From configuration mode, confirm your configuration
by entering the show commands. If the output does not display
the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@host# show interfaces reth1 unit 0 family inet
dhcp-client {
client-identifier user-id ascii 00:0a:12:00:12:12;
options no-hostname;
lease-time 86400;
retransmission-attempt 6;
retransmission-interval 5;
server-address 203.0.113.1;
vendor-id ether;
}
[edit]
user@host# show chassis cluster
control-link-recovery;
reth-count 2;
heartbeat-interval 1000;
redundancy-group 0 {
node 0 priority 100;
node 1 priority 1;
}
redundancy-group 1{
node 0 priority 100;
node 1 priority 1;
}
[edit]
user@host# show interfaces reth1
redundant-ether-options {
redundancy-group 1;
}
[edit]
user@host# show access address-assignment
pool p1 {
family inet {
network 203.0.113.0/24;
range r1 {
low 203.0.113.5;
high 203.0.113.20;
}
}
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Verifying the DHCP Client in Chassis Cluster Mode
Purpose
Verify that the DHCP client is working in chassis cluster mode.
Action
From operational mode, enter the show dhcp client
binding, show dhcp client statistics and show
dhcp client binding interface reth1 detail commands.
user@host> show dhcp client binding
IP address Hardware address Expires State Interface 203.0.113.14 00:1f:12:e3:34:01 84587 BOUND reth1.0
user@host> show dhcp client statistics
Packets dropped:
Total 4
Send error 4
Messages received:
BOOTREPLY 3
DHCPOFFER 1
DHCPACK 2
DHCPNAK 0
DHCPFORCERENEW 0
Messages sent:
BOOTREQUEST 0
DHCPDECLINE 0
DHCPDISCOVER 5
DHCPREQUEST 8
DHCPINFORM 0
DHCPRELEASE 1
DHCPRENEW 0
DHCPREBIND 0
user@host> show dhcp client binding interface reth1 detail
Client Interface: reth1.0
Hardware Address: 00:10:db:ff:10:01
State: BOUND(LOCAL_CLIENT_STATE_BOUND)
Lease Expires: 2013-12-18 10:15:36 CST
Lease Expires in: 30 seconds
Lease Start: 2013-12-17 10:15:36 CST
Server Identifier: 203.0.113.1
Client IP Address: 10.1.1.14
Update Server No
DHCP options:
Name: dhcp-lease-time, Value: 1 day
Name: server-identifier, Value: 10.1.1.1
Name: subnet-mask, Value: 255.255.255.0
Meaning
The sample output shows that DHCP clients configured in the example work in a chassis cluster.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
dhcp-client at [edit
interfaces interface-name unit logical-unit-number family inet]
hierarchy is changed to dhcp to align with other Junos
platforms.