ON THIS PAGE
DHCP Server Configuration
This topic discusses on minimum DHCP server configuration, complete DHCP server configuration, extended DHCP server configuration. You can also use this topic for information on how to configure a router as a DHCP server, switch as a DHCP server, DHCP server on switches, and a device as a DHCP server.
For MX Series Routers, the DHCP server functionality for Junos OS is part of the subscriber management feature. You must have the S-SA-FP, S-MX80-SA-FP or S-MX104-SA-FP license in order to enable the DHCP server. For service accounting, you must also have S-SSM-FP.
For details, See Licenses for PTX, MX, M and T Series or Juniper Licensing User Guide.
DHCP Server Configuration Overview
A typical DHCP server configuration provides the following configuration settings for a particular subnet on a device ingress interface:
An IP address pool, with one address excluded from the pool.
Default and maximum lease times.
Domain search suffixes. These suffixes specify the domain search list used by a client when resolving hostnames with DNS.
A DNS name server.
Device solicitation address option (option 32). The IP address excluded from the IP address pool is reserved for this option.
In addition, the DHCP server might assign a static address to at least one client on the subnet. Table 1 provides the settings and values for the sample DHCP server configuration.
Setting |
Sample Value |
|---|---|
| DHCP Subnet Configuration | |
Address pool subnet address |
|
High address in the pool range |
|
Low address in the pool range |
|
Address pool default lease time, in seconds |
|
Address pool maximum lease time, in seconds |
|
Domain search suffixes |
|
Address to exclude from the pool |
|
DNS server address |
|
Identifier code for router solicitation address option |
|
Type choice for router solicitation address option |
|
IP address for router solicitation address option |
|
| DHCP MAC Address Configuration | |
Static binding MAC address |
|
Fixed address |
|
Minimum DHCP Local Server Configuration
The following sample output shows the minimum configuration you must use to configure an SRX300, SRX320, SRX340, SRX345, SRX550M, or SRX1500 device as a DHCP server. In this output, the server group is named mobileusers, and the DHCP local server is enabled on ingress interface ge-1/0/1.0 within the group. The address pool is named acmenetwork from low range of 192.168.1.10/24 to a high range of 192.168.1.20/24.
[edit access]
address-assignment {
pool acmenetwork {
family inet {
network 192.168.1.0/24;
range r1 {
low 192.168.1.10;
high 192.168.1.20;
}
}
}
}
[edit system services]
dhcp-local-server {
group mobileusers {
interface ge-1/0/1.0
}
}
[edit interfaces ge-1/0/1 unit 0]
family {
inet {
address 192.168.1.1/24
}
}
You can configure the DHCP local server in a routing instance by using the
dhcp-local server, interface (non-loopback
interface), and address-assignment statements in the
[edit routing-instances] hierarchy level.
This example shows the minimum configuration you need to use for the extended DHCP local server at group-level:
[edit system services]
dhcp-local-server {
group group_one {
interface ge-0/0/2.0;
}
}
This example creates the server group named group_one, and specifies
that the DHCP local server is enabled on interface ge-0/0/2.0
within the group. The DHCP local server uses the default pool match configuration of
ip-address-first.
If you delete the DHCP server configuration, DHCP server bindings might still
remain. To ensure that DHCP bindings are removed, issue the clear dhcp
server binding command before you delete the DHCP server
configuration.
This example shows the minimum configuration you need to use for the extended DHCP
local server at group-level. If there is a dynamic profile configuration for
interface ge-0/0/2, you should add an interface in the
ifd.0 format. For example
ge-0/0/2.0:
[edit system services]
dhcp-local-server {
group group_one {
interface ge-0/0/2.0;
}
}
This example creates the server group named group_one, and specifies
that the DHCP local server is enabled on interface ge-0/0/2.0
within the group.
Example: Complete DHCP Server Configuration
Watch the following video to learn how to configure DHCP server using J-Web:
Requirements
This example is tested on Junos OS Release 20.1R1.
Overview
You can configure a DHCP server only on an interface’s primary IP address. The primary address on an interface is the address that is used by default as the local address for broadcast and multicast packets sourced locally and sent out the interface.
The following example shows statements at the [edit interfaces] hierarchy level. The interface’s primary
address (10.3.3.1/24) has a corresponding
address pool range (10.3.3.33 to 10.3.3.254) defined at the [edit system services] hierarchy level.
Configuration
To configure the DHCP server, perform these tasks:
Configure DHCP server options.
[edit access address-assignment pool P1 family inet] range R1 { low 10.3.3.33; high 10.3.3.254; } dhcp-attributes { maximum-lease-time 7200; server-identifier 10.3.3.1; domain-name domain.tld; name-server { 10.6.6.6; 10.6.6.7; } wins-server { 10.7.7.7; 10.7.7.9; } router { 198.51.100.0; 198.51.100.1; 10.6.6.1; 10.7.7.1; } boot-file boot-client; boot-server 10.4.4.1; option 19 flag false; option 40 string domain.tld; option 16 ip-address 10.3.3.3; } host H1 { hardware-address 00:0d:56:f4:20:01; ip-address 10.4.4.4; } host H2 { hardware-address 00:0d:56:f4:01:ab; ip-address 10.5.5.6; } excluded-address 10.3.3.33; excluded-address 192.0.2.5; }Configure client options.
[edit interfaces] ge-0/0/1 { unit 0 { family inet { dhcp { client-identifier { user-id ascii 01aa.001a.bc65.3e; } lease-time 4100; update-server; } address 10.3.3.1/24; } }
Configure Legacy DHCP Server
Step-by-Step Procedure
Specify DHCP server configuration option.
dhcp { domain-name "domain.tld"; maximum-lease-time 7200; default-lease-time 3600; name-server { 10.6.6.6; 10.6.6.7; } domain-search [ subnet1.domain.tld subnet2.domain.tld ]; wins-server { 10.7.7.7; 10.7.7.9; } router { 10.6.6.1; 10.7.7.1; } option 19 flag off; # 19: "IP Forwarding" option option 40 string "domain.tld"; # 40: "NIS Domain" option option 16 ip-address 10.3.3.33; # 16: "Swap Server" option pool 10.3.3.0/24 { address-range low 10.3.3.2 high 10.3.3.254; exclude-address { 10.3.3.33; } router { 10.3.3.1; } server-identifier 10.3.3.1; } pool 10.4.4.0/24 { boot-file "boot.client"; boot-server 10.4.4.1; } static-binding 00:0d:56:f4:20:01 { fixed-address 10.4.4.4; host-name "host.domain.tld"; } static-binding 00:0d:56:f4:01:ab { fixed-address { 10.5.5.5; 10.6.6.6; } host-name "another-host.domain.tld"; client-identifier "01aa.001a.bc65.3e"; } }Configure client options.
[edit interfaces] ge-0/0/1 { unit 0 { family inet { address 10.3.3.1/24; } }
Configure a Router as an Extended DHCP Local Server
You can enable the router to function as an extended DHCP local server and configure the extended DHCP local server options on the router. The extended DHCP local server provides an IP address and other configuration information in response to a client request.
The extended DHCP local server enhances traditional DHCP server operation in which the client address pool and client configuration information reside on the DHCP server. With the extended DHCP local server, the client address and configuration information reside in centralized address-assignment pools, which are managed independently of the DHCP local server and which can be shared by different client applications.
The extended DHCP local server also supports advanced pool matching and the use of named address ranges. You can also configure the local server to use DHCP option 82 information in the client PDU to determine which named address range to use for a particular client. The client configuration information, which is configured in the address-assignment pool, includes user-defined options, such as boot server, grace period, and lease time.
Configuring the DHCP environment that includes the extended DHCP local server requires two independent configuration operations, which you can complete in any order. In one operation, you configure the extended DHCP local server on the router and specify how the DHCP local server determines which address-assignment pool to use. In the other operation, you configure the address-assignment pools used by the DHCP local server. The address-assignment pools contain the IP addresses, named address ranges, and configuration information for DHCP clients. See IP Address Assignment Pool for details about creating and using address-assignment pools.
The extended DHCP local server and the address-assignment pools used by the server must be configured in the same logical system and routing instance.
You cannot configure the extended DHCP local server and extended DHCP relay on the same interface.
To configure the extended DHCP local server on the router, include
the dhcp-local-server statement at the [edit system
services] hierarchy level:
[edit system services] dhcp-local-server { authentication { password password-string; username-include { circuit-type; delimiter delimiter-character; domain-name domain-name-string; logical-system-name; mac-address; option-60; option-82 <circuit-id> <remote-id>; routing-instance-name; user-prefix user-prefix-string; } } group group-name { authentication { password password-string; username-include { circuit-type; delimiter delimiter-character; domain-name domain-name-string; logical-system-name; mac-address; option-60; option-82 <circuit-id> <remote-id>; routing-instance-name; user-prefix user-prefix-string; } } interface interface-name <upto upto-interface-name> <exclude>; } pool-match-order { ip-address-first; option-82; } }
You can also include these statements at the following hierarchy levels:
[edit logical-systems logical-system-name system services][edit logical-systems logical-system-name routing-instances routing-instance-name system services][edit routing-instances routing-instance-name system services]
In addition, you can configure tracing for DHCP local server
operations by including the traceoptions statement at the [edit system processes dhcp-service] hierarchy level:
[edit system processes] traceoptions { file filename <files number> <match regular-expression > <size maximum-file-size> <world-readable | no-world-readable>; flag flag; level (all | error | info | notice | verbose | warning); no-remote-trace; }
Configuring a Switch as a DHCP Server
This topic applies to Junos OS for EX Series switches and QFX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that does not support ELS, see Configuring a DHCP Server on Switches. For ELS details, see Using the Enhanced Layer 2 Software CLI.
A Dynamic Host Configuration Protocol (DHCP) server provides a framework to pass configuration information to client hosts on a TCP/IP network. A switch acting as a DHCP server can dynamically allocate IP addresses and other configuration parameters, minimizing the overhead that is required to add clients to the network.
A DHCP configuration consists of two components—an optional reconfiguration of default settings on DHCP clients and the configuration of a DHCP server. This topic covers configuration of the switch as a local DHCP server using DHCP for IPv4 (DHCPv4). For information about DHCPv6 local server, see DHCPv6 Local Server Overview.
This topic describes the following task:
Configuring the Switch as a Local DHCP Server
To configure a switch as a local DHCP server, you must configure a DHCP address pool and indicate IP addresses for the pool. The switch, operating as the DHCP server, dynamically distributes the IP addresses from this pool. The switch can dynamically assign additional configuration parameters, such as default gateway, to provide the client with information about the network.
Multiple address pools can be configured for a DHCP server. DHCP maintains the state information about all configured pools. Clients are assigned addresses from pools with subnets that match the interface on which the DHCPDISCOVER packet sent by the client is received on the server. When more than one pool exists on the same interface, addresses are assigned on a rotating basis from all available pools.
You must ensure that you do not assign addresses that are already in use in the network to the address pools. The DHCP server does not check whether the addresses are already in use in the network before it assigns them to clients.
Configuring a DHCP Server on Switches
This task uses Junos OS for EX Series switches that does not support the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that supports ELS, see Configuring a Switch as a DHCP Server. For ELS details, see Using the Enhanced Layer 2 Software CLI.
A Dynamic Host Configuration Protocol (DHCP) server can provide two valuable TCP/IP network services. DHCP can dynamically allocate IP parameters, such as an IP address, to clients and it can also deliver software upgrades to clients.
A DHCP configuration consists of two components—an optional reconfiguration of default settings on DHCP clients and the configuration of a DHCP server. This topic covers configuration of the DHCP server. For information about reconfiguring a DHCP client, see Configuring a DHCP Client.
You can configure either of two versions of a DHCP server on a switch— the extended server version or the legacy server version. We recommend that you configure the extended server unless you need to keep your DHCP server configuration backward-compatible with the legacy server version.
This topic includes the following tasks:
Configuring an Extended DHCP Server on a Switch
To configure an extended DHCP server, you must configure a DHCP pool, indicate IP addresses for the pool, and create a server group. Additional configurations are optional.
Do not assign addresses that are already in use in the network to address pools. The extended DHCP server does not check whether addresses are already in use before it assigns them to clients.
Example: Configuring a Security Device as a DHCP Server
This example shows how to configure the device as a DHCP server.
For information on how to configure JDHCP in a routing instance, see How to configure JDHCP in a routing instance.
Requirements
Before you begin:
Determine the IP address pools and the lease durations to use for each subnet.
Obtain the MAC addresses of the clients that require permanent IP addresses. Determine the IP addresses to use for these clients.
List the IP addresses that are available for the servers and devices on your network; for example, DNS, NetBIOS servers, boot servers, and gateway devices. See the Understanding Management Predefined Policy Applications.
Determine the DHCP options required by the subnets and clients in your network.
Overview
In this example, you configure the device as a DHCP server. You specify the IP address pool as 192.168.2.0/24 and from a low range of 192.168.2.2 to a high range of 192.168.2.254. You set the maximum-lease-time to 2,419,200. Then you specify the DNS server IP address as 192.168.10.2.
Starting with Junos OS Release 15.1X49-D60 and Junos OS Release 17.3R1, the legacy DHCPD (DHCP daemon) configuration on all SRX Series Firewalls is being deprecated. and only the new JDHCP CLI is supported. When you upgrade to Junos OS Release 15.1X49-D60 and later releases on a device that already has the DHCPD configuration, the following warning messages are displayed:
WARNING: The DHCP configuration command used will be deprecated in future Junos releases.
WARNING: Please see documentation for updated commands.
Configuration
Procedure
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the set access hierarchy level, and then enter commit from configuration
mode.
set interfaces ge-0/0/2 unit 0 family inet address 192.168.2.1/24 set system services dhcp-local-server group g1 interface ge-0/0/2.0 set access address-assignment pool p1 family inet network 192.168.2.0/24 set access address-assignment pool p1 family inet range r1 low 192.168.2.2 set access address-assignment pool p1 family inet range r1 high 192.168.2.254 set access address-assignment pool p1 family inet dhcp-attributes maximum-lease-time 2419200 set access address-assignment pool p1 family inet dhcp-attributes name-server 192.168.10.2
GUI Quick Configuration
Step-by-Step Procedure
To configure the device as a DHCP server, specify the DHCP pool information, server information, lease time, and option information:
In the J-Web interface, select Configure > DHCP > DHCP Services.
Select DHCP Pools. Click Add.
Specify the IP address that is used as the source address the DHCP server includes in IP packets when communicating with clients. The address is included in the DHCP packet in option 54.
Specify the subnet information for the IPv4 address-assignment pool. Type 192.168.2.0/24.
In the Address Range Low, type 192.168.2.2.
In the Address Range High, type 192.168.2.254.
In the Exclude Addresses box, type the addresses you want excluded from a DHCP address pool. Type 192.168.2.0/24
Specify the server identifier to assign to any DHCP clients in this address pool. The identifier can be used to identify a DHCP server in a DHCP message.
Specify the domain name to assign to any DHCP clients in this address pool.
Specify the next server that DHCP clients need to contact. Type 192.168.10.2
Define the maximum amount of time (in seconds) that DHCP should lease an address. Type 2419200.
Define DHCP option 32, the device solicitation address option. You must enter a numeric value for option code. Select the option type from the list that corresponds to the option code.
Click OK.
If you are done configuring the device, click Commit > Commit.
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure the device as a DHCP server:
Configure an interface with an IP address on which the DHCP server will be reachable.
[edit] user@host# set interfaces ge-0/0/2 unit 0 family inet address 192.168.2.1/24
Configure the DHCP server.
[edit] user@host# set system services dhcp-local-server group g1 interface ge-0/0/2.0
Create an address pool for IPv4 addresses that can be assigned to clients. The addresses in the pool must be on the subnet in which the DHCP clients reside. Do not include addresses that are already in use on the network.
[edit]] user@host# set access address-assignment pool p1 family inet network 192.168.2.0/24
(Optional) Specify the IP address pool range. Define a range of addresses in the address-assignment pool. The range is a subset of addresses within the pool that can be assigned to clients. If no range is specified, then all addresses within the pool are available for assignment. Configure the name of the range and the lower and upper boundaries of the addresses in the range.
[edit]] user@host# set access address-assignment pool p1 192.168.2.0/24 address-range low 192.168.2.2 high 192.168.2.254
(Optional) Configure one or more routers as the default gateway on the client’s subnet.
[edit] user@host# set access address-assignment pool p1 family inet dhcp-attributes router 192.168.10.3
(Optional) Configure the IP address that is used as the source address for the DHCP server in messages exchanged with the client. Clients use this information to distinguish between lease offers.
[edit] user@host# set access address-assignment pool pool1 family inet dhcp-attributes server-identifier 192.168.10.1
(Optional) Specify the maximum time period, in seconds, that a client holds the lease for an assigned IP address if the client does not renew the lease.
[edit] user@host# set access address-assignment pool pool1 family inet dhcp-attributes maximum-lease-time 2419200
(Optional) Specify user-defined options to be included in DHCP packets
[edit] user@host# set access address-assignment pool pool1 family inet dhcp-attributes option 98 string test98
Assign a fixed IP address with the MAC address of the client.
[edit] user@host# set access address-assignment pool pool1 family inet host host1 ip-address 192.168.2.100 hardware-address 2c:56:dc:72:99:f3
Results
From configuration mode, confirm your configuration by entering the
show access address-assignmentcommand. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
[edit]
user@host# show access address-assignment
pool p1 {
family inet {
network 192.168.2.0/24;
range r1 {
low 192.168.2.2;
high 192.168.2.254;
}
dhcp-attributes {
maximum-lease-time 2419200;
name-server {
192.168.10.2;
}
}
}
}
}
From configuration mode, confirm your configuration by entering the
show system services dhcp-local-servercommand. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.[edit] user@host#
show system services dhcp-local-servergroup g1 { interface ge-0/0/2.0; }
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
Verifying the DHCP Binding Database
Purpose
Verify that the DHCP binding database reflects the DHCP server configuration.
Action
From operational mode, enter these commands:
show dhcp server bindingcommand to display all active bindings in the database.show dhcp server binding address detailcommand (where address is the IP address of the client) to display more information about a client.
These commands produce following sample output:
user@host> show dhcp server binding IP Address Hardware Address Type Lease expires at 30.1.1.20 00:12:1e:a9:7b:81 dynamic 2007-05-11 11:14:43 PDT
user@host> show dhcp server binding address detail
IP address 192.0.2.2
Hardware address 00:a0:12:00:13:02
Pool 192.0.2.0/24
Interface fe-0/0/0, relayed by 192.0.2.200
Lease information:
Type DHCP
Obtained at 2004-05-02 13:01:42 PDT
Expires at 2004-05-03 13:01:42 PDT
State active
DHCP options:
Name: name-server, Value: { 6.6.6.6, 6.6.6.7 }
Name: domain-name, Value: mydomain.tld
Code: 32, Type: ip-address, Value: 192.0.2.33
Verifying DHCP Server Operation
Purpose
Verify that the DHCP server operation has been configured.
Action
From operational mode, enter the following command:
show dhcp server statisticscommand to verify the DHCP server statistics.
user@host> show dhcp server statistics
Packets dropped:
Total 0
Messages received:
BOOTREQUEST 45
DHCPDECLINE 0
DHCPDISCOVER 1
DHCPINFORM 39
DHCPRELEASE 0
DHCPREQUEST 5
DHCPLEASEQUERY 0
DHCPBULKLEASEQUERY 0
Messages sent:
BOOTREPLY 6
DHCPOFFER 1
DHCPACK 3
DHCPNAK 2
DHCPFORCERENEW 0
DHCPLEASEUNASSIGNED 0
DHCPLEASEUNKNOWN 0
DHCPLEASEACTIVE 0
DHCPLEASEQUERYDONE 0
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.