ON THIS PAGE
DHCPv6 Client
SRX Series device can act as a DHCPv6 client, receiving its TCP/IP settings and the IPv6 address for any physical interface in any security zone from an external DHCPv6 server. To enable a device to operate as a DHCPv6 client, you must configure a logical interface on the device to obtain an IPv6 address from the DHCPv6 local server in the network. For more information, read this topic.
DHCPv6 Client Overview
A Juniper Networks device can act as a Dynamic Host Configuration Protocol version 6 (DHCPv6) client, receiving its TCP/IP settings and the IPv6 address for any physical interface in any security zone from an external DHCPv6 server. When the device operates as a DHCPv6 client and a DHCPv6 server simultaneously, it can transfer the TCP/IP settings learned through its DHCPv6 client module to its default DHCPv6 server module. For the device to operate as a DHCPv6 client, you configure a logical interface on the device to obtain an IPv6 address from the DHCPv6 server in the network.
DHCPv6 client support for Juniper Networks devices includes the following features:
Identity association for nontemporary addresses (IA_NA)
Identity association for prefix delegation (IA_PD)
Rapid commit
TCP/IP propagation
Auto-prefix delegation
Autoconfig mode (stateful and stateless)
To configure the DHCPv6 client on the device, include the dhcpv6-client statement at the [edit interfaces]
hierarchy level.
To configure a DHCPv6 client in a routing instance, add
the interface in a routing instance using the [edit routing-instances] hierarchy.
On all SRX Series Firewalls, DHCPv6 client authentication is not supported.
On SRX300, SRX320, SRX340, SRX345, and SRX550M devices, DHCPv6 client does not support:
Temporary addresses
Reconfigure messages
Multiple identity association for nontemporary addresses (IA_NA)
Multiple prefixes in a single identity association for prefix delegation (IA_PD)
Multiple prefixes in a single router advertisement
Understanding DHCPv6 Client and Server Identification
Each DHCPv6 client and server is identified by a DHCP unique identifier (DUID). The DUID is unique across all DHCPv6 clients and servers, and it is stable for any specific client or server. DHCPv6 clients use DUIDs to identify a server in messages where a server needs to be identified. DHCPv6 servers use DUIDs to determine the configuration parameters to be used for clients and in the association of addresses with clients.
This feature is supported on SRX300, SRX320, SRX340, SRX550M, and SRX1500 devices.
The DUID is a 2-octet type code represented in network byte order, followed by a variable number of octets that make up the actual identifier; for example, 00:02:00:01:02:03:04:05:07:a0. A DUID can be up to 128 octets in length (excluding the type code). The following types are currently defined for the DUID parameter:
Type 1—Link Layer address plus time (duid-llt)
Type 2—Vendor-assigned unique ID based on enterprise number (vendor)
Type 3—Link Llayer address (duid-ll)
The duid-llt DUID consists of a 2-octet type field that contains the value 1, a 2-octet hardware type code, 4 octets that signify a time value, followed by the Link Layer address of any one network interface that is connected to the DHCP device at the time that the DUID is generated.
The vendor DUID is assigned by the vendor to the device and contains the vendor's registered private enterprise number as maintained by the identity association for nontemporary addresses (IA_NA) assignment, followed by a unique identifier assigned by the vendor.
The duid-ll DUID contains a 2-octet type field that stores the value 3, and a 2-octet network hardware type code, followed by the Link Layer address of any one network interface that is permanently connected to the client or server device.
See Also
Minimum DHCPv6 Client Configuration on SRX Series Devices
This topic describes the minimum configuration you must use to configure an SRX300, SRX320, SRX340, SRX345, SRX550M, or SRX1500 device as a DHCPv6 client.
To configure the device as a DHCPv6 client:
Specify the DHCPv6 client interface.
[edit] user@host#
set interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-clientConfigure the DHCPv6 client type. The client type can be autoconfig or statefull.
To enable DHCPv6 auto configuration mode, configure the client type as
autoconfig.[edit interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host#
set client-type autoconfigFor stateful address assignment, configure the client type as
statefull.[edit interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host#
set client-type statefull
Specify the identity association type.
To configure identity association for nontemporary address (IA_NA) assignment, specify the
client-ia typeasia-na.[edit interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host#
set client-ia-type ia-naTo configure identity association for prefix delegation (IA_PD), specify the
client-ia-typeasia-pd.[edit interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host#
set client-ia-type ia-pd
Configure the DHCPv6 client identifier by specifying the DHCP unique identifier (DUID) type. The following DUID types are supported:
Link Layer address (duid-ll)
Link Layer address plus time (duid-llt)
Vendor-assigned unique ID based on enterprise number (vendor)
[edit interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client] user@host#
set client-identifier duid-type duid-ll
To configure a DHCPv6 client in a routing instance, add
the interface to a routing instance using the [edit routing-instances] hierarchy.
Configuring DHCP Client-Specific Attributes
You use the address-assignment pool feature to include application-specific attributes when clients obtain an address. A client application, such as DHCPv6, uses the attributes to determine how addresses are assigned and to provide optional application-specific characteristics to the client. For example, the DHCPv6 application might specify that a client that matches certain prerequisite information is dynamically assigned an address from a particular named range. Based on which named range is used, DHCPv6 specifies additional DHCPv6 attributes such as the DNS server or the maximum lease time for clients.
You use the dhcp-attributes statement to configure
DHCPv6 client-specific attributes for address-assignment pools at
the [edit access address-assignment pool pool-name family inet6] hierarchy.
Table 1 describes the DHCPv6 client attributes for configuring IPv6 address-assignment pools.
Attribute |
Description |
DHCPv6 Option |
|---|---|---|
|
IPv6 address of DNS server to which clients can send DNS queries |
23 |
|
Grace period offered with the lease |
– |
|
Maximum lease time allowed by the DHCPv6 server |
– |
|
User-defined options |
– |
|
IPv6 address of SIP outbound proxy server |
22 |
|
Domain name of the SIP outbound proxy server |
21 |
DHCPv6 Client Configuration Options
To enable a device to operate as a DHCPv6 client, you configure a logical interface on the device to obtain an IPv6 address from the DHCPv6 local server in the network. You can then specify the retransmission attempts, client requested configuration options, interface used to delegate prefixes, rapid commit, and update server options.
To configure optional DHCPv6 client attributes:
To configure a DHCPv6 client in a routing instance, add
the interface to a routing instance using the [edit routing-instances] hierarchy.
On all SRX Series Firewalls, DHCPv6 client authentication is not supported.
On SRX300, SRX320, SRX340, and SRX345, and SRX550M devices, DHCPv6 client does not support:
Temporary addresses
Reconfigure messages
Multiple identity association for nontemporary addresses (IA_NA)
Multiple prefixes in a single identity association for prefix delegation (IA_PD)
Multiple prefixes in a single router advertisement
Configuring the DHCPv6 Client Rapid Commit Option
The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default four-method exchange (solicit, advertise, request, and reply). The two-message exchange provides faster client configuration and is beneficial in environments in which networks are under a heavy load.
To configure the DHCPv6 client to support the DHCPv6 rapid commit option on SRX300, SRX320, SRX340, SRX550M, and SRX1500 devices:
Configuring a DHCPv6 Client in Autoconfig Mode
A DHCPv6 client configured in autoconfig mode acts as a stateful client, a stateless client (DHCPv6 server is required for TCP/IP configuration), and stateless–no DHCP client, based on the managed (M) and other configuration (O) bits in the received router advertisement messages.
If the managed bit is 1 and the other configuration bit is 0, the DHCPv6 client acts as a stateful client. In stateful mode, the client receives IPv6 addresses from the DHCPv6 server, based on the identity association for nontemporary addresses (IA_NA) assignment.
If the managed bit is 0 and the other configuration bit is 1, the DHCPv6 client acts as a stateless client. In stateless mode, the addresses are automatically configured, based on the prefixes in the router advertisement messages received from the router. The stateless client receives configuration parameters from the DHCPv6 server.
If the managed bit is 0 and the other configuration bit is also 0, the DHCPv6 client acts as a stateless–no DHCP client. In the stateless–no DHCP mode, the client receives IPv6 addresses from the router advertisement messages.
To configure DHCPv6 client in autoconfig mode on SRX300, SRX320, SRX340, SRX550M, and SRX1500 devices:
Configuring TCP/IP Propagation on a DHCPv6 Client
You can enable or disable the propagation of TCP/IP settings received on the device acting as a DHCPv6 client. The settings can be propagated to the server pool running on the device. This topic describes how to configure TCP/IP settings on a DHCPv6 client, where both the DHCPv6 client and DHCPv6 server are on the same device.
This feature is supported on SRX300, SRX320, SRX340, SRX550M, and SRX1500 devices.
To configure TCP/IP setting propagation on a DHCPv6 client: