Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Logical Systems and Tenant Systems User Guide for Security Devices Tenant Systems

Logical Systems and Tenant Systems User Guide for Security Devices

keyboard_arrow_up
close
keyboard_arrow_left
Logical Systems and Tenant Systems User Guide for Security Devices
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

DHCP for Tenant Systems

date_range 09-Jun-23
arrow_backward
arrow_forward

Understanding DHCP support for Tenant Systems

Starting in Junos OS Release 18.4R1, a tenant system supports the DHCP client feature to learn IP addresses for interfaces assigned to the tenant systems. Additionally, starting in Junos OS Release 18.4R1, tenant systems support the DHCP relay feature. A DHCP relay agent forwards DHCP requests and responses between the DHCP client and the DHCP server.

An interface of an SRX Series Firewall operating as a DHCP client receives the TCP or IP settings and the IP address from an external DHCP server.

An SRX Series Firewall operating as a DHCP relay agent for tenant systems forwards incoming requests from the DHCP clients to a specified DHCP server. The client requests pass through interfaces on the tenant systems.

Minimum DHCPv6 Relay Agent Configuration for Tenant Systems

The following example describes the minimum configuration required to configure an SRX Series Firewall as a DHCPv6 relay agent for the tenant system.

Before you begin determine the following:

  • The DHCP routing instance name, the DHCP relay group and the DHCP active server-group for the tenant system.

  1. Create a DHCPv6 relay group that includes at least one interface for the tenant system.
    content_copy zoom_out_map
    user@host# set tenants TSYS1 routing-instances R1 interface ge-0/0/0.0
  2. Specify the DHCP group and add interfaces belonging to the group.
    content_copy zoom_out_map
    user@host# set tenants TSYS1  routing-instances R1 forwarding-options dhcp-relay dhcpv6 group inf interface ge-0/0/0.0
  3. Specify the name of the server-group and add the IP address for the DHCP servers belonging to the same group.
    content_copy zoom_out_map
    user@host# set tenants TSYS1  routing-instances R1 forwarding-options dhcp-relay dhcpv6 server-group server6 2001:db8::1/64
  4. Specify the name of the active server-group.
    content_copy zoom_out_map
    user@host# set tenants TSYS1  routing-instances R1 forwarding-options dhcp-relay dhcpv6 active-server-group server6
  5. Confirm your configuration by entering the show tenants TSYS1 routing-instances R1 command.
    content_copy zoom_out_map
    [edit]
user@host# show tenants TSYS1 routing-instances R1
forwarding-options {
    dhcp-relay {
        dhcpv6 {
            group inf {
                interface ge-0/0/0.0;
            }
            server-group {
                server6 {
                    2001:db8::1/64;
                }
            }
            active-server-group server6;
        }
    }
}

Example: Configuring a DHCPv6 Client for Tenant Systems

This example shows how to configure a device as a DHCPv6 client for tenant systems.

Requirements

This example uses the following hardware and software components:

  • An SRX Series Firewall

  • Junos OS Release 18.4R1

Before you begin:

  • Read the Understanding DHCP support for Tenant Systems to understand how and where this procedure fits in the overall tenant systems support for DHCP.

    No special configuration beyond device initialization is required before configuring this feature.

Overview

In this example, a tenant system administrator configures an SRX Series Firewall as a DHCPv6 client for a tenant system.

The DHCPv6 client for a tenant system includes the following features:

  • Identity association for non-temporary addresses (IA_NA)

  • Identity association for prefix delegation (IA_PD)

  • Autoconfig or stateful mode

  • DHCP unique identifier (DUID)

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

content_copy zoom_out_map
set tenants TSYS1 security zones security-zone trust host-inbound-traffic system-services all
set tenants TSYS1 security zones security-zone trust host-inbound-traffic protocols all
set tenants TSYS1 security zones security-zone trust interfaces ge-0/0/0.0
set tenants TSYS1 routing-instances r1 instance-type virtual-router
set tenants TSYS1 routing-instances r1 interface ge-0/0/0.0
set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-type autoconfig
set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-type stateful
set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-ia-type ia-na
set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-ia-type ia-pd
set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
set tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client req-option dns-server
set protocols router-advertisement interface ge-0/0/0.0

Configuring DHCPv6 Client in a Tenant System

Procedure

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

  1. Configure security zones to permit traffic for a tenant system.

    content_copy zoom_out_map
    [edit tenants TSYS1 security zones]
user@host# set security-zone trust host-inbound-traffic system-services all
user@host# set security-zone trust host-inbound-traffic protocols all
user@host# set security-zone trust interfaces ge-0/0/0.0

  2. Create a routing instance and assign the routing instance type to a tenant system.

    content_copy zoom_out_map
    [edit tenants TSYS1]
user@host# set routing-instances r1 instance-type virtual-router

  3. Specify the interface name for the routing instance.

    content_copy zoom_out_map
    [edit tenants TSYS1]
user@host# set routing-instances r1 interface ge-0/0/0.0

  4. Configure the DHCPv6 client type. The client type can be autoconfig or stateful for a tenant system.

    • To enable DHCPv6 auto configuration mode, configure the client type as autoconfig.

      content_copy zoom_out_map
      [edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client]
user@host# set client-type autoconfig

    • For stateful address assignment, configure the client type as stateful.

      content_copy zoom_out_map
      [edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client]
user@host# set client-type stateful

  5. Specify the identity association type.

    • To configure identity association for nontemporary address (IA_NA) assignment, specify the client-ia type as ia-na.

      content_copy zoom_out_map
      [edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client]
user@host# set client-ia-type ia-na

    • To configure identity association for prefix delegation (IA_PD), specify the client-ia-type as ia-pd.

      content_copy zoom_out_map
      [edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client]
user@host# set client-ia-type ia-pd

  6. Configure the DHCPv6 client identifier by specifying the DHCP unique identifier (DUID) type for the tenant system. The following DUID type is supported:

    • Link Layer address (duid-ll)

      content_copy zoom_out_map
      [edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client]
user@host# set client-identifier duid-type duid-ll

  7. Specify the DHCPv6 client requested option as dns-server for the tenant system.

    content_copy zoom_out_map
    [edit tenants TSYS1 interfaces ge-0/0/0 unit 0 family inet6 dhcpv6-client]
user@host# set req-option dns-server

  8. Configure the router advertisement.

    content_copy zoom_out_map
    [edit]
user@host# set protocols router-advertisement interface ge-0/0/0.0

Results

  • From configuration mode, confirm your configuration by entering the show tenants TSYS1 command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    content_copy zoom_out_map
    user@host# show tenants TSYS1
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet6 {
                dhcpv6-client {
                    client-type stateful;
                    client-ia-type ia-na;
                    client-ia-type ia-pd;
                    client-identifier duid-type duid-ll;
                    req-option dns-server;
                }
            }
        }
    }
}
routing-instances {
    r1 {
        instance-type virtual-router;
        interface ge-0/0/0.0;
    }
}
security {
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                ge-0/0/0.0;
            }
        }
    }
}

  • From configuration mode, confirm your configuration by entering the show protocols command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    content_copy zoom_out_map
    user@host# show protocols
router-advertisement {
    interface ge-0/0/0.0;
}

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying the DHCPv6 Client for the Tenant System

Purpose

Verify that the DHCPv6 client information is configured.

Action

From the operational mode, enter the show dhcpv6 client binding tenant TSYS1 command.

content_copy zoom_out_map
user@host> show dhcpv6 client binding  tenant TSYS1
IP/prefix      Expires     State      ClientType     Interface      Client DUID
         2000::17/128    67762    BOUND      STATEFUL         ge-0/0/6.0      LL0x3-10:0e:7e:49:25:86
         2000:100::/64   67762    BOUND      STATEFUL         ge-0/0/6.0      LL0x3-10:0e:7e:49:25:86
Meaning

The output displays the address binding information for the tenant system.

Verifying the DHCPv6 Client Binding for the Tenant System

Purpose

Verify that the DHCPv6 client binding information is configured.

Action

From the operational mode, enter the show dhcpv6 client binding detail tenant TSYS1 command.

content_copy zoom_out_map
user@host> show dhcpv6 client binding detail tenant TSYS1
Client Interface/Id: ge-0/0/6.0                                              
     Hardware Address:             10:0e:7e:49:25:86                         
     State:                        BOUND(DHCPV6_CLIENT_STATE_BOUND)
     ClientType                    STATEFUL                          
     Lease Expires:                2018-11-09 07:11:47 UTC                   
     Lease Expires in:             67760 seconds                              
     Lease Start:                  2018-11-08 07:11:47 UTC 
     Bind Type:                    IA_NA IA_PD 
     Preferred prefix length       0
     Sub prefix length             0 
     Client DUID:                  LL0x3-10:0e:7e:49:25:86
     Rapid Commit:                 Off  
     Server Identifier:            fe80::46f4:77ff:fed6:670a                                
     Client IP Address:            2000::17/128                                
     Client IP Prefix:             2000:100::/64                                        
                                                                             
     DHCP options:                                                                
     Name: server-identifier, Value: VENDOR0x00000583-0x34343a34
Meaning

The output displays the detailed client binding information for the tenant system.

Verifying the DHCPv6 Client Statistics Information for the Tenant System

Purpose

Verify that the DHCP client statistics information is configured.

Action

From the operational mode, enter the show dhcpv6 client statistics tenant TSYS1 command.

content_copy zoom_out_map
user@host> show dhcpv6 client statistics tenant TSYS1 routing-instance R1
Dhcpv6 Packets dropped:
    Total               3
    Bad Send            3

    Messages received:
    DHCPV6_ADVERTISE           1
    DHCPV6_REPLY               1
    DHCPV6_RECONFIGURE         0

    Messages sent:
    DHCPV6_DECLINE             0
    DHCPV6_SOLICIT             1
    DHCPV6_INFORMATION_REQUEST 0
    DHCPV6_RELEASE             0
    DHCPV6_REQUEST             1
    DHCPV6_CONFIRM             0
    DHCPV6_RENEW               0
    DHCPV6_REBIND              0
Meaning

The output displays the information about the number of packets discarded, the number of messages received and the number of messages sent by the DHCP client for the tenant system.

arrow_backward PREVIOUS ALG for Tenant Systems
NEXT arrow_forward Security Log for Tenant Systems
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top