Common DHCP Configuration for Interface Groups and Server Groups
Grouping Interfaces with Common DHCP Configurations
You use the group feature to group a set of interfaces and then apply a common DHCP configuration to the named interface group. The extended DHCP local server, DHCPv6 local server, DHCP relay agent, and DHCPv6 relay agent all support interface groups.
The following steps create a DHCP local server group; the steps are similar for the DHCPv6 local server, DHCP relay agent, and DHCPv6 relay agent.
To configure a DHCP local server interface group:
Example- 2
To configure an interface group, use the group statement.
You can specify the names of one or more interfaces on which
the extended DHCP application is enabled. You can repeat the interface interface-name statement to
specify multiple interfaces within a group, but you cannot specify
the same interface in more than one group. For example:
The extended DHCP applications enable you to group together a set of interfaces and apply a common DHCP configuration to the named interface group.
group boston { interface 192.168.10.1; interface 192.168.15.5; }You can use the upto option to specify a range of interfaces on which the extended DHCP application is enabled. For example:
group quebec { interface 192.168.10.1 upto 192.168.10.255; }-
You can use the
excludeoption to exclude a specific interface or a specified range of interfaces from the group. For example:group paris { interface 192.168.100.1 exclude; interface 192.168.100.100 upto 192.168.100.125 exclude; }
Example:
group group-name { authentication { password password-string; username-include { circuit-type; delimiter delimiter-character; domain-name domain-name-string; logical-system-name; mac-address; option-60; option-82 <circuit-id> <remote-id>; routing-instance-name; user-prefix user-prefix-string; } } interface interface-name <upto upto-interface-name> <exclude>; }
Guidelines for Configuring Interface Ranges for Groups of DHCP Interfaces
This topic describes guidelines to consider when configuring interface ranges for named interface groups for DHCP local server and DHCP relay. The guidelines refer to the following configuration statement:
user@host# set interface interface-name upto upto-interface-name
The start subunit,
interface interface-name, serves as the key for the stanza. The remaining configuration settings are considered attributes.If the subunit is not included, an implicit
.0subunit is enforced. The implicit subunit is applied to all interfaces when autoconfiguration is enabled. For example,interface ge-2/2/2is treated asinterface ge-2/2/2.0.Ranged entries contain the
uptooption, and the configuration applies to all interfaces within the specified range. The start of a ranged entry must be less than the end of the range. Discrete entries apply to a single interface, except in the case of autoconfiguration, in which a0(zero) subunit acts as a wildcard.Interface stanzas defined within the same router or switch context are dependent and can constrain each other—both DHCP local server and DHCP relay are considered. Interface stanzas defined across different router (switch) contexts are independent and do not constrain one another.
Each interface stanza, whether discrete or ranged, has a unique start subunit across a given router context. For example, the following configuration is not allowed within the same group because
ge-1/0/0.10is the start subunit for both.interface ge-1/0/0.10 upto ge-1/0/0.30 interface ge-1/0/0.10
Two groups cannot share interface space. For example, the following configuration is not allowed because the three stanzas share the same space and interfere with one another—interface
ge-1/0/0.26is common to all three.dhcp-relay group diamond interface ge-1/0/0.10 upto ge-1/0/0.30 dhcp-local-server group ruby interface ge-1/0/0.26 dhcp-relay group sapphire interface ge-1/0/0.25 upto ge-1/0/0.35
Two ranges cannot overlap, either within a group or across groups. Overlapping occurs when two interface ranges share common subunit space but neither range is a proper subset of the other. The following ranges overlap:
interface ge-1/0/0.10 upto ge-1/0/0.30 interface ge-1/0/0.20 upto ge-1/0/0.40
A range can contain multiple nested ranges. A nested range is a proper subset of another range. When ranges are nested, the smallest matching range applies.
In the following example, the three ranges nest properly:
interface ge-1/0/0.10 upto ge-1/0/0.30 interface ge-1/0/0.12 upto ge-1/0/0.15 exclude interface ge-1/0/0.25 upto ge-1/0/0.29 exclude
Discrete interfaces take precedence over ranges. In the following example, interface
ge-1/0/0.20takes precedence and enforces an interface client limit of5.interface ge-1/0/0.10 upto ge-1/0/0.30 interface ge-1/0/0.15 upto ge-1/0/0.25 exclude interface ge-1/0/0.20 overrides interface-client-limit 5
Configuring Group-Specific DHCP Local Server Options
You can include the following statements at the [edit system services dhcp-local-server group group-name] hierarchy level to set group-specific DHCP local server configuration
options. Statements configured at the [edit system services dhcp-local-server
group group-name] hierarchy level apply
only to the named group of interfaces, and override any global DHCP
local server settings configured with the same statements at the [edit system services dhcp-local-server] hierarchy level.
DHCPv6 local server supports the same set of statements with
the exception of the dynamic-profile statement.
-
authentication—Configure the parameters the router sends to the external AAA server. -
dynamic-profile—Specify the dynamic profile that is attached to a group of interfaces. -
interface—Specify one or more interfaces, or a range of interfaces, that are within the specified group. -
liveness-detection—Configure bidirectional failure detection timers and authentication criteria for static routes, or Layer 2 liveness detection using ARP and Neighbor Discovery packets. For more information, see DHCP Liveness Detection Overview. -
overrides—Override the default configuration settings for the extended DHCP local server. For information, see Overriding the Default DHCP Local Server Configuration Settings. -
interface-tag—(Optional) Specifies a tag name for the interface that will be associated with a DHCP configuration. Use the tag to identify subscribers associated with this DHCP local server group.
Configuring Group-Specific DHCP Relay Options
You can include the following statements at the [edit forwarding-options
dhcp-relay group group-name] hierarchy
level to set group-specific DHCP relay agent configuration options.
Group-specific statements apply only to the named group of interfaces,
and override any global DHCP relay agent settings for the same statement.
Include the statements at the [edit forwarding-options
dhcp-relay dhcpv6 group group-name] hierarchy
level to configure group-specific options for DHCPv6 relay agent.
-
active-server-group—Configure an active server group to apply a common DHCP relay agent configuration for a named group of DHCP server addresses. For information, see Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration to Named Server Groups. -
authentication—Configure the parameters the router (or switch) sends to the external AAA server. -
dynamic-profile—Specify the dynamic profile that is attached to a group of interfaces. -
interface—Specify one or more interfaces, or a range of interfaces, that are within the specified group. -
liveness-detection—Configure bidirectional failure detection timers and authentication criteria for static routes, or Layer 2 liveness detection using ARP and Neighbor Discovery packets. For more information, see DHCP Liveness Detection Overview. -
overrides—Override the default configuration settings for the extended DHCP relay agent. For information, see Overriding the Default DHCP Relay Configuration Settings. -
relay-agent-interface-id—(DHCPv6 only) Insert the DHCPv6 Relay Agent Interface-ID option (option 18) in DHCPv6 packets destined for the DHCPv6 server. -
relay-agent-remote-id—(DHCPv6 only) Insert the DHCPv6 Relay Agent Remote-ID option (option 37) in DHCPv6 packets destined for the DHCPv6 server. -
relay-option—Configure selective processing, which uses DHCP options in client packets to identify and filter client traffic, and to specify the action DHCP relay agent takes with the traffic. For more information, see Using DHCP Option Information to Selectively Process DHCP Client Traffic. -
relay-option-82—(DHCPv4 only) Enable or disable the insertion of option 82 information in packets destined for a DHCP server. For information, see Using DHCP Relay Agent Option 82 Information. -
service-profile—Specify the default subscriber service, (or default profile) which is activated when the subscriber (or DHCP client) logs in and no other service is activated by a RADIUS server or a provisioning server. For more information, see Default Subscriber Service Overview . -
interface-tag—(Optional) Specifies a tag name for the interface that will be associated with a DHCP configuration. Use the tag to identify subscribers associated with this DHCP relay agent.
Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration to Named Server Groups
You can apply a common DHCP or DHCPv6 relay configuration to a set of IP addresses configured as a server group. An active server group is sometimes referred to as a trusted group of servers.
You can configure active server groups globally or at the group
level (configured with the group. When you apply the active
server group at the group level, it overrides a global active server
group configuration.
To configure a group of DHCP server addresses and apply them as an active server group:
Example: Configuring Active Server Groups in DHCP Relay Agent Configuration
For example, you might want to direct certain DHCP client traffic to a DHCP server. You can configure an interface group for each set of clients, specifying the DHCP relay interfaces for the group. In each of these groups, you specify an active server group to which each client groups traffic is forwarded. After a DHCP server group is created and server IP addresses are added to the group, the device used as the DHCP relay agent can forward messages to specific servers.
-
Three groups of DHCP server addresses are configured, Default, Campus-A, and Campus-B.
-
The Default group is applied as the global active server group for the overall DHCP relay configuration.
-
The Campus-A server group is assigned as the active server group for interface group Campus-A-v10-DHCP-RELAY. DHCP traffic received on the interfaces in Campus-A-v10-DHCP-RELAY is forwarded to DHCP servers 198.51.100.100 and 198.51.100.101.
-
The Campus-B server group is assigned as the active server group for interface group Campus-B-v200-DHCP-RELAY. DHCP traffic received on the interfaces in Campus-B-v200-DHCP-RELAY is forwarded to DHCP servers 198.51.100.55 and 198.51.100.56.
-
All other DHCP traffic is forwarded to DHCP server 203.0.113.1.
[edit forwarding-options dhcp-relay] # # Server groups user@host# set server-group Default 203.0.113.1 user@host# set server-group Campus-A 198.51.100.100 user@host# set server-group Campus-A 198.51.100.101 user@host# set server-group Campus-B 198.51.100.55 user@host# set server-group Campus-B 198.51.100.56 # # Default server group applied globally. user@host# set active-server-group Default # # Interface groups with application of active server groups user@host# set group Campus-A-v10-DHCP-RELAY interface ge-1/1/0.1 user@host# set group Campus-A-v10-DHCP-RELAY interface ge-1/1/0.2 user@host# set group Campus-A-v10-DHCP-RELAY interface ge-1/1/0.3 user@host# set group Campus-A-v10-DHCP-RELAY active-server-group Campus-A user@host# set group Campus-B-v200-DHCP-RELAY interface ge-2/2/0.4 user@host# set group Campus-B-v200-DHCP-RELAY interface ge-2/2/0.5 user@host# set group Campus-B-v200-DHCP-RELAY interface ge-2/1/0.6 user@host# set group Campus-B-v200-DHCP-RELAY active-server-group Campus-B
Note the following:
-
In some configurations, servers in an active server group maintain redundant information about the DHCP clients. If the binding server later becomes inaccessible, the client is unable to renew the lease from that server. When the client attempts to rebind to a server, other servers in the group with the client information can reply with an ACK message. By default, instead of forwarding the ACK to the DHCP client, the relay agent drops any such ACKs that it receives from any server other than the binding server because the new server address does not match the expected server address in the DHCP client entry. Consequently the lease cannot be extended by any of the redundant servers.
-
Starting in Junos OS Release 16.2R1, you can enable a DHCPv4 relay agent to forward DHCP request (renew or rebind) ACKs from any server in the active server group (thus, any trusted server). The relay agent updates the client entry with the new server address. Because the servers in the group are expected to mirror the client information exactly, the lease option is expected to be the same as for the original server and the relay agent does not need to verify the lease option.
-
Starting in Junos OS Release 18.4R1, this capability is extended to allow a DHCP relay agent to forward DHCP information request (DHCPINFORM) ACK messages from any server in the active server group.
To enable ACK forwarding from any server in the active server group:
-
Enable forwarding for the active server group.
[edit forwarding-options dhcp-relay active-server-group] user@host# set allow-server-change
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.