Friday, 26 October 2012

System Services - DHCP

DHCP (Dynamic Host Configuration Protocol) is a client / server protocol used to automatically assign an IP address to a node on the network. The following basic breakdown outlines the messages that take place when a host acquires an IP address using DHCP.
  • Discover - In this message the client broadcasts a request using UDP port 67. Some options or attributes can be included in the address such as requesting to have the same address the client might have had before. 
  • Offer - In this message a DHCP server responds to the client on UDP port 68. This message includes the IP address and lease information the server is offering the client.
  • Request - In this message the client responds to the server to confirm the offer. The client may receive many offers from multiple DHCP servers. It will only choose and respond to one offer.
  • Acknowledgement - In this message the server confirms to the client that the IP address has been allocated to the client.
The Juniper SRX can be configured as a DHCP server, DHCP client or both.

DHCP Client Configuration & Validation
In this exercise the public interface of the SRX100 will be configured as a DHCP client. This will allow the SRX to acquire a public IP address from the ISP. The following diagram outlines the basic topology.

The following command configures interface fe-0/0/0 on the SRX100 acquire an IP address via DHCP. The first command enables DHCP on the interface fe-0/0/0 and the second command sets DHCP as an inbound service.
set interfaces fe-0/0/0 unit 0 family inet dhcp
set security zones security-zone INTERNET interfaces fe-0/0/0.0 host-inbound-traffic system-services dhcp 

The following command can be used to verify DHCP client operation.



DHCP Server Configuration & Validation
In this exercise the SRX100 will be configured as a DHCP server for the internal network of 192.168.1.0/24. The following diagram outlines the basic topology.




The following commands configure the SRX100 to function as a DHCP server. The first command sets the range of addresses that can be handed out to clients. The three commands set parameters that can be passed to the client, in this case they are DNS and a default gateway. Other parameters such as WINS, domain name or vendor specific options can also be specified. The last command allows DHCP as an inbound service on the LAN interface of the SRX.

set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.100 high 192.168.1.150
set system services dhcp pool 192.168.1.0/24 name-server 8.8.8.8
set system services dhcp pool 192.168.1.0/24 name-server 8.8.4.4
set system services dhcp pool 192.168.1.0/24 router 192.168.1.1
set security zones security-zone TRUST interfaces vlan.192 host-inbound-traffic system-services dhcp 

The following commands can be used to verify DHCP server operation.
show system services dhcp pool - This command outlines the DHCP pools configured with the ranges included.
show system services dhcp binding - This command outlines the current addresses that are assigned to clients including the lease times.
show system services dhcp statistics - This command outlines some counters and stats for DHCP.
show system services dhcp conflicts  - This command outlines conflicts such as duplicate IP use.

The screenshot below outlines these commands.


DHCP Relay Configuration & Validation
DHCP is broadcast based, if the client and server are on different networks the DHCP server will not see the requests from the client. In this exercise the SRX100 will be configured to relay DHCP requests to an external DHCP server. The following diagram outlines the basic topology.

The following commands configure the SRX100 to function as a DHCP relay agent.

set forwarding-options helpers bootp description "DHCP Relay"
set forwarding-options helpers bootp server 192.168.2.100
set forwarding-options helpers bootp interface vlan.192
set security zones security-zone TRUST interfaces vlan.192 host-inbound-traffic system-services dhcp
set security zones security-zone TRUST interfaces vlan.193 host-inbound-traffic system-services dhcp


The following commands can be used to verify DHCP relay operation.


No comments:

Post a Comment