I’ve recently started deploying the Juniper SRX series gateways, placing an SRX 210 at branch office locations with an SRX 650 at the main office locations. We utilize a central DHCP/DNS/IPAM solution so we prefer to relay all DHCP/BOOTP requests to one of our centralized DHCP/DNS servers as opposed to utilizing the DHCP server functionality built into the SRX itself.
I had to spend more than a few minutes trying to get the DHCP relay working on the SRX 210. The configuration was pretty straight forward, the trick in the end was the “vpn” statement (see below) that allows the DHCP/BOOTP packets to be relayed across a VPN tunnel. Please note that the DHCP server at 10.1.1.1 is accessible via the VPN tunnel.
forwarding-options {
helpers {
bootp {
relay-agent-option;
description "Branch DHCP Relay";
server 10.1.1.1;
maximum-hop-count 10;
minimum-wait-time 1;
vpn;
interface {
vlan.0;
}
}
}
}The next big step will be deploying OSPF between all the SRX gateways.
Cheers!
Hi Michael,
Is your setup clustered?
Kind regards
Z.
Neither the edge or the core is clustered… instead I use 2 Juniper SRX 650s at different physical locations for my main office and let OSPF determine which IPSec tunnel to use. It works great and provides the redundancy I need at the main office side. I guess you could certainly cluster either the main office or branch office side.
Cheers!
How can you configure the SRX in a way that it will support two DHCP servers, prioritising one over the other?
Thanks,
Stephan
Hi Stephan,
Just repeat the server command with the IP address of the 2nd DHCP server.
Cheers!