I've been asked to configure an SRX345 for a small office (its a left over from a DC we've moved out of) and I'm having a terrible time getting DHCP address on the WAN interface. The only address I ever get is 192.168.100.10, which is obviously the cable modem fallback address.
srx345> show dhcp client binding detail Client Interface/Id: ge-0/0/0.0 Hardware Address: 40:71:83:2b:20:01 State: REQUESTING(LOCAL_CLIENT_STATE_REBOOTING) Server Identifier: 0.0.0.0 Client IP Address: 192.168.100.10 Update Server Yes I get this 192.168 address for a few minutes, and then it goes back to 0.0.0.0.
This is the config for the device:
version 15.1X49-D140.2; system { host-name office-srx345; time-zone UTC; root-authentication { encrypted-password "xxxxxxx"; ## SECRET-DATA } name-server { 8.8.8.8; 8.8.4.4; } name-resolution { no-resolve-on-input; } login { user nouser { uid 2006; class super-user; authentication { encrypted-password "XXXXXXXXXXX"; ## SECRET-DATA } } } services { ssh; telnet; xnm-clear-text; dhcp-local-server { group default { interface ge-0/0/1.0; } } web-management { https { system-generated-certificate; } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } ntp { server us.ntp.pool.org; } } security { log { mode stream; report; } screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set nsw_srcnat { from zone employeeData; to zone Internet; rule nsw-src-interface { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone employeeData to-zone Internet { policy All_employeeData_Internet { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone employeeData { interfaces { ge-0/0/1.0 { host-inbound-traffic { system-services { ping; dhcp; } } } } } security-zone Internet { interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { dhcp; } } } } } } } interfaces { ge-0/0/0 { unit 0 { family inet { dhcp-client { update-server; } } } } ge-0/0/1 { unit 0 { family inet { address 192.168.1.254/24; } } } fxp0 { unit 0 { family inet { address 172.31.249.11/24; } } } } protocols { l2-learning { global-mode switching; } rstp { interface all; } } access { address-assignment { pool default { family inet { network 192.168.1.0/24; range default-pool { low 192.168.1.20; high 192.168.1.199; } dhcp-attributes { name-server { 8.8.8.8; 8.8.4.4; } router { 192.168.1.254; } } } } } } I can plug in my laptop to the connection and pull a valid public IP, so I know everything upstream of me is fine. I did find some older documents referring to a need to increase the ttl, so I updated net.inet.ip.mcast_ttl via the shell and no success there. Anyone run into this before?
EDIT: System OS version JUNOS 15.1X49-D140.2
No comments:
Post a Comment