[j-nsp] SRX1500 (pkt mode) dhcp relay and VoIP phones

Anderson, Charles R cra at wpi.edu
Wed Jan 16 10:16:49 EST 2019 

What make/model are your IP phones?  Are you doing dhcp-snooping on a
separate switch?  If so, I'd advise disabling dhcp-snooping on the
SRX.  Are you doing voip-vlan?

We are using Avaya 96xx-series phones on EX4200, EX4300, and EX3400
switches.  The switches are doing voip-vlan and dhcp-snooping.  The
EX3400 switches are behind MX150 routers using the new jdhcpd relay on
MX150 17.3R2. This is my config which works fine with our IP phones:

set forwarding-options dhcp-relay overrides allow-snooped-clients
set forwarding-options dhcp-relay overrides trust-option-82
set forwarding-options dhcp-relay server-group DHCP-SERVERS a.b.c.d
set forwarding-options dhcp-relay server-group DHCP-SERVERS w.x.y.z
set forwarding-options dhcp-relay active-server-group DHCP-SERVERS
set forwarding-options dhcp-relay group DHCP-RELAYS interface ae0.50
set forwarding-options dhcp-relay no-snoop


On Wed, Jan 16, 2019 at 09:41:49AM -0500, Michael Davis wrote:
> Thanks.. Not valid for SRX1500 platform.
> 
> On 1/16/19 9:37 AM, Anderson, Charles R wrote:
> > Maybe try layer2-unicast-replies?
> >
> > On Wed, Jan 16, 2019 at 08:38:34AM -0500, Michael Davis wrote:
> >> We use SRX's in pkt mode at some remote sites that don't need full blown
> >> VPN/FW
> >> security, mostly older SRX100s and SRX240s.  We've recently installed a
> >> SRX1500
> >> at a larger site and everything works as expected, except none of the
> >> VoIP phones
> >> are getting their addresses from the dhcp relay.  We have 6 VLANs on
> >> site and all
> >> of them get dhcp as expected, except the VoIP phones.  Putting a laptop
> >> on the
> >> VoIP VLAN gets an IP correctly.  Monitoring and mirroring the VLAN shows
> >> the dhcp
> >> reply packets being broadcast to the IRB, but the phones just stay in
> >> the selecting
> >> state in the binding table.
> >>
> >> This is the first SRX running the JDHCP code levels so that's suspect,
> >> but can't for
> >> the life of me see why only the phones are having issues.
> >>
> >> We were running the recommended 15.1X49-D150.2 and I upgraded this morning
> >> to 15.1X49-D160.2 without any change.
> >>
> >> Has anyone run into such an issue before?

More information about the juniper-nsp mailing list