[j-nsp] SRX1500 (pkt mode) dhcp relay and VoIP phones
Anderson, Charles R
cra at wpi.edu
Wed Jan 16 10:16:49 EST 2019
What make/model are your IP phones? Are you doing dhcp-snooping on a
separate switch? If so, I'd advise disabling dhcp-snooping on the
SRX. Are you doing voip-vlan?
We are using Avaya 96xx-series phones on EX4200, EX4300, and EX3400
switches. The switches are doing voip-vlan and dhcp-snooping. The
EX3400 switches are behind MX150 routers using the new jdhcpd relay on
MX150 17.3R2. This is my config which works fine with our IP phones:
set forwarding-options dhcp-relay overrides allow-snooped-clients
set forwarding-options dhcp-relay overrides trust-option-82
set forwarding-options dhcp-relay server-group DHCP-SERVERS a.b.c.d
set forwarding-options dhcp-relay server-group DHCP-SERVERS w.x.y.z
set forwarding-options dhcp-relay active-server-group DHCP-SERVERS
set forwarding-options dhcp-relay group DHCP-RELAYS interface ae0.50
set forwarding-options dhcp-relay no-snoop
On Wed, Jan 16, 2019 at 09:41:49AM -0500, Michael Davis wrote:
> Thanks.. Not valid for SRX1500 platform.
> On 1/16/19 9:37 AM, Anderson, Charles R wrote:
> > Maybe try layer2-unicast-replies?
> > On Wed, Jan 16, 2019 at 08:38:34AM -0500, Michael Davis wrote:
> >> We use SRX's in pkt mode at some remote sites that don't need full blown
> >> VPN/FW
> >> security, mostly older SRX100s and SRX240s. We've recently installed a
> >> SRX1500
> >> at a larger site and everything works as expected, except none of the
> >> VoIP phones
> >> are getting their addresses from the dhcp relay. We have 6 VLANs on
> >> site and all
> >> of them get dhcp as expected, except the VoIP phones. Putting a laptop
> >> on the
> >> VoIP VLAN gets an IP correctly. Monitoring and mirroring the VLAN shows
> >> the dhcp
> >> reply packets being broadcast to the IRB, but the phones just stay in
> >> the selecting
> >> state in the binding table.
> >> This is the first SRX running the JDHCP code levels so that's suspect,
> >> but can't for
> >> the life of me see why only the phones are having issues.
> >> We were running the recommended 15.1X49-D150.2 and I upgraded this morning
> >> to 15.1X49-D160.2 without any change.
> >> Has anyone run into such an issue before?
More information about the juniper-nsp