[j-nsp] SRX1500 (pkt mode) dhcp relay and VoIP phones

Michael Davis davis at udel.edu
Wed Jan 16 11:07:39 EST 2019

Thanks.  These are many different models of Cisco phones, as well
as panasonic cordless voip phones.

We are doing snooping on the access switches (ex3300s), but we've
always done this and have tried turning it on/off both the EX's as well
as the SRX.  The Cisco phones use voice-vlan lldp detection and are in
the binding table on the correct vlan.  The panasonic are hardwired
to the voice-vlan.

My SRX dhcp relay config is the same and since it works for other
devices on the voice-vlan (don't have the no-snoop option), I have
to suspect that these older phones are expecting a unicast dhcp
reply that the SRX appears unable to deliver.  I may try a jump up to
JunOS 17 just as a last test, but I'm not optimistic..


On 1/16/19 10:16 AM, Anderson, Charles R wrote:
> What make/model are your IP phones?  Are you doing dhcp-snooping on a
> separate switch?  If so, I'd advise disabling dhcp-snooping on the
> SRX.  Are you doing voip-vlan?
> We are using Avaya 96xx-series phones on EX4200, EX4300, and EX3400
> switches.  The switches are doing voip-vlan and dhcp-snooping.  The
> EX3400 switches are behind MX150 routers using the new jdhcpd relay on
> MX150 17.3R2. This is my config which works fine with our IP phones:
> set forwarding-options dhcp-relay overrides allow-snooped-clients
> set forwarding-options dhcp-relay overrides trust-option-82
> set forwarding-options dhcp-relay server-group DHCP-SERVERS a.b.c.d
> set forwarding-options dhcp-relay server-group DHCP-SERVERS w.x.y.z
> set forwarding-options dhcp-relay active-server-group DHCP-SERVERS
> set forwarding-options dhcp-relay group DHCP-RELAYS interface ae0.50
> set forwarding-options dhcp-relay no-snoop
> On Wed, Jan 16, 2019 at 09:41:49AM -0500, Michael Davis wrote:
>> Thanks.. Not valid for SRX1500 platform.
>> On 1/16/19 9:37 AM, Anderson, Charles R wrote:
>>> Maybe try layer2-unicast-replies?
>>> On Wed, Jan 16, 2019 at 08:38:34AM -0500, Michael Davis wrote:
>>>> We use SRX's in pkt mode at some remote sites that don't need full blown
>>>> VPN/FW
>>>> security, mostly older SRX100s and SRX240s.  We've recently installed a
>>>> SRX1500
>>>> at a larger site and everything works as expected, except none of the
>>>> VoIP phones
>>>> are getting their addresses from the dhcp relay.  We have 6 VLANs on
>>>> site and all
>>>> of them get dhcp as expected, except the VoIP phones.  Putting a laptop
>>>> on the
>>>> VoIP VLAN gets an IP correctly.  Monitoring and mirroring the VLAN shows
>>>> the dhcp
>>>> reply packets being broadcast to the IRB, but the phones just stay in
>>>> the selecting
>>>> state in the binding table.
>>>> This is the first SRX running the JDHCP code levels so that's suspect,
>>>> but can't for
>>>> the life of me see why only the phones are having issues.
>>>> We were running the recommended 15.1X49-D150.2 and I upgraded this morning
>>>> to 15.1X49-D160.2 without any change.
>>>> Has anyone run into such an issue before?

More information about the juniper-nsp mailing list