[j-nsp] SRX1500 (pkt mode) dhcp relay and VoIP phones

Michael Davis davis at udel.edu
Wed Jan 30 10:53:12 EST 2019


To close the loop on this, it turned out to be the global l2-learning
mode on the SRX1500.  It is set by default in transparent bridging mode.
Changing this to switching mode cleared up the DHCP broadcast response
that the VoIP phones were having..

https://kb.juniper.net/InfoCenter/index?page=content&id=KB31081


On 1/16/19 11:07 AM, Michael Davis wrote:
> Thanks. These are many different models of Cisco phones, as well
> as panasonic cordless voip phones.
>
> We are doing snooping on the access switches (ex3300s), but we've
> always done this and have tried turning it on/off both the EX's as well
> as the SRX.  The Cisco phones use voice-vlan lldp detection and are in
> the binding table on the correct vlan.  The panasonic are hardwired
> to the voice-vlan.
>
> My SRX dhcp relay config is the same and since it works for other
> devices on the voice-vlan (don't have the no-snoop option), I have
> to suspect that these older phones are expecting a unicast dhcp
> reply that the SRX appears unable to deliver.  I may try a jump up to
> JunOS 17 just as a last test, but I'm not optimistic..
>
> thanks
> mike
>
>
> On 1/16/19 10:16 AM, Anderson, Charles R wrote:
>> What make/model are your IP phones?  Are you doing dhcp-snooping on a
>> separate switch?  If so, I'd advise disabling dhcp-snooping on the
>> SRX.  Are you doing voip-vlan?
>>
>> We are using Avaya 96xx-series phones on EX4200, EX4300, and EX3400
>> switches.  The switches are doing voip-vlan and dhcp-snooping. The
>> EX3400 switches are behind MX150 routers using the new jdhcpd relay on
>> MX150 17.3R2. This is my config which works fine with our IP phones:
>>
>> set forwarding-options dhcp-relay overrides allow-snooped-clients
>> set forwarding-options dhcp-relay overrides trust-option-82
>> set forwarding-options dhcp-relay server-group DHCP-SERVERS a.b.c.d
>> set forwarding-options dhcp-relay server-group DHCP-SERVERS w.x.y.z
>> set forwarding-options dhcp-relay active-server-group DHCP-SERVERS
>> set forwarding-options dhcp-relay group DHCP-RELAYS interface ae0.50
>> set forwarding-options dhcp-relay no-snoop
>>
>>
>> On Wed, Jan 16, 2019 at 09:41:49AM -0500, Michael Davis wrote:
>>> Thanks.. Not valid for SRX1500 platform.
>>>
>>> On 1/16/19 9:37 AM, Anderson, Charles R wrote:
>>>> Maybe try layer2-unicast-replies?
>>>>
>>>> On Wed, Jan 16, 2019 at 08:38:34AM -0500, Michael Davis wrote:
>>>>> We use SRX's in pkt mode at some remote sites that don't need full 
>>>>> blown
>>>>> VPN/FW
>>>>> security, mostly older SRX100s and SRX240s.  We've recently 
>>>>> installed a
>>>>> SRX1500
>>>>> at a larger site and everything works as expected, except none of the
>>>>> VoIP phones
>>>>> are getting their addresses from the dhcp relay.  We have 6 VLANs on
>>>>> site and all
>>>>> of them get dhcp as expected, except the VoIP phones. Putting a 
>>>>> laptop
>>>>> on the
>>>>> VoIP VLAN gets an IP correctly.  Monitoring and mirroring the VLAN 
>>>>> shows
>>>>> the dhcp
>>>>> reply packets being broadcast to the IRB, but the phones just stay in
>>>>> the selecting
>>>>> state in the binding table.
>>>>>
>>>>> This is the first SRX running the JDHCP code levels so that's 
>>>>> suspect,
>>>>> but can't for
>>>>> the life of me see why only the phones are having issues.
>>>>>
>>>>> We were running the recommended 15.1X49-D150.2 and I upgraded this 
>>>>> morning
>>>>> to 15.1X49-D160.2 without any change.
>>>>>
>>>>> Has anyone run into such an issue before?
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


-- 
  Mike Davis
  Systems Programmer V
  NSS - University of Delaware - 302.831.8756
  Newark, DE 19716	Email davis at udel.edu



More information about the juniper-nsp mailing list