Skip to main content

Juniper DHCP Pool, LAG/LACP/AE/Bond, VLAN

165 Broome single-port network switch config with new DHCP Pool

  • Done by JohnB on 2024/07/20
  • Port 21 and 22 are a LAG for the 165OLT
  • Port 23 is the switch for the 165APs
  • ssh root@10.69.19.34 to connect to the Juniper
  • https://www.juniper.net/documentation/us/en/software/junos/cli/topics/topic-map/cli-configuration.html
  • https://wiki.mesh.nycmesh.net/books/5-networking/page/juniper-point-to-point-guide
  • First cli and then configure
  • Then to add names to the ports: set interfaces xe-0/0/21 description 165-broome-olt-1 (and similar for 22 and 23)
  • In the IPRanges sheet I reserved 10.70.185.0/26 for the Access Points of 165 Broome. So I guess 10.70.185.1 will be the virtual IP for the Juniper and 10.70.185.10 thru 10.70.185.60 can be the DHCP range
  • set interfaces irb unit 13 description 165-broome-access-points to create the IRB, assign a VLAN ID, and name it
  • Then set interfaces irb unit 13 family inet address 10.70.185.1/26 to give the IRB an IP address and range
  • Then create a VLAN with set vlans nycmesh-165-broome-access-points vlan-id 13
  • Then link the new VLAN to the IRB interface set vlans nycmesh-165-broome-access-points l3-interface irb.13
  • Now set the interface to run in access mode (untagged mode) into VLAN 13. First edit interfaces xe-0/0/23 unit 0 family ethernet-switching and then set interface-mode access and then set vlan members nycmesh-165-broome-access-points https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/task/interfaces-configuring-a-logical-interface-for-access-mode.html
  • Then add OSPF passive to IRB 12 with set protocols ospf area 0.0.0.0 interface irb.13 interface-type p2p and set protocols ospf area 0.0.0.0 interface irb.13 passive
  • Now set the dhcp-local-server to run on irb.13. First set access address-assignment pool nycmesh-165-broome-access-points family inet network 10.70.185.0/26 to create the pool, then edit access address-assignment pool nycmesh-165-broome-access-points family inet to get inside it and then some more configuration. set range access-points low 10.70.185.10 high 10.70.185.60 and set dhcp-attributes maximum-lease-time 600 and set dhcp-attributes server-identifier 10.70.185.1 and set dhcp-attributes name-server 10.10.10.10 and set dhcp-attributes name-server 1.1.1.1 and set dhcp-attributes router 10.70.185.1
  • Then link the IRB to the DHCP server set system services dhcp-local-server group nycmesh-165-broome-access-points interface irb.13
  • Then committo save the changes
  • Looking through the run show config I can confirm I see everything present and matching the format of preexisting stuff. New VLAN in VLANS, new OSPF, new DHCP pool, new IRB unit, new port configurations
  • Then show ethernet-switching table brief vlan-id 13 to show mac addresses learned on the new VLAN we just set up https://community.juniper.net/discussion/is-there-a-junos-command-equivelent-to-show-mac-address-table-address
  • Then run show dhcp server binding interface irb.13 to show all the DHCP leases on that new IRB

165 Broome two-port LAG config with existing DHCP pool

  • Done by JohnB on 2024/07/20
  • I don't think Lydon added any VLANs so when we connect the OLT it'll be connecting the members and the OLT all at once probably
  • First create the AE Aggregated Ethernet. Looks as if ae5 is the first available new one. set interfaces ae5 description nycmesh-165-broome-olt
  • Then fill out its config. For now I'm going to add it as untagged/access VLAN 11 which is the members DHCP pool which is a 1000 address /22. edit interfaces ae5 and then set aggregated-ether-options minimum-links 1and set aggregated-ether-options lacp active and then edit unit 0 and inside that, set family ethernet-switching interface-mode access and then set family ethernet-switching vlan members grandstolts
  • Now that the AE is configured with the correct VLANs, add the AE to ports 21 and 22 which constitute the OLT LAG: set interfaces xe-0/0/21 ether-options 802.3ad ae5 and set interfaces xe-0/0/22 ether-options 802.3ad ae5
  • Theoretically that's it. DHCP was already set up on IRB11, and IRB11 is bound to AE5 now which is bound to ports 21 and 22
  • I tried to committo apply the settings but got an error number of AE devices configured 6 is more than device-count 5 and I found https://community.juniper.net/discussion/qfx-5110-getting-error-number-of-ae-devices-configured-16-is-more-than-device-count-15 https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/device-count-edit-chassis.html . Sure enough show chassis aggregated-devices ethernet device-count returned 5, so I need to do the following to update it set chassis aggregated-devices ethernet device-count 6 and then the commitsucceeded
  • now run show interfaces ae5 shows the interface is up, meaning the LAG is working.
  • I ran run show ethernet-switching table brief vlan-id 11 and looked through the output and sure enough e4:38:83:ef:5e:27 on ae5 showed up in the mac list!
  • I ran run show dhcp server binding e4:38:83:ef:5e:27 to find the DHCP address of the OLT and it returned 10.70.184.37
  • I confirmed https://10.70.184.37 is reachable, amazing! So we have a link to 165 Broome
  • I have the OLT at Olmsted set up as having management disabled on SFP ports (thus relying on the management RJ45 for access). The Management RJ45 is plugged in to an untagged OOB port on the Brocade. Meanwhile the VLANs configuration is VLAN1 untagged on all ports, VLAN11 tagged on all ports.
  • 165 Broome is currently set up without an OLT MGMT RJ45 (though one could be plugged into the switch above it). OLT MGMT access is done over the SFPs on VLAN1 according to the settings.
  • A TODO (or a suggestion rather) is to change the LAG to a trunk port rather than an access port on the Juniper. Then pass through the OLT VLAN 11 and the OOB VLAN 12. Leave the native VLAN unset, or as 1 as it won't be used. Then configure the ONUs to run on VLAN 11, and configure the OLT MGMT on the SFPs to run on VLAN 12. Do the OLT configuration first so that connection will be lost, but can be regained by correctly configuring the Juniper side. The OLT IP will then be given out by IRB12 instead of IRB11
  • On the Juniper side, edit interfaces ae5 unit 0 family ethernet-switching and then set interface-mode trunk and then set vlan members grandstoob grandstolts
  • Then commitand the updated config should be applied.
  • Sure enough run show ethernet-switching table brief vlan-id 12 shows ae5 as having the OLT MAC e4:38:83:ef:5e:27
  • I tried run show dhcp server binding e4:38:83:ef:5e:27 but it didn't show any bindings, so I think I need to wait for the DHCP lease to expire before running this again. Yay after a few minutes it showed up, 10.70.184.37. I can't seem to ping it though, oddly enough. Oh wait it's because that's an old IP from the OLT network and not the OOB network, so it's probably routing to the wrong place. I need it to have a 10.70.188.0/24 address.
  • Setting a static lease for the OLT with edit access address-assignment pool oob family inet and then set host nycmesh-1935-165-broome-olt hardware-address e4:38:83:ef:5e:27 and set host nycmesh-1935-165-broome-olt ip-address 10.70.188.19 and then commit
  • It still didn't seem to pick up the new address so I ran clear dhcp server binding e4:38:83:ef:5e:27 to try and flush it https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/command/clear-dhcp-client-binding-srx.html
  • Ah! https://www.reddit.com/r/Juniper/comments/nqx90j/dhcp_leases_given_in_wrong_vlan/ describes what happened. "If a device gets a lease in one VLAN and is later moved to a new VLAN, if the request contains a previously used IP, Junos by default will accept the request" https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/requested-ip-network-match-edit-system-services.html I need to add set system services dhcp-local-server requested-ip-interface-match https://supportportal.juniper.net/s/article/SRX-SRX-assigns-an-IP-address-from-a-wrong-DHCP-pool-to-DHCP-client-in-certain-scenario?language=en_US
  • Sure enough run show dhcp server binding e4:38:83:ef:5e:27 detail shows the new IP after the update, https://10.70.188.19
  • Also updated the OLT from firmware 4.5.2 to 4.8.0

Out of Band OOB DHCP Pool Modification and Static DHCP Leases

  • If there's a MAC address that should always have the same IP, assign it an IP preferably outside the pool range but also inside the pool works
  • If the VLAN of the OOB network is 12, check the current leases with show dhcp server binding interface irb.12 brief
  • Change the lower bound of a DHCP pool, say from 50 to 100, with set range oobs low 10.70.188.100. If the pool size was previously 200 addresses, from 50-250, now it would be 150 addresses, 100-250
  • Get the IP of a specific MAC address with run show dhcp server binding b8:69:f4:86:85:d5
  • Get into the region of the config concerning the OOB DHCP space with edit access address-assignment pool oob family inet and then run separate set commands from there
  • For an existing static IP, say with config name nycmesh-1933-hexs the command set host nycmesh-1933-hexs hardware-address b8:69:f4:86:85:d5 can update the configured MAC for this static IP from whatever it used to be into b8:69:f4:86:85:d5
  • Validate the exact changes/diff with show | compare and then run commit to apply the changes permanently