How To Use a DHCP relay (JUNOS)

Have you ever faced the problem where you only want to have one DHCP server on the network for central management of your scopes, but you have multiple Vlans? HTG explains how to use a DHCP relay agent.

Overview

The DHCP protocol was created so that clients could obtain their IP address automatically and without human intervention (yes that used to be an actual part of IT-ing, back in the day). The way this works is that when a client connects to the network, it sends out a “broadcast” packet asking to find the DHCP server. That used to be “ok” until Vlans came along. Vlans create boundaries  and segment your physical network into several virtually isolated ones (hence the name V-LAN). One of the downsides to Vlans is that now the DHCP server and the clients can’t directly communicate, because “brodcast” packets cannot “jump” networks. So, how do you avoid having a DHCP server per-Vlan, and deliver the DHCP requests from the clients in a Vlan, back to the central server?

DHCP relays were invented to over come this exact problem by essentially “routing” or “proxy-ing” the client’s requests. The requests are broadcasted by the clients on their local network, the relay-agent catches them and forwards them to the DHCP server using unicast. The returned DHCP answer gets to the relay agent using unicast as well, and the relay agent sends the answer on the client’s network.

DHCP relays can come in many shapes and forms: there is the Microsoft’s “relay-agent”, Cisco’s “IP helper” and Juniper’s “helpers bootp” to mention a few. They all do the same thing, and in this guide we will go over how to configure it on a JunOS device.

The GUI way

It is my firm belief, that there shouldn’t be a need to go under the hood for simple configurations such as this, so I’ve worked with Juniper’s support to find the GUI way to this configuration.

You will need to have:

• From the layer3 switch, the “l3-interface” notation for the Vlan you want to enable the forwarding for.
• The IP of the DHCP server that will serve the requests.

Obtain the Vlan-ID

To obtain the “interface” notation of the Vlan, open the device’s WebGUI, and go to “Configure”.

Under “Switching”, click on “VLAN” and select the Vlan you need from the list.

In the details pane, the value of “Multilayer switching(RVI)” is the required “interface” name. Make a note of the value.

Configure forwarding

In the device’s WebGUI, go to “Configure” -> “CLI Tools” -> “Point and Click CLI”.

Click on “Forwarding options” -> “Configure”.

Note: If you already have a configuration in any of the below categories, you will have an “Edit” button instead.

Click on “Helpers” -> “Configure”.

Click on “Bootp” -> “Configure”.

Click on “Server” -> “Add new entry”.

Put in the IP of the DHCP server and click OK.

Click on “Interface” -> “Add new entry”.

Enter the name of the “interface” or “Multilayer switching(RVI)” value of the Vlan you want to forward for as noted from the segment above.

When you’re done, your configuration should look something like the below picture.

Commit your changes.

The CLI way

As stated above, I am not a fan of the CLI way. With that said, you may not have a choice in the matter, or you may need this procedure to be scriptable. What ever the case may be, the documentation explains that these two lines do the trick (assuming you have everything else set up):

set forwarding-options helpers bootp server 192.168.190.7
set forwarding-options helpers bootp interface vlan.2

Where the above IP and Vlan name should be changed to reflect your setup.

On the DHCP server’s side

I’ve done this configuration numerous times and have always connected back to Microsoft’s DHCP server. At least in Microsoft’s implementation  there is no need for any additional configuration on the server’s side, other than to create the appropriate scope. That is, you need to have a scope that corresponds with the Vlan interface the request is coming from. In our example, the L3 switch’s IP was 192.168.191.254 with a netmask of 255.255.255.0 (class C). The DHCP configuration to handle the relayed scope/s of our example looks like:

That is it. You should be all set.

How Can I Tell What is Listening on a TCP/IP Port in Windows.

Whenever an application wants to make itself accessible over the network, it claims a TCP/IP port, which means that port can’t be used by anything else. So if you need to use an in-use port, how do you tell what application is holding it?

There’s a number of ways to tell what application has the port locked, but we’ll walk through the built-in way using the command line and Task Manager, and then a great freeware application that does it all in one utility.

Use Built-In Tools to See What is Listening on a Port

The first step is to use a command-line tool to see what ports are in use, and use a special flag that tells us which port is assigned to each Windows process identifier number. Then we can use that number to look up exactly which process it is.

Open up a command prompt and type in the following—you may have to open in Administrator mode to see all processes:

netstat -aon | more

If you look on the right-hand side, you’ll see where I’ve highlighted the list of PIDs, or Process Identifiers. Find the one that’s bound to the port that you’re trying to troubleshoot—for this example, you’ll see that 0.0.0.0:80, or port 80, is in use by PID 4708.

Now you can simply open up Task Manager—you might have to use the option to Show Processes for All Users, and then you’ll be able to find the PID in the list. Once you’re there, you can use the End Process, Open File Location, or Go to Service(s) options to control the process or stop it.

Use CurrPorts to View What is Listening

If you aren’t really the command-line type, or you’d rather just use a simple utility to do it all in one step, you can use the excellent freeware CurrPorts utility by NirSoft, one of our favorite freeware authors.

Just open up the utility, and you can see everything—processes, ports, remote ports, the full path to the process.

If you double-click on any of the items, you’ll see every single detail.

You can also use CurrPorts to directly kill the process if you want.