Community Forum

Juniper SRX config for DHCPv6 ?

Xfinity Forum Archive
About the archive project

Xfinity Forum Archive...

This is an archived section of the community.

Content in this area has been identified as outdated or irrelevant.

This change was done in an effort to make the forum easier to use and to keep only the most helpful and recent content active.

Post your questions in the Xfinity Community

New Poster

Juniper SRX config for DHCPv6 ?

Does anybody have a Juniper SRX working on Comcast service for both IPv4 and IPv6 dual-stack? I have IPv4 working but not IPv6. Details below...

 

 

I have Comcast resedential service in the Denver, CO area. Modem is an SB6121. I know this is getting old, but the 75Mbps service is plenty for me and the SB6121 does that just fine.

 

I'm using a Juniper SRX-100B as my firewall/router. I'm currently running JunOS 

12.1X46-D40.2 on it (the last recommended version for a 100. The SB6121 modem is connected directly to the first port on the SRX (fe-0/0/0).

 

DHCPv4 works just fine. The SRX gets an IPv4 address from Comcast and configures it on fe-0/0/0.0. Outbound access from the LAN (on fe-0/0/1.0) works just fine (NATing to the interface IP on fe-0/0/0.0). I see around 80Mbps when I run a speed test, so I'm pretty sure the modem and the SRX are working fine, at least for IPv4.

 

DHCPv6 does not seem to work at all. It just sits in the INIT state and never appears to get a response from Comcast's DHCP servers. The fe-0/0/0.0 interface generates a link-local IPv6 address for itself, but that's all.

 

Relevant parts of my config are below:

> show configuration interfaces fe-0/0/0 

unit 0 {

    family inet {

        dhcp-client;

    }

    family inet6 {

        dhcpv6-client {

            client-type statefull;

            client-ia-type ia-na;

            client-identifier duid-type duid-ll;

            retransmission-attempt 6;

        }

    }

}

 

> show configuration security zones security-zone untrust

screen untrust-screen;

interfaces {

    fe-0/0/0.0 {

        host-inbound-traffic {

            system-services {

                ping;

                dhcp;

                dhcpv6;

            }

            protocols {

                router-discovery;

            }

        }

    }

}

 

> show dhcpv6 client binding detail 

Client Interface: fe-0/0/0.0

     Hardware Address:             50:c5:8d:2f:de:40

     State:                        INIT(DHCPV6_CLIENT_STATE_INIT)

     ClientType:                   STATEFUL

     Bind Type:                    IA_NA

     Client DUID:                  LL0x3-50:c5:8d:2f:de:40

     Rapid Commit:                 Off

     Server Ip Address:            ::/0

     Client IP Address:            ::/0

 

New Poster

Re: Juniper SRX config for DHCPv6 ?

I'm having the same issue.

Running an SRX300 with 15.1X49-D50.3.

I did a tcpdump on the outside interface and saw the dhcpv6 solicitation and then 2x advertisements coming back from comcast side.

But my srx did not generated a request message back to comcast dhcpv6 server.

 

If anyone had many this work, please spread the knowledge

 

New Poster

Re: Juniper SRX config for DHCPv6 ?

I'm curious if you see what I saw in the advertisements back: a next hop limit of ZERO. My srx is sending back ICMPv6 Time Exceeded.
New Poster

Re: Juniper SRX config for DHCPv6 ?

I did found the solution for this, which is basically block all re-advertisement coming from the comcast IPs

 

Please contact your JTAC engineer and they should be able to provide that info/Config.

 

Expert
Moved:

Re: Juniper SRX config for DHCPv6 ?