Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Optional Add-Ins

 

This section shows how to configure the following features, which are optional add-ins to the Collapsed Core with EVPN Multihomed Campus Network.

How to Configure DHCP

Requirements

Configure DHCP on the following devices that you configured in the How to Configure a Campus Network using EVPN Multihoming configuration example:

  • Two EX4650 or QFX5120 switches as collapsed core devices. Software version: Junos OS Release 18.4.R2-S4.

  • An external DHCP server.

Overview

Use this section to configure DHCP on the network. To avoid flooding the network with DHCP discover packets, configure DHCP on an interface in a VRF routing instance. The collapsed core devices act as a DHCP relay to a Layer 3 reachable external DHCP server.

Configuration

Step-by-Step Procedure

  1. Configure the collapsed core device to act as a DHCP relay only. It will not maintain a binding table.
  2. Create a server group and specify the IP address of the DHCP server.
  3. Specify the new server group as the active server group.
  4. Suppress the installation of access, access-internal, or destination routes during client binding during the JDHCPD process.
  5. Always set the broadcast bit to one for all types of DHCP messages. If you do not configure this option, some clients will set the bit to zero before sending the message, which is not preferable.
  6. Configure the IRBs to connect to the related VLANs and subnets and provide DHCP services to those clients.
    Note

    In this step, you can include any IRB that is part of the routing instance.

Note

You will need to repeat this configuration on all the collapsed core devices in your network.

How to Configure the SRX Router

CLI Quick Configuration

In this sample configuration, SRX is used to route user traffic from the Mist Access Points to the internet. Figure 1 shows the collapsed core network along with the SRX router. This example uses the following configuration settings:

  • VLAN 126 is used to forward traffic from the collapsed cores to the SRX and to internet.

  • VLAN 125 is used send management traffic for cloud registration and operation of the Mist AP’s.

  • VLAN 125 is also marked as a native VLAN in the trunk port where the access point is connected

  • Designate server_group_1 192.168.192.1 as the DHCP server.

For more information on configuring inter-vrf routing on the SRX router, see SRX Configuration.

Figure 1: Collapse Core Network with SRX
Collapse Core Network with
SRX

SRX Configuration

Configure the following settings on the SRX router.

Collapsed Core 1 Configuration

Configure the following settings on the collapsed core switch.

Collapsed Core 2 Configuration

Configure the following settings on the collapsed core switch.

Access Switch Configuration for Mist AP

Configure the following settings on the access switch.

Access Switch Configuration for 802.1X

We recommend that you enable 802.1x port-based network access control (PNAC) authentication for wired clients on the switches to authenticate the clients that connect to the switch ports.

There are three ways you can do this:

  • Authenticate the first end device (supplicant) on an authenticator port, and allow all other connecting end devices to also have access to the LAN

  • Authenticate a single end device on an authenticator port at one time

  • Authenticate multiple end devices on an authenticator port (this is typically used in VoIP configurations

For this example, we will configure the switch to accept multiple supplicants.

Step-by-Step Procedure

WHAT'S NEXT

Juniper’s Campus solution, based on a VXLAN overlay with EVPN control plane, is an efficient and scalable way to build and interconnect multiple campuses across a core network. With a robust BGP/EVPN implementation Juniper is well-positioned to harness the full potential of EVPN technology.

For more information on available EVPN features and how to configure them, see EVPN User Guide.