Category Archives: DHCP

Dynamic Host Configuration Protocol

Juniper ScreenOS: DHCPv6 Prefix Delegation

The Juniper ScreenOS firewall is one of the seldom firewalls that implements DHCPv6 Prefix Delegation (DHCPv6-PD). It therefore fits for testing my dual stack ISP connection from Deutsche Telekom, Germany. (Refer to this post for details about this dual stack procedure.)

It was *really* hard to get the correct configuration in place. I was not able to do this by myself at all. Also Google did not help that much. Finally, I opened a case by Juniper to help me finding the configuration error. After four weeks of the opened case, I was told which command was wrong. Now it’s working. 😉 Here we go.

Continue reading Juniper ScreenOS: DHCPv6 Prefix Delegation

Telekom Dual-Stack Verbindungsaufbau

Bis neulich hatte ich einen normalen DSL-Anschluss von 1&1: Per PPPoE eingewählt und eine IPv4-Adresse bekommen – fertig. Das kann neben der FRITZ!Box natürlich auch jeder vernünftige Router oder Firewall.

Jetzt habe ich endlich einen richtigen Dual-Stack (IPv4 und IPv6) Anschluss der Telekom (Glasfaser “MagentaZuhause M” ohne Fernsehen, siehe hier). Juchu! 😉 Bevor ich jedoch den mitgelieferten Speedport durch diverse andere Testgeräte ersetze, wollte ich mal vernünftig mitschneiden, welche Protokolle denn bei einem Verbindungsaufbau genau eingesetzt werden. Vor allem die Prefix Delegation über DHCPv6 interessierte mich…

Continue reading Telekom Dual-Stack Verbindungsaufbau

DHCP Sequences: Broadcast vs. Unicast

I missed a sequence diagram for DHCP which not only shows the four basic messages (DISCOVER, OFFER, REQUEST, ACK), but also the used source/destination addresses and ports, the type of connection (unicast/broadcast), the differences between the initial and the renewing messages, and the needed firewall rules for allowing DHCP traffic to/from the own interface or to/from a DHCP relay agent.

Here it comes! 🙂

Continue reading DHCP Sequences: Broadcast vs. Unicast

Juniper ScreenOS DHCP Relay: “Use Interface as Source IP for VPN”

I had strange looking DHCP packets in my network as I tested around with DHCP relays on the Juniper SSG firewall. Some packets were blocked and I didn’t know why. After some troubleshooting it was clear that the checkmark “Use xy Zone Interface as Source IP for VPN” has a big impact in all environments even without the usage of a VPN!

Continue reading Juniper ScreenOS DHCP Relay: “Use Interface as Source IP for VPN”

Vortrag: IPv6 Man-in-the-Middle Attacken auf Schicht 2 (IPv6-Kongress 2013)

Hier gibt es meinen Vortrag vom IPv6-Kongress 2013 in Frankfurt zum Download.

Es ist eine PDF-Datei in der a) die Präsentationsfolien und b) eine Menge Kommentare von mir stehen, die quasi das Gesagte während des Vortrags ziemlich gut abdecken.

download-buttons02

Continue reading Vortrag: IPv6 Man-in-the-Middle Attacken auf Schicht 2 (IPv6-Kongress 2013)