Thank You for helping out here 🙂
So, I added both ge-0/0/1.0 and ge-0/0/2.0 to vlan10 in access mode, and here are my present config, below. Jdhcp still not giving addresses to clients. But even when I manually add ip on client 10.20.31.201, 255.255.255.0, GW 10.20.31.1, dns 8.8.8.8 the client does not get access to network.
What I'm I missing? Thank you..
## Last changed: 2018-11-09 08:24:56 GMT+1
version 15.1X49-D150.2;
system {
host-name ALPSWALL_TEST;
time-zone GMT+1;
root-authentication {
encrypted-password "greatpassword";
}
name-server {
8.8.8.8;
8.8.4.4;
}
name-resolution {
no-resolve-on-input;
}
services {
ssh;
xnm-clear-text;
dhcp-local-server {
group dhcpgroup {
interface irb.10;
}
}
web-management {
https {
system-generated-certificate;
}
session {
idle-timeout 60;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
chassis {
aggregated-devices {
ethernet {
device-count 2;
}
}
}
security {
alg {
dns disable;
ftp disable;
h323 disable;
mgcp disable;
msrpc disable;
sunrpc disable;
rtsp disable;
sccp disable;
sip disable;
talk disable;
tftp disable;
pptp disable;
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set nsw_srcnat {
from zone [ DMZ Internal ];
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone Internet to-zone DMZ {
policy All_Internet_DMZ {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
policy alllow_internet_to_dmz {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone DMZ to-zone Internet {
policy alllow_internet_to_dmz {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internal to-zone Internet {
policy All_Internal_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
policy allow_internet_to_dmz {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone Internal {
policy allow_internet_to_dmz {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internal to-zone DMZ {
policy All_Internal_DMZ {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
policy allow_lan_to_dmz {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone DMZ to-zone Internal {
policy allow_lan_to_dmz {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Internal;
security-zone DMZ;
security-zone Internet {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.20.30.2/29;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan10;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan10;
}
}
}
}
irb {
unit 10 {
family inet {
address 10.20.31.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.20.30.1;
}
}
access {
address-assignment {
pool jdhcppool {
family inet {
network 10.20.31.0/24;
range jdhcppool {
low 10.20.31.100;
high 10.20.31.200;
}
dhcp-attributes {
name-server {
8.8.8.8;
}
router {
10.20.31.1;
}
}
}
}
}
}
vlans {
vlan10 {
vlan-id 10;
l3-interface irb.10;
}
}