Ask the Expert

Expand all | Collapse all

EX2200: warning: dhcp subsystem not running - not needed by configuration.

  • 1.  EX2200: warning: dhcp subsystem not running - not needed by configuration.

    Posted 8 days ago
    Hello, 

    I'm having trouble getting DHCP to work on my 24-port EX2200.  It's running version 12.3 and has the jdhcpd daemon. 
    I have some IP phones that  i have set under vlan 10 and was trying to set up multiple ports to grab IPs dynamically via DHCP when a phone is plugged in to the EX2200. I have a phone hooked up to ge-0/0/4 right now and it is not getting an IP address, however i do see the MAC address of the phone coming up. I set up my DHCP configs as follows:


    ** I've marked some IPs as x.x.x.x. for obvious reasons **

    interfaces {
    interface-range VOIP {
    member-range ge-0/0/4 to ge-0/0/22;
    description "Access - VOIP";
    unit 0 {
    family ethernet-switching {
    port-mode access;
    }
    }

    access {
    address-assignment {
    pool VOIP-pool {
    family inet {
    network 10.26.73.192/26;
    dhcp-attributes {
    maximum-lease-time 4800;
    name-server {
    x.x.x.x; 
    x.x.x.x;
    }
    router {
    10.26.73.193;
    }
    option 66 string x.x.x.x/bw;
    }
    }
    }
    }
    }
    ethernet-switching-options {
    voip {
    interface VOIP {
    vlan 10;
    }
    }
    }
    vlans {
    MGMT {
    description MGMT-TEST_Cust;
    vlan-id 200;
    l3-interface vlan.200;
    }
    TEST_Cust-DIA_HAND-OFF {
    description "TEST_Cust DIA HAND-OFF";
    vlan-id 20;
    l3-interface vlan.20;
    }
    VOIP {
    description VOIP;
    vlan-id 10;
    l3-interface vlan.10;
    }
    }
    poe {
    interface VOIP;
    }
    ======================================================
    jcabiling@CE-EX2300-TEST_Cust> show dhcp server binding

    {master:0}
    jcabiling@CE-EX2300-TEST_Cust> show dhcp server statistics
    Packets dropped:
    Total 0

    Messages received:
    BOOTREQUEST 0
    DHCPDECLINE 0
    DHCPDISCOVER 0
    DHCPINFORM 0
    DHCPRELEASE 0
    DHCPREQUEST 0

    Messages sent:
    BOOTREPLY 0
    DHCPOFFER 0
    DHCPACK 0
    DHCPNAK 0
    DHCPFORCERENEW 0

    {master:0}

    ------------------------------
    JENNA V.
    ------------------------------


  • 2.  RE: EX2200: warning: dhcp subsystem not running - not needed by configuration.

     
    Posted 7 days ago
    You are not showing the system services portion of the config is this also there?

    set system services dhcp-local-server group-name interface interface-name

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dhcp-for-switching-devices.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: EX2200: warning: dhcp subsystem not running - not needed by configuration.

    Posted yesterday
    Hi Steve,

    Thank you so much for your response. This is the current running config on the EX2200 listed below. I have a private block assigned on my DHCP pool  of 10.26.73.192/26 configured and have a Polycom phone plugged in to port ge-0/0/4 and it's not pulling an IP.


    set version 12.3R12.4
    set system host-name CE-EX2300-TEST_Cust
    set system time-zone America/New_York
    set system authentication-order tacplus
    set system authentication-order password
    set system root-authentication encrypted-password "xxxxxxxxxxxxxxxxx"
    set system tacplus-server 66.208.1.145 secret "xxxxxxxxxx"
    set system tacplus-server 66.208.1.145 timeout 30
    set system tacplus-server 66.208.1.147 secret "xxxxxxxxxxxxxxx"
    set system tacplus-server 66.208.1.147 timeout 30
    set system login user allied uid 2000
    set system login user allied class super-user
    set system login user allied authentication encrypted-password "xxxxxxxxxxxxxxxxxx"
    set system login user remote uid 2001
    set system login user remote class super-user
    set system services ssh max-sessions-per-connection 32
    set system services ssh ciphers blowfish-cbc
    set system services ssh ciphers 3des-cbc
    set system services ssh ciphers aes128-cbc
    set system services ssh ciphers aes192-cbc
    set system services ssh ciphers aes256-cbc
    set system services ssh key-exchange dh-group1-sha1
    set system services ssh key-exchange dh-group14-sha1
    set system services ssh key-exchange ecdh-sha2-nistp256
    set system services ssh key-exchange ecdh-sha2-nistp384
    set system services ssh key-exchange ecdh-sha2-nistp521
    set system services ssh key-exchange group-exchange-sha1
    set system services ssh key-exchange group-exchange-sha2
    set system services xnm-clear-text
    set system services netconf ssh
    set system services dhcp traceoptions file dhcp-server.log
    set system services dhcp traceoptions flag all
    set system services dhcp pool 10.26.73.192/26 address-range low 10.26.73.200
    set system services dhcp pool 10.26.73.192/26 address-range high 10.26.73.254
    set system services dhcp pool 10.26.73.192/26 default-lease-time 86400
    set system services dhcp pool 10.26.73.192/26 name-server 66.208.1.2
    set system services dhcp pool 10.26.73.192/26 name-server 66.208.2.2
    set system services dhcp pool 10.26.73.192/26 router 10.26.73.193
    set system services dhcp pool 10.26.73.192/26 boot-server 162.250.240.131/bw
    set system syslog archive size 100k
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog host 66.208.1.145 any any
    set system syslog host 66.208.1.145 facility-override local5
    set system syslog host 66.208.1.147 any any
    set system syslog host 66.208.1.147 facility-override local5
    set system syslog file messages any critical
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands error
    set system syslog file interface any any
    set system syslog file interface match "ifOperStatus|UpDown"
    set system syslog file default-log-messages any info
    set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)"
    set system syslog file default-log-messages structured-data
    set system syslog source-address 10.128.128.22
    set system max-configurations-on-flash 49
    set system ddos-protection traceoptions file ddos.log
    set system ddos-protection traceoptions file size 10m
    set system ddos-protection traceoptions file files 10
    set system ddos-protection traceoptions flag all
    set system ntp server 66.208.0.160
    set system ntp server 66.208.0.161
    set chassis aggregated-devices ethernet device-count 32
    set interfaces interface-range voice-vlan member-range ge-0/0/4 to ge-0/0/22
    set interfaces interface-range voice-vlan description "Access - voice-vlan"
    set interfaces interface-range voice-vlan unit 0 family ethernet-switching port-mode access
    set interfaces ge-0/0/0 description "TEST_Customer LAN"
    set interfaces ge-0/0/0 unit 0 bandwidth 100m
    set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
    set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members TEST_Cust-DIA_HAND-OFF
    set interfaces ge-0/0/1 description OPEN
    set interfaces ge-0/0/1 disable
    set interfaces ge-0/0/2 description OPEN
    set interfaces ge-0/0/2 disable
    set interfaces ge-0/0/3 description "Inside FW"
    set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode access
    set interfaces ge-0/0/23 description "ge-0/0/23 - Static - TEST_Customer MGMT - Uplink"
    set interfaces ge-0/0/23 unit 0 bandwidth 100m
    set interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk
    set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members MGMT
    set interfaces lo0 unit 0 family inet filter input protect-RE
    set interfaces lo0 unit 0 family inet address 127.0.0.1/32
    set interfaces vlan unit 10 family inet address 10.26.73.193/26
    set interfaces vlan unit 20 family inet address 216.185.30.57/30
    set interfaces vlan unit 20 family inet address 216.59.104.153/29
    set interfaces vlan unit 200 family inet address 10.76.9.178/30
    set snmp community "atg%snmp" client-list-name SNMP-LIST
    set snmp community "atg%cpe" client-list-name SNMP-LIST
    set snmp trap-group space targets 66.208.1.181
    set routing-options static route 0.0.0.0/0 next-hop 10.76.9.177
    set protocols lldp-med interface voice-vlan
    set policy-options prefix-list SNMP-LIST 66.208.0.0/22
    set policy-options prefix-list SNMP-LIST 66.208.1.180/31
    set policy-options prefix-list SNMP-LIST 66.208.1.180/32
    set policy-options prefix-list SNMP-LIST 66.208.2.0/24
    set policy-options prefix-list SNMP-LIST 66.208.2.180/31
    set policy-options prefix-list SNMP-LIST 66.208.2.180/32
    set policy-options prefix-list SNMP-LIST 162.250.240.48/32
    set policy-options prefix-list SNMP-LIST 162.250.240.56/32
    set policy-options prefix-list SSH-LIST 10.0.0.0/8
    set policy-options prefix-list SSH-LIST 10.45.0.0/21
    set policy-options prefix-list SSH-LIST 66.208.0.0/23
    set policy-options prefix-list SSH-LIST 66.208.2.0/24
    set policy-options prefix-list SSH-LIST 66.208.2.180/32
    set policy-options prefix-list SSH-LIST 66.208.48.0/28
    set policy-options prefix-list SSH-LIST 216.59.119.0/24
    set policy-options prefix-list BGP-LIST apply-path "protocols bgp group <*> neighbor <*>"
    set policy-options prefix-list BGP-LIST-GROUPS apply-path "groups <*> protocols bgp group <*> neighbor <*>"
    set policy-options prefix-list VRF-BGP-LIST apply-path "routing-instances <*> protocols bgp group <*> neighbor <*>"
    set policy-options prefix-list VRF-BGP-LIST-GROUPS apply-path "groups <*> routing-instances <*> protocols bgp group <*> neighbor <*>"
    set policy-options prefix-list TACACS-LIST 66.208.1.145/32
    set policy-options prefix-list TACACS-LIST 66.208.1.147/32
    set policy-options prefix-list TACACS-LIST apply-path "system tacplus-server <*>"
    set policy-options prefix-list VRRP-LIST 224.0.0.18/32
    set policy-options prefix-list MULTICAST-ALL-ROUTERS 224.0.0.2/32
    set policy-options prefix-list ROUTER-INTERFACE-IPv4 apply-path "interfaces <*> unit <*> family inet address <*>"
    set policy-options prefix-list ROUTER-INTERFACE-IPv6 apply-path "interfaces <*> unit <*> family inet6 address <*>"
    set policy-options prefix-list ROUTER-INTERFACE-IPv4-GROUPS apply-path "groups <*> interfaces <*> unit <*> family inet address <*>"
    set policy-options prefix-list ROUTER-INTERFACE-IPv6-GROUPS apply-path "groups <*> interfaces <*> unit <*> family inet6 address <*>"
    set policy-options prefix-list NTP-LIST 66.208.0.0/24
    set policy-options prefix-list NTP-LIST apply-path "system ntp server <*>"
    set policy-options prefix-list FW-ICMP-ALLOW-LIST 10.0.0.0/8
    set policy-options prefix-list FW-ICMP-ALLOW-LIST 66.208.0.0/18
    set policy-options prefix-list ROUTER-INTERFACE-IPv6-LinkLocal fe80::/10
    set policy-options prefix-list JUNOS-SPACE-LIST 66.208.1.180/32
    set policy-options prefix-list JUNOS-SPACE-LIST 66.208.2.180/32
    set policy-options prefix-list JUNOS-SPACE-LIST 162.250.240.48/32
    set policy-options prefix-list JUNOS-SPACE-LIST 162.250.240.56/32
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class expedited-forwarding loss-priority low code-points 101110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class assured-forwarding loss-priority low code-points 011010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class assured-forwarding loss-priority low code-points 001010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class assured-forwarding loss-priority low code-points 001100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class assured-forwarding loss-priority low code-points 001110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class network-control loss-priority low code-points 110000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class network-control loss-priority low code-points 111000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 001000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 001001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 001011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 001101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 001111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111111
    set class-of-service interfaces ge-0/0/4 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/5 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/6 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/7 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/8 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/9 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/10 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/11 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/12 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/13 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/14 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/15 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/16 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/17 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/18 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/19 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/20 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/21 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/22 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service scheduler-maps Core-QoS forwarding-class expedited-forwarding scheduler Core-VoIP
    set class-of-service scheduler-maps Core-QoS forwarding-class network-control scheduler Core-NC
    set class-of-service scheduler-maps Core-QoS forwarding-class assured-forwarding scheduler Core-SIG
    set class-of-service scheduler-maps Core-QoS forwarding-class best-effort scheduler Core-BE
    set class-of-service schedulers Core-VoIP transmit-rate percent 80
    set class-of-service schedulers Core-VoIP priority strict-high
    set class-of-service schedulers Core-SIG transmit-rate percent 5
    set class-of-service schedulers Core-SIG priority low
    set class-of-service schedulers Core-NC transmit-rate percent 5
    set class-of-service schedulers Core-NC priority strict-high
    set class-of-service schedulers Core-BE transmit-rate remainder
    set firewall family inet filter protect-RE interface-specific
    set firewall family inet filter protect-RE term TCP-CONTROL from source-prefix-list SSH-LIST
    set firewall family inet filter protect-RE term TCP-CONTROL from source-prefix-list BGP-LIST
    set firewall family inet filter protect-RE term TCP-CONTROL from source-prefix-list TACACS-LIST
    set firewall family inet filter protect-RE term TCP-CONTROL from protocol tcp
    set firewall family inet filter protect-RE term TCP-CONTROL then accept
    set firewall family inet filter protect-RE term SSH-ACCESS from source-prefix-list SSH-LIST
    set firewall family inet filter protect-RE term SSH-ACCESS from source-prefix-list JUNOS-SPACE-LIST
    set firewall family inet filter protect-RE term SSH-ACCESS from protocol tcp
    set firewall family inet filter protect-RE term SSH-ACCESS from destination-port ssh
    set firewall family inet filter protect-RE term SSH-ACCESS from destination-port 830
    set firewall family inet filter protect-RE term SSH-ACCESS then accept
    set firewall family inet filter protect-RE term SNMP-ACCESS from source-prefix-list SNMP-LIST
    set firewall family inet filter protect-RE term SNMP-ACCESS from protocol udp
    set firewall family inet filter protect-RE term SNMP-ACCESS from destination-port snmp
    set firewall family inet filter protect-RE term SNMP-ACCESS from destination-port snmptrap
    set firewall family inet filter protect-RE term SNMP-ACCESS then accept
    set firewall family inet filter protect-RE term TACACS-ACCESS from source-prefix-list TACACS-LIST
    set firewall family inet filter protect-RE term TACACS-ACCESS from protocol tcp
    set firewall family inet filter protect-RE term TACACS-ACCESS from protocol udp
    set firewall family inet filter protect-RE term TACACS-ACCESS from source-port tacacs
    set firewall family inet filter protect-RE term TACACS-ACCESS from source-port 48
    set firewall family inet filter protect-RE term TACACS-ACCESS then accept
    set firewall family inet filter protect-RE term DNS-ACCESS from destination-port 53
    set firewall family inet filter protect-RE term DNS-ACCESS then accept
    set firewall family inet filter protect-RE term NTP-ACCESS from source-prefix-list NTP-LIST
    set firewall family inet filter protect-RE term NTP-ACCESS from protocol udp
    set firewall family inet filter protect-RE term NTP-ACCESS from destination-port ntp
    set firewall family inet filter protect-RE term NTP-ACCESS then accept
    set firewall family inet filter protect-RE term TRACEROUTE-ACCESS from protocol udp
    set firewall family inet filter protect-RE term TRACEROUTE-ACCESS from destination-port 33434-33523
    set firewall family inet filter protect-RE term TRACEROUTE-ACCESS then accept
    set firewall family inet filter protect-RE term ICMP-ALLOW from protocol icmp
    set firewall family inet filter protect-RE term ICMP-ALLOW from icmp-type echo-request
    set firewall family inet filter protect-RE term ICMP-ALLOW from icmp-type time-exceeded
    set firewall family inet filter protect-RE term ICMP-ALLOW from icmp-type unreachable
    set firewall family inet filter protect-RE term ICMP-ALLOW from icmp-type timestamp
    set firewall family inet filter protect-RE term ICMP-ALLOW from icmp-type echo-reply
    set firewall family inet filter protect-RE term ICMP-ALLOW then accept
    set firewall family inet filter protect-RE term MGMT-ALLOW from source-prefix-list SSH-LIST
    set firewall family inet filter protect-RE term MGMT-ALLOW from source-prefix-list JUNOS-SPACE-LIST
    set firewall family inet filter protect-RE term MGMT-ALLOW then accept
    set firewall family inet filter protect-RE term DENY-ALL-ELSE then discard
    set firewall policer FW-LIMIT-100K if-exceeding bandwidth-limit 200k
    set firewall policer FW-LIMIT-100K if-exceeding burst-size-limit 100k
    set firewall policer FW-LIMIT-100K then discard
    set firewall policer FW-LIMIT-MEDIUM if-exceeding bandwidth-limit 20m
    set firewall policer FW-LIMIT-MEDIUM if-exceeding burst-size-limit 4m
    set firewall policer FW-LIMIT-MEDIUM then loss-priority high
    set firewall policer FW-HARD-LIMIT if-exceeding bandwidth-limit 45m
    set firewall policer FW-HARD-LIMIT if-exceeding burst-size-limit 10m
    set firewall policer FW-HARD-LIMIT then discard
    set ethernet-switching-options voip interface voice-vlan vlan 10
    set vlans MGMT description MGMT-TEST_Cust
    set vlans MGMT vlan-id 200
    set vlans MGMT l3-interface vlan.200
    set vlans TEST_Cust-DIA_HAND-OFF description "TEST_Cust DIA HAND-OFF"
    set vlans TEST_Cust-DIA_HAND-OFF vlan-id 20
    set vlans TEST_Cust-DIA_HAND-OFF l3-interface vlan.20
    set vlans voice-vlan description voice-vlan
    set vlans voice-vlan vlan-id 10
    set vlans voice-vlan l3-interface vlan.10
    set poe interface voice-vlan
    set poe interface ge-0/0/4

    ------------------------------
    JENNA VILLAFLOR
    ------------------------------



  • 4.  RE: EX2200: warning: dhcp subsystem not running - not needed by configuration.

     
    Posted 21 hours ago
    You seem to be missing the vlan configuration for ge-0/0/4

    set interfaces ge-0/0/4 description "Phone port"
    set interfaces ge-0/0/4 unit 0 family ethernet-switching port-mode access
    set vlans voice-vlan interface ge-0/0/4.0


    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------