Ask the Expert

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.

  • 1.  EX2200: warning: dhcp subsystem not running - not needed by configuration.

    Posted 02-22-2021 14:55
    Hello, 

    I'm having trouble getting DHCP to work on my 24-port EX2200.  It's running version 12.3 and has the jdhcpd daemon. 
    I have some IP phones that  i have set under vlan 10 and was trying to set up multiple ports to grab IPs dynamically via DHCP when a phone is plugged in to the EX2200. I have a phone hooked up to ge-0/0/4 right now and it is not getting an IP address, however i do see the MAC address of the phone coming up. I set up my DHCP configs as follows:


    ** I've marked some IPs as x.x.x.x. for obvious reasons **

    interfaces {
    interface-range VOIP {
    member-range ge-0/0/4 to ge-0/0/22;
    description "Access - VOIP";
    unit 0 {
    family ethernet-switching {
    port-mode access;
    }
    }

    access {
    address-assignment {
    pool VOIP-pool {
    family inet {
    network 10.26.73.192/26;
    dhcp-attributes {
    maximum-lease-time 4800;
    name-server {
    x.x.x.x; 
    x.x.x.x;
    }
    router {
    10.26.73.193;
    }
    option 66 string x.x.x.x/bw;
    }
    }
    }
    }
    }
    ethernet-switching-options {
    voip {
    interface VOIP {
    vlan 10;
    }
    }
    }
    vlans {
    MGMT {
    description MGMT-TEST_Cust;
    vlan-id 200;
    l3-interface vlan.200;
    }
    TEST_Cust-DIA_HAND-OFF {
    description "TEST_Cust DIA HAND-OFF";
    vlan-id 20;
    l3-interface vlan.20;
    }
    VOIP {
    description VOIP;
    vlan-id 10;
    l3-interface vlan.10;
    }
    }
    poe {
    interface VOIP;
    }
    ======================================================
    jcabiling@CE-EX2300-TEST_Cust> show dhcp server binding

    {master:0}
    jcabiling@CE-EX2300-TEST_Cust> show dhcp server statistics
    Packets dropped:
    Total 0

    Messages received:
    BOOTREQUEST 0
    DHCPDECLINE 0
    DHCPDISCOVER 0
    DHCPINFORM 0
    DHCPRELEASE 0
    DHCPREQUEST 0

    Messages sent:
    BOOTREPLY 0
    DHCPOFFER 0
    DHCPACK 0
    DHCPNAK 0
    DHCPFORCERENEW 0

    {master:0}

    ------------------------------
    JENNA V.
    ------------------------------


  • 2.  RE: EX2200: warning: dhcp subsystem not running - not needed by configuration.

     
    Posted 02-22-2021 19:47
    You are not showing the system services portion of the config is this also there?

    set system services dhcp-local-server group-name interface interface-name

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dhcp-for-switching-devices.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: EX2200: warning: dhcp subsystem not running - not needed by configuration.

    Posted 03-01-2021 15:38
    Hi Steve,

    Thank you so much for your response. This is the current running config on the EX2200 listed below. I have a private block assigned on my DHCP pool  of 10.26.73.192/26 configured and have a Polycom phone plugged in to port ge-0/0/4 and it's not pulling an IP.


    set version 12.3R12.4
    set system host-name CE-EX2300-TEST_Cust
    set system time-zone America/New_York
    set system authentication-order tacplus
    set system authentication-order password
    set system root-authentication encrypted-password "xxxxxxxxxxxxxxxxx"
    set system tacplus-server 66.208.1.145 secret "xxxxxxxxxx"
    set system tacplus-server 66.208.1.145 timeout 30
    set system tacplus-server 66.208.1.147 secret "xxxxxxxxxxxxxxx"
    set system tacplus-server 66.208.1.147 timeout 30
    set system login user allied uid 2000
    set system login user allied class super-user
    set system login user allied authentication encrypted-password "xxxxxxxxxxxxxxxxxx"
    set system login user remote uid 2001
    set system login user remote class super-user
    set system services ssh max-sessions-per-connection 32
    set system services ssh ciphers blowfish-cbc
    set system services ssh ciphers 3des-cbc
    set system services ssh ciphers aes128-cbc
    set system services ssh ciphers aes192-cbc
    set system services ssh ciphers aes256-cbc
    set system services ssh key-exchange dh-group1-sha1
    set system services ssh key-exchange dh-group14-sha1
    set system services ssh key-exchange ecdh-sha2-nistp256
    set system services ssh key-exchange ecdh-sha2-nistp384
    set system services ssh key-exchange ecdh-sha2-nistp521
    set system services ssh key-exchange group-exchange-sha1
    set system services ssh key-exchange group-exchange-sha2
    set system services xnm-clear-text
    set system services netconf ssh
    set system services dhcp traceoptions file dhcp-server.log
    set system services dhcp traceoptions flag all
    set system services dhcp pool 10.26.73.192/26 address-range low 10.26.73.200
    set system services dhcp pool 10.26.73.192/26 address-range high 10.26.73.254
    set system services dhcp pool 10.26.73.192/26 default-lease-time 86400
    set system services dhcp pool 10.26.73.192/26 name-server 66.208.1.2
    set system services dhcp pool 10.26.73.192/26 name-server 66.208.2.2
    set system services dhcp pool 10.26.73.192/26 router 10.26.73.193
    set system services dhcp pool 10.26.73.192/26 boot-server 162.250.240.131/bw
    set system syslog archive size 100k
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog host 66.208.1.145 any any
    set system syslog host 66.208.1.145 facility-override local5
    set system syslog host 66.208.1.147 any any
    set system syslog host 66.208.1.147 facility-override local5
    set system syslog file messages any critical
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands error
    set system syslog file interface any any
    set system syslog file interface match "ifOperStatus|UpDown"
    set system syslog file default-log-messages any info
    set system syslog file default-log-messages match "(requested 'commit' operation)|(requested 'commit synchronize' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)"
    set system syslog file default-log-messages structured-data
    set system syslog source-address 10.128.128.22
    set system max-configurations-on-flash 49
    set system ddos-protection traceoptions file ddos.log
    set system ddos-protection traceoptions file size 10m
    set system ddos-protection traceoptions file files 10
    set system ddos-protection traceoptions flag all
    set system ntp server 66.208.0.160
    set system ntp server 66.208.0.161
    set chassis aggregated-devices ethernet device-count 32
    set interfaces interface-range voice-vlan member-range ge-0/0/4 to ge-0/0/22
    set interfaces interface-range voice-vlan description "Access - voice-vlan"
    set interfaces interface-range voice-vlan unit 0 family ethernet-switching port-mode access
    set interfaces ge-0/0/0 description "TEST_Customer LAN"
    set interfaces ge-0/0/0 unit 0 bandwidth 100m
    set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
    set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members TEST_Cust-DIA_HAND-OFF
    set interfaces ge-0/0/1 description OPEN
    set interfaces ge-0/0/1 disable
    set interfaces ge-0/0/2 description OPEN
    set interfaces ge-0/0/2 disable
    set interfaces ge-0/0/3 description "Inside FW"
    set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode access
    set interfaces ge-0/0/23 description "ge-0/0/23 - Static - TEST_Customer MGMT - Uplink"
    set interfaces ge-0/0/23 unit 0 bandwidth 100m
    set interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk
    set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members MGMT
    set interfaces lo0 unit 0 family inet filter input protect-RE
    set interfaces lo0 unit 0 family inet address 127.0.0.1/32
    set interfaces vlan unit 10 family inet address 10.26.73.193/26
    set interfaces vlan unit 20 family inet address 216.185.30.57/30
    set interfaces vlan unit 20 family inet address 216.59.104.153/29
    set interfaces vlan unit 200 family inet address 10.76.9.178/30
    set snmp community "atg%snmp" client-list-name SNMP-LIST
    set snmp community "atg%cpe" client-list-name SNMP-LIST
    set snmp trap-group space targets 66.208.1.181
    set routing-options static route 0.0.0.0/0 next-hop 10.76.9.177
    set protocols lldp-med interface voice-vlan
    set policy-options prefix-list SNMP-LIST 66.208.0.0/22
    set policy-options prefix-list SNMP-LIST 66.208.1.180/31
    set policy-options prefix-list SNMP-LIST 66.208.1.180/32
    set policy-options prefix-list SNMP-LIST 66.208.2.0/24
    set policy-options prefix-list SNMP-LIST 66.208.2.180/31
    set policy-options prefix-list SNMP-LIST 66.208.2.180/32
    set policy-options prefix-list SNMP-LIST 162.250.240.48/32
    set policy-options prefix-list SNMP-LIST 162.250.240.56/32
    set policy-options prefix-list SSH-LIST 10.0.0.0/8
    set policy-options prefix-list SSH-LIST 10.45.0.0/21
    set policy-options prefix-list SSH-LIST 66.208.0.0/23
    set policy-options prefix-list SSH-LIST 66.208.2.0/24
    set policy-options prefix-list SSH-LIST 66.208.2.180/32
    set policy-options prefix-list SSH-LIST 66.208.48.0/28
    set policy-options prefix-list SSH-LIST 216.59.119.0/24
    set policy-options prefix-list BGP-LIST apply-path "protocols bgp group <*> neighbor <*>"
    set policy-options prefix-list BGP-LIST-GROUPS apply-path "groups <*> protocols bgp group <*> neighbor <*>"
    set policy-options prefix-list VRF-BGP-LIST apply-path "routing-instances <*> protocols bgp group <*> neighbor <*>"
    set policy-options prefix-list VRF-BGP-LIST-GROUPS apply-path "groups <*> routing-instances <*> protocols bgp group <*> neighbor <*>"
    set policy-options prefix-list TACACS-LIST 66.208.1.145/32
    set policy-options prefix-list TACACS-LIST 66.208.1.147/32
    set policy-options prefix-list TACACS-LIST apply-path "system tacplus-server <*>"
    set policy-options prefix-list VRRP-LIST 224.0.0.18/32
    set policy-options prefix-list MULTICAST-ALL-ROUTERS 224.0.0.2/32
    set policy-options prefix-list ROUTER-INTERFACE-IPv4 apply-path "interfaces <*> unit <*> family inet address <*>"
    set policy-options prefix-list ROUTER-INTERFACE-IPv6 apply-path "interfaces <*> unit <*> family inet6 address <*>"
    set policy-options prefix-list ROUTER-INTERFACE-IPv4-GROUPS apply-path "groups <*> interfaces <*> unit <*> family inet address <*>"
    set policy-options prefix-list ROUTER-INTERFACE-IPv6-GROUPS apply-path "groups <*> interfaces <*> unit <*> family inet6 address <*>"
    set policy-options prefix-list NTP-LIST 66.208.0.0/24
    set policy-options prefix-list NTP-LIST apply-path "system ntp server <*>"
    set policy-options prefix-list FW-ICMP-ALLOW-LIST 10.0.0.0/8
    set policy-options prefix-list FW-ICMP-ALLOW-LIST 66.208.0.0/18
    set policy-options prefix-list ROUTER-INTERFACE-IPv6-LinkLocal fe80::/10
    set policy-options prefix-list JUNOS-SPACE-LIST 66.208.1.180/32
    set policy-options prefix-list JUNOS-SPACE-LIST 66.208.2.180/32
    set policy-options prefix-list JUNOS-SPACE-LIST 162.250.240.48/32
    set policy-options prefix-list JUNOS-SPACE-LIST 162.250.240.56/32
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class expedited-forwarding loss-priority low code-points 101110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class assured-forwarding loss-priority low code-points 011010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class assured-forwarding loss-priority low code-points 001010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class assured-forwarding loss-priority low code-points 001100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class assured-forwarding loss-priority low code-points 001110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class network-control loss-priority low code-points 110000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class network-control loss-priority low code-points 111000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 000111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 001000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 001001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 001011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 001101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 001111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 010111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 011111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 100111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101000
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 101111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 110111
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111001
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111010
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111011
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111100
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111101
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111110
    set class-of-service classifiers dscp ATG-VoIP-DSCP forwarding-class best-effort loss-priority low code-points 111111
    set class-of-service interfaces ge-0/0/4 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/5 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/6 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/7 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/8 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/9 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/10 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/11 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/12 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/13 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/14 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/15 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/16 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/17 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/18 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/19 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/20 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/21 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service interfaces ge-0/0/22 unit 0 classifiers dscp ATG-VoIP-DSCP
    set class-of-service scheduler-maps Core-QoS forwarding-class expedited-forwarding scheduler Core-VoIP
    set class-of-service scheduler-maps Core-QoS forwarding-class network-control scheduler Core-NC
    set class-of-service scheduler-maps Core-QoS forwarding-class assured-forwarding scheduler Core-SIG
    set class-of-service scheduler-maps Core-QoS forwarding-class best-effort scheduler Core-BE
    set class-of-service schedulers Core-VoIP transmit-rate percent 80
    set class-of-service schedulers Core-VoIP priority strict-high
    set class-of-service schedulers Core-SIG transmit-rate percent 5
    set class-of-service schedulers Core-SIG priority low
    set class-of-service schedulers Core-NC transmit-rate percent 5
    set class-of-service schedulers Core-NC priority strict-high
    set class-of-service schedulers Core-BE transmit-rate remainder
    set firewall family inet filter protect-RE interface-specific
    set firewall family inet filter protect-RE term TCP-CONTROL from source-prefix-list SSH-LIST
    set firewall family inet filter protect-RE term TCP-CONTROL from source-prefix-list BGP-LIST
    set firewall family inet filter protect-RE term TCP-CONTROL from source-prefix-list TACACS-LIST
    set firewall family inet filter protect-RE term TCP-CONTROL from protocol tcp
    set firewall family inet filter protect-RE term TCP-CONTROL then accept
    set firewall family inet filter protect-RE term SSH-ACCESS from source-prefix-list SSH-LIST
    set firewall family inet filter protect-RE term SSH-ACCESS from source-prefix-list JUNOS-SPACE-LIST
    set firewall family inet filter protect-RE term SSH-ACCESS from protocol tcp
    set firewall family inet filter protect-RE term SSH-ACCESS from destination-port ssh
    set firewall family inet filter protect-RE term SSH-ACCESS from destination-port 830
    set firewall family inet filter protect-RE term SSH-ACCESS then accept
    set firewall family inet filter protect-RE term SNMP-ACCESS from source-prefix-list SNMP-LIST
    set firewall family inet filter protect-RE term SNMP-ACCESS from protocol udp
    set firewall family inet filter protect-RE term SNMP-ACCESS from destination-port snmp
    set firewall family inet filter protect-RE term SNMP-ACCESS from destination-port snmptrap
    set firewall family inet filter protect-RE term SNMP-ACCESS then accept
    set firewall family inet filter protect-RE term TACACS-ACCESS from source-prefix-list TACACS-LIST
    set firewall family inet filter protect-RE term TACACS-ACCESS from protocol tcp
    set firewall family inet filter protect-RE term TACACS-ACCESS from protocol udp
    set firewall family inet filter protect-RE term TACACS-ACCESS from source-port tacacs
    set firewall family inet filter protect-RE term TACACS-ACCESS from source-port 48
    set firewall family inet filter protect-RE term TACACS-ACCESS then accept
    set firewall family inet filter protect-RE term DNS-ACCESS from destination-port 53
    set firewall family inet filter protect-RE term DNS-ACCESS then accept
    set firewall family inet filter protect-RE term NTP-ACCESS from source-prefix-list NTP-LIST
    set firewall family inet filter protect-RE term NTP-ACCESS from protocol udp
    set firewall family inet filter protect-RE term NTP-ACCESS from destination-port ntp
    set firewall family inet filter protect-RE term NTP-ACCESS then accept
    set firewall family inet filter protect-RE term TRACEROUTE-ACCESS from protocol udp
    set firewall family inet filter protect-RE term TRACEROUTE-ACCESS from destination-port 33434-33523
    set firewall family inet filter protect-RE term TRACEROUTE-ACCESS then accept
    set firewall family inet filter protect-RE term ICMP-ALLOW from protocol icmp
    set firewall family inet filter protect-RE term ICMP-ALLOW from icmp-type echo-request
    set firewall family inet filter protect-RE term ICMP-ALLOW from icmp-type time-exceeded
    set firewall family inet filter protect-RE term ICMP-ALLOW from icmp-type unreachable
    set firewall family inet filter protect-RE term ICMP-ALLOW from icmp-type timestamp
    set firewall family inet filter protect-RE term ICMP-ALLOW from icmp-type echo-reply
    set firewall family inet filter protect-RE term ICMP-ALLOW then accept
    set firewall family inet filter protect-RE term MGMT-ALLOW from source-prefix-list SSH-LIST
    set firewall family inet filter protect-RE term MGMT-ALLOW from source-prefix-list JUNOS-SPACE-LIST
    set firewall family inet filter protect-RE term MGMT-ALLOW then accept
    set firewall family inet filter protect-RE term DENY-ALL-ELSE then discard
    set firewall policer FW-LIMIT-100K if-exceeding bandwidth-limit 200k
    set firewall policer FW-LIMIT-100K if-exceeding burst-size-limit 100k
    set firewall policer FW-LIMIT-100K then discard
    set firewall policer FW-LIMIT-MEDIUM if-exceeding bandwidth-limit 20m
    set firewall policer FW-LIMIT-MEDIUM if-exceeding burst-size-limit 4m
    set firewall policer FW-LIMIT-MEDIUM then loss-priority high
    set firewall policer FW-HARD-LIMIT if-exceeding bandwidth-limit 45m
    set firewall policer FW-HARD-LIMIT if-exceeding burst-size-limit 10m
    set firewall policer FW-HARD-LIMIT then discard
    set ethernet-switching-options voip interface voice-vlan vlan 10
    set vlans MGMT description MGMT-TEST_Cust
    set vlans MGMT vlan-id 200
    set vlans MGMT l3-interface vlan.200
    set vlans TEST_Cust-DIA_HAND-OFF description "TEST_Cust DIA HAND-OFF"
    set vlans TEST_Cust-DIA_HAND-OFF vlan-id 20
    set vlans TEST_Cust-DIA_HAND-OFF l3-interface vlan.20
    set vlans voice-vlan description voice-vlan
    set vlans voice-vlan vlan-id 10
    set vlans voice-vlan l3-interface vlan.10
    set poe interface voice-vlan
    set poe interface ge-0/0/4

    ------------------------------
    JENNA VILLAFLOR
    ------------------------------



  • 4.  RE: EX2200: warning: dhcp subsystem not running - not needed by configuration.

     
    Posted 03-01-2021 19:12
    You seem to be missing the vlan configuration for ge-0/0/4

    set interfaces ge-0/0/4 description "Phone port"
    set interfaces ge-0/0/4 unit 0 family ethernet-switching port-mode access
    set vlans voice-vlan interface ge-0/0/4.0


    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: EX2200: warning: dhcp subsystem not running - not needed by configuration.

    Posted 03-03-2021 09:10
    Thank you for your response! I tried adding those configs on the port facing the polycom phone but it didnt make much of a difference, the phone is still not picking up an IP. I did try hooking up the phone to an entirely different network connection and it pulled an IP and worked fine. So at this point i think there is something i am missing on the switch, but cant figure out what it could be

    ------------------------------
    JENNA VILLAFLOR
    ------------------------------



  • 6.  RE: EX2200: warning: dhcp subsystem not running - not needed by configuration.

    Posted 03-03-2021 10:25
    Hello Jenna,

    I have gone through your configuration, and I have something to recommend. Since you only have one vlan "voice-vlan" which  you are using for the phones,
    then I don't think you need to voice vlan configuration on the port, unless you have workstations connected on the phone. So you only need this below

    set interfaces interface-range voice-vlan description "Access - voice-vlan"
    set interfaces interface-range voice-vlan unit 0 family ethernet-switching port-mode access

    and remove this

    set ethernet-switching-options voip interface voice-vlan vlan 10

    Hope this helps.


    ------------------------------
    HONGERA NGERAGEZA
    ------------------------------



  • 7.  RE: EX2200: warning: dhcp subsystem not running - not needed by configuration.

    Posted 03-03-2021 15:45
    We finally figured out why the phone was not pulling an IP. we needed to add this:

    set firewall family inet filter protect-RE term DHCP from source-address 0.0.0.0/32
    set firewall family inet filter protect-RE term DHCP from destination-address 255.255.255.255/32
    set firewall family inet filter protect-RE term DHCP then accept

    ------------------------------
    JENNA VILLAFLOR
    ------------------------------