SRX 300 - DHCP subsystem not running

I can't seem to get DHCP to work on the new SRX 300.

The error I get is “dhcp subsystem not running”…

I gather there's two ways of doing it, the old SRX100 method and a new one (see below)

Is there a trick to this ?

The old way was just:

Services{

….

dhcp {

            pool 192.168.15.0/24 {

                address-range low 192.168.15.50 high 192.168.15.150;

                default-lease-time 3600;

                name-server {

                    8.8.8.8;

                }

                router {

                    192.168.15.1;

                }

            }

        }

}

I tried the new way:

Services {

….

dhcp-local-server {

                group Data-Vlan-DHCP {

                interface irb.1;

                interface vlan.1;

                }

        }

……

access {

                address-assignment {

                                pool DHCP_Data_Network {

                                                family inet {

                                                                network 192.168.15.0/24;

                                                                range 192_168_15_0 {

                                                                                low 192.168.15.50;

                                                                                high 192.168.15.150;

                                                                }

                                                                dhcp-attributes {

                                                                                name-server {

                                                                                                8.8.8.8;

                                                                                }

                                                                                router {

                                                                                                192.168.15.1;

                                                                                }

                                                                }

                                                }

                                }

                }

}

Neither worked.

See my config below:

## Last commit: 2016-08-09 04:03:12 GMT+10 by root
version 15.1X49-D50.3;
system {
host-name Laser-SRX300;
time-zone GMT+10;
root-authentication {
encrypted-password "???????????????????"; ## SECRET-DATA
}
name-server {
8.8.8.8;
}
name-resolution {
no-resolve-on-input;
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface all;
}
https {
system-generated-certificate;
interface all;
}
session {
idle-timeout 60;
}
}
dhcp-local-server {
group Data-Vlan-DHCP {
interface irb.1;
interface vlan.1;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
archival {
configuration {
transfer-on-commit;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server 0.oceania.pool.ntp.org;
}
}
security {
alg {
sip disable;
ike-esp-nat {
enable;
}
}
flow {
tcp-mss {
all-tcp {
mss 1400;
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set nat_to_internet {
from zone DataNetwork;
to zone Internet;
rule nat_to_data_net_rule {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool port_fwd_6180 {
address 192.168.15.151/24 port 6180;
}
pool port_fwd_6181 {
address 192.168.15.151/24 port 6181;
}
pool port_fwd_6182 {
address 192.168.15.151/24 port 6182;
}
pool port_fwd_6183 {
address 192.168.15.151/24 port 6183;
}
pool port_fwd_6184 {
address 192.168.15.151/24 port 6184;
}
pool port_fwd_6185 {
address 192.168.15.151/24 port 6185;
}
pool port_fwd_6186 {
address 192.168.15.151/24 port 6186;
}
pool port_fwd_6187 {
address 192.168.15.151/24 port 6187;
}
pool port_fwd_6188 {
address 192.168.15.151/24 port 6188;
}
pool port_fwd_9630 {
address 192.168.15.200/24 port 9630;
}
pool port_fwd_9631 {
address 192.168.15.200/24 port 9631;
}
pool port_fwd_9632 {
address 192.168.15.200/24 port 9632;
}
rule-set dst-nat {
from zone Internet;
rule port_fwd_6180 {
match {
destination-address 0.0.0.0/0;
destination-port 6180;
}
then {
destination-nat {
pool {
port_fwd_6180;
}
}
}
}
rule port_fwd_6181 {
match {
destination-address 0.0.0.0/0;
destination-port 6181;
}
then {
destination-nat {
pool {
port_fwd_6181;
}
}
}
}
rule port_fwd_6182 {
match {
destination-address 0.0.0.0/0;
destination-port 6182;
}
then {
destination-nat {
pool {
port_fwd_6182;
}
}
}
}
rule port_fwd_6183 {
match {
destination-address 0.0.0.0/0;
destination-port 6183;
}
then {
destination-nat {
pool {
port_fwd_6183;
}
}
}
}
rule port_fwd_6184 {
match {
destination-address 0.0.0.0/0;
destination-port 6184;
}
then {
destination-nat {
pool {
port_fwd_6184;
}
}
}
}
rule port_fwd_6185 {
match {
destination-address 0.0.0.0/0;
destination-port 6185;
}
then {
destination-nat {
pool {
port_fwd_6185;
}
}
}
}
rule port_fwd_6186 {
match {
destination-address 0.0.0.0/0;
destination-port 6186;
}
then {
destination-nat {
pool {
port_fwd_6186;
}
}
}
}
rule port_fwd_6187 {
match {
destination-address 0.0.0.0/0;
destination-port 6187;
}
then {
destination-nat {
pool {
port_fwd_6187;
}
}
}
}
rule port_fwd_6188 {
match {
destination-address 0.0.0.0/0;
destination-port 6188;
}
then {
destination-nat {
pool {
port_fwd_6188;
}
}
}
}
rule port_fwd_9630 {
match {
destination-address 0.0.0.0/0;
destination-port 9630;
}
then {
destination-nat {
pool {
port_fwd_9630;
}
}
}
}
rule port_fwd_9631 {
match {
destination-address 0.0.0.0/0;
destination-port 9631;
}
then {
destination-nat {
pool {
port_fwd_9631;
}
}
}
}
rule port_fwd_9632 {
match {
destination-address 0.0.0.0/0;
destination-port 9632;
}
then {
destination-nat {
pool {
port_fwd_9632;
}
}
}
}
}
}
}
policies {
from-zone DataNetwork to-zone DataNetwork {
policy data2data {
description "Allows traffic within Data zone";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone DataNetwork to-zone VoiceNetwork {
policy data2voice {
description "Allows traffic between Data and Voice zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone DataNetwork to-zone Internet {
policy data2www {
description "Allows traffic between Data and Internet zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone VoiceNetwork to-zone Internet {
policy voice2www {
description "Allows traffic between Voice and Internet zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone VoiceNetwork to-zone DataNetwork {
policy voice2data {
description "Allows traffic between Voice and Data zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone SIPconnection to-zone SIPconnection {
policy sip2sip {
description "Allows traffic between sip zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone SIPconnection to-zone DataNetwork {
policy sip2data {
description "Allows traffic between SIP and Data zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone SIPconnection to-zone VoiceNetwork {
policy sip2voice {
description "Allows traffic between SIP and Voice zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone DataNetwork to-zone SIPconnection {
policy data2sip {
description "Allows traffic between Data and SIP zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone VoiceNetwork to-zone SIPconnection {
policy voice2sip {
description "Allows traffic between Voice and SIP zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone DataNetwork {
policy www2data {
description "Allows traffic between Internet and Data zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone VoiceNetwork {
policy www2voice {
description "Allows traffic between Internet and Voice zones";
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone DataNetwork {
description "Data vlan";
interfaces {
irb.1 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone VoiceNetwork {
description "Voice vlan";
interfaces {
irb.20 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
security-zone SIPconnection {
description "SIP Connection";
interfaces {
irb.30 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
security-zone Internet {
description "Telstra NBN Connection";
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
description "Telstra NBN Internet";
unit 0 {
encapsulation ppp-over-ether;
}
}
ge-0/0/1 {
description "SIP Port";
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members SIP-VLAN;
}
native-vlan-id default;
}
}
}
ge-0/0/2 {
description "Voice Port";
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members Voice-VLAN;
}
native-vlan-id default;
}
}
}
ge-0/0/3 {
description "Data Port";
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members default;
}
native-vlan-id default;
}
}
}
ge-0/0/4 {
description "Data Port";
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members default;
}
native-vlan-id default;
}
}
}
ge-0/0/5 {
description "Trunk Port";
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members all;
}
}
}
}
irb {
unit 1 {
description Data;
family inet {
address 192.168.15.1/24;
}
}
unit 20 {
description Voice;
family inet {
address 172.16.1.1/24;
}
}
unit 30 {
description Voice;
family inet {
address 192.168.20.1/24;
}
}
}
vlan {
unit 1 {
description Data;
family inet {
address 192.168.15.1/24;
}
}
unit 20 {
description Voice;
family inet {
address 172.16.1.1/24;
}
}
unit 30 {
description Voice;
family inet {
address 192.168.20.1/24;
}
}
}
pp0 {
unit 0 {
pppoe-options {
underlying-interface ge-0/0/0.0;
idle-timeout 0;
auto-reconnect 20;
client;
}
family inet {
negotiate-address;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop pp0.0; ## Internet - Telstra NBN interface
route 203.52.0.0/16 next-hop 192.168.20.2;
route 203.41.188.96/28 next-hop 192.168.20.2;
route 203.42.70.224/28 next-hop 192.168.20.2;
route 144.140.208.16/29 next-hop 192.168.20.2;
route 144.140.162.40/29 next-hop 192.168.20.2;
route 144.140.208.32/28 next-hop 192.168.20.2;
route 144.140.162.48/28 next-hop 192.168.20.2;
route 144.140.208.80/28 next-hop 192.168.20.2;
route 144.140.162.80/28 next-hop 192.168.20.2;
route 203.52.1.160/28 next-hop 192.168.20.2;
route 203.52.0.160/28 next-hop 192.168.20.2;
route 203.52.3.160/28 next-hop 192.168.20.2;
route 203.44.43.160/28 next-hop 192.168.20.2;
route 203.52.2.160/28 next-hop 192.168.20.2;
route 203.44.44.160/28 next-hop 192.168.20.2;
route 203.44.42.0/27 next-hop 192.168.20.2;
route 203.44.42.224/27 next-hop 192.168.20.2;
}
}
protocols {
l2-learning {
global-mode switching;
}
}
vlans {
SIP-VLAN {
description "Voice Network";
vlan-id 30;
l3-interface irb.30;
}
Voice-VLAN {
description "Voice Network";
vlan-id 20;
l3-interface irb.20;
}
default {
description "Data Network";
vlan-id 1;
l3-interface irb.1;
}
}
access {
address-assignment {
pool DHCP_Data_Network {
family inet {
network 192.168.15.0/24;
range 192_168_15_0 {
low 192.168.15.50;
high 192.168.15.150;
}
dhcp-attributes {
name-server {
8.8.8.8;
}
router {
192.168.15.1;
}
}
}
}
}
}