I have the following DHCP server setup on my IRB. I use the IRB as my layer 3 interface. I am trying to understand how I can do static binding with this configuration.
#set system services dhcp static-binding is not an option.
}
services {
ssh {
protocol-version v2;
connection-limit 3;
}
telnet;
dhcp-local-server {
group DHCP-Group {
interface irb.0;
}
}
web-management {
https {
system-generated-certificate;
interface [ ge-0/0/0.0 irb.0 ];
}
session {
idle-timeout 60;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
boot-server 64.203.255.71;
server 64.203.255.71 prefer;
}
}
services {
rpm;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set nsw_srcnat {
from zone Internal;
to zone Internet;
rule nsw-src-interface {
match {
source-address 192.168.0.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool Camera-System {
address 192.168.0.200/32;
}
rule-set Internet-to-Internal {
from zone Internet;
rule Camera-System {
match {
destination-address 0.0.0.0/32;
destination-port {
18004;
}
}
then {
destination-nat {
pool {
Camera-System;
}
}
}
}
}
}
}
policies {
from-zone Internal to-zone Internet {
policy All_Internal_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone Internal {
policy Permit-Cameras {
match {
source-address any;
destination-address Camera-System;
application Camera-System;
}
then {
permit;
}
}
policy default-reject {
match {
source-address any;
destination-address any;
application any;
}
then {
reject;
count;
}
}
}
from-zone Internal to-zone Internal {
policy Permit-Any {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Internal {
address-book {
address Camera-System 192.168.0.200/32;
}
interfaces {
irb.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone Internet {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ping;
dhcp;
http;
https;
ssh;
tftp;
ntp;
traceroute;
dns;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
description "Hargray Cable Modem";
unit 0 {
family inet {
dhcp-client;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan1;
}
}
}
}
ge-0/0/2 {
description "Netgear Switch";
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan1;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan1;
}
}
}
}
ge-0/0/4 {
description "Apple AP";
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan1;
}
}
}
}
ge-0/0/5 {
description "Dish Hopper DVR";
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan1;
}
}
}
}
irb {
unit 0 {
family inet {
address 192.168.0.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input protect-host;
}
address 127.0.0.1/32;
}
}
}
}
protocols {
l2-learning {
global-mode switching;
}
}
policy-options {
prefix-list router-ipv4 {
apply-path "interfaces <*> unit <*> family inet address <*>";
}
prefix-list ntp-servers {
apply-path "system ntp server <*>";
}
prefix-list dns-servers {
apply-path "system name-server <*>";
}
prefix-list managed-ips {
64.53.59.14/32;
64.203.245.151/32;
192.168.0.0/24;
204.116.21.6/32;
216.16.216.166/32;
}
}
firewall {
filter protect-host {
term accept-managed {
from {
prefix-list {
managed-ips;
}
protocol tcp;
port [ ssh https ];
}
then {
count accept-managed;
accept;
}
}
term accept-dhcp {
from {
protocol udp;
port dhcp;
}
then {
count accept-dhcp;
accept;
}
}
term accept-ntp {
from {
prefix-list {
ntp-servers;
router-ipv4;
}
protocol udp;
port ntp;
}
then {
count accept-ntp;
accept;
}
}
term accept-dns {
from {
source-prefix-list {
dns-servers;
}
protocol udp;
port 53;
}
then {
count accept-dns;
accept;
}
}
term accept-ping {
from {
protocol icmp;
}
then {
count accept-ping;
accept;
}
}
term reject {
then {
count default-reject;
reject;
}
}
}
}
access {
address-assignment {
pool DHCP_Pool {
family inet {
network 192.168.0.0/24;
range DHCP_Range {
low 192.168.0.10;
high 192.168.0.254;
}
dhcp-attributes {
name-server {
8.8.8.8;
}
router {
192.168.0.1;
}
}
}
}
}
}
applications {
application Camera-System {
term t1 protocol tcp destination-port 18004;
}
application MS1 {
term t1 protocol tcp destination-port 80;
}
}
vlans {
vlan1 {
vlan-id none;
l3-interface irb.0;
}
}