This is one of those things that is probably documented very well somewhere but I couldn’t find it so I’m writing up how to do it. I don’t take credit (or responsibility) for any of the programs mentioned here; I’m just a grateful user. This process has worked a few times in a row for me - most recently with version 1.7.5.4035 - so I feel comfortable recommending it.

As of 13.2 (for most platforms), Juniper ethernet switches now offer Enhanced Layer 2 Services (ELS) which changed the syntax to configure a number of different objects throughout Junos. Recently I had to configure DHCP on an EX switch for a customer on EX3300s which were running ELS.

Though Juniper has documentation describing how to configure DHCP on ELS I found that it was light on the details particularly around the situation I needed to support where I had non-contiguous address blocks within the same network address space.

In my case the customer was running a /23 network block but had static configurations on some PCs out of that address space so the EX was going to allocate from one small block and then a larger one. If this is on different networks it’s possible to configure overflow pools and link them together.

The key pieces of information that I found missing was:

1. You must have a network address on the network for which you want to provide DHCP. Note that if you don't have a local address there is no warning on commit, there's just no DHCP handed out.
2. Multiple address ranges configured in the same pool will overflow from one to the other as needed.

In the end our configuration came out looking like the following:

system {
    services {
        dhcp-local-server {
            group LAN {
                interface irb.1
            }
        }
    }
}
interfaces {
    irb {
        unit 1 {
            family inet {
                address 1.2.3.17/23;
            }
        }
    }
}
access {
    address-assignment {
        pool LAN {
            family inet {
                network 1.2.2.0/23;
                range 1st-range {
                    low 1.2.2.200;
                    high 1.2.2.254;
                }
                range 2nd-range {
                    low 1.2.3.3;
                    high 1.2.3.16;
                }
                dhcp-attributes {
                    name-server {
                        8.8.8.8
                    }
                    router {
                        1.2.2.1;
                    }
                }
            }
        }
    }
}

or

set system services dhcp-local-server group LAN
set access address-assignment pool LAN family inet network 1.2.2.0/23
set access address-assignment pool LAN family inet range 1st-range low 1.2.2.200
set access address-assignment pool LAN family inet range 1st-range high 1.2.2.254
set access address-assignment pool LAN family inet range 2nd-range low 1.2.3.3
set access address-assignment pool LAN family inet range 2nd-range high 1.2.3.16
set access address-assignment pool LAN family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool LAN family inet dhcp-attributes router 1.2.4.1
set interfaces irb unit 1 family inet address 1.2.3.17/23

1. Purchase a lab license for f5’s virtual edition
2. Download and install it in VMWare Fusion
3. Put that it’s management onto a custom vmnet which has connectivity to your Mac and external networks (vmnet8 aka Share with my mac should work)
4. Download Ubuntu 16.04 server
5. Follow the instructions for installing Docker on ubuntu at docker
6. I’ve created a small container image to use for testing, get it with ‘docker pull csirkin/alpine-node-echoip’
7. Create a static route on your Mac to reach the containers via the Ubuntu VM’s address by ‘sudo route -n add 172.17.0.0/16 x.x.x.x’
8. Start the containers, I’ve been using 3 - ‘docker run -i -t csirkin/alpine-node-echoip’ then cntl-p cntl-q to get back to your Ubuntu cli. Note the IP address which is reported, though they are most likely 172.17.0.2, 172.17.0.3 and 172.17.0.4.

For the past few years I’ve been using Authy to provide 2 Factor Authentication for my Ubuntu system, but somebody suggested that I take a look at Duo as an alternative. I originally started using Authy because I like the Authy app more than Google Authenticator and because it also offered a few other things it could authenticate. Duo seems to provide more options, including Radius and it offers more for free and I like the push option with a token so that when I try to log in to something instead of going to the app to get a code to type in it pops up a notification asking me whether to approve the log in or not.

Recently I was working with a customer and looking to test some SRX Cluster configurations that I had written for them before our lab gear became available. No problem I figured, I can easily mock this up with Firefly Perimeter (aka vSRX) on my laptop. However when I tried I couldn’t get the links between the members to come up and the boxes never clustered.