You can apply an ACL just to management access. For instance:
! replace x.x.x.x with the IP to permit
access-list 1 permit host x.x.x.x
! some switches range from 0 to 15 instead of 0 to 4, adjust as necessary
line vty 0 4
access-class 1 in
This applies standard access list 1 to just inbound access on virtual terminals (which includes telnet and ssh access), irrespective of VLAN. You can use a more sophisticated access-list
if needed. Chopper3 provided a good link for that.
You stated that ports 3 and 42 were configured on the Catalyst switch, but then provided configurations for ports 46 and 48. The configuration you posted for port 46 should be applied to port 3 that connects to the EX2200. Your router's connection is unchanged, so hopefully we can assume that configuration is fine.
Now, on the EX2200, the following lines of code would be appropriate to do the following:
ge-0/0/0 - trunk allowing the same vlans as defined above on port 46
ge-0/0/6 - access port on VLAN80
set vlans vlan80 vlan-id 80
set vlans vlan82 vlan-id 82
set vlans vlan83 vlan-id 83
set vlans vlan93 vlan-id 93
set vlans vlan289 vlan-id 289
set interfaces ge-0/0/0 description uplink-to-catalyst
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan80
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan82
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan83
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan93
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan289
set interfaces ge-0/0/6 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan80
Some other suggestions for you:
1) Turn on LLDP on your switch so you can do a show lldp neighbors and see where your connections go.
2) Don't use RSTP for spanning tree on the juniper switch, it doesn't play nice with Cisco that well, use VSTP instead. If you end up with a ton of vlans, you might even need to use MSTP.
3) Turn off chassis alarm for the management ethernet if you're not using it.
On the EX2200:
delete protocols rstp
set protocols vstp vlan all bridge-priority 4k
set protocols lldp interface all
set chassis alarm management-ethernet link-down ignore
On the Catalyst (if it supports it)
lldp run
Best Answer
It sounds like what you're trying to do should be fine. You can have either the switch or the router provide the DHCP service. You'll want to enable dhcp snooping on the uplink port (setting it to untrusted). That SHOULD drop any DHCPOFFER coming in from there.
ip dhcp snooping
ip dhcp snooping vlan number 110 (or whatever)
for each interface (not the uplink):
interface fe0/0
ip dhcp snooping trust
then you should basically be good.