[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Wed Feb 19 17:02:17 CST 2014
Index: core.alt.onenet.net
===================================================================
--- core.alt.onenet.net (revision 108828)
+++ core.alt.onenet.net (working copy)
@@ -324,14 +324,14 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1101262 up up
-#lsi.1101263 up up
-#lsi.1101264 up up
-#lsi.1101265 up up
-#lsi.1101266 up up
-#lsi.1101267 up up
-#lsi.1101268 up up
-#lsi.1101269 up up
+#lsi.1101334 up up
+#lsi.1101335 up up
+#lsi.1101336 up up
+#lsi.1101337 up up
+#lsi.1101338 up up
+#lsi.1101339 up up
+#lsi.1101340 up up
+#lsi.1101341 up up
#mtun up up
#pimd up up
#pime up up
Index: core.end.onenet.net
===================================================================
--- core.end.onenet.net (revision 107278)
+++ core.end.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ENID-MX480-RE0> show system commit
+# 2014-02-19 16:51:53 CST by josh via cli commit synchronize
# 2014-02-14 14:59:40 CST by josh via cli commit synchronize
# 2014-02-14 14:54:24 CST by rnordmark via cli commit synchronize
# 2014-02-14 14:53:20 CST by josh via cli commit synchronize
# 2014-02-14 14:34:39 CST by jeremyt via cli commit synchronize
# 2014-02-14 14:31:16 CST by jeremyt via cli commit synchronize
-# 2014-02-14 14:14:55 CST by jeremyt via cli commit synchronize
# grnoc-mon at ENID-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -240,7 +240,7 @@
# grnoc-mon at ENID-MX480-RE0> show system uptime
# System booted: 2013-05-30 00:12 CDT
# Protocols started: 2013-05-30 00:17 CDT
-# Last configured: 2014-02-14 14:59 CST by josh
+# Last configured: 2014-02-19 16:51 CST by josh
#
# {master}
# grnoc-mon at ENID-MX480-RE0> show interface terse
@@ -276,7 +276,7 @@
#pfe-0/2/0.16383 up up
#ge-0/2/1 up up
#ge-0/2/1.70 up up
-#ge-0/2/1.2529 up up
+#ge-0/2/1.2530 up up
#ge-0/2/1.32767 up up
#ge-0/2/2 up up
#ge-0/2/2.70 up up
@@ -320,7 +320,7 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.256 up up
+#lsi.257 up up
#mtun up up
#pimd up up
#pime up up
@@ -328,7 +328,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ENID-MX480-RE0> show configuration
-## Last commit: 2014-02-14 14:59:40 CST by josh
+## Last commit: 2014-02-19 16:51:53 CST by josh
version 11.4R7.5;
groups {
re0 {
@@ -633,9 +633,9 @@
mtu 9000;
}
}
- unit 2529 {
+ unit 2530 {
description "PS-NET Public Safety Net CIR000XXXX | [NO-MONITOR]";
- vlan-id 2529;
+ vlan-id 2530;
family inet {
address 172.26.1.65/26;
}
@@ -1171,7 +1171,7 @@
community Midwest-City members 5078:2;
community Muskogee members 5078:94;
community ONENET-PoP-APPLIANCES members target:5078:2012;
- community ONET-PS_NET-VPN members target:5078:2529;
+ community ONET-PS_NET-VPN members target:5078:2530;
community OSUOKC members 5078:50;
community Okmulgee members 5078:110;
community Ponca-City members 5078:186;
@@ -1431,11 +1431,11 @@
ONENET-PS_NET-L3VPN {
description "PS_NET Public Safety Net";
instance-type vrf;
- interface ge-0/2/1.2529;
- route-distinguisher 164.58.199.67:2529;
+ interface ge-0/2/1.2530;
+ route-distinguisher 164.58.199.67:2530;
vrf-import ONENET-PS_NET-VRF-IMPORT;
vrf-export ONENET-PS_NET-VRF-EXPORT;
- vrf-target target:5078:2529;
+ vrf-target target:5078:2530;
vrf-table-label;
routing-options {
static {
Index: core.dur.onenet.net
===================================================================
--- core.dur.onenet.net (revision 108795)
+++ core.dur.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at DURANT-MX480-RE0> show system commit
+# 2014-02-19 16:51:49 CST by josh via cli commit synchronize
# 2014-02-19 13:05:03 CST by rnordmark via cli commit synchronize
# 2014-02-19 12:39:57 CST by rnordmark via cli commit synchronize
# 2014-02-14 16:00:10 CST by josh via cli commit confirmed, rollback in 5mins synchronize
# 2014-02-14 15:53:24 CST by josh via cli commit confirmed, rollback in 5mins synchronize
# 2014-02-14 14:58:13 CST by josh via cli commit synchronize
-# 2014-02-14 14:57:33 CST by josh via cli commit synchronize
# grnoc-mon at DURANT-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -246,7 +246,7 @@
# grnoc-mon at DURANT-MX480-RE0> show system uptime
# System booted: 2013-05-26 00:24 CDT
# Protocols started: 2013-05-26 00:27 CDT
-# Last configured: 2014-02-19 13:05 CST by rnordmark
+# Last configured: 2014-02-19 16:51 CST by josh
#
# {master}
# grnoc-mon at DURANT-MX480-RE0> show interface terse
@@ -316,13 +316,13 @@
#gre up up
#ipip up up
#irb up up
-#irb.2529 up up
+#irb.2530 up up
#lo0 up up
#lo0.0 up up
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1 up up
+#lsi.2 up up
#mtun up up
#pimd up up
#pime up up
@@ -330,7 +330,7 @@
#pp0 up up
#tap up up
# grnoc-mon at DURANT-MX480-RE0> show configuration
-## Last commit: 2014-02-19 13:05:03 CST by rnordmark
+## Last commit: 2014-02-19 16:51:49 CST by josh
version 11.4R7.5;
groups {
re0 {
@@ -542,7 +542,7 @@
unit 0 {
family bridge {
interface-mode trunk;
- vlan-id-list 2529;
+ vlan-id-list 2530;
}
}
unit 70 {
@@ -704,7 +704,7 @@
disable;
}
irb {
- unit 2529 {
+ unit 2530 {
family inet {
address 172.26.1.129/26;
}
@@ -1068,7 +1068,7 @@
community Midwest-City members 5078:2;
community Muskogee members 5078:94;
community ONENET-PoP-APPLIANCES members target:5078:2012;
- community ONET-PS_NET-VPN members target:5078:2529;
+ community ONET-PS_NET-VPN members target:5078:2530;
community OSUOKC members 5078:50;
community Okmulgee members 5078:110;
community Ponca-City members 5078:186;
@@ -1328,11 +1328,11 @@
ONENET-PS_NET-L3VPN {
description "PS_NET Public Safety Net";
instance-type vrf;
- interface irb.2529;
- route-distinguisher 164.58.199.15:2529;
+ interface irb.2530;
+ route-distinguisher 164.58.199.15:2530;
vrf-import ONENET-PS_NET-VRF-IMPORT;
vrf-export ONENET-PS_NET-VRF-EXPORT;
- vrf-target target:5078:2529;
+ vrf-target target:5078:2530;
vrf-table-label;
routing-options {
static {
@@ -1344,7 +1344,7 @@
external-preference 255;
export ONENET-PS_NET-VRF-IMPORT;
area 0.0.0.0 {
- interface irb.2529;
+ interface irb.2530;
}
}
}
@@ -1398,9 +1398,9 @@
}
}
bridge-domains {
- vlan-2529 {
- vlan-id 2529;
- routing-interface irb.2529;
+ vlan-2530 {
+ vlan-id 2530;
+ routing-interface irb.2530;
}
}
{master}
Index: core.say.onenet.net
===================================================================
--- core.say.onenet.net (revision 107324)
+++ core.say.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SAYRE-MX480-RE0> show system commit
+# 2014-02-19 16:06:29 CST by josh via cli commit confirmed, rollback in 1mins synchronize
# 2014-02-14 14:55:07 CST by rnordmark via cli commit synchronize
# 2013-11-13 12:18:04 CST by joel via cli commit synchronize
# 2013-11-11 15:26:43 CST by rnordmark via cli commit synchronize
# 2013-11-01 12:14:47 CDT by joel via cli commit synchronize
# 2013-10-31 14:32:47 CDT by jeremyt via cli commit synchronize
-# 2013-10-31 09:29:49 CDT by joel via cli commit synchronize
# grnoc-mon at SAYRE-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -241,7 +241,7 @@
# grnoc-mon at SAYRE-MX480-RE0> show system uptime
# System booted: 2013-05-27 00:53 CDT
# Protocols started: 2013-05-27 00:58 CDT
-# Last configured: 2014-02-14 14:55 CST by rnordmark
+# Last configured: 2014-02-19 16:06 CST by josh
#
# {master}
# grnoc-mon at SAYRE-MX480-RE0> show interface terse
@@ -312,7 +312,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SAYRE-MX480-RE0> show configuration
-## Last commit: 2014-02-14 14:55:07 CST by rnordmark
+## Last commit: 2014-02-19 16:06:29 CST by josh
version 11.4R7.5;
groups {
re0 {
@@ -356,7 +356,7 @@
}
name-server {
164.58.253.10;
- 164.58.253.4;
+ 164.58.198.10;
}
radius-server {
156.110.31.11 {
@@ -455,8 +455,7 @@
}
commit synchronize;
ntp {
- server 164.58.3.98;
- server 164.58.253.82 prefer;
+ server 164.58.3.98 prefer;
}
}
chassis {
@@ -817,6 +816,17 @@
}
policy-options {
prefix-list EBGP-IPV4-NEIGHBORS;
+ prefix-list ALLOWED-MGMT-SOURCES {
+ 64.207.244.14/32;
+ 66.129.224.37/32;
+ 129.15.127.96/28;
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.10.0/24;
+ 164.58.15.0/24;
+ 164.58.244.0/22;
+ 164.58.253.0/24;
+ }
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -988,24 +998,6 @@
firewall {
family inet {
filter PROTECT-RE {
- term SERVICES {
- from {
- source-address {
- 129.15.127.96/28;
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.10.0/24;
- 164.58.253.0/24;
- 64.207.244.14/32;
- 66.129.224.37/32;
- 164.58.15.0/24;
- 164.58.244.0/22;
- }
- protocol tcp;
- destination-port [ ssh http ];
- }
- then accept;
- }
term OSPF-ALLOW {
from {
source-address {
@@ -1038,6 +1030,16 @@
}
then accept;
}
+ term SSH-WEB-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ protocol tcp;
+ destination-port [ ssh http https ];
+ }
+ then accept;
+ }
term FIRST-FRAG {
from {
first-fragment;
@@ -1054,40 +1056,63 @@
discard;
}
}
- term ICMP-ALLOW {
+ term RADIUS-ALLOW {
from {
- protocol icmp;
- icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ source-address {
+ 156.110.31.11/32;
+ }
+ protocol [ udp tcp ];
+ port [ radius radacct ];
}
then accept;
}
- term SERVICES-OUTBOUND {
+ term NTP-ALLOW {
from {
- source-port [ domain ntp ssh syslog ftp 7804 telnet ];
+ source-address {
+ 164.58.3.98/32;
+ }
+ protocol udp;
+ port ntp;
}
then accept;
}
- term RADIUS {
+ term DOMAIN-ALLOW {
from {
source-address {
- 156.110.31.11/32;
+ 164.58.253.10/32;
+ 164.58.198.10/32;
}
- protocol [ udp tcp ];
- port [ radius radacct ];
+ port domain;
}
then accept;
}
- term NTP {
+ term SYSLOG-ALLOW {
from {
- source-address {
- 164.58.10.1/32;
- 164.58.199.0/24;
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
}
- protocol udp;
- port ntp;
+ port syslog;
}
then accept;
}
+ term FTP-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ port ftp;
+ }
+ then accept;
+ }
+ term JSPACE-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ source-port 7408;
+ }
+ then accept;
+ }
term SNMP-ALLOW {
from {
source-address {
@@ -1103,7 +1128,6 @@
term LDP-ALLOW {
from {
source-address {
- 164.58.199.0/24;
164.58.0.0/16;
156.110.0.0/16;
}
@@ -1113,8 +1137,8 @@
term PIM-ALLOW {
from {
source-address {
- 164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol pim;
}
@@ -1124,12 +1148,20 @@
from {
source-address {
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol udp;
port [ 3784 3785 ];
}
then accept;
}
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
term TRACEROUTE-ALLOW {
from {
protocol udp;
@@ -1137,6 +1169,20 @@
}
then accept;
}
+ term DENY-SERVICES-INBOUND {
+ from {
+ destination-port [ ssh telnet http https snmp ntp domain ];
+ }
+ then {
+ discard;
+ }
+ }
+ term SERVICES-OUTBOUND {
+ from {
+ source-port [ ssh telnet ];
+ }
+ then accept;
+ }
term DENY_ALL {
then {
discard;
Index: core1.dc.onenet.net
===================================================================
--- core1.dc.onenet.net (revision 108835)
+++ core1.dc.onenet.net (working copy)
@@ -843,11 +843,11 @@
#lsi.1057537 up up
#lsi.1057542 up up
#lsi.1057543 up up
-#lsi.1057615 up up
#lsi.1057672 up up
#lsi.1057714 up up
#lsi.1057901 up up
-#lsi.1057957 up up
+#lsi.1057961 up up
+#lsi.1057967 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.okccc.onenet.net
===================================================================
--- core1.okccc.onenet.net (revision 108836)
+++ core1.okccc.onenet.net (working copy)
@@ -532,7 +532,7 @@
#lsi.1048583 up up
#lsi.1048584 up up
#lsi.1048771 up up
-#lsi.1048827 up up
+#lsi.1048836 up up
#mtun up up
#pimd up up
#pime up up
Index: core2-okc-mx960.onenet.net
===================================================================
--- core2-okc-mx960.onenet.net (revision 108115)
+++ core2-okc-mx960.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE2-MX960-RE0> show system commit
+# 2014-02-19 16:51:45 CST by josh via cli commit synchronize
# 2014-02-17 10:37:41 CST by josh via cli commit synchronize
# 2014-02-15 09:31:54 CST by josh via cli commit synchronize
# 2014-02-15 08:06:36 CST by josh via cli commit synchronize
# 2014-02-14 14:58:28 CST by josh via cli commit synchronize
# 2014-02-14 14:54:30 CST by josh via cli commit synchronize
-# 2014-02-14 14:52:33 CST by rnordmark via cli commit synchronize
# grnoc-mon at OKC-CORE2-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -428,7 +428,7 @@
# grnoc-mon at OKC-CORE2-MX960-RE0> show system uptime
# System booted: 2013-04-13 23:28 CDT
# Protocols started: 2013-04-13 23:31 CDT
-# Last configured: 2014-02-17 10:37 CST by josh
+# Last configured: 2014-02-19 16:51 CST by josh
#
# {master}
# grnoc-mon at OKC-CORE2-MX960-RE0> show interface terse
@@ -594,7 +594,7 @@
#lsi up up
#lsi.0 up up
#lsi.1 up up
-#lsi.3 up up
+#lsi.4 up up
#lsi.1059842 up up
#lsi.1059845 up up
#mtun up up
@@ -604,7 +604,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE2-MX960-RE0> show configuration
-## Last commit: 2014-02-17 10:37:41 CST by josh
+## Last commit: 2014-02-19 16:51:45 CST by josh
version 11.4R7.5;
groups {
re0 {
@@ -12237,7 +12237,7 @@
community OKCCORE4 members 5078:214;
community OKCCORE5 members 5078:215;
community OKCCORE6 members 5078:216;
- community ONET-PS_NET-VPN members target:5078:2529;
+ community ONET-PS_NET-VPN members target:5078:2530;
community ONET-UPS-VPN members target:5078:100;
community OSUOKC members 5078:50;
community Okmulgee members 5078:110;
@@ -12703,10 +12703,10 @@
description "PS_NET Public Safety Net";
instance-type vrf;
interface xe-1/0/0.1100;
- route-distinguisher 164.58.199.212:2529;
+ route-distinguisher 164.58.199.212:2530;
vrf-import ONENET-PS_NET-VRF-IMPORT;
vrf-export ONENET-PS_NET-VRF-EXPORT;
- vrf-target target:5078:2529;
+ vrf-target target:5078:2530;
vrf-table-label;
routing-options {
static {
Index: core1.nor.onenet.net
===================================================================
--- core1.nor.onenet.net (revision 108834)
+++ core1.nor.onenet.net (working copy)
@@ -450,7 +450,7 @@
#lsi.1056221 up up
#lsi.1056389 up up
#lsi.1056576 up up
-#lsi.1056632 up up
+#lsi.1056641 up up
#mtun up up
#pimd up up
#pime up up
Index: core5.okc.onenet.net
===================================================================
--- core5.okc.onenet.net (revision 108838)
+++ core5.okc.onenet.net (working copy)
@@ -576,7 +576,7 @@
#lsi.1491894 up up
#lsi.1492062 up up
#lsi.1492249 up up
-#lsi.1492305 up up
+#lsi.1492314 up up
#lsi.1496838 up up
#lsi.2010116 up up
#mtun up up
Index: hub.chi.onenet.net
===================================================================
--- hub.chi.onenet.net (revision 108839)
+++ hub.chi.onenet.net (working copy)
@@ -310,7 +310,7 @@
#t1-2/0/2:21 down down
#t1-2/0/2:22 down down
#t1-2/0/2:23 down down
-#t1-2/0/2:24 down down
+#t1-2/0/2:24 down up
#t1-2/0/2:25 down up
#t1-2/0/2:26 down down
#t1-2/0/2:27 down down
Index: hub.ard.onenet.net
===================================================================
--- hub.ard.onenet.net (revision 108759)
+++ hub.ard.onenet.net (working copy)
@@ -350,8 +350,8 @@
#t1-2/0/3:12.0 up up
#t1-2/0/3:13 up up
#t1-2/0/3:13.0 up up
-#t1-2/0/3:14 up up
-#t1-2/0/3:14.0 up up
+#t1-2/0/3:14 up down
+#t1-2/0/3:14.0 up down
#t1-2/0/3:15 up down
#t1-2/0/3:16 up up
#t1-2/0/3:17 up down
Index: hub.mia.onenet.net
===================================================================
--- hub.mia.onenet.net (revision 108840)
+++ hub.mia.onenet.net (working copy)
@@ -442,7 +442,7 @@
#lsi.1053362 up up
#lsi.1053531 up up
#lsi.1053718 up up
-#lsi.1053774 up up
+#lsi.1053783 up up
#mtun up up
#pimd up up
#pime up up
Index: core.law.onenet.net
===================================================================
--- core.law.onenet.net (revision 108832)
+++ core.law.onenet.net (working copy)
@@ -474,7 +474,7 @@
#lsi.1058664 up up
#lsi.1058703 up up
#lsi.1058853 up up
-#lsi.1058909 up up
+#lsi.1058918 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.sti-mx960.onenet.net
===================================================================
--- core1.sti-mx960.onenet.net (revision 108837)
+++ core1.sti-mx960.onenet.net (working copy)
@@ -620,7 +620,7 @@
#lsi.1067817 up up
#lsi.1067818 up up
#lsi.1067819 up up
-#lsi.1067875 up up
+#lsi.1067884 up up
#mtun up up
#pimd up up
#pime up up
More information about the Nocrancid
mailing list