[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Wed Feb 19 19:01:11 CST 2014
Index: core.alt.onenet.net
===================================================================
--- core.alt.onenet.net (revision 108858)
+++ core.alt.onenet.net (working copy)
@@ -324,14 +324,14 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1101406 up up
-#lsi.1101407 up up
-#lsi.1101408 up up
-#lsi.1101409 up up
-#lsi.1101410 up up
-#lsi.1101411 up up
-#lsi.1101412 up up
-#lsi.1101413 up up
+#lsi.1101470 up up
+#lsi.1101471 up up
+#lsi.1101472 up up
+#lsi.1101473 up up
+#lsi.1101474 up up
+#lsi.1101475 up up
+#lsi.1101476 up up
+#lsi.1101477 up up
#mtun up up
#pimd up up
#pime up up
Index: core.hut.wea.onenet.net
===================================================================
--- core.hut.wea.onenet.net (revision 108830)
+++ core.hut.wea.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WEATHERFORD-MX40> show system commit
-# 2014-02-19 15:49:22 CST by jed via cli commit confirmed, rollback in 2mins
-# 2014-02-19 15:28:36 CST by josh via cli
-# 2014-02-19 15:26:38 CST by root via other
-# 2014-02-19 15:25:04 CST by josh via cli commit confirmed, rollback in 1mins
-# 2014-02-19 14:49:37 CST by root via other
-# 2014-02-19 14:46:54 CST by rnordmark via cli commit confirmed, rollback in 2mins
+# 2014-02-19 18:54:53 CST by andrew via cli commit confirmed, rollback in 10mins
+# 2014-02-19 18:47:50 CST by andrew via cli commit confirmed, rollback in 10mins
+# 2014-02-19 18:43:18 CST by andrew via cli commit confirmed, rollback in 10mins
+# 2014-02-19 18:32:51 CST by andrew via cli commit confirmed, rollback in 2mins
+# 2014-02-19 18:28:31 CST by andrew via cli commit confirmed, rollback in 10mins
+# 2014-02-19 18:21:39 CST by root via other
# grnoc-mon at WEATHERFORD-MX40> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -32,6 +32,7 @@
# Fan 4 OK
# Fan 5 OK
#
+# # commit confirmed will be rolled back in 5 minutes
# grnoc-mon at WEATHERFORD-MX40> show chassis firmware
# Part Type Version
# FPC 0 ROM Juniper ROM Monitor Version 11.3b1
@@ -41,6 +42,7 @@
# TFEB ROM Juniper ROM Monitor Version 11.3b1
# O/S Version 12.3R2.5 by builder on 2013-03-22 1
#
+# # commit confirmed will be rolled back in 5 minutes
# grnoc-mon at WEATHERFORD-MX40> show chassis fpc detail
# Slot 0 information:
# State Online
@@ -53,6 +55,7 @@
# Total SRAM 403 MB
# Total SDRAM 1316 MB
#
+# # commit confirmed will be rolled back in 5 minutes
# grnoc-mon at WEATHERFORD-MX40> show chassis hardware
# Hardware inventory:
# Item Version Part number Serial number Description
@@ -80,6 +83,7 @@
# Xcvr 9 REV 02 740-013111 D446172 SFP-T
# Fan Tray Fan Tray
#
+# # commit confirmed will be rolled back in 5 minutes
# grnoc-mon at WEATHERFORD-MX40> show chassis hardware models
# Hardware inventory:
# Item Version Part number Serial number FRU model number
@@ -93,6 +97,7 @@
# MIC 0 REV 27 750-028392 ABCH4502 MIC-3D-20GE-SFP
# Fan Tray FANTRAY-MX80-S
#
+# # commit confirmed will be rolled back in 5 minutes
# grnoc-mon at WEATHERFORD-MX40> show chassis routing-engine
# Routing Engine status:
# DRAM 2048 MB (2048 MB installed)
@@ -194,8 +199,9 @@
# Trying to mount root from ufs:/dev/da0s1a
# WARNING: / was not properly dismounted
#
+# # commit confirmed will be rolled back in 5 minutes
# grnoc-mon at WEATHERFORD-MX40> show version
-# Hostname: WEATHERFORD-MX40 # Model: mx40-t # JUNOS Base OS boot [12.3R2.5] # JUNOS Base OS Software Suite [12.3R2.5] # JUNOS Kernel Software Suite [12.3R2.5] # JUNOS Crypto Software Suite [12.3R2.5] # JUNOS Packet Forwarding Engine Support (MX80) [12.3R2.5] # JUNOS Online Documentation [12.3R2.5] # JUNOS Routing Software Suite [12.3R2.5] # # grnoc-mon at WEATHERFORD-MX40> file list /var/tmp detail #
+# Hostname: WEATHERFORD-MX40 # Model: mx40-t # JUNOS Base OS boot [12.3R2.5] # JUNOS Base OS Software Suite [12.3R2.5] # JUNOS Kernel Software Suite [12.3R2.5] # JUNOS Crypto Software Suite [12.3R2.5] # JUNOS Packet Forwarding Engine Support (MX80) [12.3R2.5] # JUNOS Online Documentation [12.3R2.5] # JUNOS Routing Software Suite [12.3R2.5] # # # commit confirmed will be rolled back in 5 minutes # grnoc-mon at WEATHERFORD-MX40> file list /var/tmp detail #
# /var/tmp:
# total blocks: 291528
# -rwxr-xr-x 1 root field 19692 Jun 3 2013 MX-40-1-412.txt*
@@ -225,11 +231,13 @@
# drwxrwxrwt 2 root wheel 512 May 20 2013 vi.recover/
# total files: 20
#
+# # commit confirmed will be rolled back in 5 minutes
# grnoc-mon at WEATHERFORD-MX40> show system uptime
# System booted: 2014-02-13 23:09 CST
# Protocols started: 2014-02-13 23:11 CST
-# Last configured: 2014-02-19 15:49 CST by jed
+# Last configured: 2014-02-19 18:54 CST by andrew
#
+# # commit confirmed will be rolled back in 5 minutes
# grnoc-mon at WEATHERFORD-MX40> show interface terse
#Interface Admin Link
#lc-0/0/0 up up
@@ -294,8 +302,9 @@
#pip0 up up
#pp0 up up
#tap up up
+## commit confirmed
# grnoc-mon at WEATHERFORD-MX40> show configuration
-## Last commit: 2014-02-19 15:49:22 CST by jed
+## Last commit: 2014-02-19 18:54:53 CST by andrew
version 12.3R2.5;
system {
host-name WEATHERFORD-MX40;
@@ -307,7 +316,7 @@
}
name-server {
164.58.253.10;
- 164.58.253.4;
+ 164.58.198.10;
}
radius-server {
156.110.31.11 {
@@ -404,8 +413,7 @@
}
}
ntp {
- server 164.58.3.98;
- server 164.58.253.82 prefer;
+ server 164.58.3.98 prefer;
}
}
chassis {
@@ -773,6 +781,17 @@
}
policy-options {
prefix-list EBGP-IPV4-NEIGHBORS;
+ prefix-list ALLOWED-MGMT-SOURCES {
+ 64.207.244.14/32;
+ 66.129.224.37/32;
+ 129.15.127.96/28;
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.10.0/24;
+ 164.58.15.0/24;
+ 164.58.244.0/22;
+ 164.58.253.0/24;
+ }
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -893,24 +912,6 @@
firewall {
family inet {
filter PROTECT-RE {
- term SERVICES {
- from {
- source-address {
- 129.15.127.96/28;
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.10.0/24;
- 164.58.253.0/24;
- 64.207.244.14/32;
- 66.129.224.37/32;
- 164.58.15.0/24;
- 164.58.244.0/22;
- }
- protocol tcp;
- destination-port [ ssh http ];
- }
- then accept;
- }
term OSPF-ALLOW {
from {
source-address {
@@ -943,6 +944,28 @@
}
then accept;
}
+ term MIRAGE {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ }
+ then {
+ count MIRAGE_PACKET;
+ log;
+ accept;
+ }
+ }
+ term SSH-WEB-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ protocol tcp;
+ destination-port [ ssh http https ];
+ }
+ then accept;
+ }
term FIRST-FRAG {
from {
first-fragment;
@@ -959,40 +982,63 @@
discard;
}
}
- term ICMP-ALLOW {
+ term RADIUS-ALLOW {
from {
- protocol icmp;
- icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ source-address {
+ 156.110.31.11/32;
+ }
+ protocol [ udp tcp ];
+ port [ radius radacct ];
}
then accept;
}
- term SERVICES-OUTBOUND {
+ term NTP-ALLOW {
from {
- source-port [ domain ntp ssh syslog ftp 7804 telnet ];
+ source-address {
+ 164.58.3.98/32;
+ }
+ protocol udp;
+ port ntp;
}
then accept;
}
- term RADIUS {
+ term DOMAIN-ALLOW {
from {
source-address {
- 156.110.31.11/32;
+ 164.58.253.10/32;
+ 164.58.198.10/32;
}
- protocol [ udp tcp ];
- port [ radius radacct ];
+ port domain;
}
then accept;
}
- term NTP {
+ term SYSLOG-ALLOW {
from {
- source-address {
- 164.58.10.1/32;
- 164.58.199.0/24;
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
}
- protocol udp;
- port ntp;
+ port syslog;
}
then accept;
}
+ term FTP-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ port ftp;
+ }
+ then accept;
+ }
+ term JSPACE-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ source-port 7408;
+ }
+ then accept;
+ }
term SNMP-ALLOW {
from {
source-address {
@@ -1008,7 +1054,6 @@
term LDP-ALLOW {
from {
source-address {
- 164.58.199.0/24;
164.58.0.0/16;
156.110.0.0/16;
}
@@ -1018,8 +1063,8 @@
term PIM-ALLOW {
from {
source-address {
- 164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol pim;
}
@@ -1029,12 +1074,20 @@
from {
source-address {
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol udp;
port [ 3784 3785 ];
}
then accept;
}
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
term TRACEROUTE-ALLOW {
from {
protocol udp;
@@ -1042,6 +1095,20 @@
}
then accept;
}
+ term DENY-SERVICES-INBOUND {
+ from {
+ destination-port [ ssh telnet http https snmp ntp domain ];
+ }
+ then {
+ discard;
+ }
+ }
+ term SERVICES-OUTBOUND {
+ from {
+ source-port [ ssh telnet ];
+ }
+ then accept;
+ }
term DENY_ALL {
then {
discard;
@@ -1077,8 +1144,10 @@
}
}
}
+# commit confirmed will be rolled back in 5 minutes
# grnoc-mon at WEATHERFORD-MX40> show ospf neighbor
# Address Interface State ID Pri Dead
# 164.58.246.77 xe-0/0/0.69 Full 164.58.199.233
# 164.58.247.102 xe-0/0/1.40 Full 164.58.199.39
#
+# # commit confirmed will be rolled back in 5 minutes
Index: core.law.onenet.net
===================================================================
--- core.law.onenet.net (revision 108859)
+++ core.law.onenet.net (working copy)
@@ -474,7 +474,7 @@
#lsi.1058664 up up
#lsi.1058703 up up
#lsi.1058853 up up
-#lsi.1058927 up up
+#lsi.1058935 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.dc.onenet.net
===================================================================
--- core1.dc.onenet.net (revision 108864)
+++ core1.dc.onenet.net (working copy)
@@ -839,7 +839,6 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1057536 up up
#lsi.1057537 up up
#lsi.1057542 up up
#lsi.1057543 up up
@@ -847,7 +846,8 @@
#lsi.1057714 up up
#lsi.1057901 up up
#lsi.1057961 up up
-#lsi.1057976 up up
+#lsi.1057981 up up
+#lsi.1057985 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.nor.onenet.net
===================================================================
--- core1.nor.onenet.net (revision 108862)
+++ core1.nor.onenet.net (working copy)
@@ -450,7 +450,7 @@
#lsi.1056221 up up
#lsi.1056389 up up
#lsi.1056576 up up
-#lsi.1056650 up up
+#lsi.1056658 up up
#mtun up up
#pimd up up
#pime up up
Index: core5.okc.onenet.net
===================================================================
--- core5.okc.onenet.net (revision 108870)
+++ core5.okc.onenet.net (working copy)
@@ -576,7 +576,7 @@
#lsi.1491894 up up
#lsi.1492062 up up
#lsi.1492249 up up
-#lsi.1492323 up up
+#lsi.1492331 up up
#lsi.1496838 up up
#lsi.2010116 up up
#mtun up up
Index: core1.okccc.onenet.net
===================================================================
--- core1.okccc.onenet.net (revision 108866)
+++ core1.okccc.onenet.net (working copy)
@@ -532,7 +532,7 @@
#lsi.1048583 up up
#lsi.1048584 up up
#lsi.1048771 up up
-#lsi.1048845 up up
+#lsi.1048853 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.lan-mx80.onenet.net
===================================================================
--- core1.lan-mx80.onenet.net (revision 108863)
+++ core1.lan-mx80.onenet.net (working copy)
@@ -268,7 +268,7 @@
#lsi.1059516 up up
#lsi.1059685 up up
#lsi.1059872 up up
-#lsi.1059946 up up
+#lsi.1059954 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: core1.sti-mx960.onenet.net
===================================================================
--- core1.sti-mx960.onenet.net (revision 108867)
+++ core1.sti-mx960.onenet.net (working copy)
@@ -620,7 +620,7 @@
#lsi.1067817 up up
#lsi.1067818 up up
#lsi.1067819 up up
-#lsi.1067893 up up
+#lsi.1067901 up up
#mtun up up
#pimd up up
#pime up up
Index: hub.chi.onenet.net
===================================================================
--- hub.chi.onenet.net (revision 108869)
+++ hub.chi.onenet.net (working copy)
@@ -310,7 +310,7 @@
#t1-2/0/2:21 down down
#t1-2/0/2:22 down down
#t1-2/0/2:23 down down
-#t1-2/0/2:24 down down
+#t1-2/0/2:24 down up
#t1-2/0/2:25 down up
#t1-2/0/2:26 down down
#t1-2/0/2:27 down down
Index: core2-okc-mx960.onenet.net
===================================================================
--- core2-okc-mx960.onenet.net (revision 108850)
+++ core2-okc-mx960.onenet.net (working copy)
@@ -596,7 +596,7 @@
#lsi.1 up up
#lsi.4 up up
#lsi.1059842 up up
-#lsi.1059845 up up
+#lsi.1059846 up up
#mtun up up
#pimd up up
#pime up up
Index: hub.mia.onenet.net
===================================================================
--- hub.mia.onenet.net (revision 108871)
+++ hub.mia.onenet.net (working copy)
@@ -442,7 +442,7 @@
#lsi.1053362 up up
#lsi.1053531 up up
#lsi.1053718 up up
-#lsi.1053792 up up
+#lsi.1053800 up up
#mtun up up
#pimd up up
#pime up up
Index: hub.sal.onenet.net
===================================================================
--- hub.sal.onenet.net (revision 108749)
+++ hub.sal.onenet.net (working copy)
@@ -320,7 +320,7 @@
#t1-2/0/2:21.0 up up
#t1-2/0/2:22 up up
#t1-2/0/2:22.0 up up
-#t1-2/0/2:23 down down
+#t1-2/0/2:23 down up
#t1-2/0/2:23.0 up down
#t1-2/0/2:24 up down
#t1-2/0/2:25 up down
Index: hub.sem.onenet.net
===================================================================
--- hub.sem.onenet.net (revision 108540)
+++ hub.sem.onenet.net (working copy)
@@ -364,14 +364,14 @@
#t1-2/0/3:10 up down
#t1-2/0/3:11 up down
#t1-2/0/3:12 up down
-#t1-2/0/3:13 up up
-#t1-2/0/3:13.0 up up
-#t1-2/0/3:14 up up
-#t1-2/0/3:14.0 up up
-#t1-2/0/3:15 up up
-#t1-2/0/3:15.0 up up
-#t1-2/0/3:16 up up
-#t1-2/0/3:16.0 up up
+#t1-2/0/3:13 up down
+#t1-2/0/3:13.0 up down
+#t1-2/0/3:14 up down
+#t1-2/0/3:14.0 up down
+#t1-2/0/3:15 up down
+#t1-2/0/3:15.0 up down
+#t1-2/0/3:16 up down
+#t1-2/0/3:16.0 up down
#t1-2/0/3:17 up up
#t1-2/0/3:17.0 up up
#t1-2/0/3:18 up down
@@ -407,7 +407,7 @@
#gr-2/3/0 up up
#ip-2/3/0 up up
#lsq-2/3/0 up up
-#lsq-2/3/0.2 up up
+#lsq-2/3/0.2 up down
#lsq-2/3/0.6 up up
#lsq-2/3/0.7 up up
#lsq-2/3/0.8 up up
Index: swi.cai.dpsdur.onenet.net
===================================================================
--- swi.cai.dpsdur.onenet.net (revision 107356)
+++ swi.cai.dpsdur.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SWI-CAI-DPSDUR-EX3300> show system commit
+# 2014-02-19 18:05:55 CST by josh via cli commit confirmed, rollback in 1mins
+# 2014-02-19 18:03:47 CST by josh via cli
+# 2014-02-19 18:02:31 CST by josh via cli commit confirmed, rollback in 1mins
# 2014-02-14 16:41:56 CST by josh via cli commit confirmed, rollback in 5mins
# 2014-02-14 16:32:14 CST by josh via cli
# 2014-02-14 16:31:07 CST by josh via cli commit confirmed, rollback in 5mins
-# 2014-02-14 16:30:55 CST by josh via cli
-# 2014-02-14 16:27:08 CST by josh via cli
-# 2014-02-14 16:26:37 CST by josh via cli commit confirmed, rollback in 5mins
# grnoc-mon at SWI-CAI-DPSDUR-EX3300> show chassis environment
# Class Item Status Measurement
# Power FPC 0 Power Supply 0 OK
@@ -163,7 +163,7 @@
# --------------------------------------------------------------------------
# System booted: 2013-07-29 13:55 CDT
# Protocols started: 2013-07-29 13:57 CDT
-# Last configured: 2014-02-14 16:41 CST by josh
+# Last configured: 2014-02-19 18:05 CST by josh
#
# {master:0}
# grnoc-mon at SWI-CAI-DPSDUR-EX3300> show interface terse
@@ -214,7 +214,7 @@
#vlan.70 up up
#vme up down
# grnoc-mon at SWI-CAI-DPSDUR-EX3300> show configuration
-## Last commit: 2014-02-14 16:41:56 CST by josh
+## Last commit: 2014-02-19 18:05:55 CST by josh
version 12.3R2.5;
system {
host-name SWI-CAI-DPSDUR-EX3300;
@@ -417,6 +417,9 @@
lo0 {
unit 0 {
family inet {
+ filter {
+ input PROTECT-RE;
+ }
address 164.58.198.12/32;
address 127.0.0.1/32;
}
More information about the Nocrancid
mailing list