[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Wed Jul 2 12:02:18 CDT 2014
Index: configs/hub.chi.onenet.net
===================================================================
--- configs/hub.chi.onenet.net (revision 117499)
+++ configs/hub.chi.onenet.net (working copy)
@@ -308,7 +308,7 @@
#t1-2/0/2:21 down down
#t1-2/0/2:22 down down
#t1-2/0/2:23 down down
-#t1-2/0/2:24 down down
+#t1-2/0/2:24 down up
#t1-2/0/2:25 down up
#t1-2/0/2:26 down down
#t1-2/0/2:27 down down
Index: configs/hub.bar.onenet.net
===================================================================
--- configs/hub.bar.onenet.net (revision 117481)
+++ configs/hub.bar.onenet.net (working copy)
@@ -326,7 +326,7 @@
#t1-2/0/2:9 down down
#t1-2/0/2:10 down down
#t1-2/0/2:11 down down
-#t1-2/0/2:12 down up
+#t1-2/0/2:12 down down
#t1-2/0/2:13 up up
#t1-2/0/2:13.0 up up
#t1-2/0/2:14 up down
Index: configs/swi.odot.dun.onenet.net
===================================================================
--- configs/swi.odot.dun.onenet.net (revision 115863)
+++ configs/swi.odot.dun.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at swi.odot.dun.onenet.net> show system commit
+# 2014-07-02 11:29:57 CDT by jeremyt via cli
+# 2014-07-02 11:06:27 CDT by rnordmark via cli
+# 2014-07-02 11:05:19 CDT by jeremyt via cli
# 2013-12-03 08:34:38 CST by rnordmark via cli
# 2013-11-27 10:43:12 CST by josh via cli
# 2013-11-27 10:41:58 CST by josh via cli commit confirmed, rollback in 5mins
-# 2013-11-27 10:25:55 CST by josh via cli
-# 2013-11-27 10:23:38 CST by josh via cli
-# 2013-11-27 10:21:16 CST by josh via cli
# grnoc-mon at swi.odot.dun.onenet.net> show chassis environment
# Class Item Status Measurement
# Power FPC 0 Power Supply 0 OK
@@ -154,7 +154,7 @@
# --------------------------------------------------------------------------
# System booted: 2014-05-07 12:20 CDT
# Protocols started: 2014-05-07 12:23 CDT
-# Last configured: 2013-12-03 08:34 CST by rnordmark
+# Last configured: 2014-07-02 11:29 CDT by jeremyt
#
# {master:0}
# grnoc-mon at swi.odot.dun.onenet.net> show interface terse
@@ -209,7 +209,7 @@
#vlan.345 up up
#vme up down
# grnoc-mon at swi.odot.dun.onenet.net> show configuration
-## Last commit: 2013-12-03 08:34:38 CST by rnordmark
+## Last commit: 2014-07-02 11:29:57 CDT by jeremyt
version 12.3R3.4;
system {
host-name swi.odot.dun.onenet.net;
@@ -221,7 +221,7 @@
}
name-server {
164.58.253.10;
- 164.58.253.4;
+ 164.58.198.10;
}
radius-server {
156.110.31.11 {
@@ -300,7 +300,7 @@
}
}
ntp {
- server 164.58.253.82 prefer;
+ server 164.58.3.98 prefer;
}
}
chassis {
@@ -441,6 +441,35 @@
164.58.247.209/32;
164.58.253.0/24;
}
+ prefix-list PRE-MGMT-SOURCES {
+ 64.207.244.14/32;
+ 66.129.224.37/32;
+ 129.15.127.96/28;
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.10.0/24;
+ 164.58.15.0/24;
+ 164.58.244.0/22;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-RADIUS-SOURCES {
+ apply-path "system radius-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-SNMP-SOURCES {
+ apply-path "snmp client-list snmp-management <1*>";
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-L0-SOURCES {
+ apply-path "interfaces lo0 unit <*> family inet address <164.*>";
+ }
policy-statement REDISTRIBUTE-DIRECTS {
term 1 {
from protocol direct;
@@ -457,130 +486,117 @@
firewall {
family inet {
filter PROTECT-RE {
- term SERVICES {
+ term SSH-ALLOW {
from {
- source-address {
- 129.15.127.96/28;
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.10.0/24;
- 164.58.253.0/24;
- 64.207.244.14/32;
- 66.129.224.37/32;
- 164.58.15.0/24;
- 164.58.244.0/22;
- }
protocol tcp;
- destination-port [ ssh http ];
+ destination-port ssh;
}
then accept;
}
+ term FIRST-FRAG {
+ from {
+ ##
+ ## Warning: statement ignored: unsupported platform (ex2200-24t-4g)
+ ##
+ first-fragment;
+ }
+ then {
+ discard;
+ }
+ }
+ term NEXT-FRAG {
+ from {
+ is-fragment;
+ }
+ then {
+ discard;
+ }
+ }
term OSPF-ALLOW {
from {
- source-address {
- 164.58.199.0/24;
- 164.58.0.0/16;
- 156.110.0.0/16;
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
}
protocol ospf;
}
then accept;
}
- term EBGP-ALLOW {
+ term RADIUS-ALLOW {
from {
- ##
- ## Warning: configuration block ignored: unsupported platform (ex2200-24t-4g)
- ##
- prefix-list {
- EBGP-IPV4-NEIGHBORS; ## 'EBGP-IPV4-NEIGHBORS' is not defined
+ source-prefix-list {
+ PRE-RADIUS-SOURCES;
}
- protocol tcp;
+ protocol [ udp tcp ];
##
## Warning: statement ignored: unsupported platform (ex2200-24t-4g)
##
- port 179;
+ port [ radius radacct ];
}
then accept;
}
- term IBGP-ALLOW {
+ term NTP-ALLOW {
from {
- source-address {
- 164.58.199.216/32;
- 164.58.199.226/32;
+ source-prefix-list {
+ PRE-NTP-SOURCES;
+ PRE-L0-SOURCES;
}
- protocol tcp;
+ protocol udp;
##
## Warning: statement ignored: unsupported platform (ex2200-24t-4g)
##
- port 179;
+ port ntp;
}
then accept;
}
- term FIRST-FRAG {
+ term DOMAIN-ALLOW {
from {
+ source-prefix-list {
+ PRE-DNS-SOURCES;
+ }
##
## Warning: statement ignored: unsupported platform (ex2200-24t-4g)
##
- first-fragment;
+ port domain;
}
- then {
- discard;
- }
- }
- term NEXT-FRAG {
- from {
- is-fragment;
- }
- then {
- discard;
- }
- }
- term ICMP-ALLOW {
- from {
- protocol icmp;
- icmp-type [ echo-reply echo-request unreachable time-exceeded ];
- }
then accept;
}
- term SERVICES-OUTBOUND {
+ term SYSLOG-ALLOW {
from {
- source-port [ domain ntp ssh syslog ftp 7804 telnet ];
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ }
+ ##
+ ## Warning: statement ignored: unsupported platform (ex2200-24t-4g)
+ ##
+ port syslog;
}
then accept;
}
- term RADIUS {
+ term FTP-ALLOW {
from {
- source-address {
- 156.110.31.11/32;
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
}
- protocol [ udp tcp ];
##
## Warning: statement ignored: unsupported platform (ex2200-24t-4g)
##
- port [ radius radacct ];
+ port ftp;
}
then accept;
}
- term NTP {
+ term JSPACE-ALLOW {
from {
- source-address {
- 164.58.10.1/32;
- 164.58.199.0/24;
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
}
- protocol udp;
- ##
- ## Warning: statement ignored: unsupported platform (ex2200-24t-4g)
- ##
- port ntp;
+ source-port 7408;
}
then accept;
}
term SNMP-ALLOW {
from {
- source-address {
- 164.58.253.0/24;
- 156.110.31.0/27;
- 156.110.31.32/28;
+ source-prefix-list {
+ PRE-SNMP-SOURCES;
}
protocol [ tcp udp ];
##
@@ -590,24 +606,10 @@
}
then accept;
}
- term LDP-ALLOW {
- from {
- source-address {
- 164.58.199.0/24;
- 164.58.0.0/16;
- 156.110.0.0/16;
- }
- ##
- ## Warning: statement ignored: unsupported platform (ex2200-24t-4g)
- ##
- port ldp;
- }
- }
term PIM-ALLOW {
from {
- source-address {
- 164.58.199.0/24;
- 164.58.0.0/16;
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
}
protocol pim;
}
@@ -615,8 +617,8 @@
}
term BFD-ALLOW {
from {
- source-address {
- 164.58.0.0/16;
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
}
protocol udp;
##
@@ -626,6 +628,13 @@
}
then accept;
}
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
term TRACEROUTE-ALLOW {
from {
protocol udp;
@@ -633,6 +642,20 @@
}
then accept;
}
+ term DENY-SERVICES-INBOUND {
+ from {
+ destination-port [ ssh telnet http https snmp ntp domain ];
+ }
+ then {
+ discard;
+ }
+ }
+ term SERVICES-OUTBOUND {
+ from {
+ source-port [ ssh telnet ];
+ }
+ then accept;
+ }
term DENY_ALL {
then {
discard;
Index: configs/hub.elr.onenet.net
===================================================================
--- configs/hub.elr.onenet.net (revision 117487)
+++ configs/hub.elr.onenet.net (working copy)
@@ -315,8 +315,8 @@
#t1-2/0/2:21.0 up up
#t1-2/0/2:22 up up
#t1-2/0/2:22.0 up up
-#t1-2/0/2:23 up up
-#t1-2/0/2:23.0 up up
+#t1-2/0/2:23 up down
+#t1-2/0/2:23.0 up down
#t1-2/0/2:24 down down
#t1-2/0/2:25 down down
#t1-2/0/2:26 down down
Index: configs/hub.alv.onenet.net
===================================================================
--- configs/hub.alv.onenet.net (revision 117498)
+++ configs/hub.alv.onenet.net (working copy)
@@ -332,6 +332,7 @@
#sp-2/3/0 up up
#sp-2/3/0.16383 up up
#vt-2/3/0 up up
+#vt-2/3/0.1058874 up up
#fe-3/0/0 down down
#pfh-3/0/0 up up
#pfh-3/0/0.16383 up up
@@ -361,7 +362,6 @@
#sp-3/3/0.0 up up
#sp-3/3/0.16383 up up
#vt-3/3/0 up up
-#vt-3/3/0.1058873 up up
#demux0 up up
#dsc up up
#em0 up up
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 117500)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -997,8 +997,8 @@
#t1-3/3/0:1:1.0 up up
#t1-3/3/0:1:2 up down
#t1-3/3/0:1:3 up down
-#t1-3/3/0:1:4 up down
-#t1-3/3/0:1:4.0 up down
+#t1-3/3/0:1:4 up up
+#t1-3/3/0:1:4.0 up up
#t1-3/3/0:1:5 up up
#t1-3/3/0:1:5.0 up up
#t1-3/3/0:1:6 up up
Index: configs/hub.alt.onenet.net
===================================================================
--- configs/hub.alt.onenet.net (revision 117500)
+++ configs/hub.alt.onenet.net (working copy)
@@ -321,8 +321,8 @@
#t1-2/0/2:22.0 up up
#t1-2/0/2:23 up up
#t1-2/0/2:23.0 up up
-#t1-2/0/2:24 up up
-#t1-2/0/2:24.0 up up
+#t1-2/0/2:24 up down
+#t1-2/0/2:24.0 up down
#t1-2/0/2:25 down down
#t1-2/0/2:26 up up
#t1-2/0/2:26.0 up up
More information about the Nocrancid
mailing list