[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Aug 13 11:10:43 CDT 2015
Index: routers.up
===================================================================
--- routers.up (revision 130177)
+++ routers.up (working copy)
@@ -12,6 +12,30 @@
clayton-ps-srx220.client.onenet.net:juniper
cleveland-ps-srx220.client.onenet.net:juniper
cli-adva.p.onenet.net:fsp3000
+core1.dc.onenet.net:juniper
+core1.edm.onenet.net:juniper
+core1.lan-mx80.onenet.net:juniper
+core1.nor.onenet.net:juniper
+core1.okccc.onenet.net:juniper
+core1.okc-mx960.onenet.net:juniper
+core1.ptc.onenet.net:juniper
+core1.sti-mx960.onenet.net:juniper
+core1.tul-mx960.onenet.net:juniper
+core2.dc.onenet.net:juniper
+core2.nor-mx80.onenet.net:juniper
+core2-okc-mx960.onenet.net:juniper
+core2.sti.onenet.net:juniper
+core2.tul-mx960.onenet.net:juniper
+core3.okc-m120.onenet.net:juniper
+core3.tul-m120.onenet.net:juniper
+core4.okc.onenet.net:juniper
+core4.tul.onenet.net:juniper
+core5.okc.onenet.net:juniper
+core5.tul.onenet.net:juniper
+core6.okc-m7i.onenet.net:juniper
+core6.tul-m7i.onenet.net:juniper
+core8.okc-mx480.onenet.net:juniper
+core8.tul.onenet.net:juniper
core.ada.onenet.net:juniper
core.alt.onenet.net:juniper
core.ard.onenet.net:juniper
@@ -58,30 +82,6 @@
core.wil.onenet.net:juniper
core.wless.velm.onenet.net:juniper
core.woo.onenet.net:juniper
-core1.dc.onenet.net:juniper
-core1.edm.onenet.net:juniper
-core1.lan-mx80.onenet.net:juniper
-core1.nor.onenet.net:juniper
-core1.okc-mx960.onenet.net:juniper
-core1.okccc.onenet.net:juniper
-core1.ptc.onenet.net:juniper
-core1.sti-mx960.onenet.net:juniper
-core1.tul-mx960.onenet.net:juniper
-core2-okc-mx960.onenet.net:juniper
-core2.dc.onenet.net:juniper
-core2.nor-mx80.onenet.net:juniper
-core2.sti.onenet.net:juniper
-core2.tul-mx960.onenet.net:juniper
-core3.okc-m120.onenet.net:juniper
-core3.tul-m120.onenet.net:juniper
-core4.okc.onenet.net:juniper
-core4.tul.onenet.net:juniper
-core5.okc.onenet.net:juniper
-core5.tul.onenet.net:juniper
-core6.okc-m7i.onenet.net:juniper
-core6.tul-m7i.onenet.net:juniper
-core8.okc-mx480.onenet.net:juniper
-core8.tul.onenet.net:juniper
grove-elem-dist-63-srx220.client.onenet.net:juniper
harra-ps-srx240.onenet.net:juniper
hennessey-ps-srx220.client.onenet.net:juniper
@@ -134,6 +134,12 @@
odmhsas.central-office.okc.client.onenet.net:juniper
oktaha-srx240.onenet.net:juniper
onenet-dc-xg210.nid.onenet.net:fsp150
+opt2.nor.onenet.net:ons15454
+opt3.okc.onenet.net:ons15454
+opt3.sti.onenet.net:ons15454
+opt3.tul.onenet.net:ons15454
+opt4.okc.onenet.net:ons15454
+opt4.tul.onenet.net:ons15454
opt.art.onenet.net:ons15454
opt.dps.onenet.net:ons15327
opt.hal.onenet.net:ons15454
@@ -146,12 +152,6 @@
opt.okc.onenet.net:ons15454
opt.sti.onenet.net:ons15454
opt.tul.onenet.net:ons15454
-opt2.nor.onenet.net:ons15454
-opt3.okc.onenet.net:ons15454
-opt3.sti.onenet.net:ons15454
-opt3.tul.onenet.net:ons15454
-opt4.okc.onenet.net:ons15454
-opt4.tul.onenet.net:ons15454
panola-ps.client.onenet.net:juniper
pioneer-tech-ponc-srx220-mr.onenet.net:juniper
rp3-adva.p.onenet.net:fsp3000
@@ -162,18 +162,6 @@
rpswi3.rp3f2.onenet.net:juniper
san-sw-tulsa-ex2200.onenet.net:juniper
sti-ps.onenet.net:PC
-swi.cai.cleet.onenet.net:juniper
-swi.cai.coal.onenet.net:juniper
-swi.cai.com.onenet.net:juniper
-swi.cai.dun.onenet.net:juniper
-swi.cai.eosc.onenet.net:juniper
-swi.cai.jef.onenet.net:juniper
-swi.cai.law.onenet.net:juniper
-swi.cai.nok.onenet.net:juniper
-swi.cai.nwosu.onenet.net:juniper
-swi.cai.sei.onenet.net:juniper
-swi.sw-tech-center-altus.onenet.net:juniper
-swi1-rp3f0-3750x.onenet.net:cisco
swi1.chi-ex2200.onenet.net:juniper
swi1.dhs-mid-okc.onenet.net:juniper
swi1.ggc-etn.onenet.net:juniper
@@ -184,8 +172,20 @@
swi1.odot.ada-hq.onenet.net:juniper
swi1.odot.dun-hq.onenet.net:juniper
swi1.odot.ton-intmaint.onenet.net:juniper
+swi1-rp3f0-3750x.onenet.net:cisco
swi1.towalt.onenet.net:juniper
swi1.wayne.onenet.net:juniper
+swi.cai.cleet.onenet.net:juniper
+swi.cai.coal.onenet.net:juniper
+swi.cai.com.onenet.net:juniper
+swi.cai.dun.onenet.net:juniper
+swi.cai.eosc.onenet.net:juniper
+swi.cai.jef.onenet.net:juniper
+swi.cai.law.onenet.net:juniper
+swi.cai.nok.onenet.net:juniper
+swi.cai.nwosu.onenet.net:juniper
+swi.cai.sei.onenet.net:juniper
+swi.sw-tech-center-altus.onenet.net:juniper
taloga-pub-school-srx240.client.onenet.net:juniper
tuskahoma:juniper
vinita-public-library-srx220.onenet.net:juniper
Index: configs/swi1.odot.ton-intmaint.onenet.net
===================================================================
--- configs/swi1.odot.ton-intmaint.onenet.net (revision 128688)
+++ configs/swi1.odot.ton-intmaint.onenet.net (working copy)
@@ -601,3 +601,32 @@
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
{master:0}
+# grnoc-mon at SWI1-ODOT-TONKAWA-INTMAINT-EX4200> show system snapshot media internal
+# fpc0:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (backup)
+# Creation date: Mar 16 22:03:37 2015
+# JUNOS version on snapshot:
+# jbase : ex-12.3R6.6
+# jkernel-ex: 12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jpfe-ex42x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# fips-mode-powerpc: 12.3R6.6
+# Information for snapshot on internal (/dev/da0s2a) (primary)
+# Creation date: Mar 13 04:37:15 2014
+# JUNOS version on snapshot:
+# jbase : ex-12.3R6.6
+# jkernel-ex: 12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jpfe-ex42x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# fips-mode-powerpc: 12.3R6.6
+#
+# {master:0}
Index: configs/swi1.langston-okc.onenet.net
===================================================================
--- configs/swi1.langston-okc.onenet.net (revision 125004)
+++ configs/swi1.langston-okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SWI1-LANGSTON-OKC-EX2200-24T-ASSET-003074> show system commit
+# 2015-04-20 08:54:17 CDT by andrew via cli
+# 2015-04-17 16:19:03 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2015-03-12 14:50:31 CDT by joel via cli
# 2015-01-21 17:28:08 CST by andrew via cli
# 2015-01-21 17:21:27 CST by andrew via cli commit confirmed, rollback in 3mins
# 2015-01-20 10:43:59 CST by andrew via cli
-# 2015-01-11 18:54:54 CST by andrew via cli
-# 2015-01-09 10:40:06 CST by admin via cli
# grnoc-mon at SWI1-LANGSTON-OKC-EX2200-24T-ASSET-003074> show chassis environment
# Class Item Status Measurement
# Power FPC 0 Power Supply 0 OK
@@ -154,16 +154,17 @@
# grnoc-mon at SWI1-LANGSTON-OKC-EX2200-24T-ASSET-003074> show system uptime
# fpc0:
# --------------------------------------------------------------------------
-# System booted: 2015-03-16 18:38 CDT
-# Protocols started: 2015-03-16 18:42 CDT
-# Last configured: 2015-03-12 14:50 CDT by joel
+# System booted: 2015-06-18 18:31 CDT
+# Protocols started: 2015-06-18 18:35 CDT
+# Last configured: 2015-04-20 08:54 CDT by andrew
#
# {master:0}
# grnoc-mon at SWI1-LANGSTON-OKC-EX2200-24T-ASSET-003074> show interface terse
#Interface Admin Link
#ge-0/0/0 up up
#ge-0/0/0.0 up up
-#ge-0/0/1 down down
+#ge-0/0/1 up up
+#ge-0/0/1.0 up up
#ge-0/0/2 down down
#ge-0/0/3 down down
#ge-0/0/4 down down
@@ -207,7 +208,7 @@
#vlan.80 up up
#vme up down
# grnoc-mon at SWI1-LANGSTON-OKC-EX2200-24T-ASSET-003074> show configuration
-## Last commit: 2015-03-12 14:50:31 CDT by joel
+## Last commit: 2015-04-20 08:54:17 CDT by andrew
version 12.3R6.6;
system {
host-name SWI1-LANGSTON-OKC-EX2200-24T-ASSET-003074;
@@ -335,7 +336,7 @@
}
interfaces {
ge-0/0/0 {
- description HEI-LANGSTON-OKC-GE-CIR000XXXX;
+ description L2-HEI-LANGSTON-OKC-GE-CIR0006213;
unit 0 {
family ethernet-switching {
port-mode trunk;
@@ -346,7 +347,15 @@
}
}
ge-0/0/1 {
- disable;
+ description L2-HEI-LANGSTON-OKC-GE-CIR0006213;
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 500;
+ }
+ }
+ }
}
ge-0/0/2 {
disable;
@@ -415,7 +424,7 @@
disable;
}
ge-0/1/0 {
- description "CORE 1GE to core4.okc ge-1/3/2 | OneNet-OKC-OKL420LAN-GE-XXXX";
+ description "CORE 1GE to core4.okc ge-1/3/2 | OneNet-OKC-OKL420LAN-GE-6213";
mtu 9192;
unit 0 {
family ethernet-switching {
@@ -449,7 +458,7 @@
}
vlan {
unit 80 {
- description OneNet-OKC-LANOKC-GE-XXXX;
+ description OneNet-OKC-LANOKC-GE-6213;
family inet {
address 10.199.208.10/30;
}
@@ -553,6 +562,9 @@
VLAN-3002 {
vlan-id 3002;
}
+ VLAN-500 {
+ vlan-id 500;
+ }
VLAN-80 {
vlan-id 80;
l3-interface vlan.80;
@@ -572,3 +584,32 @@
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
{master:0}
+# grnoc-mon at SWI1-LANGSTON-OKC-EX2200-24T-ASSET-003074> show system snapshot media internal
+# fpc0:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (backup)
+# Creation date: Apr 20 09:27:57 2015
+# JUNOS version on snapshot:
+# jbase : ex-12.3R6.6
+# jkernel-ex-2200: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jpfe-ex22x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# fips-mode-arm: 12.3R6.6
+# Information for snapshot on internal (/dev/da0s2a) (primary)
+# Creation date: Mar 13 04:33:51 2014
+# JUNOS version on snapshot:
+# jbase : ex-12.3R6.6
+# jkernel-ex-2200: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jpfe-ex22x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# fips-mode-arm: 12.3R6.6
+#
+# {master:0}
Index: configs/keota-hs-srx220.client.onenet.net
===================================================================
--- configs/keota-hs-srx220.client.onenet.net (revision 129301)
+++ configs/keota-hs-srx220.client.onenet.net (working copy)
@@ -0,0 +1,561 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show system commit
+# 2015-08-03 17:23:27 CDT by joel via cli
+# 2015-07-20 15:39:45 CDT by joel via cli
+# 2015-07-14 00:18:21 CDT by onenet via cli
+# 2014-08-15 23:07:23 CDT by onenet via cli
+# 2014-08-15 22:05:34 CDT by root via cli
+# 2014-08-15 16:45:08 CDT by root via other
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU Absent
+# Fans SRX220 Chassis fan 0 OK
+# SRX220 Chassis fan 1 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X44-D30.4 by builder on 2014-01
+# FWDD O/S Version 12.1X44-D30.4 by builder on 2014-01
+#
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis AQ2613AK0321 SRX220H
+# Routing Engine REV 22 750-031175 ACAP8230 RE-SRX220H
+# FPC 0 FPC
+# PIC 0 8x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show chassis hardware models
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACAP8230
+#
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show chassis scb
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show chassis sfm detail
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show chassis ssb
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 128kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# cpld0 on obio0
+# pcib0: <Cavium on-chip PCI bridge> on obio0
+# Disabling Octeon big bar support
+# PCI Status: PCI 32-bit: 0xc041b
+# pcib0: Initialized controller
+# pci0: <PCI bus> on pcib0
+# pci0: <simple comms> at device 1.0 (no driver attached)
+# atapci0: <SiI 0680 UDMA133 controller> port 0x8-0xb,0x10-0x17,0x18-0x1b,0x20-0x2f mem 0x8020000-0x80200ff irq 0 at device 2.0 on pci0
+# ata2: <ATA channel 0> on atapci0
+# ata3: <ATA channel 1> on atapci0
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 8MB> on obio0
+# Timecounter "mips" frequency 700000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# ad0: Device does not support APM
+# ad0: 1006MB <CF 1GB 20100924> at ata2-master WDMA2
+# Trying to mount root from ufs:/dev/ad0s2a
+#
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show version
+# Hostname: KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942 # Model: srx220h # JUNOS Software Release [12.1X44-D30.4] # # grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 Jan 11 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show system uptime
+# System booted: 2015-08-03 17:18 CDT
+# Protocols started: 2015-08-03 17:20 CDT
+# Last configured: 2015-08-03 17:23 CDT by joel
+#
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 up up
+#ge-0/0/7.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.999 up down
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show configuration
+## Last commit: 2015-08-03 17:23:27 CDT by joel
+version 12.1X44-D30.4;
+system {
+ host-name KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 156.110.28.154;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 156.110.28.154;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface - 156.110.28.154/30";
+ unit 0 {
+ family inet {
+ address 156.110.28.154/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "UNTRUST LAN Interface - 156.110.231.97/29";
+ unit 0 {
+ family inet {
+ address 156.110.231.97/29;
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.28.153;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy UNTRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ ge-0/0/7.0 {
+ host-inbound-traffic {
+ system-services {
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+}
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at KEOTA-HS-SRX220-LEASED-ASSET-TAG-003942> show system snapshot media internal
+# Information for snapshot on internal (/dev/ad0s1a) (backup)
+# Creation date: Jul 20 15:40:50 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D30.4-domestic
+# Information for snapshot on internal (/dev/ad0s2a) (primary)
+# Creation date: Aug 3 15:50:47 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D30.4-domestic
+#
Index: configs/core.hut.hen.onenet.net
===================================================================
--- configs/core.hut.hen.onenet.net (revision 130177)
+++ configs/core.hut.hen.onenet.net (working copy)
@@ -325,7 +325,7 @@
#lsi.1050424 up up
#lsi.1050426 up up
#lsi.1050427 up up
-#lsi.1050429 up up
+#lsi.1050430 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: configs/core.hut.sei.onenet.net
===================================================================
--- configs/core.hut.sei.onenet.net (revision 130177)
+++ configs/core.hut.sei.onenet.net (working copy)
@@ -319,7 +319,7 @@
#lsi.1051195 up up
#lsi.1051197 up up
#lsi.1051199 up up
-#lsi.1051201 up up
+#lsi.1051202 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: configs/swi.cai.com.onenet.net
===================================================================
--- configs/swi.cai.com.onenet.net (revision 120720)
+++ configs/swi.cai.com.onenet.net (working copy)
@@ -559,3 +559,32 @@
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
{master:0}
+# grnoc-mon at SWI-COMANCHE-TRIBAL-COLLEGE-EX-3300> show system snapshot media internal
+# fpc0:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: Mar 22 18:58:16 2013
+# JUNOS version on snapshot:
+# jbase : ex-12.3R2.5
+# jkernel-ex-3300: 12.3R2.5
+# jweb-ex: 12.3R2.5
+# jcrypto-ex: 12.3R2.5
+# jdocs-ex: 12.3R2.5
+# jswitch-ex: 12.3R2.5
+# jpfe-ex33x: 12.3R2.5
+# jroute-ex: 12.3R2.5
+# fips-mode-arm: 12.3R2.5
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: May 12 09:36:51 2013
+# JUNOS version on snapshot:
+# jbase : ex-12.3R2.5
+# jkernel-ex-3300: 12.3R2.5
+# jweb-ex: 12.3R2.5
+# jcrypto-ex: 12.3R2.5
+# jdocs-ex: 12.3R2.5
+# jswitch-ex: 12.3R2.5
+# jpfe-ex33x: 12.3R2.5
+# jroute-ex: 12.3R2.5
+# fips-mode-arm: 12.3R2.5
+#
+# {master:0}
Index: configs/hub.lawton-tower-router-mw.onenet.net
===================================================================
--- configs/hub.lawton-tower-router-mw.onenet.net (revision 128327)
+++ configs/hub.lawton-tower-router-mw.onenet.net (working copy)
@@ -74,7 +74,7 @@
!Slot 4: part 73-1391-08, serial 31463783
!
!show switch stack-ports
-Show Switch Stack: ^
+Show Switch Stack: ^
! Last configuration change at 22:58:34 UTC Wed May 20 2015 by andrew
! NVRAM config last updated at 20:30:30 UTC Mon Apr 20 2015 by joel
!
Index: configs/swi.cai.dun.onenet.net
===================================================================
--- configs/swi.cai.dun.onenet.net (revision 128428)
+++ configs/swi.cai.dun.onenet.net (working copy)
@@ -556,3 +556,32 @@
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
{master:0}
+# grnoc-mon at SWI-DUNCAN-PUBLIC-LIBRARY-EX-3300> show system snapshot media internal
+# fpc0:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (backup)
+# Creation date: May 23 15:55:39 2013
+# JUNOS version on snapshot:
+# jbase : ex-12.3R2.5
+# jkernel-ex-3300: 12.3R2.5
+# jweb-ex: 12.3R2.5
+# jcrypto-ex: 12.3R2.5
+# jdocs-ex: 12.3R2.5
+# jswitch-ex: 12.3R2.5
+# jpfe-ex33x: 12.3R2.5
+# jroute-ex: 12.3R2.5
+# fips-mode-arm: 12.3R2.5
+# Information for snapshot on internal (/dev/da0s2a) (primary)
+# Creation date: May 1 14:22:44 2013
+# JUNOS version on snapshot:
+# jbase : ex-12.3R2.5
+# jkernel-ex-3300: 12.3R2.5
+# jweb-ex: 12.3R2.5
+# jcrypto-ex: 12.3R2.5
+# jdocs-ex: 12.3R2.5
+# jswitch-ex: 12.3R2.5
+# jpfe-ex33x: 12.3R2.5
+# jroute-ex: 12.3R2.5
+# fips-mode-arm: 12.3R2.5
+#
+# {master:0}
Index: configs/hub.newcastle-router-mw.onenet.net
===================================================================
--- configs/hub.newcastle-router-mw.onenet.net (revision 130108)
+++ configs/hub.newcastle-router-mw.onenet.net (working copy)
@@ -72,7 +72,7 @@
!Slot 2: part 73-1391-08, serial 29047306
!
!show switch stack-ports
-Show Switch Stack: ^
+Show Switch Stack: ^
! Last configuration change at 23:38:45 extende Tue Aug 11 2015 by andrew
! NVRAM config last updated at 23:47:36 extende Tue Aug 11 2015 by andrew
!
Index: configs/hub.rushsprings-router-mw.onenet.net
===================================================================
--- configs/hub.rushsprings-router-mw.onenet.net (revision 128327)
+++ configs/hub.rushsprings-router-mw.onenet.net (working copy)
@@ -76,7 +76,7 @@
!Slot 3: part 73-1577-07, serial 29604395
!
!show switch stack-ports
-Show Switch Stack: ^
+Show Switch Stack: ^
! Last configuration change at 15:20:54 extende Mon Apr 20 2015 by joel
! NVRAM config last updated at 15:30:28 extende Mon Apr 20 2015 by joel
!
Index: configs/core1.lan-mx80.onenet.net
===================================================================
--- configs/core1.lan-mx80.onenet.net (revision 130178)
+++ configs/core1.lan-mx80.onenet.net (working copy)
@@ -197,7 +197,7 @@
# -rw-rw---- 1 root field 52711424 Jun 10 15:37 ifinfo.core.1
# -rw-rw---- 1 root field 52711424 Jun 10 15:40 ifinfo.core.2
# -rw-rw---- 1 root field 52711424 Jun 10 15:47 ifinfo.core.3
-# -rw-rw---- 1 root field 52711424 Aug 13 10:46 ifinfo.core.4
+# -rw-rw---- 1 root field 52711424 Aug 13 11:07 ifinfo.core.4
# drwxrwxrwx 2 root wheel 512 Aug 13 2012 install/
# -rw-r--r-- 1 eng field 99542994 May 30 2013 jinstall-ppc-11.4R7.5-domestic-signed.tgz
# -rw-r--r-- 1 upgrades field 150276951 Aug 8 2014 jinstall-ppc-12.3R7.7-domestic-signed.tgz
Index: configs/swi1.dhs-mid-okc.onenet.net
===================================================================
--- configs/swi1.dhs-mid-okc.onenet.net (revision 126671)
+++ configs/swi1.dhs-mid-okc.onenet.net (working copy)
@@ -1,94 +1,89 @@
# RANCID-CONTENT-TYPE: juniper
#
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show system commit
-# 2015-04-23 08:52:21 CDT by andrew via cli
-# 2015-04-14 23:02:41 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2015-04-14 23:02:08 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2015-04-03 13:43:12 CDT by admin via cli
-# 2015-03-30 20:47:11 CDT by andrew via cli
-# 2015-03-30 20:44:44 CDT by admin via cli
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show chassis environment
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show system commit
+# 2015-08-10 19:35:28 CDT by andrew via cli commit confirmed, rollback in 3mins
+# 2015-08-10 18:06:59 CDT by root via other
+# 2015-08-10 17:35:36 CDT by andrew via cli
+# 2015-08-10 17:21:56 CDT by andrew via cli
+# 2015-08-10 17:13:18 CDT by andrew via cli
+# 2015-08-10 06:45:20 CDT by admin via cli
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show chassis environment
# Class Item Status Measurement
# Power FPC 0 Power Supply 0 OK
# Temp FPC 0 CPU OK
-# FPC 0 Exhaust Area OK
# FPC 0 EX-PFE1 OK
-# FPC 0 Local Intake OK
-# FPC 0 Remote Intake OK
# FPC 0 GEPHY1 OK
-# FPC 0 GEPHY2 OK
-# FPC 0 GEPHY3 OK
-# FPC 0 GEPHY4 OK
-# FPC 0 GEPHY5 OK
-# FPC 0 GEPHY6 OK
+# FPC 0 Fan Exhaust OK
+# FPC 0 SFP+ PHY OK
+# FPC 0 Local Sensor OK
# Fans FPC 0 Fan 1 OK
# FPC 0 Fan 2 OK
#
# {master:0}
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show chassis firmware
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show chassis firmware
# Part Type Version
-# FPC 0 uboot U-Boot 1.1.6 (Jul 26 2011 - 03:19:50) 1.0
+# FPC 0 uboot U-Boot 1.1.6 (Aug 21 2011 - 01:45:26) 1.0
# loader FreeBSD/arm U-Boot loader 1.1
#
# {master:0}
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show chassis fpc detail
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show chassis fpc detail
# Slot 0 information:
# State Online
-# Total CPU DRAM 512 MB
+# Total CPU DRAM 1024 MB
#
# {master:0}
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show chassis hardware
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show chassis hardware
# Hardware inventory:
# Item Version Part number Serial number Description
-# Chassis CW0213289788 EX2200-24T-4G
-# Routing Engine 0 REV 24 750-026468 CW0213289788 EX2200-24T-4G
-# FPC 0 REV 24 750-026468 CW0213289788 EX2200-24T-4G
+# Chassis GD0211402153 EX3300-24T
+# Routing Engine 0 REV 08 750-034299 GD0211402153 EX3300 24-Port
+# FPC 0 REV 08 750-034299 GD0211402153 EX3300 24-Port
# CPU BUILTIN BUILTIN FPC CPU
# PIC 0 BUILTIN BUILTIN 24x 10/100/1000 Base-T
-# PIC 1 REV 24 750-026468 CW0213289788 4x GE SFP
-# Xcvr 0 740-011783 USWLHX22638 SFP-LX10
+# PIC 1 REV 08 750-034299 GD0211402153 4x GE/XE SFP+
+# Xcvr 0 REV 01 740-021309 AQG2DGL SFP+-10G-LR
# Xcvr 1 REV 01 740-011613 USOSX25277 SFP-SX
# Power Supply 0 PS 100W AC
# Fan Tray Fan Tray
#
# {master:0}
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show chassis hardware models
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show chassis hardware models
# Hardware inventory:
# Item Version Part number Serial number FRU model number
-# Routing Engine 0 REV 24 750-026468 CW0213289788 EX2200-24T-4G
-# FPC 0 REV 24 750-026468 CW0213289788 EX2200-24T-4G
-# PIC 0 BUILTIN BUILTIN EX2200-24T-4G
-# PIC 1 REV 24 750-026468 CW0213289788 EX2200-24T-4G
+# Routing Engine 0 REV 08 750-034299 GD0211402153 EX3300-24T
+# FPC 0 REV 08 750-034299 GD0211402153 EX3300-24T
+# PIC 0 BUILTIN BUILTIN EX3300-24T
+# PIC 1 REV 08 750-034299 GD0211402153 EX3300-24T
#
# {master:0}
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show chassis routing-engine
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show chassis routing-engine
# Routing Engine status:
# Slot 0:
# Current state Master
-# DRAM 512
-# Serial ID CW0213289788
+# DRAM 1024
+# Serial ID GD0211402153
#
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show chassis scb
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show chassis sfm detail
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show chassis ssb
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show system boot-messages
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show chassis scb
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show chassis sfm detail
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show chassis ssb
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show system boot-messages
# fpc0:
# --------------------------------------------------------------------------
# GDB: debug ports: uart
# GDB: current port: uart
# KDB: debugger backends: ddb gdb
# KDB: current backend: ddb
-# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# Copyright (c) 1996-2015, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2006 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# can't re-use a leaf (all_slot_serialid)!
-# CPU: Feroceon 88FR131 rev 1 (Marvell core)
-# cpu53: Feroceon 88FR131 revision WB enabled EABT branch prediction enabled
-# 16KB/32B 4-way Instruction cache
-# 16KB/32B 4-way write-back-locking-C Data cache
-# SOC: Marvell 88F6281 rev A0, TClock 200MHz
+# CPU: Early Feroceon 88FR571 rev 0 (Marvell core)
+# cpu55: Early Feroceon 88FR571 revision WB enabled EABT branch prediction enabled
+# 32KB/32B 4-way Instruction cache
+# 32KB/32B 4-way write-back-locking-C Data cache
+# SOC: Marvell MV78100, TClock 200MHz
# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# MAC/veriexec fingerprint module loaded: SHA256
# MAC/veriexec fingerprint module loaded: SHA1
@@ -96,37 +91,48 @@
# Initializing EXSERIES properties ...
# mbus0: <Marvell Internal Bus (Mbus)> on motherboard
# ic0: <Marvell Integrated Interrupt Controller> at mem 0xf1020200-0xf102023b on mbus0
-# timer0: <Marvell CPU Timer> at mem 0xf1020300-0xf102032f irq 1 on mbus0
-# gpio0: <Marvell Integrated GPIO Controller> at mem 0xf1010100-0xf101011f irq 35,36,37,38,39,40,41 on mbus0
-# uart0: <16550 or compatible> at mem 0xf1012000-0xf101201f irq 33 on mbus0
+# timer0: <Marvell CPU Timer> at mem 0xf1020300-0xf102032f irq 8 on mbus0
+# gpio0: <Marvell Integrated GPIO Controller> at mem 0xf1010100-0xf101011f irq 56,57,58,59 on mbus0
+# uart0: <16550 or compatible> at mem 0xf1012000-0xf101201f irq 12 on mbus0
# uart0: console (9600,n,8,1)
-# uart1: <16550 or compatible> at mem 0xf1012100-0xf101211f irq 34 on mbus0
-# ehci0: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1050000-0xf1050fff irq 48,19 on mbus0
+# uart1: <16550 or compatible> at mem 0xf1012100-0xf101211f irq 13 on mbus0
+# ehci0: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1050000-0xf1050fff irq 72,16 on mbus0
# usb0: EHCI version 1.0
# usb0 on ehci0
# usb0: USB revision 2.0
# uhub0: Marvell EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
# uhub0: 1 port with 1 removable, self powered
-# uhub1: vendor 0x04b4 product 0x6560, class 9/0, rev 2.00/90.15, addr 2
-# uhub1: single transaction translator
-# uhub1: 2 ports with 2 removable, self powered
-# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
-# mge0: <Marvell Gigabit Ethernet controller> at mem 0xf1072000-0xf1073fff irq 12,13,14,11,46 on mbus0
-# mge0: hardware MAC address 3c:8a:b0:9a:5f:7f
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 2
+# ehci1: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1051000-0xf1051fff irq 72,17 on mbus0
+# usb1: EHCI version 1.0
+# usb1 on ehci1
+# usb1: USB revision 2.0
+# uhub1: Marvell EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub1: 1 port with 1 removable, self powered
+# ehci2: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1052000-0xf1052fff irq 72,18 on mbus0
+# usb2: EHCI version 1.0
+# usb2 on ehci2
+# usb2: USB revision 2.0
+# uhub2: Marvell EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub2: 1 port with 1 removable, self powered
+# mge0: <Marvell Gigabit Ethernet controller> at mem 0xf1072000-0xf1073fff irq 41,42,43,40,70 on mbus0
+# mge0: hardware MAC address 88:e0:f3:72:f0:ff
# miibus0: <MII bus> on mge0
-# e1000phy0: <Marvell 88E1118 Gigabit PHY> on miibus0
+# e1000phy0: <Marvell 88E1310 Gigabit PHY> on miibus0
# e1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, auto
-# i2c0: <Marvell I2C ARM OnChip Controller> at mem 0xf1011000-0xf101101f irq 29 on mbus0
-# syspld0: <SYSPLD> on i2c0
+# i2c0: <Marvell I2C ARM OnChip Controller> at mem 0xf1011000-0xf101101f on mbus0
# 8564 rtc0: <8564 RTC> on i2c0
# poe0: <POE> on i2c0
# device_attach: poe0 attach returned 19
-# cfi0: <SPI flash - 8MB> at mem 0xf1010600-0xf101062f,0xf8000000-0xf87fffff irq 23 on mbus0
-# mpfe0: <Juniper EX-series Packet Forwarding Engine> at mem 0xf4000000-0xf7ffffff irq 113 on mbus0
-# pcib0: <Marvell 88F6281 PCI-Express host controller> at mem 0xf1040000-0xf1041fff,0xe8000000-0xefffffff irq 9 on mbus0
+# i2c1: <Marvell I2C ARM OnChip Controller> at mem 0xf1011100-0xf101111f on mbus0
+# pcib0: <Marvell MV78100 PCI-Express host controller> at mem 0xf1040000-0xf1041fff,0xe8000000-0xebffffff on mbus0
# pci0: <PCI bus> on pcib0
-# Initializing product: 75 ..
-# bmeb: bmeb_lib_init done 0xc3386800, addr 0xc1d5bac0
+# mpfe0: <Juniper EX-series Packet Forwarding Engine> mem 0xe8000000-0xebffffff irq 112 at device 1.0 on pci0
+# mpfe0: 0x100000 bytes of rid 0x10 res 3 failed (0, 0xffffffff).
+# syspld0 at mem 0xf9000000-0xf90fffff on mbus0
+# cfi0: <SPI flash - 8MB> at mem 0xf1010600-0xf101062f,0xf8800000-0xf8ffffff irq 1 on mbus0
+# Initializing product: 112 ..
+# bmeb: bmeb_lib_init done 0xc41c4800, addr 0xc1d86cd0
# bme0:Virtual BME driver initializing
# Timecounter "CPU Timer" frequency 200000000 Hz quality 1000
# ###PCB Group initialized for udppcbgroup
@@ -135,34 +141,32 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)
-# Kernel thread "wkupdaemon" (pid 42) exited prematurely.
+# Kernel thread "wkupdaemon" (pid 46) exited prematurely.
# Trying to mount root from ufs:/dev/da0s2a
#
# {master:0}
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show version
-# fpc0: # -------------------------------------------------------------------------- # Hostname: SWI1-DHS-MID-OKC-EX2200-24T # Model: ex2200-24t-4g # JUNOS Base OS boot [12.3R6.6] # JUNOS Base OS Software Suite [12.3R6.6] # JUNOS Kernel Software Suite [12.3R6.6] # JUNOS Crypto Software Suite [12.3R6.6] # JUNOS Online Documentation [12.3R6.6] # JUNOS Enterprise Software Suite [12.3R6.6] # JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6] # JUNOS Routing Software Suite [12.3R6.6] # JUNOS Web Management [12.3R6.6] # JUNOS FIPS mode utilities [12.3R6.6] # # {master:0} # grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> file list /var/tmp detail #
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show version
+# fpc0: # -------------------------------------------------------------------------- # Hostname: SWI1-DHS-MID-OKC-EX3300-24T # Model: ex3300-24t # JUNOS Base OS boot [12.3R9.4] # JUNOS Base OS Software Suite [12.3R9.4] # JUNOS Kernel Software Suite [12.3R9.4] # JUNOS Crypto Software Suite [12.3R9.4] # JUNOS Online Documentation [12.3R9.4] # JUNOS Enterprise Software Suite [12.3R9.4] # JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R9.4] # JUNOS Routing Software Suite [12.3R9.4] # JUNOS Web Management [12.3R9.4] # JUNOS FIPS mode utilities [12.3R9.4] # # {master:0} # grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> file list /var/tmp detail #
# /var/tmp:
-# total blocks: 48
-# drwxrwxr-x 2 root wheel 512 Nov 15 2011 .snap/
-# -rw-r--r-- 1 root field 3898 Mar 13 2014 ex_autod_config
-# -rw-r--r-- 1 root field 2998 Mar 13 2014 ex_autod_rollback_cfg
-# drwxr-xr-x 2 root field 512 Mar 13 2014 gres-tp/
-# drwxrwxrwx 2 root wheel 512 Mar 13 2014 install/
-# drwxrwxrwx 2 root wheel 512 Mar 13 2014 pics/
-# drwxr-xr-x 2 root field 512 Mar 13 2014 rtsdb/
-# drwxrwxrwt 2 root wheel 512 Mar 13 2014 vi.recover/
-# total files: 2
+# total blocks: 32
+# drwxrwxr-x 2 root wheel 512 Dec 31 2004 .snap/
+# drwxr-xr-x 2 root field 512 Aug 10 18:07 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Aug 10 18:07 install/
+# drwxrwxrwx 2 root wheel 512 Aug 10 18:07 pics/
+# drwxr-xr-x 2 root field 512 Aug 10 18:07 rtsdb/
+# drwxrwxrwt 2 root wheel 512 Aug 10 18:07 vi.recover/
+# total files: 0
#
# {master:0}
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show system uptime
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show system uptime
# fpc0:
# --------------------------------------------------------------------------
-# System booted: 2015-04-15 10:51 CDT
-# Protocols started: 2015-04-15 10:54 CDT
-# Last configured: 2015-04-23 08:52 CDT by andrew
+# System booted: 2015-08-10 18:05 CDT
+# Protocols started: 2015-08-10 18:07 CDT
+# Last configured: 2015-08-10 19:35 CDT by andrew
#
# {master:0}
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show interface terse
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show interface terse
#Interface Admin Link
#ge-0/0/0 down down
#ge-0/0/1 down down
@@ -186,10 +190,12 @@
#ge-0/0/19 down down
#ge-0/0/20 down down
#ge-0/0/21 down down
-#ge-0/0/22 down down
-#ge-0/0/23 down down
-#ge-0/1/0 up up
-#ge-0/1/0.0 up up
+#ge-0/0/22 up up
+#ge-0/0/22.0 up up
+#ge-0/0/23 up up
+#ge-0/0/23.0 up up
+#xe-0/1/0 up up
+#xe-0/1/0.0 up up
#ge-0/1/1 up up
#ge-0/1/1.0 up up
#bme0 up up
@@ -210,11 +216,11 @@
#vlan up up
#vlan.80 up up
#vme up down
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show configuration
-## Last commit: 2015-04-23 08:52:21 CDT by andrew
-version 12.3R6.6;
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show configuration
+## Last commit: 2015-08-10 19:35:28 CDT by andrew
+version 12.3R9.4;
system {
- host-name SWI1-DHS-MID-OKC-EX2200-24T;
+ host-name SWI1-DHS-MID-OKC-EX3300-24T;
domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
@@ -405,19 +411,36 @@
disable;
}
ge-0/0/22 {
- disable;
+ description "L2-DHS-TEST-SITE-10M-CIR000XXXX [NO-MONITOR]";
+ mtu 9192;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members 600-602;
+ }
+ }
+ }
}
ge-0/0/23 {
- disable;
+ mtu 9192;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members 425-426;
+ }
+ }
+ }
}
- ge-0/1/0 {
+ xe-0/1/0 {
description "CORE 1GE to core5.okc ge-0/2/2 | OneNet-OKC-OKL110DHS-GE-XXXX";
mtu 9192;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
- members [ 80 500 ];
+ members [ 80 425-426 500 600-602 ];
}
}
}
@@ -549,22 +572,66 @@
}
}
vlans {
+ VLAN-425 {
+ vlan-id 425;
+ }
+ VLAN-426 {
+ vlan-id 426;
+ }
VLAN-500 {
vlan-id 500;
}
+ VLAN-600 {
+ vlan-id 600;
+ }
+ VLAN-601 {
+ vlan-id 601;
+ }
+ VLAN-602 {
+ vlan-id 602;
+ }
VLAN-80 {
vlan-id 80;
l3-interface vlan.80;
}
}
{master:0}
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show ospf neighbor
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show ospf neighbor
# OSPF instance is not running
#
# {master:0}
-# grnoc-mon at SWI1-DHS-MID-OKC-EX2200-24T> show bfd session
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show bfd session
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
{master:0}
+# grnoc-mon at SWI1-DHS-MID-OKC-EX3300-24T> show system snapshot media internal
+# fpc0:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (backup)
+# Creation date: Aug 10 18:14:01 2015
+# JUNOS version on snapshot:
+# jbase : ex-12.3R9.4
+# jkernel-ex-3300: 12.3R9.4
+# jweb-ex: 12.3R9.4
+# jcrypto-ex: 12.3R9.4
+# jdocs-ex: 12.3R9.4
+# jswitch-ex: 12.3R9.4
+# jpfe-ex33x: 12.3R9.4
+# jroute-ex: 12.3R9.4
+# fips-mode-arm: 12.3R9.4
+# Information for snapshot on internal (/dev/da0s2a) (primary)
+# Creation date: Aug 10 18:04:03 2015
+# JUNOS version on snapshot:
+# jbase : ex-12.3R9.4
+# jkernel-ex-3300: 12.3R9.4
+# jweb-ex: 12.3R9.4
+# jcrypto-ex: 12.3R9.4
+# jdocs-ex: 12.3R9.4
+# jswitch-ex: 12.3R9.4
+# jpfe-ex33x: 12.3R9.4
+# jroute-ex: 12.3R9.4
+# fips-mode-arm: 12.3R9.4
+#
+# {master:0}
Index: configs/swi.cai.coal.onenet.net
===================================================================
--- configs/swi.cai.coal.onenet.net (revision 127495)
+++ configs/swi.cai.coal.onenet.net (working copy)
@@ -152,7 +152,7 @@
# /var/tmp:
# total blocks: 1332
# drwxrwxr-x 2 root wheel 512 Dec 31 2004 .snap/
-# -rw-rw---- 1 root field 648413 Jan 5 12:06 chassism.core-tarball.0.tgz
+# -rw-rw---- 1 root field 648413 Jan 5 2015 chassism.core-tarball.0.tgz
# drwxr-xr-x 2 root field 512 May 1 2013 gres-tp/
# drwxr-xr-x 2 root field 512 May 1 2013 rtsdb/
# total files: 1
@@ -557,3 +557,32 @@
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
{master:0}
+# grnoc-mon at SWI-COAL-COUNTY-HOSPITAL-EX-3300> show system snapshot media internal
+# fpc0:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (backup)
+# Creation date: May 1 14:48:41 2013
+# JUNOS version on snapshot:
+# jbase : ex-12.3R2.5
+# jkernel-ex-3300: 12.3R2.5
+# jweb-ex: 12.3R2.5
+# jcrypto-ex: 12.3R2.5
+# jdocs-ex: 12.3R2.5
+# jswitch-ex: 12.3R2.5
+# jpfe-ex33x: 12.3R2.5
+# jroute-ex: 12.3R2.5
+# fips-mode-arm: 12.3R2.5
+# Information for snapshot on internal (/dev/da0s2a) (primary)
+# Creation date: May 1 14:37:40 2013
+# JUNOS version on snapshot:
+# jbase : ex-12.3R2.5
+# jkernel-ex-3300: 12.3R2.5
+# jweb-ex: 12.3R2.5
+# jcrypto-ex: 12.3R2.5
+# jdocs-ex: 12.3R2.5
+# jswitch-ex: 12.3R2.5
+# jpfe-ex33x: 12.3R2.5
+# jroute-ex: 12.3R2.5
+# fips-mode-arm: 12.3R2.5
+#
+# {master:0}
Index: configs/core.hut.ard.onenet.net
===================================================================
--- configs/core.hut.ard.onenet.net (revision 130177)
+++ configs/core.hut.ard.onenet.net (working copy)
@@ -332,7 +332,7 @@
#lsi.1051614 up up
#lsi.1051616 up up
#lsi.1051617 up up
-#lsi.1051620 up up
+#lsi.1051621 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: configs/swi1.norman-ps.onenet.net
===================================================================
--- configs/swi1.norman-ps.onenet.net (revision 128696)
+++ configs/swi1.norman-ps.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at NORMAN-PS-EX3300-ASSET-TAG-003231> show system commit
+# 2015-07-23 13:01:31 CDT by admin via cli commit confirmed, rollback in 3mins
+# 2015-07-09 16:10:48 CDT by admin via cli
+# 2015-07-09 16:10:10 CDT by admin via cli
+# 2015-07-09 16:05:12 CDT by admin via cli
+# 2015-07-09 15:44:37 CDT by admin via cli commit confirmed, rollback in 5mins
# 2015-06-25 16:32:50 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2015-06-25 16:31:57 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2015-06-25 16:31:00 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2015-06-25 09:24:15 CDT by admin via cli commit confirmed, rollback in 3mins
-# 2015-04-06 23:14:18 CDT by andrew via cli commit confirmed, rollback in 3mins
-# 2015-04-06 21:36:06 CDT by andrew via cli commit confirmed, rollback in 3mins
# grnoc-mon at NORMAN-PS-EX3300-ASSET-TAG-003231> show chassis environment
# Class Item Status Measurement
# Power FPC 0 Power Supply 0 OK
@@ -163,7 +163,7 @@
# --------------------------------------------------------------------------
# System booted: 2015-04-04 08:05 CDT
# Protocols started: 2015-04-04 08:07 CDT
-# Last configured: 2015-06-25 16:32 CDT by andrew
+# Last configured: 2015-07-23 13:01 CDT by admin
#
# {master:0}
# grnoc-mon at NORMAN-PS-EX3300-ASSET-TAG-003231> show interface terse
@@ -172,7 +172,8 @@
#ge-0/0/0.0 up up
#ge-0/0/1 up up
#ge-0/0/1.0 up up
-#ge-0/0/2 down down
+#ge-0/0/2 up down
+#ge-0/0/2.0 up down
#ge-0/0/3 down down
#ge-0/0/4 down down
#ge-0/0/5 down down
@@ -214,7 +215,7 @@
#vlan.80 up up
#vme up down
# grnoc-mon at NORMAN-PS-EX3300-ASSET-TAG-003231> show configuration
-## Last commit: 2015-06-25 16:32:50 CDT by andrew
+## Last commit: 2015-07-23 13:01:31 CDT by admin
version 12.3R6.6;
system {
host-name NORMAN-PS-EX3300-ASSET-TAG-003231;
@@ -360,11 +361,21 @@
members [ 99-100 999 ];
}
native-vlan-id 1;
+ filter {
+ input CONTROL-FLOODING;
+ }
}
}
}
ge-0/0/2 {
- disable;
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 500;
+ }
+ }
+ }
}
ge-0/0/3 {
disable;
@@ -554,6 +565,61 @@
}
}
}
+ family ethernet-switching {
+ filter CONTROL-FLOODING {
+ term STP {
+ from {
+ destination-mac-address {
+ 01:80:c2:00:00:00/48;
+ }
+ }
+ then discard;
+ }
+ term ALTERNATE-STP {
+ from {
+ destination-mac-address {
+ 01:80:c2:00:00:00/44;
+ }
+ }
+ then discard;
+ }
+ term PVST {
+ from {
+ destination-mac-address {
+ 01:00:0c:cc:cc:cd/48;
+ }
+ }
+ then discard;
+ }
+ term CDP {
+ from {
+ destination-mac-address {
+ 01:00:0c:cc:cc:cc/48;
+ }
+ }
+ then discard;
+ }
+ term VLAN-BRIDGE {
+ from {
+ destination-mac-address {
+ 01:00:0c:cd:cd:ce/48;
+ }
+ }
+ then discard;
+ }
+ term STP_UPFAST {
+ from {
+ destination-mac-address {
+ 01:00:0c:cd:cd:cd/48;
+ }
+ }
+ then discard;
+ }
+ term DEFAULT {
+ then accept;
+ }
+ }
+ }
}
vlans {
VLAN-1 {
@@ -587,3 +653,32 @@
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
{master:0}
+# grnoc-mon at NORMAN-PS-EX3300-ASSET-TAG-003231> show system snapshot media internal
+# fpc0:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (backup)
+# Creation date: Apr 5 22:13:06 2015
+# JUNOS version on snapshot:
+# fips-mode-arm: 12.3R6.6
+# jbase : ex-12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jkernel-ex-3300: 12.3R6.6
+# jpfe-ex33x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# Information for snapshot on internal (/dev/da0s2a) (primary)
+# Creation date: Mar 18 00:16:22 2014
+# JUNOS version on snapshot:
+# fips-mode-arm: 12.3R6.6
+# jbase : ex-12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jkernel-ex-3300: 12.3R6.6
+# jpfe-ex33x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jweb-ex: 12.3R6.6
+#
+# {master:0}
Index: configs/hub.tsb.onenet.net
===================================================================
--- configs/hub.tsb.onenet.net (revision 130178)
+++ configs/hub.tsb.onenet.net (working copy)
@@ -200,7 +200,7 @@
# -rw-rw---- 1 root field 51994624 Oct 24 2013 ifinfo.core.1
# -rw-rw---- 1 root field 51974144 Oct 24 2013 ifinfo.core.2
# -rw-rw---- 1 root field 52744192 Oct 24 2013 ifinfo.core.3
-# -rw-rw---- 1 root field 52727808 Aug 13 10:43 ifinfo.core.4
+# -rw-rw---- 1 root field 52727808 Aug 13 11:04 ifinfo.core.4
# drwxrwxrwx 2 root wheel 512 Oct 12 2012 install/
# -rw-rw---- 1 root field 33464320 Mar 3 2014 jdiameterd.core.0
# -rw-r--r-- 1 eng field 99542994 Apr 23 2013 jinstall-ppc-11.4R7.5-domestic-signed.tgz
Index: configs/swi.cai.law.onenet.net
===================================================================
--- configs/swi.cai.law.onenet.net (revision 120721)
+++ configs/swi.cai.law.onenet.net (working copy)
@@ -150,11 +150,11 @@
# /var/tmp:
# total blocks: 32
# drwxrwxr-x 2 root wheel 512 Dec 31 2004 .snap/
-# drwxr-xr-x 2 root field 512 Sep 20 01:17 gres-tp/
-# drwxrwxrwx 2 root wheel 512 Sep 20 01:17 install/
-# drwxrwxrwx 2 root wheel 512 Sep 20 01:17 pics/
-# drwxr-xr-x 2 root field 512 Sep 20 01:18 rtsdb/
-# drwxrwxrwt 2 root wheel 512 Sep 20 01:17 vi.recover/
+# drwxr-xr-x 2 root field 512 Sep 20 2014 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Sep 20 2014 install/
+# drwxrwxrwx 2 root wheel 512 Sep 20 2014 pics/
+# drwxr-xr-x 2 root field 512 Sep 20 2014 rtsdb/
+# drwxrwxrwt 2 root wheel 512 Sep 20 2014 vi.recover/
# total files: 0
#
# {master:0}
@@ -521,3 +521,32 @@
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
{master:0}
+# grnoc-mon at SWI-Lawton-Indian-Hospital-EX-3300> show system snapshot media internal
+# fpc0:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (backup)
+# Creation date: Sep 20 01:25:27 2014
+# JUNOS version on snapshot:
+# jbase : ex-12.3R7.7
+# jkernel-ex-3300: 12.3R7.7
+# jweb-ex: 12.3R7.7
+# jcrypto-ex: 12.3R7.7
+# jdocs-ex: 12.3R7.7
+# jswitch-ex: 12.3R7.7
+# jpfe-ex33x: 12.3R7.7
+# jroute-ex: 12.3R7.7
+# fips-mode-arm: 12.3R7.7
+# Information for snapshot on internal (/dev/da0s2a) (primary)
+# Creation date: Sep 20 01:14:46 2014
+# JUNOS version on snapshot:
+# jbase : ex-12.3R7.7
+# jkernel-ex-3300: 12.3R7.7
+# jweb-ex: 12.3R7.7
+# jcrypto-ex: 12.3R7.7
+# jdocs-ex: 12.3R7.7
+# jswitch-ex: 12.3R7.7
+# jpfe-ex33x: 12.3R7.7
+# jroute-ex: 12.3R7.7
+# fips-mode-arm: 12.3R7.7
+#
+# {master:0}
Index: configs/core.hut.cli.onenet.net
===================================================================
--- configs/core.hut.cli.onenet.net (revision 130177)
+++ configs/core.hut.cli.onenet.net (working copy)
@@ -305,7 +305,7 @@
#lsi.1051096 up up
#lsi.1051098 up up
#lsi.1051100 up up
-#lsi.1051102 up up
+#lsi.1051103 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: configs/hub.alv.onenet.net
===================================================================
--- configs/hub.alv.onenet.net (revision 130178)
+++ configs/hub.alv.onenet.net (working copy)
@@ -302,9 +302,9 @@
#t1-2/0/2:4.0 up down
#t1-2/0/2:5 up up
#t1-2/0/2:5.0 up up
-#t1-2/0/2:6 up down
-#t1-2/0/2:6.16 up down
-#t1-2/0/2:6.17 up down
+#t1-2/0/2:6 up up
+#t1-2/0/2:6.16 up up
+#t1-2/0/2:6.17 up up
#t1-2/0/2:7 down down
#t1-2/0/2:8 down down
#t1-2/0/2:9 down down
Index: configs/core.hut.wea.onenet.net
===================================================================
--- configs/core.hut.wea.onenet.net (revision 130177)
+++ configs/core.hut.wea.onenet.net (working copy)
@@ -300,7 +300,6 @@
#lsi.1050515 up up
#lsi.1051131 up up
#lsi.1051165 up up
-#lsi.1051233 up up
#lsi.1051243 up up
#lsi.1051244 up up
#lsi.1051257 up up
@@ -316,7 +315,8 @@
#lsi.1051281 up up
#lsi.1051283 up up
#lsi.1051285 up up
-#lsi.1051288 up up
+#lsi.1051289 up up
+#lsi.1051290 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: configs/odmhsas.central-office.okc.client.onenet.net
===================================================================
--- configs/odmhsas.central-office.okc.client.onenet.net (revision 128643)
+++ configs/odmhsas.central-office.okc.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system commit
+# 2015-07-28 13:23:21 CDT by andrew via cli
+# 2015-07-28 10:02:53 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2015-05-23 19:23:38 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2015-05-23 14:05:01 CDT by andrew via cli commit confirmed, rollback in 5mins
# 2015-05-23 13:45:29 CDT by andrew via cli
# 2015-05-23 13:34:23 CDT by andrew via cli
-# 2015-05-23 12:56:04 CDT by andrew via cli
-# 2015-05-23 12:54:39 CDT by andrew via cli
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -130,7 +130,7 @@
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system uptime
# System booted: 2015-05-23 14:42 CDT
# Protocols started: 2015-05-23 14:43 CDT
-# Last configured: 2015-05-23 19:23 CDT by andrew
+# Last configured: 2015-07-28 13:23 CDT by andrew
#
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show interface terse
#Interface Admin Link
@@ -190,6 +190,7 @@
#st0.23 up up
#st0.24 up up
#st0.25 up up
+#st0.26 up up
#st0.27 up up
#st0.30 up up
#st0.31 up up
@@ -213,7 +214,7 @@
#vlan.50 up down
#vlan.90 up up
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show configuration
-## Last commit: 2015-05-23 19:23:38 CDT by andrew
+## Last commit: 2015-07-28 13:23:21 CDT by andrew
version 12.1X46-D20.5;
system {
host-name ODMHSAS-CENTRAL-OFFICE-OKC-SRX550;
@@ -501,6 +502,12 @@
address 10.119.21.130/31;
}
}
+ unit 26 {
+ description Backup-VPN-to-ODMHSAS-Lawton-Other;
+ family inet {
+ address 10.119.21.132/31;
+ }
+ }
unit 27 {
description Backup-VPN-to-ODMHSAS-CAMHC-McAlester;
family inet {
@@ -776,6 +783,10 @@
description Backup-BGP-to-ODMHSAS-Leland-Wolf-Users;
# authentication-key <removed>;
}
+ neighbor 10.119.21.133 {
+ description Backup-BGP-to-ODMHSAS-Lawton-Other;
+# authentication-key <removed>;
+ }
}
}
lldp {
@@ -1035,6 +1046,11 @@
proposals IKE-PROPOSAL-HP-VPN;
pre-shared-key ascii-text "$9$85tx7Vs2aHqfDi6Au0hcylK8X-"; ## SECRET-DATA
}
+ policy IKE-LAWTON-OTHER {
+ mode main;
+ proposals PRE-G2-AES128-SHA;
+ pre-shared-key ascii-text "$9$oXGDH9CuOIEz3pBIceKoJZDkPz39CAuk.z6/9pu8X7NwYiHmTQndV"; ## SECRET-DATA
+ }
gateway IKE-GATE-ODMHSAS-TEST {
ike-policy IKE-ODMHSAS-TEST;
address 166.130.131.48;
@@ -1165,6 +1181,11 @@
address 70.184.28.104;
external-interface vlan.5;
}
+ gateway IKE-GATE-LAWTON-OTHER {
+ ike-policy IKE-LAWTON-OTHER;
+ address 166.130.4.159;
+ external-interface vlan.3;
+ }
}
ipsec {
vpn-monitor-options {
@@ -1262,6 +1283,9 @@
policy VPN-POLICY-HP-VPN {
proposals IPSEC-PROPOSAL-HP-VPN;
}
+ policy VPN-POLICY-LAWTON-OTHER {
+ proposals G2-ESP-AES128-SHA;
+ }
inactive: vpn IPSEC-VPN-ODMHSAS-TEST {
bind-interface st0.63;
vpn-monitor {
@@ -1619,6 +1643,19 @@
}
establish-tunnels immediately;
}
+ vpn IPSEC-VPN-LAWTON-OTHER {
+ bind-interface st0.26;
+ vpn-monitor {
+ optimized;
+ source-interface st0.26;
+ destination-ip 10.119.21.133;
+ }
+ ike {
+ gateway IKE-GATE-LAWTON-OTHER;
+ ipsec-policy VPN-POLICY-LAWTON-OTHER;
+ }
+ establish-tunnels immediately;
+ }
}
utm {
feature-profile {
@@ -2250,6 +2287,7 @@
vlan.40;
vlan.50;
vlan.90;
+ st0.26;
}
}
security-zone UNTRUST {
@@ -2406,3 +2444,13 @@
2 sessions, 2 clients
Cumulative transmit rate 1.0 pps, cumulative receive rate 1.0 pps
+# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system snapshot media internal
+# Information for snapshot on internal (/dev/ad0s1a) (backup)
+# Creation date: Apr 21 01:07:13 2015
+# JUNOS version on snapshot:
+# junos : 12.1X46-D20.5-domestic
+# Information for snapshot on internal (/dev/ad0s2a) (primary)
+# Creation date: May 23 14:42:38 2015
+# JUNOS version on snapshot:
+# junos : 12.1X46-D20.5-domestic
+#
Index: configs/oktaha-srx240.onenet.net
===================================================================
--- configs/oktaha-srx240.onenet.net (revision 129918)
+++ configs/oktaha-srx240.onenet.net (working copy)
@@ -0,0 +1,647 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show system commit
+# 2015-08-07 14:03:12 CDT by sean via cli commit confirmed, rollback in 1mins
+# 2015-08-07 20:15:05 CDT by root via other
+# 2015-08-07 20:12:37 CDT by admin via cli commit confirmed, rollback in 2mins
+# 2015-08-07 16:38:30 CDT by admin via cli
+# 2015-08-06 22:54:21 CDT by root via cli
+# 2015-08-06 18:57:32 CDT by root via other
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU OK
+# Fans SRX240 PowerSupply fan 1 OK
+# SRX240 PowerSupply fan 2 OK
+# SRX240 CPU fan 1 OK
+# SRX240 CPU fan 2 OK
+# SRX240 IO fan 1 OK
+# SRX240 IO fan 2 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+#
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis BU0914AK0321 SRX240H2
+# Routing Engine REV 10 750-043609 ACLE8975 RE-SRX240H2
+# FPC 0 FPC
+# PIC 0 16x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show chassis hardware models
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACLE8975
+#
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show chassis scb
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show chassis sfm detail
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show chassis ssb
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 512kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# dwc1: <Synopsis DWC OTG Controller Driver> on obio0
+# usb1: <USB Bus for DWC OTG Controller> on dwc1
+# usb1: USB revision 2.0
+# uhub2: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub2: 1 port with 1 removable, self powered
+# cpld0 on obio0
+# pcib1: <Cavium on-chip PCIe HOST bridge> on obio0
+# Disabling Octeon big bar support
+# PCIe: Waiting for port 0 to finish reset
+# PCIe: Port 0 link active, 2 lanes
+# PCIe: Waiting for port 1 to finish reset
+# PCIe: Port 1 link active, 1 lanes
+# pcib1: Initialized controller
+# pci0: <PCI bus> on pcib1
+# pcib2: <PCI-PCI bridge> irq 0 at device 0.0 on pci0
+# pci1: <PCI bus> on pcib2
+# pci1: <serial bus, USB> at device 2.0 (no driver attached)
+# pci1: <serial bus, USB> at device 2.1 (no driver attached)
+# pci1: <network> at device 7.0 (no driver attached)
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
+# pci2: <PCI bus> on pcib0
+# pci2: <processor> at device 0.0 (no driver attached)
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 4MB> on obio0
+# Timecounter "mips" frequency 600000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
+# Trying to mount root from ufs:/dev/da0s1a
+# WARNING: / was not properly dismounted
+#
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show version
+# Hostname: OKTAHA-SRX240-LEASED-004898 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at OKTAHA-SRX240-LEASED-004898> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show system uptime
+# System booted: 2015-08-07 11:18 CDT
+# Protocols started: 2015-08-07 11:21 CDT
+# Last configured: 2015-08-07 14:03 CDT by sean
+#
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 down down
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ge-0/0/10 down down
+#ge-0/0/11 down down
+#ge-0/0/12 down down
+#ge-0/0/13 down down
+#ge-0/0/14 down down
+#ge-0/0/15 up up
+#ge-0/0/15.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.3 up up
+#vlan.4 up up
+#vlan.999 up down
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show configuration
+## Last commit: 2015-08-07 14:03:12 CDT by sean
+version 12.1X44-D35.5;
+system {
+ host-name OKTAHA-SRX240-LEASED-004898;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 156.110.35.6;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 156.110.35.6;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ speed 100m;
+ link-mode full-duplex;
+ gigether-options {
+ no-auto-negotiation;
+ }
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - UNTRUST-VLAN - 156.110.35.6/30";
+ family inet {
+ address 156.110.35.6/30;
+ }
+ }
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN -164.58.17.185/29";
+ family inet {
+ address 164.58.17.185/29;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.35.5;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone UNTRUST to-zone UNTRUST {
+ policy UNTRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ vlan.4 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 4;
+ l3-interface vlan.4;
+ }
+ UNTRUST-VLAN {
+ description UNTRUST-VLAN;
+ vlan-id 3;
+ l3-interface vlan.3;
+ }
+}
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at OKTAHA-SRX240-LEASED-004898> show system snapshot media internal
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: May 14 20:34:17 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: Aug 7 16:41:51 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+#
Index: configs/core.hut.ato.onenet.net
===================================================================
--- configs/core.hut.ato.onenet.net (revision 130177)
+++ configs/core.hut.ato.onenet.net (working copy)
@@ -320,7 +320,7 @@
#lsi.1052167 up up
#lsi.1052169 up up
#lsi.1052170 up up
-#lsi.1052172 up up
+#lsi.1052173 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: configs/swi.cai.sei.onenet.net
===================================================================
--- configs/swi.cai.sei.onenet.net (revision 123072)
+++ configs/swi.cai.sei.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show system commit
+# 2015-03-29 14:25:45 CDT by andrew via cli commit confirmed, rollback in 5mins
# 2014-11-11 08:51:50 CST by joel via cli
# 2014-11-11 08:51:09 CST by joel via cli commit confirmed, rollback in 1mins
# 2014-11-07 15:49:01 CST by admin via netconf
# 2014-11-07 15:48:36 CST by admin via cli
# 2014-09-30 14:23:13 CDT by rnordmark via cli
-# 2014-09-30 14:17:15 CDT by rnordmark via cli
# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show chassis environment
# Class Item Status Measurement
# Power FPC 0 Power Supply 0 OK
@@ -148,17 +148,17 @@
# -rw-r--r-- 1 root field 3863 Jun 28 2012 ex_autod_rollback_cfg
# drwxr-xr-x 2 root field 512 Jun 28 2012 gres-tp/
# drwxr-xr-x 2 root field 512 Jun 28 2012 if-rtsdb/
-# -rw-r----- 1 eng field 99571226 Dec 18 11:01 jinstall-ex-3300-12.3R6.6-domestic-signed.tgz
-# -rw-r--r-- 1 root field 155 Nov 11 08:45 krt_gencfg_filter.txt
+# -rw-r----- 1 eng field 99571226 Dec 18 2014 jinstall-ex-3300-12.3R6.6-domestic-signed.tgz
+# -rw-r--r-- 1 root field 155 Nov 11 2014 krt_gencfg_filter.txt
# drwxr-xr-x 2 root field 512 Jun 28 2012 rtsdb/
#
# {master:0}
# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show system uptime
# fpc0:
# --------------------------------------------------------------------------
-# System booted: 2014-11-11 08:43 CST
-# Protocols started: 2014-11-11 08:45 CST
-# Last configured: 2014-11-11 08:51 CST by joel
+# System booted: 2014-11-11 08:35 CST
+# Protocols started: 2014-11-11 08:37 CST
+# Last configured: 2015-03-29 14:25 CDT by andrew
#
# {master:0}
# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show interface terse
@@ -208,7 +208,7 @@
#vlan.70 up up
#vme up down
# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show configuration
-## Last commit: 2014-11-11 08:51:50 CST by joel
+## Last commit: 2015-03-29 14:25:45 CDT by andrew
version 11.4R4.4;
system {
host-name SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300;
@@ -364,15 +364,13 @@
disable;
}
ge-0/0/23 {
- description L2-Seiling-Municipal-Hospital-100Mb-VLAN3914-CIR0005216;
- ether-options {
- speed {
- 100m;
- }
- }
+ description L2-SEILING-MUNICIPAL-HOSPITAL-100M-CIR0005216;
unit 0 {
- family inet {
- address 156.110.24.93/30;
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 500;
+ }
}
}
}
@@ -382,7 +380,7 @@
family ethernet-switching {
port-mode trunk;
vlan {
- members all;
+ members [ 70 500 ];
}
}
}
@@ -431,11 +429,6 @@
}
}
}
-routing-options {
- static {
- route 156.110.25.192/29 next-hop 156.110.24.94;
- }
-}
protocols {
##
## Warning: requires 'ospf2' license
@@ -561,6 +554,9 @@
}
}
vlans {
+ VLAN-500 {
+ vlan-id 500;
+ }
default;
vlan-3914 {
vlan-id 3914;
@@ -585,3 +581,26 @@
Cumulative transmit rate 2.5 pps, cumulative receive rate 2.5 pps
{master:0}
+# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show system snapshot media internal
+# fpc0:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (backup)
+# Creation date: Jun 29 14:18:17 2012
+# JUNOS version on snapshot:
+# jbase : ex-11.4R4.4
+# jcrypto-ex: 11.4R4.4
+# jdocs-ex: 11.4R4.4
+# jroute-ex: 11.4R4.4
+# jswitch-ex: 11.4R4.4
+# jweb-ex: 11.4R4.4
+# Information for snapshot on internal (/dev/da0s2a) (primary)
+# Creation date: Jun 28 06:47:39 2012
+# JUNOS version on snapshot:
+# jbase : ex-11.4R4.4
+# jcrypto-ex: 11.4R4.4
+# jdocs-ex: 11.4R4.4
+# jroute-ex: 11.4R4.4
+# jswitch-ex: 11.4R4.4
+# jweb-ex: 11.4R4.4
+#
+# {master:0}
Index: configs/rpswi2.rp1f3.onenet.net
===================================================================
--- configs/rpswi2.rp1f3.onenet.net (revision 126895)
+++ configs/rpswi2.rp1f3.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at RP1-F3-SW2-CYTOVANCE-EX2200-CYTO-OWNED> show system commit
+# 2014-09-25 01:52:43 CDT by andrew via cli commit confirmed, rollback in 3mins
+# 2014-07-16 05:51:36 CDT by joel via cli commit confirmed, rollback in 3mins
# 2014-06-24 23:51:21 CDT by joel via cli
# 2014-06-24 23:46:31 CDT by joel via cli
# 2014-06-19 06:29:48 CDT by sean via cli commit confirmed, rollback in 3mins
# 2014-05-22 04:34:53 CDT by sky via cli
-# 2014-05-21 12:15:32 CDT by joel via cli commit confirmed, rollback in 3mins
-# 2014-05-21 02:11:23 CDT by joel via cli
# grnoc-mon at RP1-F3-SW2-CYTOVANCE-EX2200-CYTO-OWNED> show chassis environment
# Class Item Status Measurement
# Power FPC 0 Power Supply 0 OK
@@ -368,13 +368,13 @@
# /var/tmp:
# total blocks: 56
# drwxrwxr-x 2 root wheel 512 Dec 31 2009 .snap/
-# -rw-r--r-- 1 root field 6040 Mar 13 04:45 ex_autod_config
-# -rw-r--r-- 1 root field 5140 Mar 13 04:45 ex_autod_rollback_cfg
-# drwxr-xr-x 2 root wheel 512 Mar 13 04:41 gres-tp/
-# drwxrwxrwx 2 root wheel 512 Mar 13 04:41 install/
-# drwxrwxrwx 2 root wheel 512 Mar 13 04:41 pics/
-# drwxr-xr-x 2 root field 512 Mar 13 04:41 rtsdb/
-# drwxrwxrwt 2 root wheel 512 Mar 13 04:41 vi.recover/
+# -rw-r--r-- 1 root field 6040 Mar 13 2014 ex_autod_config
+# -rw-r--r-- 1 root field 5140 Mar 13 2014 ex_autod_rollback_cfg
+# drwxr-xr-x 2 root wheel 512 Mar 13 2014 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 install/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 pics/
+# drwxr-xr-x 2 root field 512 Mar 13 2014 rtsdb/
+# drwxrwxrwt 2 root wheel 512 Mar 13 2014 vi.recover/
# total files: 2
#
# {master:0}
@@ -383,17 +383,17 @@
# --------------------------------------------------------------------------
# System booted: 2014-03-15 05:19 CDT
# Protocols started: 2014-03-15 05:26 CDT
-# Last configured: 2014-06-24 23:51 CDT by joel
+# Last configured: 2014-09-25 01:52 CDT by andrew
#
# fpc1:
# --------------------------------------------------------------------------
# System booted: 2014-03-15 05:19 CDT
-# Last configured: 2014-06-24 23:51 CDT by joel
+# Last configured: 2014-09-25 01:52 CDT by andrew
#
# fpc2:
# --------------------------------------------------------------------------
# System booted: 2014-03-15 05:19 CDT
-# Last configured: 2014-06-24 23:51 CDT by joel
+# Last configured: 2014-09-25 01:52 CDT by andrew
#
# {master:0}
# grnoc-mon at RP1-F3-SW2-CYTOVANCE-EX2200-CYTO-OWNED> show interface terse
@@ -402,8 +402,8 @@
#vcp-255/1/2.32768 up up
#vcp-255/1/3 up up
#vcp-255/1/3.32768 up up
-#ge-0/0/0 up down
-#ge-0/0/0.0 up down
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
#ge-0/0/1 up up
#ge-0/0/1.0 up up
#ge-0/0/2 up up
@@ -414,10 +414,10 @@
#ge-0/0/4.0 up up
#ge-0/0/5 up up
#ge-0/0/5.0 up up
-#ge-0/0/6 up down
-#ge-0/0/6.0 up down
-#ge-0/0/7 up up
-#ge-0/0/7.0 up up
+#ge-0/0/6 up up
+#ge-0/0/6.0 up up
+#ge-0/0/7 up down
+#ge-0/0/7.0 up down
#ge-0/0/8 up up
#ge-0/0/8.0 up up
#ge-0/0/9 up down
@@ -428,8 +428,8 @@
#ge-0/0/11.0 up up
#ge-0/0/12 up up
#ge-0/0/12.0 up up
-#ge-0/0/13 up down
-#ge-0/0/13.0 up down
+#ge-0/0/13 up up
+#ge-0/0/13.0 up up
#ge-0/0/14 up up
#ge-0/0/14.0 up up
#ge-0/0/15 up up
@@ -458,8 +458,8 @@
#ge-0/0/26.0 up up
#ge-0/0/27 up up
#ge-0/0/27.0 up up
-#ge-0/0/28 up up
-#ge-0/0/28.0 up up
+#ge-0/0/28 up down
+#ge-0/0/28.0 up down
#ge-0/0/29 up up
#ge-0/0/29.0 up up
#ge-0/0/30 up up
@@ -470,18 +470,18 @@
#ge-0/0/32.0 up up
#ge-0/0/33 up up
#ge-0/0/33.0 up up
-#ge-0/0/34 up up
-#ge-0/0/34.0 up up
-#ge-0/0/35 up up
-#ge-0/0/35.0 up up
+#ge-0/0/34 up down
+#ge-0/0/34.0 up down
+#ge-0/0/35 up down
+#ge-0/0/35.0 up down
#ge-0/0/36 up up
#ge-0/0/36.0 up up
#ge-0/0/37 up up
#ge-0/0/37.0 up up
#ge-0/0/38 up up
#ge-0/0/38.0 up up
-#ge-0/0/39 up up
-#ge-0/0/39.0 up up
+#ge-0/0/39 up down
+#ge-0/0/39.0 up down
#ge-0/0/40 up up
#ge-0/0/40.0 up up
#ge-0/0/41 up up
@@ -494,22 +494,22 @@
#ge-0/0/44.0 up up
#ge-0/0/45 up down
#ge-0/0/45.0 up down
-#ge-0/0/46 up down
-#ge-0/0/46.0 up down
-#ge-0/0/47 up up
-#ge-0/0/47.0 up up
+#ge-0/0/46 up up
+#ge-0/0/46.0 up up
+#ge-0/0/47 up down
+#ge-0/0/47.0 up down
#ge-0/1/0 up up
#ge-0/1/0.0 up up
#ge-1/0/0 up up
#ge-1/0/0.0 up up
#ge-1/0/1 up up
#ge-1/0/1.0 up up
-#ge-1/0/2 up up
-#ge-1/0/2.0 up up
+#ge-1/0/2 up down
+#ge-1/0/2.0 up down
#ge-1/0/3 up down
#ge-1/0/3.0 up down
-#ge-1/0/4 up down
-#ge-1/0/4.0 up down
+#ge-1/0/4 up up
+#ge-1/0/4.0 up up
#ge-1/0/5 up down
#ge-1/0/5.0 up down
#ge-1/0/6 up up
@@ -520,8 +520,8 @@
#ge-1/0/8.0 up up
#ge-1/0/9 up down
#ge-1/0/9.0 up down
-#ge-1/0/10 up up
-#ge-1/0/10.0 up up
+#ge-1/0/10 up down
+#ge-1/0/10.0 up down
#ge-1/0/11 up down
#ge-1/0/11.0 up down
#ge-1/0/12 up down
@@ -540,16 +540,16 @@
#ge-1/0/18.0 up down
#ge-1/0/19 up up
#ge-1/0/19.0 up up
-#ge-1/0/20 up up
-#ge-1/0/20.0 up up
+#ge-1/0/20 up down
+#ge-1/0/20.0 up down
#ge-1/0/21 up up
#ge-1/0/21.0 up up
#ge-1/0/22 up up
#ge-1/0/22.0 up up
#ge-1/0/23 up down
#ge-1/0/23.0 up down
-#ge-1/0/24 up down
-#ge-1/0/24.0 up down
+#ge-1/0/24 up up
+#ge-1/0/24.0 up up
#ge-1/0/25 up down
#ge-1/0/25.0 up down
#ge-1/0/26 up up
@@ -562,8 +562,8 @@
#ge-1/0/29.0 up up
#ge-1/0/30 up up
#ge-1/0/30.0 up up
-#ge-1/0/31 up down
-#ge-1/0/31.0 up down
+#ge-1/0/31 up up
+#ge-1/0/31.0 up up
#ge-1/0/32 up down
#ge-1/0/32.0 up down
#ge-1/0/33 up down
@@ -592,20 +592,20 @@
#ge-1/0/44.0 up down
#ge-1/0/45 up up
#ge-1/0/45.0 up up
-#ge-1/0/46 up down
-#ge-1/0/46.0 up down
+#ge-1/0/46 up up
+#ge-1/0/46.0 up up
#ge-1/0/47 up down
#ge-1/0/47.0 up down
-#ge-2/0/0 up down
-#ge-2/0/0.0 up down
+#ge-2/0/0 up up
+#ge-2/0/0.0 up up
#ge-2/0/1 up down
#ge-2/0/1.0 up down
-#ge-2/0/2 up down
-#ge-2/0/2.0 up down
-#ge-2/0/3 up down
-#ge-2/0/3.0 up down
-#ge-2/0/4 up up
-#ge-2/0/4.0 up up
+#ge-2/0/2 up up
+#ge-2/0/2.0 up up
+#ge-2/0/3 up up
+#ge-2/0/3.0 up up
+#ge-2/0/4 up down
+#ge-2/0/4.0 up down
#ge-2/0/5 up up
#ge-2/0/5.0 up up
#ge-2/0/6 up up
@@ -630,8 +630,8 @@
#ge-2/0/15.0 up up
#ge-2/0/16 up down
#ge-2/0/16.0 up down
-#ge-2/0/17 up down
-#ge-2/0/17.0 up down
+#ge-2/0/17 up up
+#ge-2/0/17.0 up up
#ge-2/0/18 up up
#ge-2/0/18.0 up up
#ge-2/0/19 up up
@@ -642,8 +642,8 @@
#ge-2/0/21.0 up up
#ge-2/0/22 up up
#ge-2/0/22.0 up up
-#ge-2/0/23 up down
-#ge-2/0/23.0 up down
+#ge-2/0/23 up up
+#ge-2/0/23.0 up up
#ge-2/0/24 up down
#ge-2/0/24.0 up down
#ge-2/0/25 up up
@@ -652,8 +652,8 @@
#ge-2/0/26.0 up down
#ge-2/0/27 up down
#ge-2/0/27.0 up down
-#ge-2/0/28 up down
-#ge-2/0/28.0 up down
+#ge-2/0/28 up up
+#ge-2/0/28.0 up up
#ge-2/0/29 up down
#ge-2/0/29.0 up down
#ge-2/0/30 up up
@@ -664,10 +664,10 @@
#ge-2/0/32.0 up up
#ge-2/0/33 up down
#ge-2/0/33.0 up down
-#ge-2/0/34 up up
-#ge-2/0/34.0 up up
-#ge-2/0/35 up down
-#ge-2/0/35.0 up down
+#ge-2/0/34 up down
+#ge-2/0/34.0 up down
+#ge-2/0/35 up up
+#ge-2/0/35.0 up up
#ge-2/0/36 up down
#ge-2/0/36.0 up down
#ge-2/0/37 up up
@@ -676,8 +676,8 @@
#ge-2/0/38.0 up up
#ge-2/0/39 up up
#ge-2/0/39.0 up up
-#ge-2/0/40 up down
-#ge-2/0/40.0 up down
+#ge-2/0/40 up up
+#ge-2/0/40.0 up up
#ge-2/0/41 up down
#ge-2/0/41.0 up down
#ge-2/0/42 up down
@@ -715,7 +715,7 @@
#vlan.1201 up up
#vme down down
# grnoc-mon at RP1-F3-SW2-CYTOVANCE-EX2200-CYTO-OWNED> show configuration
-## Last commit: 2014-06-24 23:51:21 CDT by joel
+## Last commit: 2014-09-25 01:52:43 CDT by andrew
version 12.3R6.6;
system {
host-name RP1-F3-SW2-CYTOVANCE-EX2200-CYTO-OWNED;
@@ -828,8 +828,8 @@
interface-range un_cytovan-01-1309-inside {
member-range ge-0/0/0 to ge-0/0/47;
member-range ge-1/0/0 to ge-1/0/47;
- member-range ge-2/0/0 to ge-2/0/34;
- member-range ge-2/0/43 to ge-2/0/45;
+ member-range ge-2/0/0 to ge-2/0/43;
+ member-range ge-2/0/46 to ge-2/0/47;
description un_cytovan-01-1309-inside;
unit 0 {
family ethernet-switching {
@@ -840,19 +840,14 @@
}
}
}
- interface-range un_cytovan-01-1311-Proximity-Card-Readers {
- member-range ge-2/0/35 to ge-2/0/42;
- description un_cytovan-01-1311-Proximity-Card-Readers;
- speed 100m;
- ether-options {
- no-auto-negotiation;
- link-mode full-duplex;
- }
+ interface-range hsc-test {
+ member-range ge-2/0/44 to ge-2/0/45;
+ description hsc-test;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
- members un_cytovan-01-1311;
+ members hsc-data;
}
}
}
@@ -863,7 +858,7 @@
family ethernet-switching {
port-mode trunk;
vlan {
- members [ un_rp_adm_-01-1201 un_phones_-01-1101 un_cytovan-01-1309 un_cytovan-01-1311 ];
+ members [ un_rp_adm_-01-1201 un_phones_-01-1101 un_cytovan-01-1309 hsc-data hsc-voip ];
}
}
}
@@ -877,28 +872,6 @@
ge-1/1/1 {
disable;
}
- ge-2/0/46 {
- description un_cytovan-01-1309-inside;
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members un_cytovan-01-1309;
- }
- }
- }
- }
- ge-2/0/47 {
- description un_cytovan-01-1309-inside;
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members un_cytovan-01-1309;
- }
- }
- }
- }
ge-2/1/0 {
disable;
}
@@ -997,23 +970,29 @@
interface un_cytovan-01-1309-inside {
vlan un_phones_-01-1101;
}
+ interface hsc-test {
+ vlan hsc-voip;
+ }
}
storm-control {
interface all;
}
bpdu-block {
+ interface hsc-test;
interface un_cytovan-01-1309-inside;
}
}
vlans {
+ hsc-data {
+ vlan-id 5;
+ }
+ hsc-voip {
+ vlan-id 10;
+ }
un_cytovan-01-1309 {
description Cytovance-INSIDE;
vlan-id 1309;
}
- un_cytovan-01-1311 {
- description Cytovance-Proximity-Cards;
- vlan-id 1311;
- }
un_phones_-01-1101 {
description UC-Hosted-Phones;
vlan-id 1101;
@@ -1053,3 +1032,86 @@
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
{master:0}
+# grnoc-mon at RP1-F3-SW2-CYTOVANCE-EX2200-CYTO-OWNED> show system snapshot media internal
+# fpc0:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: Mar 13 04:33:41 2014
+# JUNOS version on snapshot:
+# jbase : ex-12.3R6.6
+# jkernel-ex-2200: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jpfe-ex22x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# fips-mode-arm: 12.3R6.6
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: Jul 16 06:04:26 2014
+# JUNOS version on snapshot:
+# jbase : ex-12.3R6.6
+# jkernel-ex-2200: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jpfe-ex22x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# fips-mode-arm: 12.3R6.6
+#
+# fpc1:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: Mar 13 04:33:38 2014
+# JUNOS version on snapshot:
+# jbase : ex-12.3R6.6
+# jkernel-ex-2200: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jpfe-ex22x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# fips-mode-arm: 12.3R6.6
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: Jul 16 06:14:44 2014
+# JUNOS version on snapshot:
+# jbase : ex-12.3R6.6
+# jkernel-ex-2200: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jpfe-ex22x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# fips-mode-arm: 12.3R6.6
+#
+# fpc2:
+# --------------------------------------------------------------------------
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: Mar 13 04:33:40 2014
+# JUNOS version on snapshot:
+# jbase : ex-12.3R6.6
+# jkernel-ex-2200: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jpfe-ex22x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# fips-mode-arm: 12.3R6.6
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: Jul 16 06:22:15 2014
+# JUNOS version on snapshot:
+# jbase : ex-12.3R6.6
+# jkernel-ex-2200: 12.3R6.6
+# jweb-ex: 12.3R6.6
+# jcrypto-ex: 12.3R6.6
+# jdocs-ex: 12.3R6.6
+# jswitch-ex: 12.3R6.6
+# jpfe-ex22x: 12.3R6.6
+# jroute-ex: 12.3R6.6
+# fips-mode-arm: 12.3R6.6
+#
+# {master:0}
Index: configs/harra-ps-srx240.onenet.net
===================================================================
--- configs/harra-ps-srx240.onenet.net (revision 129167)
+++ configs/harra-ps-srx240.onenet.net (working copy)
@@ -0,0 +1,661 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show system commit
+# 2015-07-16 12:04:20 CDT by root via other
+# 2015-07-16 11:58:35 CDT by sean via cli commit confirmed, rollback in 5mins
+# 2015-07-16 17:35:39 CDT by admin via cli
+# 2015-07-16 16:36:35 CDT by root via cli
+# 2015-07-15 23:59:21 CDT by root via other
+# 2015-05-19 04:57:32 CDT by root via other
+# rescue 2015-07-16 17:40:17 CDT by admin via cli
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU OK
+# Fans SRX240 PowerSupply fan 1 OK
+# SRX240 PowerSupply fan 2 OK
+# SRX240 CPU fan 1 OK
+# SRX240 CPU fan 2 OK
+# SRX240 IO fan 1 OK
+# SRX240 IO fan 2 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis BU2115AK0007 SRX240H2
+# Routing Engine REV 14 750-043609 ACMK5099 RE-SRX240H2
+# FPC 0 FPC
+# PIC 0 16x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show chassis hardware models
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACMK5099
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show chassis scb
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show chassis sfm detail
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show chassis ssb
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 512kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# dwc1: <Synopsis DWC OTG Controller Driver> on obio0
+# usb1: <USB Bus for DWC OTG Controller> on dwc1
+# usb1: USB revision 2.0
+# uhub2: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub2: 1 port with 1 removable, self powered
+# cpld0 on obio0
+# pcib1: <Cavium on-chip PCIe HOST bridge> on obio0
+# Disabling Octeon big bar support
+# PCIe: Waiting for port 0 to finish reset
+# PCIe: Port 0 link active, 2 lanes
+# PCIe: Waiting for port 1 to finish reset
+# PCIe: Port 1 link active, 1 lanes
+# pcib1: Initialized controller
+# pci0: <PCI bus> on pcib1
+# pcib2: <PCI-PCI bridge> irq 0 at device 0.0 on pci0
+# pci1: <PCI bus> on pcib2
+# pci1: <serial bus, USB> at device 2.0 (no driver attached)
+# pci1: <serial bus, USB> at device 2.1 (no driver attached)
+# pci1: <network> at device 7.0 (no driver attached)
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
+# pci2: <PCI bus> on pcib0
+# pci2: <processor> at device 0.0 (no driver attached)
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 4MB> on obio0
+# Timecounter "mips" frequency 600000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
+# Trying to mount root from ufs:/dev/da0s1a
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show version
+# Hostname: HARRA-PS-SRX240-LEASED-004879 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at HARRA-PS-SRX240-LEASED-004879> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show system uptime
+# System booted: 2015-07-16 11:15 CDT
+# Protocols started: 2015-07-16 11:17 CDT
+# Last configured: 2015-07-16 12:04 CDT by root
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 down down
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ge-0/0/10 down down
+#ge-0/0/11 down down
+#ge-0/0/12 down down
+#ge-0/0/13 down down
+#ge-0/0/14 down down
+#ge-0/0/15 up up
+#ge-0/0/15.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.3 up up
+#vlan.4 up up
+#vlan.999 up down
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show configuration
+## Last commit: 2015-07-16 12:04:20 CDT by root
+version 12.1X44-D35.5;
+system {
+ host-name HARRA-PS-SRX240-LEASED-004879;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 156.110.24.118;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 156.110.24.118;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - UNTRUST-VLAN - 156.110.24.118/30";
+ family inet {
+ address 156.110.24.118/30;
+ }
+ }
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN - 164.58.75.209/29";
+ family inet {
+ address 164.58.75.209/29;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.24.117;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TRUST-TO-UNTRUST-NAT {
+ from zone TRUST;
+ to zone UNTRUST;
+ rule NAT-TRUST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TRUST {
+ interfaces {
+ vlan.4 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol tcp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 4;
+ l3-interface vlan.4;
+ }
+ UNTRUST-VLAN {
+ description UNTRUST-VLAN;
+ vlan-id 3;
+ l3-interface vlan.3;
+ }
+}
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at HARRA-PS-SRX240-LEASED-004879> show system snapshot media internal
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: May 19 04:52:04 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: Jul 16 17:39:05 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+#
Index: configs/hennessey-ps-srx220.client.onenet.net
===================================================================
--- configs/hennessey-ps-srx220.client.onenet.net (revision 129709)
+++ configs/hennessey-ps-srx220.client.onenet.net (working copy)
@@ -0,0 +1,926 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show system commit
+# 2015-07-21 13:42:59 CDT by andrew via cli
+# 2015-07-21 12:33:18 CDT by andrew via cli
+# 2015-07-21 12:30:58 CDT by andrew via cli
+# 2015-07-21 12:21:44 CDT by andrew via cli
+# 2015-07-21 12:15:13 CDT by andrew via cli
+# 2015-07-21 11:04:17 CDT by andrew via cli commit confirmed, rollback in 3mins
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU Absent
+# Fans SRX220 Chassis fan 0 OK
+# SRX220 Chassis fan 1 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X46-D20.5 by builder on 2014-05
+# FWDD O/S Version 12.1X46-D20.5 by builder on 2014-05
+#
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis CF0614AK0322 SRX220H2
+# Routing Engine REV 04 750-048778 ACKZ3352 RE-SRX220H2
+# FPC 0 FPC
+# PIC 0 8x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show chassis hardware models
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACKZ3352
+#
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show chassis scb
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show chassis sfm detail
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show chassis ssb
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 128kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# cpld0 on obio0
+# pcib0: <Cavium on-chip PCI bridge> on obio0
+# Disabling Octeon big bar support
+# PCI Status: PCI 32-bit: 0xc041b
+# pcib0: Initialized controller
+# pci0: <PCI bus> on pcib0
+# pci0: <simple comms> at device 1.0 (no driver attached)
+# atapci0: <SiI 0680 UDMA133 controller> port 0x8-0xb,0x10-0x17,0x18-0x1b,0x20-0x2f mem 0x8020000-0x80200ff irq 0 at device 2.0 on pci0
+# ata2: <ATA channel 0> on atapci0
+# ata3: <ATA channel 1> on atapci0
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 8MB> on obio0
+# Timecounter "mips" frequency 700000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# ad0: Device does not support APM
+# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
+# Trying to mount root from ufs:/dev/ad0s2a
+# WARNING: / was not properly dismounted
+# WARNING: / was not properly dismounted
+#
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show version
+# Hostname: HENNESSEY-PS-SRX220-LEASED-004624 # Model: srx220h2 # JUNOS Software Release [12.1X46-D20.5] # # grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 14 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show system uptime
+# System booted: 2015-07-08 16:42 CDT
+# Protocols started: 2015-07-08 16:44 CDT
+# Last configured: 2015-07-21 13:42 CDT by andrew
+#
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 up down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 up up
+#ge-0/0/7.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.3 up up
+#vlan.4 up up
+#vlan.999 up down
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show configuration
+## Last commit: 2015-07-21 13:42:59 CDT by andrew
+version 12.1X46-D20.5;
+system {
+ host-name HENNESSEY-PS-SRX220-LEASED-004624;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 156.110.24.86;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 156.110.24.86;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ web-management {
+ https {
+ system-generated-certificate;
+ }
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - UNTRUST-VLAN - 156.110.24.86/30";
+ family inet {
+ address 156.110.24.86/30;
+ }
+ }
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.0.1/24";
+ family inet {
+ address 172.16.0.1/24;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.24.85;
+ route 172.16.20.0/24 next-hop 172.16.0.21;
+ route 172.16.30.0/24 next-hop 172.16.0.21;
+ route 172.16.40.0/24 next-hop 172.16.0.21;
+ route 172.16.50.0/24 next-hop 172.16.0.21;
+ route 172.16.100.0/24 next-hop 172.16.0.21;
+ route 172.16.10.0/24 next-hop 172.16.0.21;
+ route 172.16.112.0/24 next-hop 172.16.0.21;
+ route 172.16.111.0/24 next-hop 172.16.0.21;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ 172.16.0.0/24;
+ 172.16.30.0/24;
+ }
+}
+security {
+ ike {
+ policy IKE-DYN-VPN-POLICY {
+ mode aggressive;
+ proposal-set standard;
+ pre-shared-key ascii-text "$9$IRoErewsgJUjs2JUjkQz1IEclKxNVbY4P5uOB1SysYgJjHfTzFnCPf1hrlMW7Ndb24q.5F69X7ZU"; ## SECRET-DATA
+ }
+ gateway DYN-VPN-LOCAL-GATEWAY {
+ ike-policy IKE-DYN-VPN-POLICY;
+ dynamic {
+ hostname DYNVPN;
+ connections-limit 2;
+ ike-user-type group-ike-id;
+ }
+ external-interface vlan.3;
+ xauth access-profile DYN-VPN-ACCESS-PROFILE;
+ }
+ }
+ ipsec {
+ policy IPSEC-DYN-VPN-POLICY {
+ proposal-set standard;
+ }
+ vpn DYN-VPN {
+ ike {
+ gateway DYN-VPN-LOCAL-GATEWAY;
+ ipsec-policy IPSEC-DYN-VPN-POLICY;
+ }
+ }
+ }
+ address-book {
+ global {
+ address HOST-172.16.0.7 172.16.0.7/32;
+ address HOST-172.16.0.18 172.16.0.18/32;
+ address HOST-172.16.0.95 172.16.0.95/32;
+ address HOST-172.16.20.18 172.16.20.18/32;
+ address HOST-172.16.20.110 172.16.20.110/32;
+ address HOST-208.67.222.222 208.67.222.222/32;
+ address HOST-208.67.220.220 208.67.220.220/32;
+ address NET-199.36.248.0/22 199.36.248.0/22;
+ address NET-199.87.120.0/22 199.87.120.0/22;
+ address NET-162.250.60.0/22 162.250.60.0/22;
+ address HOST-164.58.253.10 164.58.253.10/32;
+ address HOST-164.58.198.10 164.58.198.10/32;
+ }
+ }
+ alg {
+ mgcp disable;
+ sccp disable;
+ sip {
+ inactive: disable;
+ }
+ }
+ dynamic-vpn {
+ access-profile DYN-VPN-ACCESS-PROFILE;
+ clients {
+ DYN-VPN-USERS {
+ remote-protected-resources {
+ 172.16.0.0/12;
+ }
+ remote-exceptions {
+ 0.0.0.0/0;
+ }
+ ipsec-vpn DYN-VPN;
+ user-groups {
+ DYN-VPN-CLIENT-GROUP;
+ }
+ }
+ }
+ }
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ pool SRC_POOL_156_110_38_130 {
+ address {
+ 156.110.38.130/32;
+ }
+ }
+ interface {
+ port-overloading off;
+ }
+ rule-set TRUST-TO-UNTRUST-NAT {
+ from zone TRUST;
+ to zone UNTRUST;
+ rule SIP-PHONES {
+ match {
+ destination-address [ 199.36.248.0/22 199.87.120.0/22 162.250.60.0/22 ];
+ }
+ then {
+ source-nat {
+ interface {
+ persistent-nat {
+ permit any-remote-host;
+ inactivity-timeout 300;
+ }
+ }
+ }
+ }
+ }
+ rule NAT-TRUST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ pool {
+ SRC_POOL_156_110_38_130;
+ }
+ }
+ }
+ }
+ }
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ static {
+ rule-set STATIC-UNTRUST {
+ from zone UNTRUST;
+ rule 156_110_38_136 {
+ match {
+ destination-address 156.110.38.136/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 172.16.0.7/32;
+ }
+ }
+ }
+ }
+ rule 156_110_38_137 {
+ match {
+ destination-address 156.110.38.137/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 172.16.0.18/32;
+ }
+ }
+ }
+ }
+ rule 156_110_38_139 {
+ match {
+ destination-address 156.110.38.139/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 172.16.0.95/32;
+ }
+ }
+ }
+ }
+ rule 156_110_38_140 {
+ match {
+ destination-address 156.110.38.140/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 172.16.20.18/32;
+ }
+ }
+ }
+ }
+ rule 156_110_38_141 {
+ match {
+ destination-address 156.110.38.141/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 172.16.20.110/32;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TRUST to-zone UNTRUST {
+ policy SIP-PERMIT {
+ match {
+ source-address any;
+ destination-address [ NET-199.36.248.0/22 NET-199.87.120.0/22 NET-162.250.60.0/22 ];
+ application [ junos-stun jive-sip ];
+ }
+ then {
+ permit;
+ }
+ }
+ policy 201507211020 {
+ match {
+ source-address any;
+ destination-address [ HOST-208.67.222.222 HOST-208.67.220.220 HOST-164.58.253.10 HOST-164.58.198.10 ];
+ application junos-dns-udp;
+ }
+ then {
+ permit;
+ }
+ }
+ policy 201507211025 {
+ match {
+ source-address any;
+ destination-address any;
+ application junos-dns-udp;
+ }
+ then {
+ deny;
+ }
+ }
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone UNTRUST to-zone TRUST {
+ policy 201506071431 {
+ match {
+ source-address any;
+ destination-address HOST-172.16.0.7;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ policy 201506071432 {
+ match {
+ source-address any;
+ destination-address HOST-172.16.0.18;
+ application CUSTOM-TCP-3389;
+ }
+ then {
+ permit;
+ }
+ }
+ policy 201506071434 {
+ match {
+ source-address any;
+ destination-address HOST-172.16.0.95;
+ application CUSTOM-TCP-3389;
+ }
+ then {
+ permit;
+ }
+ }
+ policy 201506071435 {
+ match {
+ source-address any;
+ destination-address [ HOST-172.16.20.18 HOST-172.16.20.110 ];
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ policy 201506081707 {
+ match {
+ source-address [ NET-199.36.248.0/22 NET-199.87.120.0/22 NET-162.250.60.0/22 ];
+ destination-address any;
+ application [ junos-persistent-nat jive-sip junos-stun ];
+ }
+ then {
+ permit;
+ }
+ }
+ policy DYN-VPN-POLICY {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit {
+ tunnel {
+ ipsec-vpn DYN-VPN;
+ }
+ }
+ }
+ }
+ }
+ from-zone TRUST to-zone TRUST {
+ policy TRUST-TO-TRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TRUST {
+ interfaces {
+ vlan.4 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ ssh;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ ike;
+ https;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+access {
+ profile DYN-VPN-ACCESS-PROFILE {
+ client aduran {
+ client-group DYN-VPN-CLIENT-GROUP;
+ firewall-user {
+ password "$9$62Tc9pOhclv87uOEylv7NdbsgJDkqm"; ## SECRET-DATA
+ }
+ }
+ address-assignment {
+ pool DYN-VPN-ADDRESS-POOL;
+ }
+ }
+ address-assignment {
+ pool DYN-VPN-ADDRESS-POOL {
+ family inet {
+ network 192.168.2.0/24;
+ range dvpn-range {
+ low 192.168.2.50;
+ high 192.168.2.55;
+ }
+ }
+ }
+ }
+ firewall-authentication {
+ web-authentication {
+ default-profile DYN-VPN-ACCESS-PROFILE;
+ }
+ }
+}
+applications {
+ application CUSTOM-TCP-3389 {
+ protocol tcp;
+ destination-port 3389;
+ }
+ application jive-sip {
+ application-protocol sip;
+ protocol udp;
+ source-port 0-65535;
+ destination-port 5060-5061;
+ inactivity-timeout 300;
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 4;
+ l3-interface vlan.4;
+ }
+ UNTRUST-VLAN {
+ description UNTRUST-VLAN;
+ vlan-id 3;
+ l3-interface vlan.3;
+ }
+}
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at HENNESSEY-PS-SRX220-LEASED-004624> show system snapshot media internal
+# error: cannot mount /dev/ad0s1a
+#
Index: routers.down
===================================================================
--- routers.down (revision 130177)
+++ routers.down (working copy)
@@ -2,18 +2,6 @@
BLACKWELL-PUB-LIB-SRX220.clients.onenenet.net:juniper:down
CAMERON-PS-SRX220.clients.onenet.net:juniper:down
Capitol-3550.onenet.net:cisco:down
-NE-AREA-VOTECH-PRYOR.client.onenet.net:juniper:down
-OJA-SW-YOUTH-CENTER-MANITOU-SRX220.onenet.net:juniper:down
-OKC-DC-EDGE1-MX80.onenet.net:juniper:down
-OMES-MX480-0:juniper:down
-OMES-MX480-1:juniper:down
-PIONEER-TECH-ASH-SRX220-MR.client.onenet.net:juniper:down
-SMITHVILLE-PUB-SCH-SRX240.client.onenet.net:juniper:down
-SRX1.RP3F1-JOEL-SRX-220:juniper:down
-core.okc.onenet.net:cisco:down
-core.okclab.onenet.net:cisco:down
-core.ptc.onenet.net:cisco:down
-core.tul.onenet.net:cisco:down
core10.tul.onenet.net:juniper:down
core2.okc.onenet.net:cisco:down
core2.tul.onenet.net:cisco:down
@@ -22,12 +10,26 @@
core8.okc.onenet.net:cisco:down
core8.tul-C7603.onenet.net:cisco:down
core9.tul.onenet.net:cisco:down
+core.okclab.onenet.net:cisco:down
+core.okc.onenet.net:cisco:down
+core.ptc.onenet.net:cisco:down
+core.tul.onenet.net:cisco:down
decom.san-sw-tulsa.onenet.net:cisco:down
faye.okcdc.onenet.net:juniper:down
gatekeeper-backup-3725:cisco:down
geronimo-ps.client.onenet.net:juniper:down
hu.ada.onenet.net:cisco:down
hu.alv.onenet.net:cisco:down
+hub.cyril-tower.onenet.net:cisco:down
+hub.edm.onenet.net:cisco:down
+hub.goo.onenet.net:juniper:down
+hub.lan.onenet.net:cisco:down
+hub.nor1.onenet.net:cisco:down
+hub.nor.onenet.net:cisco:down
+hub.okccc.onenet.net:cisco:down
+hub.osuokc.onenet.netold:cisco:down
+hub.sti.onenet.net:cisco:down
+hub.war7304.onenet.net:cisco:down
hu.chi.onenet.net:cisco:down
hu.cla.onenet.net:cisco:down
hu.dunc.onenet.net:cisco:down
@@ -52,18 +54,16 @@
hu.wea.onenet.net:cisco:down
hu.wil.onenet.net:cisco:down
hu.woo.onenet.net:cisco:down
-hub.cyril-tower.onenet.net:cisco:down
-hub.edm.onenet.net:cisco:down
-hub.goo.onenet.net:juniper:down
-hub.lan.onenet.net:cisco:down
-hub.nor.onenet.net:cisco:down
-hub.nor1.onenet.net:cisco:down
-hub.okccc.onenet.net:cisco:down
-hub.osuokc.onenet.netold:cisco:down
-hub.sti.onenet.net:cisco:down
-hub.war7304.onenet.net:cisco:down
mwc-2912switch:cisco:down
+NE-AREA-VOTECH-PRYOR.client.onenet.net:juniper:down
+OJA-SW-YOUTH-CENTER-MANITOU-SRX220.onenet.net:juniper:down
+OKC-DC-EDGE1-MX80.onenet.net:juniper:down
okdepvotec-2950custend1.onenet.net:cisco:down
+OMES-MX480-0:juniper:down
+OMES-MX480-1:juniper:down
+opt2.str.onenet.net:ons15454:down
+opt5.okc.onenet.net:ons15454:down
+opt5.tul.onenet.net:ons15454:down
opt.AHEC.onenet.net:ons15327:down
opt.ard.onenet.net:ons15454:down
opt.cfh.onenet.net:ons15327:down
@@ -73,26 +73,26 @@
opt.nor.onenet.net:ons15454:down
opt.okc6.onenet.net:ons15454:down
opt.tul6.onenet.net:ons15454:down
-opt2.str.onenet.net:ons15454:down
-opt5.okc.onenet.net:ons15454:down
-opt5.tul.onenet.net:ons15454:down
ore13.okc.onenet.net:cisco:down
ore14.okc.onenet.net:cisco:down
ore5.okc.onenet.net:cisco:down
ore6.okc.onenet.net:cisco:down
+PIONEER-TECH-ASH-SRX220-MR.client.onenet.net:juniper:down
rpswi2.rp2f4.onenet.net:cisco:down
rpswi2.rp3f1.onenet.net:cisco:down
rpswi4.rp3f1.onenet.net:juniper:down
san-sw-lawton.onenet.net:juniper:down
+SMITHVILLE-PUB-SCH-SRX240.client.onenet.net:juniper:down
+SRX1.RP3F1-JOEL-SRX-220:juniper:down
+swi1.cap.onenet.net:cisco:down
+swi1.rp5f0.onenet.net:cisco:down
+swi5.okcdc.onenet.net:juniper:down
swi.cai.ato.onenet.net:juniper:down
swi.cai.chey.onenet.net:juniper:down
swi.cai.dpsdur.onenet.net:juniper:down
swi.cai.dpsend.onenet.net:juniper:down
swi.cai.gc.onenet.net:juniper:down
swi.cai.woo.onenet.net:juniper:down
-swi1.cap.onenet.net:cisco:down
-swi1.rp5f0.onenet.net:cisco:down
-swi5.okcdc.onenet.net:juniper:down
ub.say.onenet.net:cisco:down
walters-ps.client.onenet.net:juniper:down
whitesboro-ps.client.onenet.net:juniper:down
Index: routers.all
===================================================================
--- routers.all (revision 130177)
+++ routers.all (working copy)
@@ -1,40 +1,53 @@
-ADA-HIGH-SCHOOL-SRX240.client.onenet.net:juniper
-BAPTIST-GIRLS-HOME-SRX220.clients.onenet.net:juniper
-BLACKWELL-PUB-LIB-SRX220.clients.onenenet.net:juniper
-CAMERON-PS-SRX220.clients.onenet.net:juniper
-CHISHOLM-PS-SRX220.clients.onenet.net:juniper
-CLI-adva.p.onenet.net:fsp3000
-Capitol-3550.onenet.net:cisco
-GROVE-ELEM-DIST-63-SRX220.client.onenet.net:juniper
-HARRA-PS-SRX240.onenet.net:juniper
-KEOTA-HS-SRX220.client.onenet.net:juniper
-MID-AMERICA-TECH-CTR.client.onenet.net:juniper
-NE-AREA-VOTECH-PRYOR.client.onenet.net:juniper
-NORTH-ROCK-CREEK-PS.client.onenet.net:juniper
-OJA-SW-YOUTH-CENTER-MANITOU-SRX220.onenet.net:juniper
-OKC-DC-EDGE1-MX80.onenet.net:juniper
-OKTAHA-SRX240.onenet.net:juniper
-OMES-MX480-0:juniper
-OMES-MX480-1:juniper
-PIONEER-TECH-ASH-SRX220-MR.client.onenet.net:juniper
-PIONEER-TECH-PONC-SRX220-MR.onenet.net:juniper
-RPSWI1.ETN.EX4200.ONENET.NET:juniper
-SMITHVILLE-PUB-SCH-SRX240.client.onenet.net:juniper
-SRX1.RP3F1-JOEL-SRX-220:juniper
-TALOGA-PUB-SCHOOL-SRX240.client.onenet.net:juniper
-Tuskahoma:juniper
-WANETTE-PS-SRX220.client.onenet.net:juniper
acx.cai.ato-acx2100.onenet.net:juniper
acx.cai.dpsdur-acx2100.onenet.net:juniper
acx.cai.dpseni-acx2100.onenet.net:juniper
acx.cai.hart-acx2100.onenet.net:juniper
acx.caipan.onenet.net:juniper
acx.owtcbuf.onenet.net:juniper
+ADA-HIGH-SCHOOL-SRX240.client.onenet.net:juniper
+BAPTIST-GIRLS-HOME-SRX220.clients.onenet.net:juniper
bennington-ps-srx220.onenet.net:juniper
blackwell-ps.client.onenet.net:juniper
+BLACKWELL-PUB-LIB-SRX220.clients.onenenet.net:juniper
buffalo-valley-ps-ge112.nid.onenet.net:fsp150
+CAMERON-PS-SRX220.clients.onenet.net:juniper
+Capitol-3550.onenet.net:cisco
+CHISHOLM-PS-SRX220.clients.onenet.net:juniper
clayton-ps-srx220.client.onenet.net:juniper
cleveland-ps-srx220.client.onenet.net:juniper
+CLI-adva.p.onenet.net:fsp3000
+core10.tul.onenet.net:juniper
+core1.dc.onenet.net:juniper
+core1.edm.onenet.net:juniper
+core1.lan-MX80.onenet.net:juniper
+core1.nor.onenet.net:juniper
+core1.okccc.onenet.net:juniper
+core1.okc-MX960.onenet.net:juniper
+core1.ptc.onenet.net:juniper
+core1.sti-MX960.onenet.net:juniper
+core1.tul-MX960.onenet.net:juniper
+core2.dc.onenet.net:juniper
+core2.nor-MX80.onenet.net:juniper
+core2-okc-MX960.onenet.net:juniper
+core2.okc.onenet.net:cisco
+core2.sti.onenet.net:juniper
+core2.tul-MX960.onenet.net:juniper
+core2.tul.onenet.net:cisco
+core3.okc-M120.onenet.net:juniper
+core3.tul-M120.onenet.net:juniper
+core3.tul.onenet.net:cisco
+core4.okc.onenet.net:juniper
+core4.tul.onenet.net:juniper
+core5.okc.onenet.net:juniper
+core5.tul.onenet.net:juniper
+core6.okc-M7i.onenet.net:juniper
+core6.tul-M7i.onenet.net:juniper
+core7.tul.onenet.net:juniper
+core8.okc-MX480.onenet.net:juniper
+core8.okc.onenet.net:cisco
+core8.tul-C7603.onenet.net:cisco
+core8.tul.onenet.net:juniper
+core9.tul.onenet.net:cisco
core.ada.onenet.net:juniper
core.alt.onenet.net:juniper
core.ard.onenet.net:juniper
@@ -67,9 +80,9 @@
core.mca.onenet.net:juniper
core.mus.onenet.net:juniper
core.odmhsas-okc.onenet.net:juniper
-core.okc.onenet.net:cisco
core.okcbok.onenet.net:juniper
core.okclab.onenet.net:cisco
+core.okc.onenet.net:cisco
core.owtcalb.onenet.net:juniper
core.owtccla.onenet.net:juniper
core.owtcred.onenet.net:juniper
@@ -85,71 +98,15 @@
core.wil.onenet.net:juniper
core.wless.velm.onenet.net:juniper
core.woo.onenet.net:juniper
-core1.dc.onenet.net:juniper
-core1.edm.onenet.net:juniper
-core1.lan-MX80.onenet.net:juniper
-core1.nor.onenet.net:juniper
-core1.okc-MX960.onenet.net:juniper
-core1.okccc.onenet.net:juniper
-core1.ptc.onenet.net:juniper
-core1.sti-MX960.onenet.net:juniper
-core1.tul-MX960.onenet.net:juniper
-core10.tul.onenet.net:juniper
-core2-okc-MX960.onenet.net:juniper
-core2.dc.onenet.net:juniper
-core2.nor-MX80.onenet.net:juniper
-core2.okc.onenet.net:cisco
-core2.sti.onenet.net:juniper
-core2.tul-MX960.onenet.net:juniper
-core2.tul.onenet.net:cisco
-core3.okc-M120.onenet.net:juniper
-core3.tul-M120.onenet.net:juniper
-core3.tul.onenet.net:cisco
-core4.okc.onenet.net:juniper
-core4.tul.onenet.net:juniper
-core5.okc.onenet.net:juniper
-core5.tul.onenet.net:juniper
-core6.okc-M7i.onenet.net:juniper
-core6.tul-M7i.onenet.net:juniper
-core7.tul.onenet.net:juniper
-core8.okc-MX480.onenet.net:juniper
-core8.okc.onenet.net:cisco
-core8.tul-C7603.onenet.net:cisco
-core8.tul.onenet.net:juniper
-core9.tul.onenet.net:cisco
decom.san-sw-tulsa.onenet.net:cisco
faye.okcdc.onenet.net:juniper
gatekeeper-backup-3725:cisco
geronimo-ps.client.onenet.net:juniper
+GROVE-ELEM-DIST-63-SRX220.client.onenet.net:juniper
+HARRA-PS-SRX240.onenet.net:juniper
hennessey-ps-srx220.client.onenet.net:juniper
hu.ada.onenet.net:cisco
hu.alv.onenet.net:cisco
-hu.chi.onenet.net:cisco
-hu.cla.onenet.net:cisco
-hu.dunc.onenet.net:cisco
-hu.dur.onenet.net:cisco
-hu.elr.onenet.net:cisco
-hu.end.onenet.net:cisco
-hu.goo.onenet.net:cisco
-hu.ida.onenet.net:cisco
-hu.law.onenet.net:cisco
-hu.mca.onenet.net:cisco
-hu.mia.onenet.net:cisco
-hu.mus.onenet.net:cisco
-hu.mwc.onenet.net:juniper
-hu.okm.onenet.net:cisco
-hu.ponc.onenet.net:cisco
-hu.pot.onenet.net:cisco
-hu.sal.onenet.net:cisco
-hu.sem.onenet.net:cisco
-hu.tah.onenet.net:cisco
-hu.tis.onenet.net:cisco
-hu.ton.onenet.net:cisco
-hu.wea.onenet.net:cisco
-hu.wil.onenet.net:cisco
-hu.woo.onenet.net:cisco
-hub.Newcastle-router-MW.onenet.net:cisco
-hub.RushSprings-router-MW.onenet.net:cisco
hub.ada.onenet.net:juniper
hub.alt.onenet.net:juniper
hub.alv.onenet.net:juniper
@@ -172,13 +129,15 @@
hub.mia.onenet.net:juniper
hub.mus.onenet.net:juniper
hub.mwc.onenet.net:juniper
+hub.Newcastle-router-MW.onenet.net:cisco
+hub.nor1.onenet.net:cisco
hub.nor.onenet.net:cisco
-hub.nor1.onenet.net:cisco
hub.okccc.onenet.net:cisco
hub.okm.onenet.net:juniper
hub.osuokc.onenet.net:juniper
hub.osuokc.onenet.netold:cisco
hub.pot.onenet.net:juniper
+hub.RushSprings-router-MW.onenet.net:cisco
hub.sal.onenet.net:juniper
hub.say.onenet.net:juniper
hub.sem.onenet.net:juniper
@@ -189,22 +148,64 @@
hub.ton.onenet.net:juniper
hub.tsb.onenet.net:juniper
hub.velma-tower.onenet.net:cisco
+hub.war7304.onenet.net:cisco
hub.war.onenet.net:juniper
-hub.war7304.onenet.net:cisco
hub.wea.onenet.net:juniper
hub.wil.onenet.net:juniper
hub.woo.onenet.net:juniper
+hu.chi.onenet.net:cisco
+hu.cla.onenet.net:cisco
+hu.dunc.onenet.net:cisco
+hu.dur.onenet.net:cisco
+hu.elr.onenet.net:cisco
+hu.end.onenet.net:cisco
+hu.goo.onenet.net:cisco
+hu.ida.onenet.net:cisco
+hu.law.onenet.net:cisco
+hu.mca.onenet.net:cisco
+hu.mia.onenet.net:cisco
+hu.mus.onenet.net:cisco
+hu.mwc.onenet.net:juniper
+hu.okm.onenet.net:cisco
+hu.ponc.onenet.net:cisco
+hu.pot.onenet.net:cisco
+hu.sal.onenet.net:cisco
+hu.sem.onenet.net:cisco
+hu.tah.onenet.net:cisco
hutelr-adva.p.onenet.net:fsp3000
+hu.tis.onenet.net:cisco
+hu.ton.onenet.net:cisco
+hu.wea.onenet.net:cisco
+hu.wil.onenet.net:cisco
+hu.woo.onenet.net:cisco
+KEOTA-HS-SRX220.client.onenet.net:juniper
lukfata-ps.client.onenet.net:juniper
madill-ps-srx220.client.onenet.net:juniper
miami-ps-srx220.client.onenet.net:juniper
+MID-AMERICA-TECH-CTR.client.onenet.net:juniper
mwc-2912switch:cisco
navajo-ps-srx220.client.onenet.net:juniper
+NE-AREA-VOTECH-PRYOR.client.onenet.net:juniper
nor-adva.p.onenet.net:fsp3000
+NORTH-ROCK-CREEK-PS.client.onenet.net:juniper
ns3.onenet.net:PC
odmhsas.central-office.okc.client.onenet.net:juniper
+OJA-SW-YOUTH-CENTER-MANITOU-SRX220.onenet.net:juniper
+OKC-DC-EDGE1-MX80.onenet.net:juniper
okdepvotec-2950custend1.onenet.net:cisco
+OKTAHA-SRX240.onenet.net:juniper
+OMES-MX480-0:juniper
+OMES-MX480-1:juniper
onenet-dc-xg210.nid.onenet.net:fsp150
+opt2.nor.onenet.net:ons15454
+opt2.str.onenet.net:ons15454
+opt3.okc.onenet.net:ons15454
+opt3.sti.onenet.net:ons15454
+opt3.tul.onenet.net:ons15454
+opt4.okc.onenet.net:ons15454
+opt4.tul.onenet.net:ons15454
+opt5.okc.onenet.net:ons15454
+opt5.tul.onenet.net:ons15454
opt.AHEC.onenet.net:ons15327
opt.ard.onenet.net:ons15454
opt.art.onenet.net:ons15454
@@ -221,26 +222,20 @@
opt.nrm.onenet.net:ons15454
opt.occ.onenet.net:ons15454
opt.oeta.onenet.net:ons15454
+opt.okc6.onenet.net:ons15454
opt.okc.onenet.net:ons15454
-opt.okc6.onenet.net:ons15454
opt.sti.onenet.net:ons15454
+opt.tul6.onenet.net:ons15454
opt.tul.onenet.net:ons15454
-opt.tul6.onenet.net:ons15454
-opt2.nor.onenet.net:ons15454
-opt2.str.onenet.net:ons15454
-opt3.okc.onenet.net:ons15454
-opt3.sti.onenet.net:ons15454
-opt3.tul.onenet.net:ons15454
-opt4.okc.onenet.net:ons15454
-opt4.tul.onenet.net:ons15454
-opt5.okc.onenet.net:ons15454
-opt5.tul.onenet.net:ons15454
ore13.okc.onenet.net:cisco
ore14.okc.onenet.net:cisco
ore5.okc.onenet.net:cisco
ore6.okc.onenet.net:cisco
panola-ps.client.onenet.net:juniper
+PIONEER-TECH-ASH-SRX220-MR.client.onenet.net:juniper
+PIONEER-TECH-PONC-SRX220-MR.onenet.net:juniper
rp3-adva.p.onenet.net:fsp3000
+RPSWI1.ETN.EX4200.ONENET.NET:juniper
rpswi1.rp3f2.onenet.net:cisco
rpswi2.rp1f3.onenet.net:juniper
rpswi2.rp2f4.onenet.net:cisco
@@ -250,7 +245,25 @@
rpswi4.rp3f1.onenet.net:juniper
san-sw-lawton.onenet.net:juniper
san-sw-tulsa-EX2200.onenet.net:juniper
+SMITHVILLE-PUB-SCH-SRX240.client.onenet.net:juniper
+SRX1.RP3F1-JOEL-SRX-220:juniper
sti-ps.onenet.net:PC
+swi1.cap.onenet.net:cisco
+swi1.chi-EX2200.onenet.net:juniper
+swi1.dhs-mid-okc.onenet.net:juniper
+swi1.ggc-etn.onenet.net:juniper
+swi1.langston-okc.onenet.net:juniper
+swi1.law.onenet.net:juniper
+swi1.mia.onenet.net:juniper
+swi1.norman-ps.onenet.net:juniper
+swi1.odot.ada-hq.onenet.net:juniper
+swi1.odot.dun-hq.onenet.net:juniper
+swi1.odot.ton-intmaint.onenet.net:juniper
+swi1-rp3f0-3750x.onenet.net:cisco
+swi1.rp5f0.onenet.net:cisco
+swi1.towalt.onenet.net:juniper
+swi1.wayne.onenet.net:juniper
+swi5.okcdc.onenet.net:juniper
swi.cai.ato.onenet.net:juniper
swi.cai.chey.onenet.net:juniper
swi.cai.cleet.onenet.net:juniper
@@ -268,25 +281,12 @@
swi.cai.sei.onenet.net:juniper
swi.cai.woo.onenet.net:juniper
swi.sw-tech-center-altus.onenet.net:juniper
-swi1-rp3f0-3750x.onenet.net:cisco
-swi1.cap.onenet.net:cisco
-swi1.chi-EX2200.onenet.net:juniper
-swi1.dhs-mid-okc.onenet.net:juniper
-swi1.ggc-etn.onenet.net:juniper
-swi1.langston-okc.onenet.net:juniper
-swi1.law.onenet.net:juniper
-swi1.mia.onenet.net:juniper
-swi1.norman-ps.onenet.net:juniper
-swi1.odot.ada-hq.onenet.net:juniper
-swi1.odot.dun-hq.onenet.net:juniper
-swi1.odot.ton-intmaint.onenet.net:juniper
-swi1.rp5f0.onenet.net:cisco
-swi1.towalt.onenet.net:juniper
-swi1.wayne.onenet.net:juniper
-swi5.okcdc.onenet.net:juniper
+TALOGA-PUB-SCHOOL-SRX240.client.onenet.net:juniper
+Tuskahoma:juniper
ub.say.onenet.net:cisco
vinita-public-library-srx220.onenet.net:juniper
walters-ps.client.onenet.net:juniper
+WANETTE-PS-SRX220.client.onenet.net:juniper
wapanucka-ps-srx220.client.onenet.net:juniper
wetumka-isd-srx220.client.onenet.net:juniper
whitesboro-ps.client.onenet.net:juniper
More information about the Nocrancid
mailing list