[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Tue Oct 6 18:02:17 CDT 2015
Index: router.db
===================================================================
--- router.db (revision 135454)
+++ router.db (working copy)
@@ -7,20 +7,22 @@
acx.owtcalb.onenet.net:juniper:up
acx.owtccla.onenet.net:juniper:up
ada-hs-srx240.client.onenet.net:juniper:up
-alex-ps.client.onenet.net:juniper:down
+alex-ps.client.onenet.net:juniper:up
atoka-ps-srx240.client.onenet.net:juniper:up
+avant-ps-srx220.onenet.net:juniper:up
baptist-girls-home-srx220.client.onenet.net:juniper:up
bennington-ps-srx220.onenet.net:juniper:up
+blackwell-pl.client.onenenet.net:juniper:up
blackwell-ps.client.onenet.net:juniper:up
-BLACKWELL-PUB-LIB-SRX220.clients.onenenet.net:juniper:down
buffalo-valley-ps-ge112.nid.onenet.net:fsp150:up
calera-ps.client.onenet.net:juniper:up
-CAMERON-PS-SRX220.clients.onenet.net:juniper:down
+cameron-ps.clients.onenet.net:juniper:up
Capitol-3550.onenet.net:cisco:down
chisholm-ps.client.onenet.net:juniper:up
clayton-ps-srx220.client.onenet.net:juniper:up
cleveland-ps-srx220.client.onenet.net:juniper:up
CLI-adva.p.onenet.net:fsp3000:up
+comanche-ps.client.onenet.net:juniper:up
core.ada.onenet.net:juniper:up
core.alt.onenet.net:juniper:up
core.ard.onenet.net:juniper:up
@@ -104,15 +106,15 @@
decom.san-sw-tulsa.onenet.net:cisco:down
denison-ps-srx220.client.onenet.net:juniper:up
dewey-ps.client.onenet.net:juniper:up
-DICKSON-SCHOOLS-SRX240.client.onenet.net:juniper:up
+dickson-ps.client.onenet.net:juniper:up
dps-okc-mlk-ge114.nid.onenet.net:fsp150:up
-FAIRFAX-LIB-SRX220-MR.client.onenet.net:juniper:up
+fairfax-pl.client.onenet.net:juniper:up
faye.okcdc.onenet.net:juniper:down
gatekeeper-backup-3725:cisco:down
geronimo-ps.client.onenet.net:juniper:down
GROVE-ELEM-DIST-63-SRX220.client.onenet.net:juniper:down
HARRA-PS-SRX240.onenet.net:juniper:up
-HAYWOOD-PS-SRX240.client.onenet.net:juniper:down
+haywood-ps.client.onenet.net:juniper:up
hennessey-ps-srx220.client.onenet.net:juniper:up
hu.ada.onenet.net:cisco:down
hu.alv.onenet.net:cisco:down
@@ -247,7 +249,7 @@
PIONEER-TECH-ASH-SRX220-MR.client.onenet.net:juniper:up
pioneer-tech-ponc-srx220.client.onenet.net:juniper:up
PORUM-PUB-SCH-SRX240.client.onenet.net:juniper:up
-QUAPAW-PUB-SCHOOL-SRX240.client.onenet.net:juniper:down
+quapaw-ps.client.onenet.net:juniper:up
rp3-adva.p.onenet.net:fsp3000:up
rpswi1.okc.onenet.net:juniper:up
rpswi1.rp3f2.onenet.net:cisco:up
@@ -298,7 +300,7 @@
taloga-ps-srx240.client.onenet.net:juniper:up
tuskahoma-ps.client.onenet.net:juniper:up
ub.say.onenet.net:cisco:down
-union-city-ps.client.onenet.net:juniper:down
+union-city-ps.client.onenet.net:juniper:up
vinita-public-library-srx220.onenet.net:juniper:down
walters-ps.client.onenet.net:juniper:down
wanette-ps.client.onenet.net:juniper:up
Index: routers.up
===================================================================
--- routers.up (revision 135454)
+++ routers.up (working copy)
@@ -6,16 +6,21 @@
acx.owtcalb.onenet.net:juniper
acx.owtccla.onenet.net:juniper
ada-hs-srx240.client.onenet.net:juniper
+alex-ps.client.onenet.net:juniper
atoka-ps-srx240.client.onenet.net:juniper
+avant-ps-srx220.onenet.net:juniper
baptist-girls-home-srx220.client.onenet.net:juniper
bennington-ps-srx220.onenet.net:juniper
+blackwell-pl.client.onenenet.net:juniper
blackwell-ps.client.onenet.net:juniper
buffalo-valley-ps-ge112.nid.onenet.net:fsp150
calera-ps.client.onenet.net:juniper
+cameron-ps.clients.onenet.net:juniper
chisholm-ps.client.onenet.net:juniper
clayton-ps-srx220.client.onenet.net:juniper
cleveland-ps-srx220.client.onenet.net:juniper
cli-adva.p.onenet.net:fsp3000
+comanche-ps.client.onenet.net:juniper
core.ada.onenet.net:juniper
core.alt.onenet.net:juniper
core.ard.onenet.net:juniper
@@ -86,10 +91,11 @@
core8.tul.onenet.net:juniper
denison-ps-srx220.client.onenet.net:juniper
dewey-ps.client.onenet.net:juniper
-dickson-schools-srx240.client.onenet.net:juniper
+dickson-ps.client.onenet.net:juniper
dps-okc-mlk-ge114.nid.onenet.net:fsp150
-fairfax-lib-srx220-mr.client.onenet.net:juniper
+fairfax-pl.client.onenet.net:juniper
harra-ps-srx240.onenet.net:juniper
+haywood-ps.client.onenet.net:juniper
hennessey-ps-srx220.client.onenet.net:juniper
hub.ada.onenet.net:juniper
hub.alt.onenet.net:juniper
@@ -166,6 +172,7 @@
pioneer-tech-ash-srx220-mr.client.onenet.net:juniper
pioneer-tech-ponc-srx220.client.onenet.net:juniper
porum-pub-sch-srx240.client.onenet.net:juniper
+quapaw-ps.client.onenet.net:juniper
rp3-adva.p.onenet.net:fsp3000
rpswi1.okc.onenet.net:juniper
rpswi1.rp3f2.onenet.net:cisco
@@ -200,6 +207,7 @@
swi1.wayne.onenet.net:juniper
taloga-ps-srx240.client.onenet.net:juniper
tuskahoma-ps.client.onenet.net:juniper
+union-city-ps.client.onenet.net:juniper
wanette-ps.client.onenet.net:juniper
wapanucka-ps-srx220.client.onenet.net:juniper
wetumka-isd-srx220.client.onenet.net:juniper
Index: configs/comanche-ps.client.onenet.net
===================================================================
--- configs/comanche-ps.client.onenet.net (revision 135459)
+++ configs/comanche-ps.client.onenet.net (working copy)
@@ -0,0 +1,2633 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at COMANCHE-PS-LR> show system commit
+# 2015-10-03 22:27:29 CDT by andrew via cli
+# 2015-10-03 22:19:24 CDT by andrew via cli
+# 2015-10-03 22:14:09 CDT by andrew via cli
+# 2015-10-03 21:59:06 CDT by andrew via cli
+# 2015-10-03 21:40:27 CDT by andrew via cli
+# 2015-10-03 21:30:56 CDT by andrew via cli
+# grnoc-mon at COMANCHE-PS-LR> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU OK
+# Routing Engine Absent
+# Routing Engine CPU Absent
+# Fans SRXSME Chassis Fan 0 OK
+# SRXSME Chassis Fan 1 OK
+# SRXSME Chassis Fan 2 OK
+# SRXSME Chassis Fan 3 OK
+# Power Power Supply 0 OK
+# Power Supply 1 OK
+#
+# grnoc-mon at COMANCHE-PS-LR> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X46-D20.5 by builder on 2014-05
+# FWDD O/S Version 12.1X46-D20.5 by builder on 2014-05
+#
+# grnoc-mon at COMANCHE-PS-LR> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at COMANCHE-PS-LR> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis AL2614AK0107 SRX550
+# Midplane REV 21 750-035027 ACLM6641
+# Routing Engine REV 12 711-035026 ACLN8163 RE-SRXSME-SRX550
+# FPC 0 FPC
+# PIC 0 6x GE, 4x GE SFP Base PIC
+# Xcvr 6 REV 02 740-013111 D458823 SFP-T
+# Power Supply 0 Rev 04 740-024283 YE47746 PS 645W AC
+# Power Supply 1 Rev 04 740-024283 YD46617 PS 645W AC
+#
+# grnoc-mon at COMANCHE-PS-LR> show chassis hardware models
+# grnoc-mon at COMANCHE-PS-LR> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACLN8163
+#
+# grnoc-mon at COMANCHE-PS-LR> show chassis scb
+# grnoc-mon at COMANCHE-PS-LR> show chassis sfm detail
+# grnoc-mon at COMANCHE-PS-LR> show chassis ssb
+# grnoc-mon at COMANCHE-PS-LR> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 6 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 6 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 63XX CPU Rev. 0.10 with no FPU implemented
+# L1 Cache: I size 37kb(128 line), D size 32kb(128 line), direct mapped.
+# L2 Cache: Size 2048kb, 16 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# cpld0 on obio0
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
+# Disabling Octeon big bar support
+# pcib0: Initialized controller
+# pci0: <PCI bus> on pcib0
+# pci0: <processor> at device 0.0 (no driver attached)
+# pcib1: <Cavium on-chip PCIe HOST bridge> on obio0
+# pci1: <PCI bus> on pcib1
+# pcib2: <PCI-PCI bridge> mem 0xf0000000-0xf001ffff irq 0 at device 0.0 on pci1
+# pci2: <PCI bus> on pcib2
+# pcib3: <PCI-PCI bridge> irq 0 at device 1.0 on pci2
+# pci3: <PCI bus> on pcib3
+# pcib4: <PCI-PCI bridge> irq 0 at device 2.0 on pci2
+# pci4: <PCI bus> on pcib4
+# pcib5: <PCI-PCI bridge> irq 0 at device 4.0 on pci2
+# pci5: <PCI bus> on pcib5
+# pci5: <network, ethernet> at device 0.0 (no driver attached)
+# pcib6: <PCI-PCI bridge> irq 0 at device 5.0 on pci2
+# pci6: <PCI bus> on pcib6
+# pcib7: <PCI-PCI bridge> irq 0 at device 6.0 on pci2
+# pci7: <PCI bus> on pcib7
+# pcib8: <PCI-PCI bridge> irq 0 at device 7.0 on pci2
+# pci8: <PCI bus> on pcib8
+# pcib9: <PCI-PCI bridge> irq 0 at device 8.0 on pci2
+# pci9: <PCI bus> on pcib9
+# atapci0: <SiI 3132 SATA300 controller> mem 0xf0700000-0xf070007f,0xf0740000-0xf0743fff irq 0 at device 0.0 on pci9
+# ata0: <ATA channel 0> on atapci0
+# ata0: signature=00000101
+# ata1: <ATA channel 1> on atapci0
+# pcib10: <PCI-PCI bridge> irq 0 at device 9.0 on pci2
+# pci10: <PCI bus> on pcib10
+# pcib11: <PCI-PCI bridge> irq 0 at device 10.0 on pci2
+# pci11: <PCI bus> on pcib11
+# pcib12: <PCI-PCI bridge> irq 0 at device 12.0 on pci2
+# pci12: <PCI bus> on pcib12
+# pcib13: <PCI-PCI bridge> irq 0 at device 14.0 on pci2
+# pci13: <PCI bus> on pcib13
+# ehci0: <Octeon EHCI USB 2.0 controller> on obio0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 2 ports with 2 removable, self powered
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 8MB> on obio0
+# Timecounter "mips" frequency 1300000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# ad0: Device does not support APM
+# ad0: 2000MB <CF 2GB 20100924> at ata0-master WDMA2
+# Trying to mount root from ufs:/dev/ad0s2a
+# WARNING: / was not properly dismounted
+# WARNING: / was not properly dismounted
+#
+# grnoc-mon at COMANCHE-PS-LR> show version
+# Hostname: COMANCHE-PS-LR # Model: srx550 # JUNOS Software Release [12.1X46-D20.5] # # grnoc-mon at COMANCHE-PS-LR> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 14 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at COMANCHE-PS-LR> show system uptime
+# System booted: 2015-09-14 21:55 CDT
+# Protocols started: 2015-09-14 21:56 CDT
+# Last configured: 2015-10-03 22:27 CDT by andrew
+#
+# grnoc-mon at COMANCHE-PS-LR> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.414 up up
+#ge-0/0/0.1414 up up
+#ge-0/0/0.32767 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up up
+#ge-0/0/1.10 up up
+#ge-0/0/1.20 up up
+#ge-0/0/1.32767 up up
+#ge-0/0/2 up up
+#ge-0/0/2.0 up up
+#ge-0/0/3 up up
+#ge-0/0/3.6 up up
+#ge-0/0/3.850 up up
+#ge-0/0/3.32767 up up
+#ge-0/0/4 up up
+#ge-0/0/4.0 up up
+#ge-0/0/5 up up
+#ge-0/0/5.100 up up
+#ge-0/0/5.101 up up
+#ge-0/0/5.32767 up up
+#ge-0/0/6 up up
+#ge-0/0/6.0 up up
+#ge-0/0/7 up down
+#ge-0/0/8 up down
+#ge-0/0/9 up down
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#st0.1 up up
+#tap up up
+#vlan up up
+#vlan.3 up up
+# grnoc-mon at COMANCHE-PS-LR> show configuration
+## Last commit: 2015-10-03 22:27:29 CDT by andrew
+version 12.1X46-D20.5;
+system {
+ host-name COMANCHE-PS-LR;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+ port 1812;
+ accounting-port 1813;
+# secret "<removed>"; ## SECRET-DATA
+ source-address 164.58.83.254;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user eng {
+ uid 2003;
+ class admin;
+ }
+ user nelson {
+ uid 2500;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user onenet {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ }
+ syslog {
+ archive size 10m files 20;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ match "!(.*LI Packet length.*|.* grnoc-mon.*|.*Connection closed by 164.58.253.113.*|.* exited, status 255.*)";
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ file traffic-log {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ license {
+ autoupdate {
+ url https://ae1.juniper.net/junos/key_retrieval;
+ }
+ }
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description COMANCHE-PS-HS-1G-CIR0005881;
+ stacked-vlan-tagging;
+ unit 414 {
+ vlan-tags outer 414 inner 500;
+ family inet {
+ address 156.110.24.134/30;
+ }
+ }
+ unit 1414 {
+ vlan-tags outer 414 inner 501;
+ family inet {
+ address 10.199.5.6/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description COMANCHE-PS-MS-100M-CIR0004572;
+ vlan-tagging;
+ unit 10 {
+ vlan-id 10;
+ family inet {
+ policer {
+ input 100M-POL;
+ output 100M-POL;
+ }
+ address 156.110.42.134/30;
+ }
+ }
+ unit 20 {
+ vlan-id 20;
+ family inet {
+ address 10.199.5.10/30;
+ }
+ }
+ }
+ ge-0/0/2 {
+ description COMANCHE-PS-ES-100M-CIR0005932;
+ unit 0 {
+ family inet {
+ policer {
+ input 100M-POL;
+ output 100M-POL;
+ }
+ address 156.110.24.206/30;
+ }
+ }
+ }
+ ge-0/0/3 {
+ description "Link to Cisco 6500";
+ vlan-tagging;
+ unit 6 {
+ description "Distance Learning Subnet";
+ vlan-id 6;
+ family inet {
+ address 164.58.165.161/28;
+ }
+ }
+ unit 850 {
+ description "OneNet Hosted Link";
+ vlan-id 850;
+ family inet {
+ address 10.199.5.1/30;
+ }
+ }
+ }
+ ge-0/0/4 {
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members vlan-trust;
+ }
+ }
+ }
+ }
+ ge-0/0/5 {
+ description "ASA - VPN Concentrator";
+ vlan-tagging;
+ unit 100 {
+ description "ASA Untrust";
+ vlan-id 100;
+ family inet {
+ address 164.58.83.249/30;
+ }
+ }
+ unit 101 {
+ description "ASA Trust";
+ vlan-id 101;
+ family inet {
+ address 172.18.18.1/30;
+ }
+ }
+ }
+ ge-0/0/6 {
+ description Cradlepoint;
+ unit 0 {
+ family inet {
+ address 166.141.5.145/24;
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ address 164.58.83.254/32;
+ }
+ }
+ }
+ st0 {
+ unit 1 {
+ description "Tunnel to OneNet OKC VPN";
+ family inet {
+ mtu 1440;
+ address 164.58.23.242/30;
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ family inet {
+ filter {
+ input CHANGE-DEFAULT;
+ }
+ address 172.16.16.1/28;
+ }
+ }
+ }
+}
+snmp {
+ description COMANCHE-PUBLIC-SCHOOLS-SRX550;
+ contact "Net Group";
+ client-list snmp-management {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ 0.0.0.0/0 {
+ restrict;
+ }
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+}
+routing-options {
+ interface-routes {
+ rib-group inet CHANGE-DEFAULT;
+ }
+ static {
+ rib-group CHANGE-DEFAULT;
+ route 192.168.0.0/16 next-hop 172.16.16.2;
+ route 172.31.254.0/24 next-hop 172.16.16.2;
+ route 164.58.83.192/29 discard;
+ route 164.58.83.200/29 discard;
+ route 164.58.83.208/28 discard;
+ route 164.58.83.224/27 discard;
+ route 164.58.157.0/26 discard;
+ route 164.58.167.128/28 discard;
+ route 172.18.18.0/26 next-hop 172.18.18.2;
+ }
+ rib-groups {
+ CHANGE-DEFAULT {
+ import-rib [ inet.0 ELEMENTARY-DEFAULT.inet.0 MIDDLE-DEFAULT.inet.0 ];
+ import-policy RIB-GROUP-IMPORT;
+ }
+ }
+ autonomous-system 64571;
+}
+protocols {
+ bgp {
+ family inet {
+ unicast {
+ rib-group CHANGE-DEFAULT;
+ }
+ }
+ group EBGP-ONENET-END {
+ type external;
+ import EBGP-ONENET-END-IMPORT;
+ family inet {
+ unicast;
+ }
+ export EBGP-ONENET-END-EXPORT;
+ peer-as 5078;
+ bfd-liveness-detection {
+ minimum-interval 500;
+ multiplier 4;
+ }
+ neighbor 156.110.24.133;
+ }
+ group EBGP-ONENET-DUN {
+ type external;
+ import EBGP-ONENET-DUN-IMPORT;
+ family inet {
+ unicast;
+ }
+ export EBGP-ONENET-DUN-EXPORT;
+ peer-as 5078;
+ bfd-liveness-detection {
+ minimum-interval 500;
+ multiplier 4;
+ }
+ neighbor 156.110.42.133;
+ }
+ group EBGP-ONENET-OKC {
+ type external;
+ import EBGP-ONENET-OKC-IMPORT;
+ family inet {
+ unicast;
+ }
+ export EBGP-ONENET-OKC-EXPORT;
+ peer-as 5078;
+ bfd-liveness-detection {
+ minimum-interval 500;
+ multiplier 4;
+ }
+ neighbor 156.110.24.205;
+ }
+ group EBGP-ONENET-OKC-VPN {
+ type external;
+ import EBGP-ONENET-OKC-VPN-IMPORT;
+ family inet {
+ unicast;
+ }
+ export EBGP-ONENET-OKC-VPN-EXPORT;
+ peer-as 5078;
+ neighbor 164.58.23.241;
+ }
+ }
+ lldp {
+ interface all;
+ }
+ lldp-med {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ 192.168.128.0/22;
+ 192.168.132.0/22;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-SNMP-SOURCES {
+ apply-path "snmp client-list snmp-management <1*>";
+ }
+ policy-statement EBGP-ONENET-DUN-EXPORT {
+ term ELEMENTARY {
+ from {
+ route-filter 164.58.83.192/29 exact;
+ }
+ then {
+ metric 300;
+ accept;
+ }
+ }
+ term MIDDLE {
+ from {
+ route-filter 164.58.83.200/29 exact;
+ }
+ then {
+ metric 100;
+ accept;
+ }
+ }
+ term HIGH {
+ from {
+ route-filter 164.58.83.208/28 exact;
+ }
+ then {
+ metric 200;
+ accept;
+ }
+ }
+ term DATACENTER {
+ from {
+ route-filter 164.58.83.224/27 exact;
+ route-filter 164.58.157.0/26 exact;
+ route-filter 164.58.165.160/28 exact;
+ route-filter 164.58.167.128/28 exact;
+ }
+ then {
+ metric 200;
+ accept;
+ }
+ }
+ term REJECT_ALL_ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-DUN-IMPORT {
+ term DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then {
+ metric 200;
+ community add 64571:5078;
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-DUN-L3VPN-EXPORT {
+ term SEND-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then {
+ metric 200;
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-DUN-L3VPN-IMPORT {
+ term ACCEPT-ROUTES {
+ from {
+ route-filter 10.199.5.0/26 orlonger;
+ route-filter 192.168.160.0/22 exact;
+ }
+ then {
+ metric 200;
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-END-EXPORT {
+ term ELEMENTARY {
+ from {
+ route-filter 164.58.83.192/29 exact;
+ }
+ then {
+ metric 200;
+ accept;
+ }
+ }
+ term MIDDLE {
+ from {
+ route-filter 164.58.83.200/29 exact;
+ }
+ then {
+ metric 200;
+ accept;
+ }
+ }
+ term HIGH {
+ from {
+ route-filter 164.58.83.208/28 exact;
+ }
+ then {
+ metric 100;
+ accept;
+ }
+ }
+ term DATACENTER {
+ from {
+ route-filter 164.58.83.224/27 exact;
+ route-filter 164.58.157.0/26 exact;
+ route-filter 164.58.165.160/28 exact;
+ route-filter 164.58.167.128/28 exact;
+ }
+ then {
+ metric 100;
+ accept;
+ }
+ }
+ term REJECT_ALL_ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-END-IMPORT {
+ term DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then {
+ metric 100;
+ community add 64571:5078;
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-END-L3VPN-EXPORT {
+ term SEND-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then {
+ metric 100;
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-END-L3VPN-IMPORT {
+ term ACCEPT-ROUTES {
+ from {
+ route-filter 10.199.5.0/26 orlonger;
+ route-filter 192.168.160.0/22 exact;
+ }
+ then {
+ metric 100;
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-OKC-EXPORT {
+ term ELEMENTARY {
+ from {
+ route-filter 164.58.83.192/29 exact;
+ }
+ then {
+ metric 100;
+ accept;
+ }
+ }
+ term MIDDLE {
+ from {
+ route-filter 164.58.83.200/29 exact;
+ }
+ then {
+ metric 300;
+ accept;
+ }
+ }
+ term HIGH {
+ from {
+ route-filter 164.58.83.208/28 exact;
+ }
+ then {
+ metric 300;
+ accept;
+ }
+ }
+ term DATACENTER {
+ from {
+ route-filter 164.58.83.224/27 exact;
+ route-filter 164.58.157.0/26 exact;
+ route-filter 164.58.165.160/28 exact;
+ route-filter 164.58.167.128/28 exact;
+ }
+ then {
+ metric 300;
+ accept;
+ }
+ }
+ term REJECT_ALL_ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-OKC-IMPORT {
+ term DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then {
+ metric 300;
+ community add 64571:5078;
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-OKC-VPN-EXPORT {
+ term ELEMENTARY {
+ from {
+ route-filter 164.58.83.192/29 exact;
+ }
+ then {
+ metric 500;
+ accept;
+ }
+ }
+ term MIDDLE {
+ from {
+ route-filter 164.58.83.200/29 exact;
+ }
+ then {
+ metric 500;
+ accept;
+ }
+ }
+ term HIGH {
+ from {
+ route-filter 164.58.83.208/28 exact;
+ }
+ then {
+ metric 500;
+ accept;
+ }
+ }
+ term DATACENTER {
+ from {
+ route-filter 164.58.83.224/27 exact;
+ route-filter 164.58.157.0/26 exact;
+ route-filter 164.58.165.160/28 exact;
+ route-filter 164.58.167.128/28 exact;
+ }
+ then {
+ metric 500;
+ accept;
+ }
+ }
+ term REJECT_ALL_ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-ONENET-OKC-VPN-IMPORT {
+ term DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then {
+ metric 500;
+ community add 64571:5078;
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement RIB-GROUP-IMPORT {
+ term ELEMENTARY_DEFAULT_1 {
+ from {
+ neighbor 156.110.24.205;
+ route-filter 0.0.0.0/0 exact;
+ }
+ to rib ELEMENTARY-DEFAULT.inet.0;
+ then {
+ metric 100;
+ accept;
+ }
+ }
+ term ELEMENTARY_DEFAULT_2 {
+ from {
+ neighbor 156.110.24.133;
+ route-filter 0.0.0.0/0 exact;
+ }
+ to rib ELEMENTARY-DEFAULT.inet.0;
+ then {
+ metric 200;
+ accept;
+ }
+ }
+ term ELEMENTARY_DEFAULT_3 {
+ from {
+ neighbor 156.110.42.133;
+ route-filter 0.0.0.0/0 exact;
+ }
+ to rib ELEMENTARY-DEFAULT.inet.0;
+ then {
+ metric 300;
+ accept;
+ }
+ }
+ term ELEMENTARY_DEFAULT_5 {
+ from {
+ neighbor 164.58.23.241;
+ route-filter 0.0.0.0/0 exact;
+ }
+ to rib ELEMENTARY-DEFAULT.inet.0;
+ then {
+ metric 500;
+ accept;
+ }
+ }
+ term ELEMENTARY_DIRECT {
+ from protocol direct;
+ to rib ELEMENTARY-DEFAULT.inet.0;
+ then accept;
+ }
+ term ELEMENTARY_STATIC {
+ from protocol static;
+ to rib ELEMENTARY-DEFAULT.inet.0;
+ then accept;
+ }
+ term MIDDLE_DEFAULT_1 {
+ from {
+ neighbor 156.110.42.133;
+ route-filter 0.0.0.0/0 exact;
+ }
+ to rib MIDDLE-DEFAULT.inet.0;
+ then {
+ metric 100;
+ accept;
+ }
+ }
+ term MIDDLE_DEFAULT_2 {
+ from {
+ neighbor 156.110.24.133;
+ route-filter 0.0.0.0/0 exact;
+ }
+ to rib MIDDLE-DEFAULT.inet.0;
+ then {
+ metric 200;
+ accept;
+ }
+ }
+ term MIDDLE_DEFAULT_3 {
+ from {
+ neighbor 156.110.24.205;
+ route-filter 0.0.0.0/0 exact;
+ }
+ to rib MIDDLE-DEFAULT.inet.0;
+ then {
+ metric 300;
+ accept;
+ }
+ }
+ term MIDDLE_DEFAULT_5 {
+ from {
+ neighbor 164.58.23.241;
+ route-filter 0.0.0.0/0 exact;
+ }
+ to rib MIDDLE-DEFAULT.inet.0;
+ then {
+ metric 500;
+ accept;
+ }
+ }
+ term MIDDLE_DIRECT {
+ from protocol direct;
+ to rib MIDDLE-DEFAULT.inet.0;
+ then accept;
+ }
+ term MIDDLE_STATIC {
+ from protocol static;
+ to rib MIDDLE-DEFAULT.inet.0;
+ then accept;
+ }
+ term REJECT_ALL_ELSE {
+ then reject;
+ }
+ }
+ community 64571:5078 members 64571:5078;
+}
+security {
+ ike {
+ proposal pre-g2-aes128-sha {
+ authentication-method pre-shared-keys;
+ dh-group group2;
+ authentication-algorithm sha1;
+ encryption-algorithm aes-128-cbc;
+ lifetime-seconds 28800;
+ }
+ policy ike-ONENET-OKC {
+ mode main;
+ proposals pre-g2-aes128-sha;
+ pre-shared-key ascii-text "$9$PQn9SyKXxdDiPQz3puXxN-s2aJUDHqVwYoZjPfz36/A0IEcSlvQz"; ## SECRET-DATA
+ }
+ gateway ike-gate-ONENET-OKC {
+ ike-policy ike-ONENET-OKC;
+ address 164.58.199.73;
+ external-interface ge-0/0/6.0;
+ }
+ }
+ ipsec {
+ proposal g2-esp-aes128-sha {
+ description group2;
+ protocol esp;
+ authentication-algorithm hmac-sha1-96;
+ encryption-algorithm aes-128-cbc;
+ lifetime-seconds 3600;
+ }
+ policy vpn-policy-ONENET-OKC {
+ proposals g2-esp-aes128-sha;
+ }
+ vpn ipsec-vpn-ONENET-OKC {
+ bind-interface st0.1;
+ ike {
+ gateway ike-gate-ONENET-OKC;
+ ipsec-policy vpn-policy-ONENET-OKC;
+ }
+ establish-tunnels immediately;
+ }
+ }
+ address-book {
+ global {
+ address net-192.168.160.0/22 192.168.160.0/22;
+ address net-164.58.18.128/28 164.58.18.128/28;
+ address host-192.168.129.50 192.168.129.50/32;
+ address host-192.168.129.51 192.168.129.51/32;
+ address host-192.168.100.15 192.168.100.15/32;
+ address host-192.168.129.134 192.168.129.134/32;
+ address host-192.168.129.135 192.168.129.135/32;
+ address host-192.168.129.25 192.168.129.25/32;
+ address host-192.168.129.101 192.168.129.101/32;
+ address host-192.168.130.12 192.168.130.12/32;
+ address host-192.168.131.128 192.168.131.128/32;
+ address host-192.168.129.63 192.168.129.63/32;
+ address host-192.168.0.15 192.168.0.15/32;
+ address host-192.168.129.110 192.168.129.110/32;
+ address host-192.168.130.129 192.168.130.129/32;
+ address host-192.168.129.58 192.168.129.58/32;
+ address host-192.168.129.59 192.168.129.59/32;
+ address host-192.168.0.16 192.168.0.16/32;
+ address host-192.168.129.125 192.168.129.125/32;
+ address host-192.168.128.200 192.168.128.200/32;
+ address host-192.168.128.201 192.168.128.201/32;
+ address host-192.168.130.104 192.168.130.104/32;
+ address host-192.168.160.11 192.168.160.11/32;
+ address host-192.168.0.17 192.168.0.17/32;
+ address host-66.210.23.130 66.210.23.130/32;
+ address host-164.58.69.60 164.58.69.60/32;
+ address host-164.58.69.51 164.58.69.51/32;
+ address net-172.18.18.0/26 172.18.18.0/26;
+ address host-12.171.92.2 12.171.92.2/32;
+ address host-12.47.12.130 12.47.12.130/32;
+ }
+ }
+ forwarding-options {
+ family {
+ inet6 {
+ mode flow-based;
+ }
+ }
+ }
+ screen {
+ ids-option untrust-screen {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ pool 164_058_157_062 {
+ address {
+ 164.58.157.62/32;
+ }
+ }
+ pool 164_058_083_193 {
+ address {
+ 164.58.83.193/32;
+ }
+ }
+ pool 164_058_083_194 {
+ address {
+ 164.58.83.194/32;
+ }
+ }
+ pool 164_058_083_195 {
+ address {
+ 164.58.83.195/32;
+ }
+ }
+ pool 164_058_083_201 {
+ address {
+ 164.58.83.201/32;
+ }
+ }
+ pool 164_058_083_202 {
+ address {
+ 164.58.83.202/32;
+ }
+ }
+ pool 164_058_083_208 {
+ address {
+ 164.58.83.208/32;
+ }
+ }
+ pool 164_058_083_209 {
+ address {
+ 164.58.83.209/32;
+ }
+ }
+ pool 164_058_083_210 {
+ address {
+ 164.58.83.210/32;
+ }
+ }
+ pool 164_058_083_211 {
+ address {
+ 164.58.83.211/32;
+ }
+ }
+ pool 164_058_083_212 {
+ address {
+ 164.58.83.212/32;
+ }
+ }
+ pool 164_058_083_213 {
+ address {
+ 164.58.83.213/32;
+ }
+ }
+ pool 164_058_083_214 {
+ address {
+ 164.58.83.214/32;
+ }
+ }
+ pool 164_058_083_215 {
+ address {
+ 164.58.83.215/32;
+ }
+ }
+ pool 164_058_083_216 {
+ address {
+ 164.58.83.216/32;
+ }
+ }
+ pool 164_058_083_217 {
+ address {
+ 164.58.83.217/32;
+ }
+ }
+ pool 164_058_083_218 {
+ address {
+ 164.58.83.218/32;
+ }
+ }
+ pool 164_058_083_219 {
+ address {
+ 164.58.83.219/32;
+ }
+ }
+ pool 164_058_083_220 {
+ address {
+ 164.58.83.220/32;
+ }
+ }
+ pool 164_058_083_221 {
+ address {
+ 164.58.83.221/32;
+ }
+ }
+ pool 164_058_083_222 {
+ address {
+ 164.58.83.222/32;
+ }
+ }
+ rule-set trust-to-untrust {
+ from zone trust;
+ to zone untrust;
+ rule 172_016_016_000 {
+ match {
+ source-address 172.16.16.0/28;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_157_062;
+ }
+ }
+ }
+ }
+ rule 172_031_254_000 {
+ match {
+ source-address 172.31.254.0/24;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_157_062;
+ }
+ }
+ }
+ }
+ rule 192_168_136_000 {
+ description iscsi;
+ match {
+ source-address 192.168.136.0/24;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_157_062;
+ }
+ }
+ }
+ }
+ rule 192_168_004_000 {
+ description unknown;
+ match {
+ source-address 192.168.4.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_157_062;
+ }
+ }
+ }
+ }
+ rule 192_168_008_000 {
+ description "CES South";
+ match {
+ source-address 192.168.8.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_193;
+ }
+ }
+ }
+ }
+ rule 192_168_012_000 {
+ description "CES North";
+ match {
+ source-address 192.168.12.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_194;
+ }
+ }
+ }
+ }
+ rule 192_168_016_000 {
+ description CMS;
+ match {
+ source-address 192.168.16.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_201;
+ }
+ }
+ }
+ }
+ rule 192_168_020_000 {
+ description CHS;
+ match {
+ source-address 192.168.20.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_208;
+ }
+ }
+ }
+ }
+ rule 192_168_024_000 {
+ description Admin;
+ match {
+ source-address 192.168.24.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_209;
+ }
+ }
+ }
+ }
+ rule 192_168_028_000 {
+ description Annex;
+ match {
+ source-address 192.168.28.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_210;
+ }
+ }
+ }
+ }
+ rule 192_168_032_000 {
+ description Voc/Ag;
+ match {
+ source-address 192.168.32.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_211;
+ }
+ }
+ }
+ }
+ rule 192_168_036_000 {
+ description "Meridian (FAME)";
+ match {
+ source-address 192.168.36.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_212;
+ }
+ }
+ }
+ }
+ rule 192_168_040_000 {
+ description Liberty;
+ match {
+ source-address 192.168.40.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_195;
+ }
+ }
+ }
+ }
+ rule 192_168_044_000 {
+ description Fieldhouse;
+ match {
+ source-address 192.168.44.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_213;
+ }
+ }
+ }
+ }
+ rule 192_168_048_000 {
+ description Busbarn;
+ match {
+ source-address 192.168.48.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_214;
+ }
+ }
+ }
+ }
+ rule 192_168_052_000 {
+ description "CMS Gym";
+ match {
+ source-address 192.168.52.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_202;
+ }
+ }
+ }
+ }
+ rule 192_168_056_000 {
+ description "CHS Gym";
+ match {
+ source-address 192.168.56.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_215;
+ }
+ }
+ }
+ }
+ rule 192_168_060_000 {
+ description "Fitness Center";
+ match {
+ source-address 192.168.60.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_216;
+ }
+ }
+ }
+ }
+ rule 192_168_064_000 {
+ description "Child Nutrition";
+ match {
+ source-address 192.168.64.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_217;
+ }
+ }
+ }
+ }
+ rule 192_168_100_000 {
+ description "Admin Server Room";
+ match {
+ source-address 192.168.100.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_219;
+ }
+ }
+ }
+ }
+ rule 192_168_128_000 {
+ description "CMS Server Room";
+ match {
+ source-address 192.168.128.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_218;
+ }
+ }
+ }
+ }
+ rule 192_168_132_000 {
+ description Wireless;
+ match {
+ source-address 192.168.132.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_220;
+ }
+ }
+ }
+ }
+ rule 192_168_160_000 {
+ description "OneNet Server Farm";
+ match {
+ source-address 192.168.160.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_220;
+ }
+ }
+ }
+ }
+ }
+ rule-set vpn-to-untrust {
+ from zone vpn;
+ to zone untrust;
+ rule 172_018_018_000 {
+ description "ASA VPN";
+ match {
+ source-address 172.18.18.0/26;
+ }
+ then {
+ source-nat {
+ pool {
+ 164_058_083_222;
+ }
+ }
+ }
+ }
+ }
+ }
+ static {
+ rule-set untrust {
+ from zone untrust;
+ rule 164_058_157_005 {
+ match {
+ destination-address 164.58.157.5/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.100.15/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_007 {
+ match {
+ destination-address 164.58.157.7/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.130.104/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_008 {
+ match {
+ destination-address 164.58.157.8/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.50/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_009 {
+ match {
+ destination-address 164.58.157.9/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.51/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_010 {
+ match {
+ destination-address 164.58.157.10/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.101/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_011 {
+ match {
+ destination-address 164.58.157.11/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.130.129/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_012 {
+ match {
+ destination-address 164.58.157.12/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.160.11/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_015 {
+ match {
+ destination-address 164.58.157.15/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.0.15/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_016 {
+ match {
+ destination-address 164.58.157.16/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.0.16/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_017 {
+ match {
+ destination-address 164.58.157.17/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.0.17/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_018 {
+ match {
+ destination-address 164.58.157.18/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.130.12/32;
+ }
+ }
+ }
+ }
+ rule 164_058_157_025 {
+ match {
+ destination-address 164.58.157.25/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.25/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_132 {
+ match {
+ destination-address 164.58.167.132/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 172.32.254.250/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_133 {
+ match {
+ destination-address 164.58.167.133/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.128.201/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_134 {
+ match {
+ destination-address 164.58.167.134/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.134/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_135 {
+ match {
+ destination-address 164.58.167.135/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.135/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_136 {
+ match {
+ destination-address 164.58.167.136/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.131.128/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_137 {
+ match {
+ destination-address 164.58.167.137/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.63/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_138 {
+ match {
+ destination-address 164.58.167.138/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.110/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_139 {
+ match {
+ destination-address 164.58.167.139/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.58/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_140 {
+ match {
+ destination-address 164.58.167.140/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.59/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_141 {
+ match {
+ destination-address 164.58.167.141/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.129.125/32;
+ }
+ }
+ }
+ }
+ rule 164_058_167_142 {
+ match {
+ destination-address 164.58.167.142/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 192.168.128.200/32;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone trust to-zone untrust {
+ policy trust-to-untrust {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone vpn to-zone trust {
+ policy 201409151338 {
+ match {
+ source-address net-172.18.18.0/26;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone trust to-zone vpn {
+ policy 201409151339 {
+ match {
+ source-address any;
+ destination-address net-172.18.18.0/26;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone vpn to-zone untrust {
+ policy 201409151340 {
+ match {
+ source-address net-172.18.18.0/26;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone untrust to-zone trust {
+ policy 201408251444 {
+ match {
+ source-address [ host-12.171.92.2 host-12.47.12.130 ];
+ destination-address [ host-192.168.129.50 host-192.168.129.51 ];
+ application custom-tcp-389;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251446 {
+ match {
+ source-address any;
+ destination-address [ host-192.168.129.50 host-192.168.129.51 ];
+ application any;
+ }
+ then {
+ reject;
+ }
+ }
+ policy 201408251713 {
+ match {
+ source-address any;
+ destination-address any;
+ application junos-icmp-ping;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251512 {
+ match {
+ source-address any;
+ destination-address host-192.168.100.15;
+ application [ junos-http junos-https custom-tcp-5071 custom-tcp-7880 custom-tcp-2000 junos-sqlnet-v2 custom-tcp-8080 custom-tcp-5900 custom-tcp-7980 custom-tcp-5443 custom-udp-5443 ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251644 {
+ match {
+ source-address any;
+ destination-address host-192.168.129.134;
+ application [ junos-ftp junos-ssh junos-telnet junos-http junos-https junos-imap junos-imaps junos-ldap custom-tcp-510 custom-tcp-943 custom-tcp-3004 custom-tcp-3283 custom-tcp-5900 custom-udp-810 custom-udp-3283 junos-smtp custom-tcp-3389 ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251705 {
+ match {
+ source-address any;
+ destination-address host-192.168.129.135;
+ application [ junos-http junos-https custom-tcp-5900 ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251706 {
+ match {
+ source-address any;
+ destination-address host-192.168.129.25;
+ application [ junos-smtp custom-tcp-5900 ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251707 {
+ match {
+ source-address any;
+ destination-address host-192.168.129.101;
+ application [ junos-http junos-https custom-tcp-5900 ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251708 {
+ match {
+ source-address any;
+ destination-address host-192.168.130.12;
+ application [ junos-http junos-https custom-tcp-5900 ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251709 {
+ match {
+ source-address any;
+ destination-address host-192.168.131.128;
+ application [ custom-tcp-5900 custom-tcp-8080 custom-tcp-7962 junos-http ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251715 {
+ match {
+ source-address any;
+ destination-address host-192.168.129.63;
+ application [ junos-http junos-https citrix ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251716 {
+ match {
+ source-address any;
+ destination-address host-192.168.0.15;
+ application junos-http;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251717 {
+ match {
+ source-address any;
+ destination-address host-192.168.129.110;
+ application junos-http;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251718 {
+ match {
+ source-address any;
+ destination-address host-192.168.130.129;
+ application [ junos-http junos-https ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251725 {
+ match {
+ source-address any;
+ destination-address host-192.168.129.58;
+ application [ citrix junos-http junos-https ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251726 {
+ match {
+ source-address any;
+ destination-address host-192.168.129.59;
+ application [ citrix junos-http junos-https ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251728 {
+ match {
+ source-address host-66.210.23.130;
+ destination-address host-192.168.129.58;
+ application custom-tcp-3389;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251733 {
+ match {
+ source-address any;
+ destination-address host-192.168.0.16;
+ application [ junos-http junos-smtp ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251735 {
+ match {
+ source-address any;
+ destination-address host-192.168.129.125;
+ application custom-tcp-8443;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251736 {
+ match {
+ source-address [ host-164.58.69.51 host-164.58.69.60 ];
+ destination-address host-192.168.128.200;
+ application any;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251737 {
+ match {
+ source-address [ host-164.58.69.51 host-164.58.69.60 ];
+ destination-address host-192.168.128.201;
+ application any;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251739 {
+ match {
+ source-address any;
+ destination-address host-192.168.130.104;
+ application junos-http;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251741 {
+ match {
+ source-address any;
+ destination-address host-192.168.129.101;
+ application custom-tcp-7777;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251744 {
+ match {
+ source-address any;
+ destination-address host-192.168.160.11;
+ application [ junos-http junos-https ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201408251745 {
+ match {
+ source-address any;
+ destination-address host-192.168.0.17;
+ application [ junos-http junos-smtp ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ policy 201507301057 {
+ match {
+ source-address host-12.171.92.2;
+ destination-address host-192.168.129.101;
+ application custom-tcp-3389;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ }
+ from-zone untrust to-zone untrust {
+ policy untrust-to-untrust {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone trust to-zone trust {
+ policy trust-to-trust {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone ONENET-HOSTED to-zone ONENET-HOSTED {
+ policy ONENET-HOSTED-TO-ONENET-HOSTED {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone trust {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ ssh;
+ }
+ }
+ interfaces {
+ vlan.3;
+ }
+ }
+ security-zone untrust {
+ screen untrust-screen;
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ ssh;
+ snmp;
+ ike;
+ }
+ protocols {
+ bgp;
+ bfd;
+ }
+ }
+ interfaces {
+ ge-0/0/1.10;
+ ge-0/0/2.0;
+ lo0.0;
+ ge-0/0/0.414;
+ ge-0/0/5.100 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ st0.1;
+ ge-0/0/3.6 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone vpn {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ ssh;
+ }
+ }
+ interfaces {
+ ge-0/0/5.101;
+ }
+ }
+ security-zone wireless {
+ host-inbound-traffic {
+ system-services {
+ ike;
+ ping;
+ traceroute;
+ ssh;
+ }
+ }
+ interfaces {
+ ge-0/0/6.0 {
+ host-inbound-traffic {
+ system-services {
+ bootp;
+ dhcp;
+ all;
+ }
+ protocols {
+ all;
+ }
+ }
+ }
+ }
+ }
+ security-zone ONENET-HOSTED {
+ interfaces {
+ ge-0/0/0.1414 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ ssh;
+ snmp;
+ }
+ protocols {
+ bgp;
+ }
+ }
+ }
+ ge-0/0/1.20 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ ssh;
+ snmp;
+ }
+ protocols {
+ bgp;
+ }
+ }
+ }
+ ge-0/0/3.850 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-SNMP-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ filter CHANGE-DEFAULT {
+ term CES-SOUTH {
+ from {
+ source-address {
+ 192.168.8.0/22;
+ }
+ }
+ then {
+ routing-instance ELEMENTARY-DEFAULT;
+ }
+ }
+ term CES-NORTH {
+ from {
+ source-address {
+ 192.168.12.0/22;
+ }
+ }
+ then {
+ routing-instance ELEMENTARY-DEFAULT;
+ }
+ }
+ term LIBERTY {
+ from {
+ source-address {
+ 192.168.40.0/22;
+ }
+ }
+ then {
+ routing-instance ELEMENTARY-DEFAULT;
+ }
+ }
+ term CMS {
+ from {
+ source-address {
+ 192.168.16.0/22;
+ }
+ }
+ then {
+ routing-instance MIDDLE-DEFAULT;
+ }
+ }
+ term CMS-GYM {
+ from {
+ source-address {
+ 192.168.52.0/22;
+ }
+ }
+ then {
+ routing-instance MIDDLE-DEFAULT;
+ }
+ }
+ term ALL_ELSE {
+ then accept;
+ }
+ }
+ }
+ policer 45M-POL {
+ logical-interface-policer;
+ if-exceeding {
+ bandwidth-limit 45m;
+ burst-size-limit 9m;
+ }
+ then discard;
+ }
+ policer 100M-POL {
+ logical-interface-policer;
+ if-exceeding {
+ bandwidth-limit 100m;
+ burst-size-limit 20m;
+ }
+ then discard;
+ }
+ policer 50M-POL {
+ logical-interface-policer;
+ if-exceeding {
+ bandwidth-limit 50m;
+ burst-size-limit 10m;
+ }
+ then discard;
+ }
+}
+routing-instances {
+ ELEMENTARY-DEFAULT {
+ instance-type forwarding;
+ }
+ MIDDLE-DEFAULT {
+ instance-type forwarding;
+ }
+ ONENET-HOSTED {
+ instance-type virtual-router;
+ interface ge-0/0/0.1414;
+ interface ge-0/0/1.20;
+ interface ge-0/0/3.850;
+ routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.5.2;
+ }
+ }
+ protocols {
+ bgp {
+ group EBGP-ONENET-HOSTED {
+ type external;
+ family inet {
+ unicast;
+ }
+ neighbor 10.199.5.5 {
+ import EBGP-ONENET-END-L3VPN-IMPORT;
+# authentication-key <removed>;
+ export EBGP-ONENET-END-L3VPN-EXPORT;
+ peer-as 64513;
+ }
+ neighbor 10.199.5.9 {
+ import EBGP-ONENET-DUN-L3VPN-IMPORT;
+# authentication-key <removed>;
+ export EBGP-ONENET-DUN-L3VPN-EXPORT;
+ peer-as 64513;
+ }
+ }
+ }
+ }
+ }
+ wireless {
+ instance-type virtual-router;
+ interface ge-0/0/6.0;
+ routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 166.141.5.1;
+ }
+ }
+ }
+}
+applications {
+ application custom-tcp-5071 {
+ protocol tcp;
+ destination-port 5071;
+ }
+ application custom-tcp-7880 {
+ protocol tcp;
+ destination-port 7880;
+ }
+ application custom-tcp-2000 {
+ protocol tcp;
+ destination-port 2000;
+ }
+ application custom-tcp-8080 {
+ protocol tcp;
+ destination-port 8080;
+ }
+ application custom-tcp-5900 {
+ protocol tcp;
+ destination-port 5900;
+ }
+ application custom-tcp-510 {
+ protocol tcp;
+ destination-port 510;
+ }
+ application custom-tcp-943 {
+ protocol tcp;
+ destination-port 943;
+ }
+ application custom-tcp-3004 {
+ protocol tcp;
+ destination-port 3004;
+ }
+ application custom-tcp-3283 {
+ protocol tcp;
+ destination-port 3283;
+ }
+ application custom-udp-810 {
+ protocol udp;
+ destination-port 810;
+ }
+ application custom-udp-3283 {
+ protocol udp;
+ destination-port 3283;
+ }
+ application custom-tcp-7962 {
+ protocol tcp;
+ destination-port 7962;
+ }
+ application custom-tcp-1494 {
+ protocol tcp;
+ destination-port 1494;
+ }
+ application custom-tcp-2598 {
+ protocol tcp;
+ destination-port 2598;
+ }
+ application custom-udp-1604 {
+ protocol udp;
+ destination-port 1604;
+ }
+ application custom-tcp-3389 {
+ protocol tcp;
+ destination-port 3389;
+ }
+ application custom-tcp-7980 {
+ protocol tcp;
+ destination-port 7980;
+ }
+ application custom-tcp-8443 {
+ protocol tcp;
+ destination-port 8443;
+ }
+ application custom-tcp-5443 {
+ protocol tcp;
+ destination-port 5443;
+ }
+ application custom-udp-5443 {
+ protocol udp;
+ destination-port 5443;
+ }
+ application custom-tcp-7777 {
+ protocol tcp;
+ destination-port 7777;
+ }
+ application custom-tcp-389 {
+ protocol tcp;
+ destination-port 389;
+ }
+ application-set citrix {
+ application custom-tcp-1494;
+ application custom-tcp-2598;
+ application custom-udp-1604;
+ }
+}
+vlans {
+ vlan-trust {
+ vlan-id 3;
+ l3-interface vlan.3;
+ }
+}
+# grnoc-mon at COMANCHE-PS-LR> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at COMANCHE-PS-LR> show bfd session
+ Detect Transmit
+Address State Interface Time Interval Multiplier
+156.110.24.133 Up ge-0/0/0.414 2.000 0.500 4
+156.110.24.205 Up ge-0/0/2.0 2.000 0.500 4
+156.110.42.133 Up ge-0/0/1.10 2.000 0.500 4
+
+3 sessions, 3 clients
+Cumulative transmit rate 6.0 pps, cumulative receive rate 6.0 pps
+
+# grnoc-mon at COMANCHE-PS-LR> show system snapshot media internal
+# Information for snapshot on internal (/dev/ad0s1a) (backup)
+# Creation date: Sep 6 01:29:26 2014
+# JUNOS version on snapshot:
+# junos : 12.1X46-D20.5-domestic
+# Information for snapshot on internal (/dev/ad0s2a) (primary)
+# Creation date: Sep 14 21:55:23 2015
+# JUNOS version on snapshot:
+# junos : 12.1X46-D20.5-domestic
+#
Index: configs/avant-ps-srx220.onenet.net
===================================================================
--- configs/avant-ps-srx220.onenet.net (revision 135456)
+++ configs/avant-ps-srx220.onenet.net (working copy)
@@ -0,0 +1,644 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at AVANT-PS-LR-004643> show system commit
+# 2015-10-06 17:37:44 CDT by admin via cli
+# 2015-10-06 17:34:59 CDT by admin via cli
+# 2015-06-22 10:15:08 CDT by admin via cli
+# 2015-06-22 10:03:49 CDT by admin via cli
+# 2015-06-19 13:44:21 CDT by admin via cli
+# 2015-06-19 13:17:47 CDT by admin via cli commit confirmed, rollback in 3mins
+# grnoc-mon at AVANT-PS-LR-004643> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU Absent
+# Fans SRX220 Chassis fan 0 OK
+# SRX220 Chassis fan 1 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at AVANT-PS-LR-004643> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X46-D20.5 by builder on 2014-05
+# FPC 1 O/S Version 12.1X46-D20.5 by builder on 2014-05
+# FWDD O/S Version 12.1X46-D20.5 by builder on 2014-05
+#
+# grnoc-mon at AVANT-PS-LR-004643> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+# Slot 1 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at AVANT-PS-LR-004643> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis CF0614AK0221 SRX220H2
+# Routing Engine REV 04 750-048778 ACKZ3156 RE-SRX220H2
+# FPC 0 FPC
+# PIC 0 8x GE Base PIC
+# FPC 1 REV 07 750-023367 ACMC7196 FPC
+# PIC 0 1x T1E1 mPIM
+# Power Supply 0
+#
+# grnoc-mon at AVANT-PS-LR-004643> show chassis hardware models
+# grnoc-mon at AVANT-PS-LR-004643> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACKZ3156
+#
+# grnoc-mon at AVANT-PS-LR-004643> show chassis scb
+# grnoc-mon at AVANT-PS-LR-004643> show chassis sfm detail
+# grnoc-mon at AVANT-PS-LR-004643> show chassis ssb
+# grnoc-mon at AVANT-PS-LR-004643> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 128kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# cpld0 on obio0
+# pcib0: <Cavium on-chip PCI bridge> on obio0
+# Disabling Octeon big bar support
+# PCI Status: PCI 32-bit: 0xc041b
+# pcib0: Initialized controller
+# pci0: <PCI bus> on pcib0
+# pci0: <simple comms> at device 1.0 (no driver attached)
+# atapci0: <SiI 0680 UDMA133 controller> port 0x8-0xb,0x10-0x17,0x18-0x1b,0x20-0x2f mem 0x8020000-0x80200ff irq 0 at device 2.0 on pci0
+# ata2: <ATA channel 0> on atapci0
+# ata3: <ATA channel 1> on atapci0
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 8MB> on obio0
+# Timecounter "mips" frequency 700000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# ad0: Device does not support APM
+# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
+# Trying to mount root from ufs:/dev/ad0s2a
+# WARNING: / was not properly dismounted
+# WARNING: / was not properly dismounted
+#
+# grnoc-mon at AVANT-PS-LR-004643> show version
+# Hostname: AVANT-PS-LR-004643 # Model: srx220h2 # JUNOS Software Release [12.1X46-D20.5] # # grnoc-mon at AVANT-PS-LR-004643> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 14 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at AVANT-PS-LR-004643> show system uptime
+# System booted: 2015-09-14 13:40 CDT
+# Protocols started: 2015-09-14 13:42 CDT
+# Last configured: 2015-10-06 17:37 CDT by admin
+#
+# grnoc-mon at AVANT-PS-LR-004643> show interface terse
+#Interface Admin Link
+#ge-0/0/0 down down
+#gr-0/0/0 up up
+#gr-0/0/0.0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 up up
+#ge-0/0/7.0 up up
+#t1-1/0/0 up up
+#t1-1/0/0.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.4 up up
+#vlan.999 up down
+# grnoc-mon at AVANT-PS-LR-004643> show configuration
+## Last commit: 2015-10-06 17:37:44 CDT by admin
+version 12.1X46-D20.5;
+system {
+ host-name AVANT-PS-LR-004643;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 164.58.7.254;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 164.58.7.254;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ disable;
+ }
+ gr-0/0/0 {
+ description GRE-TUNNEL-TO-TWOTREES;
+ unit 0 {
+ tunnel {
+ source 164.58.7.254;
+ destination 164.58.25.66;
+ }
+ family inet {
+ address 10.10.0.3/24;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ t1-1/0/0 {
+ description "UNTRUST WAN Interface";
+ encapsulation cisco-hdlc;
+ unit 0 {
+ family inet {
+ address 164.58.7.254/30;
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN - 10.2.0.10/22";
+ family inet {
+ address 10.2.0.10/22;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop gr-0/0/0.0;
+ route 164.58.25.66/32 next-hop 164.58.7.253;
+ route 164.58.253.20/32 next-hop 164.58.7.253;
+ route 156.110.31.0/27 next-hop 164.58.7.253;
+ route 156.110.31.32/28 next-hop 164.58.7.253;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TRUST-TO-UNTRUST-NAT {
+ from zone TRUST;
+ to zone UNTRUST;
+ rule NAT-TRUST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TRUST to-zone TRUST {
+ policy TRUST-TO-TRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TRUST {
+ interfaces {
+ vlan.4 {
+ host-inbound-traffic {
+ system-services {
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ gr-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ t1-1/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol tcp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 4;
+ l3-interface vlan.4;
+ }
+}
+# grnoc-mon at AVANT-PS-LR-004643> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at AVANT-PS-LR-004643> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at AVANT-PS-LR-004643> show system snapshot media internal
+# Information for snapshot on internal (/dev/ad0s1a) (backup)
+# Creation date: Oct 6 17:42:28 2015
+# JUNOS version on snapshot:
+# junos : 12.1X46-D20.5-domestic
+# Information for snapshot on internal (/dev/ad0s2a) (primary)
+# Creation date: Sep 14 13:40:34 2015
+# JUNOS version on snapshot:
+# junos : 12.1X46-D20.5-domestic
+#
Index: configs/quapaw-ps.client.onenet.net
===================================================================
--- configs/quapaw-ps.client.onenet.net (revision 135463)
+++ configs/quapaw-ps.client.onenet.net (working copy)
@@ -0,0 +1,984 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at QUAPAW-PS-LR-004903> show system commit
+# 2015-10-06 17:26:15 CDT by andrew via cli
+# 2015-08-25 17:23:40 CDT by joel via cli
+# 2015-08-25 17:22:05 CDT by joel via cli
+# 2015-08-25 01:43:43 CDT by admin via cli
+# 2015-08-25 01:40:04 CDT by admin via cli
+# 2015-08-25 01:21:55 CDT by root via cli
+# grnoc-mon at QUAPAW-PS-LR-004903> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU OK
+# Fans SRX240 PowerSupply fan 1 OK
+# SRX240 PowerSupply fan 2 OK
+# SRX240 CPU fan 1 OK
+# SRX240 CPU fan 2 OK
+# SRX240 IO fan 1 OK
+# SRX240 IO fan 2 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at QUAPAW-PS-LR-004903> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+#
+# grnoc-mon at QUAPAW-PS-LR-004903> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at QUAPAW-PS-LR-004903> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis BU1214AK0471 SRX240H2
+# Routing Engine REV 10 750-043609 ACLC8120 RE-SRX240H2
+# FPC 0 FPC
+# PIC 0 16x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at QUAPAW-PS-LR-004903> show chassis hardware models
+# grnoc-mon at QUAPAW-PS-LR-004903> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACLC8120
+#
+# grnoc-mon at QUAPAW-PS-LR-004903> show chassis scb
+# grnoc-mon at QUAPAW-PS-LR-004903> show chassis sfm detail
+# grnoc-mon at QUAPAW-PS-LR-004903> show chassis ssb
+# grnoc-mon at QUAPAW-PS-LR-004903> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 512kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# dwc1: <Synopsis DWC OTG Controller Driver> on obio0
+# usb1: <USB Bus for DWC OTG Controller> on dwc1
+# usb1: USB revision 2.0
+# uhub2: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub2: 1 port with 1 removable, self powered
+# cpld0 on obio0
+# pcib1: <Cavium on-chip PCIe HOST bridge> on obio0
+# Disabling Octeon big bar support
+# PCIe: Waiting for port 0 to finish reset
+# PCIe: Port 0 link active, 2 lanes
+# PCIe: Waiting for port 1 to finish reset
+# PCIe: Port 1 link active, 1 lanes
+# pcib1: Initialized controller
+# pci0: <PCI bus> on pcib1
+# pcib2: <PCI-PCI bridge> irq 0 at device 0.0 on pci0
+# pci1: <PCI bus> on pcib2
+# pci1: <serial bus, USB> at device 2.0 (no driver attached)
+# pci1: <serial bus, USB> at device 2.1 (no driver attached)
+# pci1: <network> at device 7.0 (no driver attached)
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
+# pci2: <PCI bus> on pcib0
+# pci2: <processor> at device 0.0 (no driver attached)
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 4MB> on obio0
+# Timecounter "mips" frequency 600000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
+# Trying to mount root from ufs:/dev/da0s1a
+# WARNING: / was not properly dismounted
+#
+# grnoc-mon at QUAPAW-PS-LR-004903> show version
+# Hostname: QUAPAW-PS-LR-004903 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at QUAPAW-PS-LR-004903> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at QUAPAW-PS-LR-004903> show system uptime
+# System booted: 2015-09-23 11:40 CDT
+# Protocols started: 2015-09-23 11:44 CDT
+# Last configured: 2015-10-06 17:26 CDT by andrew
+#
+# grnoc-mon at QUAPAW-PS-LR-004903> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 down down
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ge-0/0/10 down down
+#ge-0/0/11 down down
+#ge-0/0/12 down down
+#ge-0/0/13 down down
+#ge-0/0/14 down down
+#ge-0/0/15 up up
+#ge-0/0/15.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.100 up up
+#vlan.200 up up
+#vlan.300 up up
+#vlan.400 up up
+#vlan.600 up up
+#vlan.601 up up
+#vlan.800 up up
+#vlan.900 up up
+#vlan.999 up down
+# grnoc-mon at QUAPAW-PS-LR-004903> show configuration
+## Last commit: 2015-10-06 17:26:15 CDT by andrew
+version 12.1X44-D35.5;
+system {
+ host-name QUAPAW-PS-LR-004903;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 156.110.34.2;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 156.110.34.2;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.100.0.0/24 {
+ address-range low 10.100.0.2 high 10.100.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.100.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ speed 100m;
+ link-mode full-duplex;
+ gigether-options {
+ no-auto-negotiation;
+ }
+ unit 0 {
+ family inet {
+ address 156.110.34.2/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "Trunk to Master-Core Switches (WideBand Networks)";
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TR-0100-HIGH-SCHOOL TR-0200-MIDDLE-SCHOOL TR-0300-ELEMENTARY TR-0400-ADMIN TR-0600-PUBLIC-WIFI TR-0601-STUDENT-WIFI TR-0800-SERVERS TR-0900-VIDEO ];
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 100 {
+ description "L3 INTERFACE - TR-0100-HIGH-SCHOOL - 10.1.0.1/23";
+ family inet {
+ address 10.1.0.1/23;
+ }
+ }
+ unit 200 {
+ description "L3 INTERFACE - TR-0200-MIDDLE-SCHOOL - 10.2.0.1/23";
+ family inet {
+ address 10.2.0.1/23;
+ }
+ }
+ unit 300 {
+ description "L3 INTERFACE - TR-0300-ELEMENTARY - 10.3.0.1/23";
+ family inet {
+ address 10.7.0.1/24;
+ }
+ }
+ unit 400 {
+ description "L3 INTERFACE - TR-0400-ADMIN - 10.4.0.1/23";
+ family inet {
+ address 10.4.0.1/23;
+ }
+ }
+ unit 600 {
+ description "L3 INTERFACE - TR-0600-PUBLIC-WIFI - 10.6.0.1/22";
+ family inet {
+ address 10.6.0.1/22;
+ }
+ }
+ unit 601 {
+ description "L3 INTERFACE - TR-0601-STUDENT-WIFI - 10.6.4.1/22";
+ family inet {
+ address 10.6.4.1/22;
+ }
+ }
+ unit 800 {
+ description "L3 INTERFACE - TR-0800-SERVERS - 10.8.0.1/24";
+ family inet {
+ address 10.8.0.1/24;
+ }
+ }
+ unit 900 {
+ description "L3 INTERFACE - TR-0900-VIDEO - 164.58.58.97/28";
+ family inet {
+ address 164.58.58.97/28;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.100.0.1/24";
+ family inet {
+ address 10.100.0.1/24;
+ }
+ }
+ }
+}
+forwarding-options {
+ helpers {
+ bootp {
+ server 10.8.0.2;
+ maximum-hop-count 4;
+ interface {
+ vlan.100;
+ vlan.200;
+ vlan.300;
+ vlan.400;
+ vlan.600;
+ vlan.601;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.34.1;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ rule-set ZONE-TO-UNTRUST-NAT {
+ from zone [ TR-0100-HIGH-SCHOOL TR-0200-MIDDLE-SCHOOL TR-0300-ELEMENTARY TR-0400-ADMIN TR-0600-PUBLIC-WIFI TR-0601-STUDENT-WIFI TR-0800-SERVERS TR-0900-VIDEO ];
+ to zone UNTRUST;
+ rule NAT-TRUST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0100-HIGH-SCHOOL to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0200-MIDDLE-SCHOOL to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0300-ELEMENTARY to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0400-ADMIN to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0600-PUBLIC-WIFI to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0601-STUDENT-WIFI to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0800-SERVERS to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0900-VIDEO to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone UNTRUST to-zone TR-0900-VIDEO {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0100-HIGH-SCHOOL to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0200-MIDDLE-SCHOOL to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0300-ELEMENTARY to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0400-ADMIN to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0100-HIGH-SCHOOL {
+ interfaces {
+ vlan.100 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ dhcp;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0200-MIDDLE-SCHOOL {
+ interfaces {
+ vlan.200 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ dhcp;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0300-ELEMENTARY {
+ interfaces {
+ vlan.300 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ dhcp;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0400-ADMIN {
+ interfaces {
+ vlan.400 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ dhcp;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0600-PUBLIC-WIFI {
+ interfaces {
+ vlan.600 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ dhcp;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0601-STUDENT-WIFI {
+ interfaces {
+ vlan.601 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ dhcp;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0800-SERVERS {
+ interfaces {
+ vlan.800 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0900-VIDEO {
+ interfaces {
+ vlan.900 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+ TR-0100-HIGH-SCHOOL {
+ description TR-0100-HIGH-SCHOOL;
+ vlan-id 100;
+ l3-interface vlan.100;
+ }
+ TR-0200-MIDDLE-SCHOOL {
+ description TR-0200-MIDDLE-SCHOOL;
+ vlan-id 200;
+ l3-interface vlan.200;
+ }
+ TR-0300-ELEMENTARY {
+ description TR-0300-ELEMENTARY;
+ vlan-id 300;
+ l3-interface vlan.300;
+ }
+ TR-0400-ADMIN {
+ description TR-0400-ADMIN;
+ vlan-id 400;
+ l3-interface vlan.400;
+ }
+ TR-0600-PUBLIC-WIFI {
+ description TR-0600-PUBLIC-WIFI;
+ vlan-id 600;
+ l3-interface vlan.600;
+ }
+ TR-0601-STUDENT-WIFI {
+ description TR-0601-STUDENT-WIFI;
+ vlan-id 601;
+ l3-interface vlan.601;
+ }
+ TR-0800-SERVERS {
+ description TR-0800-SERVERS;
+ vlan-id 800;
+ l3-interface vlan.800;
+ }
+ TR-0900-VIDEO {
+ description TR-0900-VIDEO;
+ vlan-id 900;
+ l3-interface vlan.900;
+ }
+}
+# grnoc-mon at QUAPAW-PS-LR-004903> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at QUAPAW-PS-LR-004903> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at QUAPAW-PS-LR-004903> show system snapshot media internal
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: May 14 16:47:55 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: Aug 25 09:33:20 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+#
Index: configs/dickson-ps.client.onenet.net
===================================================================
--- configs/dickson-ps.client.onenet.net (revision 135460)
+++ configs/dickson-ps.client.onenet.net (working copy)
@@ -0,0 +1,612 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at DICKSON-PS-LR-004926> show system commit
+# 2015-10-02 22:06:45 CDT by andrew via cli
+# 2015-08-31 14:49:00 CDT by sky via cli
+# 2015-08-25 12:23:12 CDT by joel via cli
+# 2015-08-25 12:07:09 CDT by joel via cli commit confirmed, rollback in 3mins
+# 2015-08-25 11:46:59 CDT by joel via cli
+# 2015-08-25 19:42:42 CDT by admin via cli
+# grnoc-mon at DICKSON-PS-LR-004926> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU OK
+# Fans SRX240 PowerSupply fan 1 OK
+# SRX240 PowerSupply fan 2 OK
+# SRX240 CPU fan 1 OK
+# SRX240 CPU fan 2 OK
+# SRX240 IO fan 1 OK
+# SRX240 IO fan 2 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at DICKSON-PS-LR-004926> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+#
+# grnoc-mon at DICKSON-PS-LR-004926> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at DICKSON-PS-LR-004926> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis BU2615AK0771 SRX240H2
+# Routing Engine REV 14 750-043609 ACMP4198 RE-SRX240H2
+# FPC 0 FPC
+# PIC 0 16x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at DICKSON-PS-LR-004926> show chassis hardware models
+# grnoc-mon at DICKSON-PS-LR-004926> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACMP4198
+#
+# grnoc-mon at DICKSON-PS-LR-004926> show chassis scb
+# grnoc-mon at DICKSON-PS-LR-004926> show chassis sfm detail
+# grnoc-mon at DICKSON-PS-LR-004926> show chassis ssb
+# grnoc-mon at DICKSON-PS-LR-004926> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 512kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# dwc1: <Synopsis DWC OTG Controller Driver> on obio0
+# usb1: <USB Bus for DWC OTG Controller> on dwc1
+# usb1: USB revision 2.0
+# uhub2: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub2: 1 port with 1 removable, self powered
+# cpld0 on obio0
+# pcib1: <Cavium on-chip PCIe HOST bridge> on obio0
+# Disabling Octeon big bar support
+# PCIe: Waiting for port 0 to finish reset
+# PCIe: Port 0 link active, 2 lanes
+# PCIe: Waiting for port 1 to finish reset
+# PCIe: Port 1 link active, 1 lanes
+# pcib1: Initialized controller
+# pci0: <PCI bus> on pcib1
+# pcib2: <PCI-PCI bridge> irq 0 at device 0.0 on pci0
+# pci1: <PCI bus> on pcib2
+# pci1: <serial bus, USB> at device 2.0 (no driver attached)
+# pci1: <serial bus, USB> at device 2.1 (no driver attached)
+# pci1: <network> at device 7.0 (no driver attached)
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
+# pci2: <PCI bus> on pcib0
+# pci2: <processor> at device 0.0 (no driver attached)
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 4MB> on obio0
+# Timecounter "mips" frequency 600000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
+# Trying to mount root from ufs:/dev/da0s1a
+#
+# grnoc-mon at DICKSON-PS-LR-004926> show version
+# Hostname: DICKSON-PS-LR-004926 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at DICKSON-PS-LR-004926> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at DICKSON-PS-LR-004926> show system uptime
+# System booted: 2015-08-25 10:45 CDT
+# Protocols started: 2015-08-25 10:48 CDT
+# Last configured: 2015-10-02 22:06 CDT by andrew
+#
+# grnoc-mon at DICKSON-PS-LR-004926> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 down down
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ge-0/0/10 down down
+#ge-0/0/11 down down
+#ge-0/0/12 down down
+#ge-0/0/13 down down
+#ge-0/0/14 down down
+#ge-0/0/15 up up
+#ge-0/0/15.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.999 up down
+# grnoc-mon at DICKSON-PS-LR-004926> show configuration
+## Last commit: 2015-10-02 22:06:45 CDT by andrew
+version 12.1X44-D35.5;
+system {
+ host-name DICKSON-PS-LR-004926;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 156.110.28.158;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 156.110.28.158;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "WAN Interface - 156.110.28.158/30";
+ unit 0 {
+ family inet {
+ address 156.110.28.158/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "LAN Interface - 156.110.38.153/29";
+ unit 0 {
+ family inet {
+ address 156.110.38.153/29;
+ address 156.110.27.13/30;
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.28.157;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone UNTRUST to-zone UNTRUST {
+ policy UNTRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ ge-0/0/15.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+}
+# grnoc-mon at DICKSON-PS-LR-004926> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at DICKSON-PS-LR-004926> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at DICKSON-PS-LR-004926> show system snapshot media internal
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: Jun 29 05:00:45 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: Aug 25 12:37:18 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+#
Index: configs/core5.okc.onenet.net
===================================================================
--- configs/core5.okc.onenet.net (revision 135441)
+++ configs/core5.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE5-MX480-RE0> show system commit
+# 2015-10-06 17:44:13 CDT by andrew via cli commit synchronize
# 2015-10-03 19:46:35 CDT by andrew via cli commit synchronize
# 2015-10-01 14:21:48 CDT by sky via cli commit synchronize
# 2015-09-30 14:04:24 CDT by sky via cli commit synchronize
# 2015-09-30 13:55:21 CDT by sky via cli commit synchronize
# 2015-09-30 13:32:15 CDT by sky via cli commit synchronize
-# 2015-09-30 13:23:59 CDT by sky via cli commit synchronize
# grnoc-mon at OKC-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -432,7 +432,7 @@
# grnoc-mon at OKC-CORE5-MX480-RE0> show system uptime
# System booted: 2014-09-16 23:50 CDT
# Protocols started: 2014-09-16 23:51 CDT
-# Last configured: 2015-10-03 19:46 CDT by andrew
+# Last configured: 2015-10-06 17:44 CDT by andrew
#
# {master}
# grnoc-mon at OKC-CORE5-MX480-RE0> show interface terse
@@ -780,7 +780,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE5-MX480-RE0> show configuration
-## Last commit: 2015-10-03 19:46:35 CDT by andrew
+## Last commit: 2015-10-06 17:44:13 CDT by andrew
version 12.3R7.7;
groups {
re0 {
@@ -2043,7 +2043,7 @@
}
}
unit 903 {
- description "BLACKWELL-PUBLIC-LIBRARY-50M-CIR0006234 ";
+ description BLACKWELL-PL-50M-CIR0006234-LR;
vlan-id 903;
family inet {
rpf-check;
Index: configs/fairfax-pl.client.onenet.net
===================================================================
--- configs/fairfax-pl.client.onenet.net (revision 135461)
+++ configs/fairfax-pl.client.onenet.net (working copy)
@@ -0,0 +1,927 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at FAIRFAX-LIB> show system commit
+# 2015-10-02 22:13:55 CDT by andrew via cli
+# 2015-10-01 11:24:22 CDT by joel via cli
+# 2015-10-01 11:15:07 CDT by joel via cli commit confirmed, rollback in 10mins
+# 2015-09-24 13:47:56 CDT by admin via cli
+# 2015-09-24 12:06:28 CDT by admin via cli
+# 2015-09-23 23:43:09 CDT by admin via cli
+# grnoc-mon at FAIRFAX-LIB> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU Absent
+# Fans SRX220 Chassis fan 0 OK
+# SRX220 Chassis fan 1 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at FAIRFAX-LIB> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+#
+# grnoc-mon at FAIRFAX-LIB> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at FAIRFAX-LIB> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis CF3115AK0091 SRX220H2
+# Routing Engine REV 05 750-048778 ACMT4284 RE-SRX220H2
+# FPC 0 FPC
+# PIC 0 8x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at FAIRFAX-LIB> show chassis hardware models
+# grnoc-mon at FAIRFAX-LIB> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACMT4284
+#
+# grnoc-mon at FAIRFAX-LIB> show chassis scb
+# grnoc-mon at FAIRFAX-LIB> show chassis sfm detail
+# grnoc-mon at FAIRFAX-LIB> show chassis ssb
+# grnoc-mon at FAIRFAX-LIB> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 128kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# cpld0 on obio0
+# pcib0: <Cavium on-chip PCI bridge> on obio0
+# Disabling Octeon big bar support
+# PCI Status: PCI 32-bit: 0xc041b
+# pcib0: Initialized controller
+# pci0: <PCI bus> on pcib0
+# pci0: <simple comms> at device 1.0 (no driver attached)
+# atapci0: <SiI 0680 UDMA133 controller> port 0x8-0xb,0x10-0x17,0x18-0x1b,0x20-0x2f mem 0x8020000-0x80200ff irq 0 at device 2.0 on pci0
+# ata2: <ATA channel 0> on atapci0
+# ata3: <ATA channel 1> on atapci0
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 8MB> on obio0
+# Timecounter "mips" frequency 700000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# ad0: FAILURE - SETFEATURES ENABLE APM status=51<READY,DSC,ERROR> error=4<ABORTED>
+# ad0: Changing APM level failed
+# ad0: 1919MB <ATP COMPACT FLASH 20140121> at ata2-master WDMA2
+# Trying to mount root from ufs:/dev/ad0s1a
+# WARNING: / was not properly dismounted
+#
+# grnoc-mon at FAIRFAX-LIB> show version
+# Hostname: FAIRFAX-LIB # Model: srx220h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at FAIRFAX-LIB> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at FAIRFAX-LIB> show system uptime
+# System booted: 2015-09-23 14:19 CDT
+# Protocols started: 2015-09-23 14:21 CDT
+# Last configured: 2015-10-02 22:13 CDT by andrew
+#
+# grnoc-mon at FAIRFAX-LIB> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 up up
+#ge-0/0/6.0 up up
+#ge-0/0/7 up up
+#ge-0/0/7.0 up up
+#ae0 up up
+#ae0.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.99 up up
+#vlan.700 up up
+#vlan.701 up up
+#vlan.702 up up
+#vlan.999 up down
+# grnoc-mon at FAIRFAX-LIB> show configuration
+## Last commit: 2015-10-02 22:13:55 CDT by andrew
+version 12.1X44-D35.5;
+system {
+ host-name FAIRFAX-LIB;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 156.110.24.38;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 156.110.24.38;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.16 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ pool 10.70.0.0/24 {
+ address-range low 10.70.0.16 high 10.70.0.254;
+ domain-name onenet.net;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.70.0.1;
+ }
+ }
+ pool 10.70.1.0/24 {
+ address-range low 10.70.1.16 high 10.70.1.254;
+ domain-name onenet.net;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.70.1.1;
+ }
+ }
+ pool 10.70.2.0/24 {
+ address-range low 10.70.2.16 high 10.70.2.254;
+ domain-name onenet.net;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.70.2.1;
+ }
+ }
+ static-binding a0:d3:c1:85:20:93 {
+ fixed-address {
+ 10.70.0.23;
+ }
+ host-name Brother-MFC-J6710DW-Printer;
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ aggregated-devices {
+ ethernet {
+ device-count 1;
+ }
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface - 156.110.24.38/30";
+ unit 0 {
+ family inet {
+ address 156.110.24.38/30;
+ address 156.110.38.81/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ description "1GE to EX-2220-0 ge-0/1/0 - ae0";
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ ge-0/0/7 {
+ description "1GE to EX-2200-0 ge-0/1/1 - ae0";
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ ae0 {
+ description "2GE to EX-2200-0 ae0";
+ aggregated-ether-options {
+ lacp {
+ active;
+ periodic fast;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TR-0099-MANAGEMENT TR-0700-STAFF TR-0701-PUB-COMPUTER UN-0702-PUB-WIRELESS ];
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ address 127.0.0.1/32;
+ }
+ }
+ }
+ vlan {
+ unit 99 {
+ description "L3 INTERFACE -TR-0099-MANAGEMENT - 10.0.0.1/24";
+ family inet {
+ address 10.0.0.1/24;
+ }
+ }
+ unit 700 {
+ description "L3 INTERFACE - TR-0700-STAFF - 10.70.0.1/24";
+ family inet {
+ address 10.70.0.1/24;
+ }
+ }
+ unit 701 {
+ description "L3 INTERFACE - TR-0701-PUB-COMPUTER - 10.70.1.1/24";
+ family inet {
+ address 10.70.1.1/24;
+ }
+ }
+ unit 702 {
+ description "L3 INTERFACE - UN-0702-PUB-WIRELESS - 10.70.2.1/24";
+ family inet {
+ address 10.70.2.1/24;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description FAIRFAX-LIB-CLIENT-OWNED-SRX220;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.24.37;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ address-book {
+ global {
+ address TR-0099-MANAGEMENT-10.0.0.0/24 {
+ wildcard-address 10.0.0.0/255.255.255.0;
+ }
+ address TEST-VLAN-10.1.0.0/24 {
+ wildcard-address 10.1.0.0/255.255.255.0;
+ }
+ address ARUBA-INSTANT-AP-10.70.0.2/24 {
+ wildcard-address 10.70.0.2/255.255.255.0;
+ }
+ address TR-0700-STAFF-10.70.0.0/24 {
+ wildcard-address 10.70.0.0/255.255.255.0;
+ }
+ address TR-0701-PUB-COMPUTER-10.70.1.0/24 {
+ wildcard-address 10.70.1.0/255.255.255.0;
+ }
+ address UN-0702-PUB-WIRELESS-10.70.2.0/24 {
+ wildcard-address 10.70.2.0/255.255.255.0;
+ }
+ address HOST-SRX-10.0.0.1/32 {
+ wildcard-address 10.0.0.1/255.255.255.255;
+ }
+ address HOST-EX2200-10.0.0.10/32 {
+ wildcard-address 10.0.0.10/255.255.255.255;
+ }
+ address HOST-BROTHER-MFC-6710DW-10.70.0.23/32 {
+ wildcard-address 10.70.0.23/255.255.255.255;
+ }
+ address NAT-156.110.38.81/32 {
+ wildcard-address 156.110.38.81/32;
+ }
+ address ONENET-164.58.69.122/32 {
+ wildcard-address 164.58.69.122/32;
+ }
+ }
+ }
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TR-0099-to-UNTRUST {
+ from zone TR-0099-MANAGEMENT;
+ to zone UNTRUST;
+ rule NAT-TR-0099 {
+ match {
+ source-address 10.0.0.0/24;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ rule-set TR-0700-TO-UNTRUST-NAT {
+ from zone TR-0700-STAFF;
+ to zone UNTRUST;
+ rule NAT-TR-0700-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ rule-set TR-0701-TO-UNTRUST-NAT {
+ from zone TR-0701-PUB-COMPUTER;
+ to zone UNTRUST;
+ rule NAT-TR-0701-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ rule-set UN-0702-TO-UNTRUST-NAT {
+ from zone UN-0702-PUB-WIRELESS;
+ to zone UNTRUST;
+ rule NAT-UN-0702-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ static {
+ rule-set STATIC-NAT-ARUBA {
+ from zone UNTRUST;
+ rule NAT-UNTRUST-TO-ARUBA {
+ match {
+ destination-address 156.110.38.81/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.70.0.2/32;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TR-0700-STAFF to-zone TR-0700-STAFF {
+ policy TR-0700-TO-TR-0700 {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0700-STAFF to-zone TR-0701-PUB-COMPUTER {
+ policy TR-0700-TO-TR-0701 {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0701-PUB-COMPUTER to-zone TR-0701-PUB-COMPUTER {
+ policy TR-0701-TO-TR-0701 {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0099-MANAGEMENT to-zone UNTRUST {
+ policy TR-0099-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0700-STAFF to-zone UNTRUST {
+ policy TR-0700-STAFF-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0701-PUB-COMPUTER to-zone UNTRUST {
+ policy TR-0701-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone UN-0702-PUB-WIRELESS to-zone UNTRUST {
+ policy UN-0702-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone UNTRUST to-zone TR-0700-STAFF {
+ policy STATIC-NAT-ARUBA {
+ match {
+ source-address ONENET-164.58.69.122/32;
+ destination-address NAT-156.110.38.81/32;
+ application ARUBA-HTTPS;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TR-0099-MANAGEMENT {
+ interfaces {
+ vlan.99 {
+ host-inbound-traffic {
+ system-services {
+ dns;
+ ping;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0700-STAFF {
+ interfaces {
+ vlan.700 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0701-PUB-COMPUTER {
+ interfaces {
+ vlan.701 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UN-0702-PUB-WIRELESS {
+ interfaces {
+ vlan.702 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+applications {
+ application ARUBA-HTTPS {
+ term tcp-443 protocol tcp destination-port 443;
+ term tcp-4343 protocol tcp destination-port 4343;
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+ TR-0099-MANAGEMENT {
+ description "Management VLAN";
+ vlan-id 99;
+ l3-interface vlan.99;
+ }
+ TR-0700-STAFF {
+ description "Fairfax Staff";
+ vlan-id 700;
+ l3-interface vlan.700;
+ }
+ TR-0701-PUB-COMPUTER {
+ description "Fairfax Public Computers";
+ vlan-id 701;
+ l3-interface vlan.701;
+ }
+ UN-0702-PUB-WIRELESS {
+ description "Fairfax Public Wireless";
+ vlan-id 702;
+ l3-interface vlan.702;
+ }
+}
+# grnoc-mon at FAIRFAX-LIB> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at FAIRFAX-LIB> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at FAIRFAX-LIB> show system snapshot media internal
+# Information for snapshot on internal (/dev/ad0s1a) (primary)
+# Creation date: Aug 3 12:13:37 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+# Information for snapshot on internal (/dev/ad0s2a) (backup)
+# Creation date: Sep 23 17:37:42 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+#
Index: configs/monroe-ps.client.onenet.net
===================================================================
--- configs/monroe-ps.client.onenet.net (revision 135282)
+++ configs/monroe-ps.client.onenet.net (working copy)
@@ -0,0 +1,629 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at MONROE-PS-LR-004640> show system commit
+# 2015-10-06 17:36:57 CDT by andrew via cli
+# 2015-10-02 22:11:19 CDT by andrew via cli
+# 2015-07-20 16:03:05 CDT by joel via cli
+# 2015-04-07 12:14:25 CDT by admin via cli commit confirmed, rollback in 2mins
+# 2015-04-07 12:12:12 CDT by root via other
+# 2015-04-07 12:10:34 CDT by admin via cli commit confirmed, rollback in 1mins
+# grnoc-mon at MONROE-PS-LR-004640> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU Absent
+# Fans SRX220 Chassis fan 0 OK
+# SRX220 Chassis fan 1 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at MONROE-PS-LR-004640> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X46-D20.5 by builder on 2014-05
+# FWDD O/S Version 12.1X46-D20.5 by builder on 2014-05
+#
+# grnoc-mon at MONROE-PS-LR-004640> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at MONROE-PS-LR-004640> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis CF0814AK0356 SRX220H2
+# Routing Engine REV 04 750-048778 ACLB4346 RE-SRX220H2
+# FPC 0 FPC
+# PIC 0 8x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at MONROE-PS-LR-004640> show chassis hardware models
+# grnoc-mon at MONROE-PS-LR-004640> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACLB4346
+#
+# grnoc-mon at MONROE-PS-LR-004640> show chassis scb
+# grnoc-mon at MONROE-PS-LR-004640> show chassis sfm detail
+# grnoc-mon at MONROE-PS-LR-004640> show chassis ssb
+# grnoc-mon at MONROE-PS-LR-004640> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 128kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# cpld0 on obio0
+# pcib0: <Cavium on-chip PCI bridge> on obio0
+# Disabling Octeon big bar support
+# PCI Status: PCI 32-bit: 0xc041b
+# pcib0: Initialized controller
+# pci0: <PCI bus> on pcib0
+# pci0: <simple comms> at device 1.0 (no driver attached)
+# atapci0: <SiI 0680 UDMA133 controller> port 0x8-0xb,0x10-0x17,0x18-0x1b,0x20-0x2f mem 0x8020000-0x80200ff irq 0 at device 2.0 on pci0
+# ata2: <ATA channel 0> on atapci0
+# ata3: <ATA channel 1> on atapci0
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 8MB> on obio0
+# Timecounter "mips" frequency 700000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# ad0: Device does not support APM
+# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
+# Trying to mount root from ufs:/dev/ad0s2a
+# WARNING: / was not properly dismounted
+# WARNING: / was not properly dismounted
+#
+# grnoc-mon at MONROE-PS-LR-004640> show version
+# Hostname: MONROE-PS-LR-004640 # Model: srx220h2 # JUNOS Software Release [12.1X46-D20.5] # # grnoc-mon at MONROE-PS-LR-004640> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 14 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at MONROE-PS-LR-004640> show system uptime
+# System booted: 2015-10-06 08:34 CDT
+# Protocols started: 2015-10-06 08:37 CDT
+# Last configured: 2015-10-06 17:36 CDT by andrew
+#
+# grnoc-mon at MONROE-PS-LR-004640> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 up up
+#ge-0/0/7.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.3 up up
+#vlan.4 up up
+#vlan.999 up down
+# grnoc-mon at MONROE-PS-LR-004640> show configuration
+## Last commit: 2015-10-06 17:36:57 CDT by andrew
+version 12.1X46-D20.5;
+system {
+ host-name MONROE-PS-LR-004640;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 156.110.227.106;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 156.110.227.106;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ gigether-options {
+ auto-negotiation;
+ }
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "TRUST LAN Interface";
+ gigether-options {
+ auto-negotiation;
+ }
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - UNTRUST-VLAN - 156.110.227.106/29";
+ family inet {
+ address 156.110.227.106/29;
+ }
+ }
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
+ family inet {
+ address 172.16.1.1/16;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.227.105;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TRUST-TO-UNTRUST-NAT {
+ from zone TRUST;
+ to zone UNTRUST;
+ rule NAT-TRUST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TRUST {
+ host-inbound-traffic {
+ system-services {
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ interfaces {
+ vlan.4 {
+ host-inbound-traffic {
+ system-services {
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ host-inbound-traffic {
+ system-services {
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 4;
+ l3-interface vlan.4;
+ }
+ UNTRUST-VLAN {
+ description UNTRUST-VLAN;
+ vlan-id 3;
+ l3-interface vlan.3;
+ }
+}
+# grnoc-mon at MONROE-PS-LR-004640> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at MONROE-PS-LR-004640> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at MONROE-PS-LR-004640> show system snapshot media internal
+# Information for snapshot on internal (/dev/ad0s1a) (backup)
+# Creation date: Oct 6 17:38:51 2015
+# JUNOS version on snapshot:
+# junos : 12.1X46-D20.5-domestic
+# Information for snapshot on internal (/dev/ad0s2a) (primary)
+# Creation date: Oct 6 08:34:39 2015
+# JUNOS version on snapshot:
+# junos : 12.1X46-D20.5-domestic
+#
Index: configs/core1.lan-mx80.onenet.net
===================================================================
--- configs/core1.lan-mx80.onenet.net (revision 135452)
+++ configs/core1.lan-mx80.onenet.net (working copy)
@@ -196,7 +196,7 @@
# -rw-rw---- 1 root field 52711424 Jun 10 15:37 ifinfo.core.1
# -rw-rw---- 1 root field 52711424 Jun 10 15:40 ifinfo.core.2
# -rw-rw---- 1 root field 52711424 Jun 10 15:47 ifinfo.core.3
-# -rw-rw---- 1 root field 52711424 Oct 6 16:55 ifinfo.core.4
+# -rw-rw---- 1 root field 52711424 Oct 6 17:55 ifinfo.core.4
# drwxrwxrwx 2 root wheel 512 Aug 13 2012 install/
# -rw-r--r-- 1 eng field 99542994 May 30 2013 jinstall-ppc-11.4R7.5-domestic-signed.tgz
# -rw-r--r-- 1 upgrades field 150276951 Aug 8 2014 jinstall-ppc-12.3R7.7-domestic-signed.tgz
Index: configs/alex-ps.client.onenet.net
===================================================================
--- configs/alex-ps.client.onenet.net (revision 135455)
+++ configs/alex-ps.client.onenet.net (working copy)
@@ -0,0 +1,640 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at ALES-PS-LR-004908> show system commit
+# 2015-10-06 17:33:27 CDT by andrew via cli
+# 2015-08-20 23:01:50 CDT by root via cli
+# 2015-08-20 22:55:36 CDT by root via cli
+# 2015-08-12 23:17:44 CDT by root via cli
+# 2015-08-12 22:46:59 CDT by root via cli
+# 2015-08-12 22:20:01 CDT by root via cli
+# grnoc-mon at ALES-PS-LR-004908> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU OK
+# Fans SRX240 PowerSupply fan 1 OK
+# SRX240 PowerSupply fan 2 OK
+# SRX240 CPU fan 1 OK
+# SRX240 CPU fan 2 OK
+# SRX240 IO fan 1 OK
+# SRX240 IO fan 2 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at ALES-PS-LR-004908> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+#
+# grnoc-mon at ALES-PS-LR-004908> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at ALES-PS-LR-004908> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis BU2115AK0272 SRX240H2
+# Routing Engine REV 14 750-043609 ACMK4904 RE-SRX240H2
+# FPC 0 FPC
+# PIC 0 16x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at ALES-PS-LR-004908> show chassis hardware models
+# grnoc-mon at ALES-PS-LR-004908> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACMK4904
+#
+# grnoc-mon at ALES-PS-LR-004908> show chassis scb
+# grnoc-mon at ALES-PS-LR-004908> show chassis sfm detail
+# grnoc-mon at ALES-PS-LR-004908> show chassis ssb
+# grnoc-mon at ALES-PS-LR-004908> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 512kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# dwc1: <Synopsis DWC OTG Controller Driver> on obio0
+# usb1: <USB Bus for DWC OTG Controller> on dwc1
+# usb1: USB revision 2.0
+# uhub2: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub2: 1 port with 1 removable, self powered
+# cpld0 on obio0
+# pcib1: <Cavium on-chip PCIe HOST bridge> on obio0
+# Disabling Octeon big bar support
+# PCIe: Waiting for port 0 to finish reset
+# PCIe: Port 0 link active, 2 lanes
+# PCIe: Waiting for port 1 to finish reset
+# PCIe: Port 1 link active, 1 lanes
+# pcib1: Initialized controller
+# pci0: <PCI bus> on pcib1
+# pcib2: <PCI-PCI bridge> irq 0 at device 0.0 on pci0
+# pci1: <PCI bus> on pcib2
+# pci1: <serial bus, USB> at device 2.0 (no driver attached)
+# pci1: <serial bus, USB> at device 2.1 (no driver attached)
+# pci1: <network> at device 7.0 (no driver attached)
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
+# pci2: <PCI bus> on pcib0
+# pci2: <processor> at device 0.0 (no driver attached)
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 4MB> on obio0
+# Timecounter "mips" frequency 600000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
+# Trying to mount root from ufs:/dev/da0s1a
+#
+# grnoc-mon at ALES-PS-LR-004908> show version
+# Hostname: ALES-PS-LR-004908 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at ALES-PS-LR-004908> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at ALES-PS-LR-004908> show system uptime
+# System booted: 2015-08-21 11:04 CDT
+# Protocols started: 2015-08-21 11:07 CDT
+# Last configured: 2015-10-06 17:33 CDT by andrew
+#
+# grnoc-mon at ALES-PS-LR-004908> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 down down
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ge-0/0/10 down down
+#ge-0/0/11 down down
+#ge-0/0/12 down down
+#ge-0/0/13 down down
+#ge-0/0/14 down down
+#ge-0/0/15 up up
+#ge-0/0/15.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.3 up up
+#vlan.4 up up
+#vlan.999 up down
+# grnoc-mon at ALES-PS-LR-004908> show configuration
+## Last commit: 2015-10-06 17:33:27 CDT by andrew
+version 12.1X44-D35.5;
+system {
+ host-name ALES-PS-LR-004908;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 164.58.58.82;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 164.58.58.82;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-WAN-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "UNTRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-LAN-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - UNTRUST-WAN-VLAN - 164.58.58.82/30";
+ family inet {
+ address 164.58.58.82/30;
+ }
+ }
+ unit 4 {
+ description "L3 INTERFACE - UNTRUST-LAN-VLAN - 156.110.42.113/28";
+ family inet {
+ address 156.110.42.113/28;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.58.81;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy UNTRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.4 {
+ host-inbound-traffic {
+ system-services {
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+ UNTRUST-LAN-VLAN {
+ description UNTRUST-LAN-VLAN;
+ vlan-id 4;
+ l3-interface vlan.4;
+ }
+ UNTRUST-WAN-VLAN {
+ description UNTRUST-WAN-VLAN;
+ vlan-id 3;
+ l3-interface vlan.3;
+ }
+}
+# grnoc-mon at ALES-PS-LR-004908> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at ALES-PS-LR-004908> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at ALES-PS-LR-004908> show system snapshot media internal
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: May 22 03:27:59 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: Aug 20 23:04:52 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+#
Index: configs/atoka-ps-srx240.client.onenet.net
===================================================================
--- configs/atoka-ps-srx240.client.onenet.net (revision 135450)
+++ configs/atoka-ps-srx240.client.onenet.net (working copy)
@@ -7,6 +7,7 @@
# 2015-09-30 21:52:37 CDT by root via cli
# 2015-09-29 00:39:55 CDT by root via other
# 2015-07-10 23:30:53 CDT by root via other
+# rescue 2015-10-06 17:04:12 CDT by root via recovery-mgmt
#
# grnoc-mon at ATOKA-PS-SRX240-LR-4942> show chassis environment
# Class Item Status Measurement
@@ -655,7 +656,7 @@
# JUNOS version on snapshot:
# junos : 12.1X44-D35.5-domestic
# Information for snapshot on internal (/dev/da0s2a) (backup)
-# Creation date: Jul 10 23:26:59 2015
+# Creation date: Oct 6 17:06:18 2015
# JUNOS version on snapshot:
# junos : 12.1X44-D35.5-domestic
#
Index: configs/core.pot.onenet.net
===================================================================
--- configs/core.pot.onenet.net (revision 135441)
+++ configs/core.pot.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at POTEAU-MX480-RE0> show system commit
+# 2015-10-06 17:06:22 CDT by andrew via cli commit synchronize
# 2015-10-06 12:52:20 CDT by sean via cli commit synchronize
# 2015-09-02 13:16:29 CDT by joel via cli commit synchronize
# 2015-08-13 10:46:59 CDT by joel via cli commit synchronize
# 2015-08-10 15:57:04 CDT by joel via cli commit synchronize
# 2015-08-10 14:19:02 CDT by joel via cli commit synchronize
-# 2015-08-10 13:21:34 CDT by joel via cli commit confirmed, rollback in 3mins synchronize
# grnoc-mon at POTEAU-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -256,7 +256,7 @@
# grnoc-mon at POTEAU-MX480-RE0> show system uptime
# System booted: 2015-06-07 23:41 CDT
# Protocols started: 2015-06-07 23:44 CDT
-# Last configured: 2015-10-06 12:52 CDT by sean
+# Last configured: 2015-10-06 17:06 CDT by andrew
#
# {master}
# grnoc-mon at POTEAU-MX480-RE0> show interface terse
@@ -405,7 +405,7 @@
#pp0 up up
#tap up up
# grnoc-mon at POTEAU-MX480-RE0> show configuration
-## Last commit: 2015-10-06 12:52:20 CDT by sean
+## Last commit: 2015-10-06 17:06:22 CDT by andrew
version 13.3R6.5;
groups {
re0 {
@@ -712,7 +712,7 @@
}
}
unit 400 {
- description Monroe-Public-Schools-100M-CIR0018873-LR;
+ description MONROE-PS-100M-CIR0018873-LR;
vlan-id 400;
family inet {
policer {
Index: configs/mid-america-tech-ctr.client.onenet.net
===================================================================
--- configs/mid-america-tech-ctr.client.onenet.net (revision 135452)
+++ configs/mid-america-tech-ctr.client.onenet.net (working copy)
@@ -4,7 +4,6 @@
# 2015-08-19 14:01:33 CDT by joel via cli
# 2015-08-19 13:53:15 CDT by joel via cli commit confirmed, rollback in 3mins
# 2015-08-14 09:02:12 CDT by andrew via cli
-# show chassis environment
# 2015-08-04 13:54:00 CDT by joel via cli commit confirmed, rollback in 2mins
# 2015-07-31 20:28:20 CDT by admin via cli
# 2015-07-30 00:49:10 CDT by root via other
Index: configs/core.ard.onenet.net
===================================================================
--- configs/core.ard.onenet.net (revision 135450)
+++ configs/core.ard.onenet.net (working copy)
@@ -360,7 +360,7 @@
#lsi.1078866 up up
#lsi.1078867 up up
#lsi.1078868 up up
-#lsi.1078869 up up
+#lsi.1078870 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/hub.tsb.onenet.net
===================================================================
--- configs/hub.tsb.onenet.net (revision 135452)
+++ configs/hub.tsb.onenet.net (working copy)
@@ -200,7 +200,7 @@
# -rw-rw---- 1 root field 51994624 Oct 24 2013 ifinfo.core.1
# -rw-rw---- 1 root field 51974144 Oct 24 2013 ifinfo.core.2
# -rw-rw---- 1 root field 52744192 Oct 24 2013 ifinfo.core.3
-# -rw-rw---- 1 root field 52727808 Oct 6 17:00 ifinfo.core.4
+# -rw-rw---- 1 root field 52727808 Oct 6 18:00 ifinfo.core.4
# drwxrwxrwx 2 root wheel 512 Oct 12 2012 install/
# -rw-rw---- 1 root field 33464320 Mar 3 2014 jdiameterd.core.0
# -rw-r--r-- 1 eng field 99542994 Apr 23 2013 jinstall-ppc-11.4R7.5-domestic-signed.tgz
Index: configs/leflore-ps.client.onenet.net
===================================================================
--- configs/leflore-ps.client.onenet.net (revision 135453)
+++ configs/leflore-ps.client.onenet.net (working copy)
@@ -0,0 +1,630 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show system commit
+# 2015-10-06 17:01:07 CDT by admin via cli
+# 2015-10-06 16:49:02 CDT by onenet via cli commit confirmed, rollback in 3mins
+# 2014-10-08 17:46:31 CDT by root via cli
+# 2014-10-08 17:31:08 CDT by root via cli
+# 2014-10-08 17:27:45 CDT by root via cli
+# 2014-10-08 17:26:47 CDT by root via cli
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU Absent
+# Fans SRX220 Chassis fan 0 OK
+# SRX220 Chassis fan 1 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X44-D15.5 by builder on 2013-06
+# FWDD O/S Version 12.1X44-D15.5 by builder on 2013-06
+#
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis CF4013AK0494 SRX220H2
+# Routing Engine REV 04 750-048778 ACKJ5147 RE-SRX220H2
+# FPC 0 FPC
+# PIC 0 8x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show chassis hardware models
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACKJ5147
+#
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show chassis scb
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show chassis sfm detail
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show chassis ssb
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2013, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 128kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# cpld0 on obio0
+# pcib0: <Cavium on-chip PCI bridge> on obio0
+# Disabling Octeon big bar support
+# PCI Status: PCI 32-bit: 0xc041b
+# pcib0: Initialized controller
+# pci0: <PCI bus> on pcib0
+# pci0: <simple comms> at device 1.0 (no driver attached)
+# atapci0: <SiI 0680 UDMA133 controller> port 0x8-0xb,0x10-0x17,0x18-0x1b,0x20-0x2f mem 0x8020000-0x80200ff irq 0 at device 2.0 on pci0
+# ata2: <ATA channel 0> on atapci0
+# ata3: <ATA channel 1> on atapci0
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 8MB> on obio0
+# Timecounter "mips" frequency 700000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# ad0: Device does not support APM
+# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
+# Trying to mount root from ufs:/dev/ad0s1a
+# WARNING: / was not properly dismounted
+#
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show version
+# Hostname: LEFLORE-PS-LR-00XXXX # Model: srx220h2 # JUNOS Software Release [12.1X44-D15.5] # # grnoc-mon at LEFLORE-PS-LR-00XXXX> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 Jun 6 2013 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show system uptime
+# System booted: 2015-10-06 08:10 CDT
+# Protocols started: 2015-10-06 08:12 CDT
+# Last configured: 2015-10-06 17:01 CDT by admin
+#
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up up
+#ge-0/0/1.0 up up
+#ge-0/0/2 up down
+#ge-0/0/2.0 up down
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
+#ge-0/0/4 up down
+#ge-0/0/4.0 up down
+#ge-0/0/5 up down
+#ge-0/0/5.0 up down
+#ge-0/0/6 up down
+#ge-0/0/6.0 up down
+#ge-0/0/7 up down
+#ge-0/0/7.0 up down
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.3 up up
+#vlan.999 up down
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show configuration
+## Last commit: 2015-10-06 17:01:07 CDT by admin
+version 12.1X44.5;
+system {
+ host-name LEFLORE-PS-LR-00XXXX;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 164.58.16.246;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 164.58.16.246;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "L3 INTERFACE - UNTRUST-WAN - 164.58.16.246/30";
+ unit 0 {
+ family inet {
+ address 164.58.16.246/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/3 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/4 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/5 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/6 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/7 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - TRUST-VLAN - 10.83.0.1/20";
+ family inet {
+ address 10.83.0.1/20;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.16.245;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TRUST-TO-UNTRUST-NAT {
+ from zone TRUST;
+ to zone UNTRUST;
+ rule NAT-TRUST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TRUST {
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 3;
+ l3-interface vlan.3;
+ }
+}
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at LEFLORE-PS-LR-00XXXX> show system snapshot media internal
+# Information for snapshot on internal (/dev/ad0s1a) (primary)
+# Creation date: Oct 2 08:34:20 2013
+# JUNOS version on snapshot:
+# junos : 12.1X44-D15.5-domestic
+# Information for snapshot on internal (/dev/ad0s2a) (backup)
+# Creation date: Oct 6 17:05:09 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D15.5-domestic
+#
Index: configs/haywood-ps.client.onenet.net
===================================================================
--- configs/haywood-ps.client.onenet.net (revision 135462)
+++ configs/haywood-ps.client.onenet.net (working copy)
@@ -0,0 +1,614 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show system commit
+# 2015-10-06 17:27:26 CDT by andrew via cli
+# 2015-08-28 20:39:01 CDT by root via cli
+# 2015-08-28 20:15:10 CDT by root via other
+# 2015-05-14 19:33:05 CDT by root via other
+# 2015-05-14 17:55:17 CDT by root via other
+# rescue 2015-10-06 17:30:42 CDT by andrew via cli
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU OK
+# Fans SRX240 PowerSupply fan 1 OK
+# SRX240 PowerSupply fan 2 OK
+# SRX240 CPU fan 1 OK
+# SRX240 CPU fan 2 OK
+# SRX240 IO fan 1 OK
+# SRX240 IO fan 2 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis BU1214AK0542 SRX240H2
+# Routing Engine REV 10 750-043609 ACLC7860 RE-SRX240H2
+# FPC 0 FPC
+# PIC 0 16x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show chassis hardware models
+# grnoc-mon at HAYWOOD-PS-LR-004888> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACLC7860
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show chassis scb
+# grnoc-mon at HAYWOOD-PS-LR-004888> show chassis sfm detail
+# grnoc-mon at HAYWOOD-PS-LR-004888> show chassis ssb
+# grnoc-mon at HAYWOOD-PS-LR-004888> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 512kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# dwc1: <Synopsis DWC OTG Controller Driver> on obio0
+# usb1: <USB Bus for DWC OTG Controller> on dwc1
+# usb1: USB revision 2.0
+# uhub2: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub2: 1 port with 1 removable, self powered
+# cpld0 on obio0
+# pcib1: <Cavium on-chip PCIe HOST bridge> on obio0
+# Disabling Octeon big bar support
+# PCIe: Waiting for port 0 to finish reset
+# PCIe: Port 0 link active, 2 lanes
+# PCIe: Waiting for port 1 to finish reset
+# PCIe: Port 1 link active, 1 lanes
+# pcib1: Initialized controller
+# pci0: <PCI bus> on pcib1
+# pcib2: <PCI-PCI bridge> irq 0 at device 0.0 on pci0
+# pci1: <PCI bus> on pcib2
+# pci1: <serial bus, USB> at device 2.0 (no driver attached)
+# pci1: <serial bus, USB> at device 2.1 (no driver attached)
+# pci1: <network> at device 7.0 (no driver attached)
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
+# pci2: <PCI bus> on pcib0
+# pci2: <processor> at device 0.0 (no driver attached)
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 4MB> on obio0
+# Timecounter "mips" frequency 600000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
+# Trying to mount root from ufs:/dev/da0s1a
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show version
+# Hostname: HAYWOOD-PS-LR-004888 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at HAYWOOD-PS-LR-004888> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show system uptime
+# System booted: 2015-09-02 11:17 CDT
+# Protocols started: 2015-09-02 11:19 CDT
+# Last configured: 2015-10-06 17:27 CDT by andrew
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 down down
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ge-0/0/10 down down
+#ge-0/0/11 down down
+#ge-0/0/12 down down
+#ge-0/0/13 down down
+#ge-0/0/14 down down
+#ge-0/0/15 up up
+#ge-0/0/15.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.999 up down
+# grnoc-mon at HAYWOOD-PS-LR-004888> show configuration
+## Last commit: 2015-10-06 17:27:26 CDT by andrew
+version 12.1X44-D35.5;
+system {
+ host-name HAYWOOD-PS-LR-004888;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 164.58.8.162;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 164.58.8.162;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface - 164.58.8.162/30";
+ unit 0 {
+ family inet {
+ address 164.58.8.162/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "UNTRUST LAN Interface - 164.58.215.37/30";
+ unit 0 {
+ family inet {
+ address 164.58.215.37/30;
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.8.161;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy UNTRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ ge-0/0/15.0 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ l3-interface vlan.999;
+ }
+}
+# grnoc-mon at HAYWOOD-PS-LR-004888> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at HAYWOOD-PS-LR-004888> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at HAYWOOD-PS-LR-004888> show system snapshot media internal
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: May 14 17:49:39 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: Aug 28 20:42:48 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+#
Index: configs/rpswi2.rp1f3.onenet.net
===================================================================
--- configs/rpswi2.rp1f3.onenet.net (revision 135452)
+++ configs/rpswi2.rp1f3.onenet.net (working copy)
@@ -436,8 +436,8 @@
#ge-0/0/15.0 up down
#ge-0/0/16 up up
#ge-0/0/16.0 up up
-#ge-0/0/17 up down
-#ge-0/0/17.0 up down
+#ge-0/0/17 up up
+#ge-0/0/17.0 up up
#ge-0/0/18 up down
#ge-0/0/18.0 up down
#ge-0/0/19 up up
@@ -486,8 +486,8 @@
#ge-0/0/40.0 up up
#ge-0/0/41 up up
#ge-0/0/41.0 up up
-#ge-0/0/42 up up
-#ge-0/0/42.0 up up
+#ge-0/0/42 up down
+#ge-0/0/42.0 up down
#ge-0/0/43 up up
#ge-0/0/43.0 up up
#ge-0/0/44 up up
@@ -552,8 +552,8 @@
#ge-1/0/24.0 up down
#ge-1/0/25 up down
#ge-1/0/25.0 up down
-#ge-1/0/26 up up
-#ge-1/0/26.0 up up
+#ge-1/0/26 up down
+#ge-1/0/26.0 up down
#ge-1/0/27 up down
#ge-1/0/27.0 up down
#ge-1/0/28 up up
@@ -642,8 +642,8 @@
#ge-2/0/21.0 up up
#ge-2/0/22 up up
#ge-2/0/22.0 up up
-#ge-2/0/23 up up
-#ge-2/0/23.0 up up
+#ge-2/0/23 up down
+#ge-2/0/23.0 up down
#ge-2/0/24 up up
#ge-2/0/24.0 up up
#ge-2/0/25 up up
Index: configs/union-city-ps.client.onenet.net
===================================================================
--- configs/union-city-ps.client.onenet.net (revision 135464)
+++ configs/union-city-ps.client.onenet.net (working copy)
@@ -0,0 +1,629 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show system commit
+# 2015-08-25 21:58:52 CDT by root via cli
+# 2015-08-22 00:03:43 CDT by root via cli
+# 2015-08-21 23:16:30 CDT by root via other
+# 2015-05-14 16:54:19 CDT by root via other
+# rescue 2015-08-25 22:13:36 CDT by root via recovery-mgmt
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU OK
+# Fans SRX240 PowerSupply fan 1 OK
+# SRX240 PowerSupply fan 2 OK
+# SRX240 CPU fan 1 OK
+# SRX240 CPU fan 2 OK
+# SRX240 IO fan 1 OK
+# SRX240 IO fan 2 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis BU1214AK0341 SRX240H2
+# Routing Engine REV 10 750-043609 ACLC7858 RE-SRX240H2
+# FPC 0 FPC
+# PIC 0 16x GE Base PIC
+# Power Supply 0
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show chassis hardware models
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACLC7858
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show chassis scb
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show chassis sfm detail
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show chassis ssb
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
+# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
+# L2 Cache: Size 512kb, 8 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
+# usb0: <USB Bus for DWC OTG Controller> on dwc0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
+# uhub1: single transaction translator
+# uhub1: 3 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# dwc1: <Synopsis DWC OTG Controller Driver> on obio0
+# usb1: <USB Bus for DWC OTG Controller> on dwc1
+# usb1: USB revision 2.0
+# uhub2: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub2: 1 port with 1 removable, self powered
+# cpld0 on obio0
+# pcib1: <Cavium on-chip PCIe HOST bridge> on obio0
+# Disabling Octeon big bar support
+# PCIe: Waiting for port 0 to finish reset
+# PCIe: Port 0 link active, 2 lanes
+# PCIe: Waiting for port 1 to finish reset
+# PCIe: Port 1 link active, 1 lanes
+# pcib1: Initialized controller
+# pci0: <PCI bus> on pcib1
+# pcib2: <PCI-PCI bridge> irq 0 at device 0.0 on pci0
+# pci1: <PCI bus> on pcib2
+# pci1: <serial bus, USB> at device 2.0 (no driver attached)
+# pci1: <serial bus, USB> at device 2.1 (no driver attached)
+# pci1: <network> at device 7.0 (no driver attached)
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
+# pci2: <PCI bus> on pcib0
+# pci2: <processor> at device 0.0 (no driver attached)
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 4MB> on obio0
+# Timecounter "mips" frequency 600000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
+# Trying to mount root from ufs:/dev/da0s1a
+# WARNING: / was not properly dismounted
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show version
+# Hostname: UNION-CITY-PS-LR-ASSET-004902 # Model: srx240h2 # JUNOS Software Release [12.1X44-D35.5] # # grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show system uptime
+# System booted: 2015-08-27 10:45 CDT
+# Protocols started: 2015-08-27 10:47 CDT
+# Last configured: 2015-08-25 21:58 CDT by root
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#ge-0/0/0.32767 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 down down
+#ge-0/0/3 down down
+#ge-0/0/4 down down
+#ge-0/0/5 down down
+#ge-0/0/6 down down
+#ge-0/0/7 down down
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ge-0/0/10 down down
+#ge-0/0/11 down down
+#ge-0/0/12 down down
+#ge-0/0/13 down down
+#ge-0/0/14 down down
+#ge-0/0/15 up up
+#ge-0/0/15.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up up
+#vlan.4 up up
+#vlan.999 up down
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show configuration
+## Last commit: 2015-08-25 21:58:52 CDT by root
+version 12.1X44-D35.5;
+system {
+ host-name UNION-CITY-PS-LR-ASSET-004902;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 156.110.62.158;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 156.110.62.158;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ vlan-tagging;
+ unit 0 {
+ vlan-id 906;
+ family inet {
+ address 156.110.62.158/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "UNTRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-LAN-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 4 {
+ description "L3 INTERFACE - UNTRUST-LAN-VLAN - 156.110.67.89/29";
+ family inet {
+ address 156.110.67.89/29;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.62.157;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy UNTRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.4 {
+ host-inbound-traffic {
+ system-services {
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
+vlans {
+ TEST-VLAN {
+ description "Test VLAN 999 for TESTING ONLY";
+ vlan-id 999;
+ }
+ UNTRUST-LAN-VLAN {
+ description UNTRUST-LAN-VLAN;
+ vlan-id 4;
+ l3-interface vlan.4;
+ }
+}
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+# grnoc-mon at UNION-CITY-PS-LR-ASSET-004902> show system snapshot media internal
+# Information for snapshot on internal (/dev/da0s1a) (primary)
+# Creation date: May 14 16:48:53 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+# Information for snapshot on internal (/dev/da0s2a) (backup)
+# Creation date: Aug 25 22:25:20 2015
+# JUNOS version on snapshot:
+# junos : 12.1X44-D35.5-domestic
+#
Index: routers.down
===================================================================
--- routers.down (revision 135261)
+++ routers.down (working copy)
@@ -1,16 +1,11 @@
-BLACKWELL-PUB-LIB-SRX220.clients.onenenet.net:juniper:down
-CAMERON-PS-SRX220.clients.onenet.net:juniper:down
Capitol-3550.onenet.net:cisco:down
GROVE-ELEM-DIST-63-SRX220.client.onenet.net:juniper:down
-HAYWOOD-PS-SRX240.client.onenet.net:juniper:down
OJA-SW-YOUTH-CENTER-MANITOU-SRX220.onenet.net:juniper:down
OKC-DC-EDGE1-MX80.onenet.net:juniper:down
OMES-MX480-0:juniper:down
OMES-MX480-1:juniper:down
-QUAPAW-PUB-SCHOOL-SRX240.client.onenet.net:juniper:down
SMITHVILLE-PUB-SCH-SRX240.client.onenet.net:juniper:down
SRX1.RP3F1-JOEL-SRX-220:juniper:down
-alex-ps.client.onenet.net:juniper:down
core.okc.onenet.net:cisco:down
core.okclab.onenet.net:cisco:down
core.ptc.onenet.net:cisco:down
@@ -95,6 +90,5 @@
swi1.rp5f0.onenet.net:cisco:down
swi5.okcdc.onenet.net:juniper:down
ub.say.onenet.net:cisco:down
-union-city-ps.client.onenet.net:juniper:down
vinita-public-library-srx220.onenet.net:juniper:down
walters-ps.client.onenet.net:juniper:down
Index: routers.all
===================================================================
--- routers.all (revision 135454)
+++ routers.all (working copy)
@@ -1,12 +1,7 @@
-BLACKWELL-PUB-LIB-SRX220.clients.onenenet.net:juniper
-CAMERON-PS-SRX220.clients.onenet.net:juniper
CLI-adva.p.onenet.net:fsp3000
Capitol-3550.onenet.net:cisco
-DICKSON-SCHOOLS-SRX240.client.onenet.net:juniper
-FAIRFAX-LIB-SRX220-MR.client.onenet.net:juniper
GROVE-ELEM-DIST-63-SRX220.client.onenet.net:juniper
HARRA-PS-SRX240.onenet.net:juniper
-HAYWOOD-PS-SRX240.client.onenet.net:juniper
KEOTA-HS-SRX220.client.onenet.net:juniper
NE-AREA-VOTECH-PRYOR.client.onenet.net:juniper
NORTH-ROCK-CREEK-PS.client.onenet.net:juniper
@@ -17,7 +12,6 @@
OMES-MX480-1:juniper
PIONEER-TECH-ASH-SRX220-MR.client.onenet.net:juniper
PORUM-PUB-SCH-SRX240.client.onenet.net:juniper
-QUAPAW-PUB-SCHOOL-SRX240.client.onenet.net:juniper
SMITHVILLE-PUB-SCH-SRX240.client.onenet.net:juniper
SRX1.RP3F1-JOEL-SRX-220:juniper
acx.cai.ato-acx2100.onenet.net:juniper
@@ -30,14 +24,18 @@
ada-hs-srx240.client.onenet.net:juniper
alex-ps.client.onenet.net:juniper
atoka-ps-srx240.client.onenet.net:juniper
+avant-ps-srx220.onenet.net:juniper
baptist-girls-home-srx220.client.onenet.net:juniper
bennington-ps-srx220.onenet.net:juniper
+blackwell-pl.client.onenenet.net:juniper
blackwell-ps.client.onenet.net:juniper
buffalo-valley-ps-ge112.nid.onenet.net:fsp150
calera-ps.client.onenet.net:juniper
+cameron-ps.clients.onenet.net:juniper
chisholm-ps.client.onenet.net:juniper
clayton-ps-srx220.client.onenet.net:juniper
cleveland-ps-srx220.client.onenet.net:juniper
+comanche-ps.client.onenet.net:juniper
core.ada.onenet.net:juniper
core.alt.onenet.net:juniper
core.ard.onenet.net:juniper
@@ -121,10 +119,13 @@
decom.san-sw-tulsa.onenet.net:cisco
denison-ps-srx220.client.onenet.net:juniper
dewey-ps.client.onenet.net:juniper
+dickson-ps.client.onenet.net:juniper
dps-okc-mlk-ge114.nid.onenet.net:fsp150
+fairfax-pl.client.onenet.net:juniper
faye.okcdc.onenet.net:juniper
gatekeeper-backup-3725:cisco
geronimo-ps.client.onenet.net:juniper
+haywood-ps.client.onenet.net:juniper
hennessey-ps-srx220.client.onenet.net:juniper
hu.ada.onenet.net:cisco
hu.alv.onenet.net:cisco
@@ -249,6 +250,7 @@
ore6.okc.onenet.net:cisco
panola-ps.client.onenet.net:juniper
pioneer-tech-ponc-srx220.client.onenet.net:juniper
+quapaw-ps.client.onenet.net:juniper
rp3-adva.p.onenet.net:fsp3000
rpswi1.okc.onenet.net:juniper
rpswi1.rp3f2.onenet.net:cisco
More information about the Nocrancid
mailing list