[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Oct 15 14:02:15 CDT 2015
Index: configs/quapaw-ps.client.onenet.net
===================================================================
--- configs/quapaw-ps.client.onenet.net (revision 135467)
+++ configs/quapaw-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at QUAPAW-PS-LR-004903> show system commit
+# 2015-10-15 13:10:53 CDT by joel via cli commit confirmed, rollback in 10mins
+# 2015-10-15 13:10:21 CDT by joel via cli commit confirmed, rollback in 3mins
# 2015-10-06 17:26:15 CDT by andrew via cli
# 2015-08-25 17:23:40 CDT by joel via cli
# 2015-08-25 17:22:05 CDT by joel via cli
# 2015-08-25 01:43:43 CDT by admin via cli
-# 2015-08-25 01:40:04 CDT by admin via cli
-# 2015-08-25 01:21:55 CDT by root via cli
# grnoc-mon at QUAPAW-PS-LR-004903> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -116,7 +116,7 @@
# grnoc-mon at QUAPAW-PS-LR-004903> show system uptime
# System booted: 2015-09-23 11:40 CDT
# Protocols started: 2015-09-23 11:44 CDT
-# Last configured: 2015-10-06 17:26 CDT by andrew
+# Last configured: 2015-10-15 13:10 CDT by joel
#
# grnoc-mon at QUAPAW-PS-LR-004903> show interface terse
#Interface Admin Link
@@ -167,6 +167,7 @@
#st0 up up
#tap up up
#vlan up up
+#vlan.99 up up
#vlan.100 up up
#vlan.200 up up
#vlan.300 up up
@@ -177,7 +178,7 @@
#vlan.900 up up
#vlan.999 up down
# grnoc-mon at QUAPAW-PS-LR-004903> show configuration
-## Last commit: 2015-10-06 17:26:15 CDT by andrew
+## Last commit: 2015-10-15 13:10:53 CDT by joel
version 12.1X44-D35.5;
system {
host-name QUAPAW-PS-LR-004903;
@@ -379,7 +380,7 @@
family ethernet-switching {
port-mode trunk;
vlan {
- members [ TR-0100-HIGH-SCHOOL TR-0200-MIDDLE-SCHOOL TR-0300-ELEMENTARY TR-0400-ADMIN TR-0600-PUBLIC-WIFI TR-0601-STUDENT-WIFI TR-0800-SERVERS TR-0900-VIDEO ];
+ members [ TR-0099-MANAGEMENT TR-0100-HIGH-SCHOOL TR-0200-MIDDLE-SCHOOL TR-0300-ELEMENTARY TR-0400-ADMIN TR-0600-PUBLIC-WIFI TR-0601-STUDENT-WIFI TR-0800-SERVERS TR-0900-VIDEO ];
}
}
}
@@ -394,6 +395,12 @@
}
}
vlan {
+ unit 99 {
+ description "L3 INTERFACE - TR-0099-MANAGEMENT - 10.0.0.1/24";
+ family inet {
+ address 10.0.0.1/24;
+ }
+ }
unit 100 {
description "L3 INTERFACE - TR-0100-HIGH-SCHOOL - 10.1.0.1/23";
family inet {
@@ -539,7 +546,7 @@
}
}
rule-set ZONE-TO-UNTRUST-NAT {
- from zone [ TR-0100-HIGH-SCHOOL TR-0200-MIDDLE-SCHOOL TR-0300-ELEMENTARY TR-0400-ADMIN TR-0600-PUBLIC-WIFI TR-0601-STUDENT-WIFI TR-0800-SERVERS TR-0900-VIDEO ];
+ from zone [ TR-0099-MANAGEMENT TR-0100-HIGH-SCHOOL TR-0200-MIDDLE-SCHOOL TR-0300-ELEMENTARY TR-0400-ADMIN TR-0600-PUBLIC-WIFI TR-0601-STUDENT-WIFI TR-0800-SERVERS ];
to zone UNTRUST;
rule NAT-TRUST-TO-UNTRUST {
match {
@@ -552,6 +559,20 @@
}
}
}
+ rule-set VIDEO-TO-UNTRUST-NAT {
+ from zone TR-0900-VIDEO;
+ to zone UNTRUST;
+ rule NAT-VIDEO-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
}
}
policies {
@@ -567,8 +588,8 @@
}
}
}
- from-zone TR-0100-HIGH-SCHOOL to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
+ from-zone TR-0099-MANAGEMENT to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL {
match {
source-address any;
destination-address any;
@@ -579,8 +600,8 @@
}
}
}
- from-zone TR-0200-MIDDLE-SCHOOL to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
+ from-zone TR-0100-HIGH-SCHOOL to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL {
match {
source-address any;
destination-address any;
@@ -591,8 +612,8 @@
}
}
}
- from-zone TR-0300-ELEMENTARY to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
+ from-zone TR-0200-MIDDLE-SCHOOL to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL {
match {
source-address any;
destination-address any;
@@ -603,8 +624,8 @@
}
}
}
- from-zone TR-0400-ADMIN to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
+ from-zone TR-0300-ELEMENTARY to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL {
match {
source-address any;
destination-address any;
@@ -615,7 +636,154 @@
}
}
}
- from-zone TR-0600-PUBLIC-WIFI to-zone UNTRUST {
+ from-zone TR-0400-ADMIN to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0600-PUBLIC-WIFI to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0601-STUDENT-WIFI to-zone TR-0800-SERVERS {
+ policy ALLOW-ALL {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0800-SERVERS to-zone TR-0099-MANAGEMENT {
+ policy ALLOW-MGMT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0800-SERVERS to-zone TR-0100-HIGH-SCHOOL {
+ policy ALLOW-MGMT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0800-SERVERS to-zone TR-0200-MIDDLE-SCHOOL {
+ policy ALLOW-MGMT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0800-SERVERS to-zone TR-0300-ELEMENTARY {
+ policy ALLOW-MGMT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0800-SERVERS to-zone TR-0400-ADMIN {
+ policy ALLOW-MGMT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0800-SERVERS to-zone TR-0600-PUBLIC-WIFI {
+ policy ALLOW-MGMT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0800-SERVERS to-zone TR-0601-STUDENT-WIFI {
+ policy ALLOW-MGMT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0800-SERVERS to-zone TR-0800-SERVERS {
+ policy ALLOW-MGMT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TR-0099-MANAGEMENT to-zone UNTRUST {
+ policy ALLOW-SERVICES {
+ match {
+ source-address any;
+ destination-address any;
+ application [ junos-ntp junos-icmp-ping junos-icmp-all junos-dns-udp ];
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ }
+ from-zone TR-0100-HIGH-SCHOOL to-zone UNTRUST {
policy ALLOW-ALL-OUT {
match {
source-address any;
@@ -627,7 +795,7 @@
}
}
}
- from-zone TR-0601-STUDENT-WIFI to-zone UNTRUST {
+ from-zone TR-0200-MIDDLE-SCHOOL to-zone UNTRUST {
policy ALLOW-ALL-OUT {
match {
source-address any;
@@ -639,7 +807,7 @@
}
}
}
- from-zone TR-0800-SERVERS to-zone UNTRUST {
+ from-zone TR-0300-ELEMENTARY to-zone UNTRUST {
policy ALLOW-ALL-OUT {
match {
source-address any;
@@ -651,7 +819,7 @@
}
}
}
- from-zone TR-0900-VIDEO to-zone UNTRUST {
+ from-zone TR-0400-ADMIN to-zone UNTRUST {
policy ALLOW-ALL-OUT {
match {
source-address any;
@@ -663,7 +831,7 @@
}
}
}
- from-zone UNTRUST to-zone TR-0900-VIDEO {
+ from-zone TR-0600-PUBLIC-WIFI to-zone UNTRUST {
policy ALLOW-ALL-OUT {
match {
source-address any;
@@ -675,7 +843,7 @@
}
}
}
- from-zone TR-0100-HIGH-SCHOOL to-zone TR-0800-SERVERS {
+ from-zone TR-0601-STUDENT-WIFI to-zone UNTRUST {
policy ALLOW-ALL-OUT {
match {
source-address any;
@@ -687,7 +855,7 @@
}
}
}
- from-zone TR-0200-MIDDLE-SCHOOL to-zone TR-0800-SERVERS {
+ from-zone TR-0800-SERVERS to-zone UNTRUST {
policy ALLOW-ALL-OUT {
match {
source-address any;
@@ -699,7 +867,7 @@
}
}
}
- from-zone TR-0300-ELEMENTARY to-zone TR-0800-SERVERS {
+ from-zone TR-0900-VIDEO to-zone UNTRUST {
policy ALLOW-ALL-OUT {
match {
source-address any;
@@ -711,7 +879,7 @@
}
}
}
- from-zone TR-0400-ADMIN to-zone TR-0800-SERVERS {
+ from-zone UNTRUST to-zone TR-0900-VIDEO {
policy ALLOW-ALL-OUT {
match {
source-address any;
@@ -754,6 +922,20 @@
}
}
}
+ security-zone TR-0099-MANAGEMENT {
+ interfaces {
+ vlan.99 {
+ host-inbound-traffic {
+ system-services {
+ ntp;
+ ping;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
security-zone TR-0100-HIGH-SCHOOL {
interfaces {
vlan.100 {
@@ -923,6 +1105,11 @@
vlan-id 999;
l3-interface vlan.999;
}
+ TR-0099-MANAGEMENT {
+ description TR-0099-MANAGEMENT;
+ vlan-id 99;
+ l3-interface vlan.99;
+ }
TR-0100-HIGH-SCHOOL {
description TR-0100-HIGH-SCHOOL;
vlan-id 100;
Index: configs/acx.cai.hart-acx2100.onenet.net
===================================================================
--- configs/acx.cai.hart-acx2100.onenet.net (revision 135793)
+++ configs/acx.cai.hart-acx2100.onenet.net (working copy)
@@ -74,6 +74,7 @@
# grnoc-mon at HARTSHORNE-PUBLIC-LIBRARY-ACX2100> show chassis sfm detail
# grnoc-mon at HARTSHORNE-PUBLIC-LIBRARY-ACX2100> show chassis ssb
# grnoc-mon at HARTSHORNE-PUBLIC-LIBRARY-ACX2100> show system boot-messages
+# show version
# platform_early_bootinit: MX-PPC Series Early Boot Initialization
# mxppc_set_re_type: hw.board.type is ACX-2100
# WDOG initialized
@@ -142,7 +143,8 @@
# WARNING: /var was not properly dismounted
#
# grnoc-mon at HARTSHORNE-PUBLIC-LIBRARY-ACX2100> show version
-# Hostname: HARTSHORNE-PUBLIC-LIBRARY-ACX2100 # Model: acx2100 # JUNOS Crypto Software Suite [12.3X54-D10.6] # JUNOS Base OS Software Suite [12.3X54-D10.6] # JUNOS Kernel Software Suite [12.3X54-D10.6] # JUNOS Base OS boot [12.3X54-D10.6] # JUNOS Packet Forwarding Engine Support (ACX) [12.3X54-D10.6] # JUNOS Online Documentation [12.3X54-D10.6] # JUNOS Routing Software Suite [12.3X54-D10.6] # # grnoc-mon at HARTSHORNE-PUBLIC-LIBRARY-ACX2100> file list /var/tmp detail #
+# Hostname: HARTSHORNE-PUBLIC-LIBRARY-ACX2100 # Model: acx2100 # JUNOS Crypto Software Suite [12.3X54-D10.6] # JUNOS Base OS Software Suite [12.3X54-D10.6] # JUNOS Kernel Software Suite [12.3X54-D10.6] # JUNOS Base OS boot [12.3X54-D10.6] # JUNOS Packet Forwarding Engine Support (ACX) [12.3X54-D10.6] # JUNOS Online Documentation [12.3X54-D10.6] # JUNOS Routing Software Suite [12.3X54-D10.6] # # grnoc-mon at HARTSHORNE-PUBLIC-LIBRARY-ACX2100> file list /var/tmp detail # show system uptime
+#
# /var/tmp:
# total blocks: 291872
# drwxr-xr-x 2 root field 512 Dec 31 2009 gres-tp/
Index: configs/mid-america-tech-ctr.client.onenet.net
===================================================================
--- configs/mid-america-tech-ctr.client.onenet.net (revision 135801)
+++ configs/mid-america-tech-ctr.client.onenet.net (working copy)
@@ -1,7 +1,6 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MID-AMERICA-TECH-CTR-SRX240-LR-004891> show system commit
-# show chassis environment
# 2015-08-19 14:01:33 CDT by joel via cli
# 2015-08-19 13:53:15 CDT by joel via cli commit confirmed, rollback in 3mins
# 2015-08-14 09:02:12 CDT by andrew via cli
Index: configs/hub.tsb.onenet.net
===================================================================
--- configs/hub.tsb.onenet.net (revision 135801)
+++ configs/hub.tsb.onenet.net (working copy)
@@ -200,7 +200,7 @@
# -rw-rw---- 1 root field 51994624 Oct 24 2013 ifinfo.core.1
# -rw-rw---- 1 root field 51974144 Oct 24 2013 ifinfo.core.2
# -rw-rw---- 1 root field 52744192 Oct 24 2013 ifinfo.core.3
-# -rw-rw---- 1 root field 52727808 Oct 15 13:00 ifinfo.core.4
+# -rw-rw---- 1 root field 52727808 Oct 15 14:00 ifinfo.core.4
# drwxrwxrwx 2 root wheel 512 Oct 12 2012 install/
# -rw-rw---- 1 root field 33464320 Mar 3 2014 jdiameterd.core.0
# -rw-r--r-- 1 eng field 99542994 Apr 23 2013 jinstall-ppc-11.4R7.5-domestic-signed.tgz
Index: configs/odmhsas.central-office.okc.client.onenet.net
===================================================================
--- configs/odmhsas.central-office.okc.client.onenet.net (revision 135801)
+++ configs/odmhsas.central-office.okc.client.onenet.net (working copy)
@@ -184,7 +184,7 @@
#st0.17 up up
#st0.18 up down
#st0.19 up up
-#st0.20 up down
+#st0.20 up up
#st0.21 up up
#st0.22 up up
#st0.23 up up
More information about the Nocrancid
mailing list