[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Mon Jul 25 19:03:31 CDT 2016
Index: router.db
===================================================================
--- router.db (revision 144970)
+++ router.db (working copy)
@@ -351,6 +351,7 @@
lane-frost-medical.client.onenet.net:juniper:up
LAVERN-PUBLIC-SCHOOLS.client.onenet.net:juniper:up
law-adva.p.onenet.net:fsp3000:up
+lawton-ps.client.onenet.net:juniper:up
leflore-ps.client.onenet.net:juniper:up
lone-wolf-ps.client.onenet.net:juniper:up
lukfata-ps.client.onenet.net:juniper:up
@@ -593,6 +594,7 @@
SWI1.STROUD.onenet.net:juniper:down
swi1.towalt.onenet.net:juniper:up
swi1.wayne.onenet.net:juniper:up
+swi2.lawton-ps.onenet.net:juniper:up
swi5.okcdc.onenet.net:juniper:down
tagnet-elgin.nid.onenet.net:fsp150:up
tahlequah-isd.client.onenet.net:juniper:up
Index: routers.up
===================================================================
--- routers.up (revision 144970)
+++ routers.up (working copy)
@@ -270,6 +270,7 @@
lane-frost-medical.client.onenet.net:juniper
lavern-public-schools.client.onenet.net:juniper
law-adva.p.onenet.net:fsp3000
+lawton-ps.client.onenet.net:juniper
leflore-ps.client.onenet.net:juniper
lone-wolf-ps.client.onenet.net:juniper
lukfata-ps.client.onenet.net:juniper
@@ -472,6 +473,7 @@
swi1.odot.ton-intmaint.onenet.net:juniper
swi1.towalt.onenet.net:juniper
swi1.wayne.onenet.net:juniper
+swi2.lawton-ps.onenet.net:juniper
tagnet-elgin.nid.onenet.net:fsp150
tahlequah-isd.client.onenet.net:juniper
talihina-ps.nid.onenet.net:fsp150
Index: configs/maysville-es.client.onenet.net
===================================================================
--- configs/maysville-es.client.onenet.net (revision 144970)
+++ configs/maysville-es.client.onenet.net (working copy)
@@ -614,7 +614,6 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/swi2.lawton-ps.onenet.net
===================================================================
--- configs/swi2.lawton-ps.onenet.net (revision 144972)
+++ configs/swi2.lawton-ps.onenet.net (working copy)
@@ -0,0 +1,583 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show system commit
+# 2016-07-25 18:03:28 CDT by admin via cli
+# 2015-02-12 08:25:48 CST by admin via cli
+# 2015-02-12 08:15:26 CST by admin via cli
+# 2015-02-12 08:12:08 CST by admin via cli
+# 2015-02-12 08:11:25 CST by admin via cli
+# 2015-02-12 08:05:58 CST by admin via cli
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show chassis environment
+# Class Item Status Measurement
+# Power FPC 0 Power Supply 0 OK
+# FPC 0 Power Supply 0 Airflow OK Back to front
+# FPC 0 Power Supply 1 OK
+# FPC 0 Power Supply 1 Airflow OK Back to front
+# Temp FPC 0 CPU OK
+# FPC 0 GEPHY Front Left OK
+# FPC 0 GEPHY Front Middle OK
+# FPC 0 GEPHY Front Right OK
+# FPC 0 EX-PFE1 OK
+# FPC 0 Rear Left PCB OK
+# FPC 0 Rear Middle PCB OK
+# FPC 0 Rear Right PCB OK
+# FPC 0 Local Sensor OK
+# Fans FPC 0 Fan 1 OK
+# FPC 0 Fan 2 OK
+# FPC 0 Fan 3 OK
+# FPC 0 Fan 1 Airflow OK Airflow In (AFI)
+# FPC 0 Fan 2 Airflow OK Airflow In (AFI)
+# FPC 0 Fan 3 Airflow OK Airflow In (AFI)
+#
+# {master:0}
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show chassis firmware
+# Part Type Version
+# FPC 0 uboot U-Boot 2010.03 (Oct 21 2012 - 03:06:55) 1.0
+# loader FreeBSD/PowerPC U-Boot bootstrap loader 2.4
+#
+# {master:0}
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM 2048 MB
+#
+# {master:0}
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis LX0213523453 EX4550-32F
+# Routing Engine 0 REV 18 750-045402 LX0213523453 EX4550-32F
+# FPC 0 REV 18 750-045402 LX0213523453 EX4550-32F
+# CPU BUILTIN BUILTIN FPC CPU
+# PIC 0 BUILTIN BUILTIN 32x 1G/10G SFP/SFP+
+# Xcvr 0 REV 01 740-030076 APF15200013R7W SFP+-10G-CU1M
+# Xcvr 1 REV 01 740-030076 APF15200013PEV SFP+-10G-CU1M
+# Xcvr 2 REV 01 740-030076 APF15200013NNA SFP+-10G-CU1M
+# Xcvr 3 REV 01 740-030076 APF15200013PAM SFP+-10G-CU1M
+# Xcvr 27 REV 01 740-031980 AS817RS SFP+-10G-SR
+# Xcvr 28 REV 01 740-030076 APF15200013NNU SFP+-10G-CU1M
+# Xcvr 29 REV 01 740-030076 APF15200013NN0 SFP+-10G-CU1M
+# Xcvr 31 REV 01 740-030077 APF15120027B2C SFP+-10G-CU3M
+# Power Supply 0 REV 03 740-044332 1GA13390177 JPSU-650W-AC-AFI
+# Power Supply 1 REV 03 740-044332 1GA13460754 JPSU-650W-AC-AFI
+# Fan Tray Fan Module, Airflow In (AFI)
+#
+# {master:0}
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show chassis hardware models
+# Hardware inventory:
+# Item Version Part number Serial number FRU model number
+# Routing Engine 0 REV 18 750-045402 LX0213523453 EX4550-32F-AFI
+# FPC 0 REV 18 750-045402 LX0213523453 EX4550-32F-AFI
+# PIC 0 BUILTIN BUILTIN EX4550-32F-AFI
+# Power Supply 0 REV 03 740-044332 1GA13390177 JPSU-650W-AC-AFI
+# Power Supply 1 REV 03 740-044332 1GA13460754 JPSU-650W-AC-AFI
+#
+# {master:0}
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show chassis routing-engine
+# Routing Engine status:
+# Slot 0:
+# Current state Master
+# DRAM 2048
+# Serial ID LX0213523453
+#
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show chassis scb
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show chassis sfm detail
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show chassis ssb
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show system boot-messages
+# fpc0:
+# --------------------------------------------------------------------------
+# Copyright (c) 1996-2015, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# can't re-use a leaf (all_slot_serialid)!
+# Timecounter "decrementer" frequency 75000000 Hz quality 0
+# cpu0: Freescale e500v2 core revision 5.1
+# cpu0: HID0 80004080<EMCP,TBEN,EN_MAS7_UPDATE>
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# MAC/veriexec fingerprint module loaded: SHA1
+# MAC/veriexec fingerprint module loaded: SHA256
+# ETHERNET SOCKET BRIDGE initialising
+# Initializing EXSERIES properties ...
+# nexus0: <PPC e500 Nexus device>
+# ocpbus0: <on-chip peripheral bus> on nexus0
+# openpic0: <OpenPIC in on-chip peripheral bus> iomem 0xfef40000-0xfef600b3 on ocpbus0
+# memctl0: <mpc85xx memory ECC monitor> iomem 0xfef20000-0xfef20e5b,0xfef02000-0xfef02e5b irq 32,34 on ocpbus0
+# i2c0: <MPC85XX OnChip i2c Controller> iomem 0xfef03000-0xfef03014 irq 59 on ocpbus0
+# ds1672 rtc0: <DS1672 RTC> on i2c0
+# i2c1: <MPC85XX OnChip i2c Controller> iomem 0xfef03100-0xfef03114 irq 59 on ocpbus0
+# uart0: <16550 or compatible> iomem 0xfef04500-0xfef0450f irq 58 on ocpbus0
+# uart0: console (9600,n,8,1)
+# uart1: <16550 or compatible> iomem 0xfef04600-0xfef0460f irq 58 on ocpbus0
+# lbc0: <Freescale 8533 Local Bus Controller> iomem 0xfef05000-0xfef05fff,0xff000000-0xffffffff irq 35,17 on ocpbus0
+# cfi0: <AMD/Fujitsu - 8MB> iomem 0xff800000-0xffffffff on lbc0
+# syspld0 iomem 0xff000000-0xff00ffff on lbc0
+# tsec0: <eTSEC ethernet controller> iomem 0xfef24000-0xfef24fff irq 45,46,50 on ocpbus0
+# tsec1: <eTSEC ethernet controller> iomem 0xfef25000-0xfef25fff irq 51,52,56 on ocpbus0
+# tsec2: <eTSEC ethernet controller> iomem 0xfef26000-0xfef26fff irq 47,48,49 on ocpbus0
+# tsec2: hardware MAC address 28:8a:1c:0f:fa:fd
+# miibus0: <MII bus> on tsec2
+# brgphy0: <BCM54616S 10/100/1000baseTX PHY> on miibus0
+# brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
+# pcib0: <Freescale MPCP2010 PCI Express host controller> iomem 0xfef0a000-0xfef0afff,0xc0000000-0xcfffffff irq 42 on ocpbus0
+# pci0: <PCI bus> on pcib0
+# pcib1: <PCI-PCI bridge> at device 0.0 on pci0
+# pci1: <PCI bus> on pcib1
+# pcib2: <PCI-PCI bridge> irq 21 at device 0.0 on pci1
+# pci2: <PCI bus> on pcib2
+# pcib3: <PCI-PCI bridge> irq 0 at device 1.0 on pci2
+# pci3: <PCI bus> on pcib3
+# mpfe0: <Juniper EX-series Packet Forwarding Engine> mem 0xc0000000-0xc3ffffff irq 20 at device 0.0 on pci3
+# pcib4: <PCI-PCI bridge> irq 0 at device 2.0 on pci2
+# pci4: <PCI bus> on pcib4
+# mpfe1: <Juniper EX-series Packet Forwarding Engine> mem 0xc4000000-0xc7ffffff irq 20 at device 0.0 on pci4
+# pcib5: <PCI-PCI bridge> irq 0 at device 3.0 on pci2
+# pci5: <PCI bus> on pcib5
+# mpfe2: <Juniper EX-series Packet Forwarding Engine> mem 0xc8000000-0xcbffffff irq 20 at device 0.0 on pci5
+# pcib6: <PCI-PCI bridge> irq 0 at device 4.0 on pci2
+# pci6: <PCI bus> on pcib6
+# mpfe3: <Juniper EX-series Packet Forwarding Engine> mem 0xcc000000-0xcfffffff irq 20 at device 0.0 on pci6
+# pcib7: <PCI-PCI bridge> irq 0 at device 5.0 on pci2
+# pci7: <PCI bus> on pcib7
+# pcib8: <PCI-PCI bridge> irq 0 at device 6.0 on pci2
+# pci8: <PCI bus> on pcib8
+# ehci0: <Frescale Integrated USB 2.0 controller> iomem 0xfef22000-0xfef22503 irq 44 on ocpbus0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: Freescale EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x0424 product 0x2513, class 9/0, rev 2.00/b.b3, addr 2
+# uhub1: multiple transaction translators
+# uhub1: 3 ports with 0 removable, self powered
+# umass0: ATP Electronics ATP IG eUSB, rev 2.00/11.00, addr 3
+# Initializing product: 125 ..
+# bmeb: bmeb_lib_init done 0x8436b000, addr 0x80a9d048
+# bme0:Virtual BME driver initializing
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# Kernel thread "wkupdaemon" (pid 43) exited prematurely.
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ATP ATP IG eUSB 1100> Fixed Direct Access SCSI-4 device
+# da0: 40.000MB/s transfers
+# da0: 1919MB (3930112 512 byte sectors: 255H 63S/T 244C)
+# Trying to mount root from ufs:/dev/da0s2a
+#
+# {master:0}
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show version
+# fpc0: # -------------------------------------------------------------------------- # Hostname: LAWTON-PS-EX4550-LR-004371 # Model: ex4550-32f # JUNOS Base OS boot [12.3R9.4] # JUNOS Base OS Software Suite [12.3R9.4] # JUNOS Kernel Software Suite [12.3R9.4] # JUNOS Crypto Software Suite [12.3R9.4] # JUNOS Online Documentation [12.3R9.4] # JUNOS Enterprise Software Suite [12.3R9.4] # JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R9.4] # JUNOS Routing Software Suite [12.3R9.4] # JUNOS Web Management [12.3R9.4] # JUNOS FIPS mode utilities [12.3R9.4] # # {master:0} # grnoc-mon at LAWTON-PS-EX4550-LR-004371> file list /var/tmp detail #
+# /var/tmp:
+# total blocks: 32
+# drwxrwxr-x 2 root wheel 512 Aug 26 2012 .snap/
+# drwxr-xr-x 2 root field 512 Feb 12 2015 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Feb 12 2015 install/
+# drwxrwxrwx 2 root wheel 512 Feb 12 2015 pics/
+# drwxr-xr-x 2 root field 512 Feb 12 2015 rtsdb/
+# drwxrwxrwt 2 root wheel 512 Feb 12 2015 vi.recover/
+# total files: 0
+#
+# {master:0}
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show system uptime
+# fpc0:
+# --------------------------------------------------------------------------
+# System booted: 2016-07-25 10:20 CDT
+# Protocols started: 2016-07-25 10:22 CDT
+# Last configured: 2016-07-25 18:03 CDT by admin
+#
+# {master:0}
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show interface terse
+#Interface Admin Link
+#xe-0/0/0 up up
+#xe-0/0/0.0 up up
+#xe-0/0/1 up up
+#xe-0/0/1.0 up up
+#xe-0/0/2 up up
+#xe-0/0/2.0 up up
+#xe-0/0/3 up up
+#xe-0/0/3.0 up up
+#xe-0/0/27 up up
+#xe-0/0/27.0 up up
+#xe-0/0/28 up up
+#xe-0/0/28.0 up up
+#xe-0/0/29 up up
+#xe-0/0/29.0 up up
+#xe-0/0/31 up up
+#xe-0/0/31.0 up up
+#bme0 up up
+#bme0.32768 up up
+#dsc up up
+#gre up up
+#ipip up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lsi up up
+#me0 down down
+#me0.0 up down
+#mtun up up
+#pimd up up
+#pime up up
+#tap up up
+#vlan up up
+#vlan.81 up up
+#vme up down
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show configuration
+## Last commit: 2016-07-25 18:03:28 CDT by admin
+version 12.3R9.4;
+system {
+ host-name LAWTON-PS-EX4550-LR-004371;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+ port 1812;
+ accounting-port 1813;
+# secret "<removed>"; ## SECRET-DATA
+ source-address 10.199.208.25;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 10.199.208.25;
+ }
+ }
+ login {
+ message "\n\n************************************ WARNING ****************************************\n\n* To protect the system from unauthorized use, *\n\n* activities on this system are monitored,recorded and subject to audit. *\n\n* Use of this system is expressed consent to such monitoring and recording. *\n\n* Any unauthorized access or use of this system is prohibited and *\n\n* is subject to criminal and civil penalties and/or administrative action. *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 2000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ max-sessions-per-connection 32;
+ }
+ netconf {
+ ssh;
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ host 164.58.253.92 {
+ any any;
+ }
+ host 164.58.253.38 {
+ any any;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ match "!(.*LI Packet length.*|.* grnoc-mon.*|.*Connection closed by 164.58.253.113.*|.* exited, status 255.*)";
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file default-log-messages {
+ any any;
+ match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)";
+ structured-data;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ source-address 10.199.208.51;
+ }
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+}
+interfaces {
+ xe-0/0/0 {
+ description "Smoothwall CF 1";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 600;
+ }
+ }
+ }
+ }
+ xe-0/0/1 {
+ description "Smoothwall CF 2";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 600;
+ }
+ }
+ }
+ }
+ xe-0/0/2 {
+ description "Smoothwall LB 1";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 600;
+ }
+ }
+ }
+ }
+ xe-0/0/3 {
+ description "Smoothwall LB 2";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 600;
+ }
+ }
+ }
+ }
+ xe-0/0/27 {
+ description "Cisco 6500";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 600;
+ }
+ }
+ }
+ }
+ xe-0/0/28 {
+ description "Smoothwall FW - LAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 600;
+ }
+ }
+ }
+ }
+ xe-0/0/29 {
+ description "Smoothwall FW - Internet";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 501;
+ }
+ }
+ }
+ }
+ xe-0/0/30 {
+ description "Smoothwall FW - Internet";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 501;
+ }
+ }
+ }
+ }
+ xe-0/0/31 {
+ description "To OneNet";
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ 81 501 ];
+ }
+ }
+ }
+ }
+ ge-0/1/0 {
+ description "CORE 1GE to DEVICE.POP ge-X/X/X | OneNet-AAA-ZZZ-GE-XXXX";
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ me0 {
+ disable;
+ }
+ vlan {
+ unit 81 {
+ description INSERT-CLIENT-NAME-AND-CIRCUIT-ID;
+ family inet {
+ address 10.199.208.25/31;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ client-list snmp-management {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ 0.0.0.0/0 {
+ restrict;
+ }
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+ trap-group "<removed>" {
+ version v2;
+ targets {
+ 164.58.253.34;
+ 164.58.253.35;
+ }
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.208.24;
+ }
+}
+protocols {
+ igmp-snooping {
+ vlan all;
+ }
+ lldp {
+ interface all;
+ }
+}
+policy-options {
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term MGMT {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-DNS-SOURCES;
+ PRE-NTP-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ }
+ then accept;
+ }
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
+ term Reject {
+ then {
+ discard;
+ }
+ }
+ }
+ }
+}
+vlans {
+ VLAN-501 {
+ vlan-id 501;
+ }
+ VLAN-600 {
+ vlan-id 600;
+ }
+ VLAN-81 {
+ vlan-id 81;
+ l3-interface vlan.81;
+ }
+}
+{master:0}
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show ospf neighbor
+# OSPF instance is not running
+#
+# {master:0}
+# grnoc-mon at LAWTON-PS-EX4550-LR-004371> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+{master:0}
Index: configs/opt.nrm.onenet.net
===================================================================
--- configs/opt.nrm.onenet.net (revision 144888)
+++ configs/opt.nrm.onenet.net (working copy)
@@ -12,7 +12,6 @@
<interface name="LINE-1-2-2" abbr_name="LINE-1-2-2" admin_state="up" spanning_tree_metric="" description="Unknown" type="DC" monitoring_state="monitor"></interface>
</part>
<part name="SLOT-1-3" description="15454-40-WSS-C=" hw_version="A0" part_id="15454-40-WSS-C=" part_num="800-27454-03" serial_number="CAT1425B29H" slot="SLOT-1-3" vendor_id="Cisco">
- <interface name="CHAN-1-3-1-RX" abbr_name="CHAN-1-3-1-RX" admin_state="up" spanning_tree_metric="" description="" type="MUX" monitoring_state="monitor"></interface>
<interface name="CHAN-1-3-2-RX" abbr_name="CHAN-1-3-2-RX" admin_state="up" spanning_tree_metric="" description="" type="MUX" monitoring_state="monitor"></interface>
<interface name="CHAN-1-3-3-RX" abbr_name="CHAN-1-3-3-RX" admin_state="up" spanning_tree_metric="" description="" type="MUX" monitoring_state="monitor"></interface>
<interface name="CHAN-1-3-4-RX" abbr_name="CHAN-1-3-4-RX" admin_state="down" spanning_tree_metric="" description="" type="MUX" monitoring_state="no-monitor"></interface>
Index: configs/lawton-ps.client.onenet.net
===================================================================
--- configs/lawton-ps.client.onenet.net (revision 144971)
+++ configs/lawton-ps.client.onenet.net (working copy)
@@ -0,0 +1,840 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at LAWTON-PS-SRX550-004966> show system commit
+# 2016-07-25 18:01:53 CDT by admin via cli
+# 2016-07-25 10:25:43 CDT by admin via cli
+# 2016-03-15 11:23:32 CDT by admin via cli commit confirmed, rollback in 5mins
+# 2016-02-09 18:16:48 CST by admin via cli commit confirmed, rollback in 4mins
+# 2016-02-09 14:57:16 CST by admin via cli
+# 2016-01-27 15:56:40 CST by admin via cli commit confirmed, rollback in 3mins
+# grnoc-mon at LAWTON-PS-SRX550-004966> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU OK
+# Routing Engine Absent
+# Routing Engine CPU Absent
+# Fans SRXSME Chassis Fan 0 OK
+# SRXSME Chassis Fan 1 OK
+# SRXSME Chassis Fan 2 OK
+# SRXSME Chassis Fan 3 OK
+# Power Power Supply 0 OK
+# Power Supply 1 OK
+#
+# grnoc-mon at LAWTON-PS-SRX550-004966> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 12.1X46-D35.1 by builder on 2015-05
+# FWDD O/S Version 12.1X46-D35.1 by builder on 2015-05
+#
+# grnoc-mon at LAWTON-PS-SRX550-004966> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at LAWTON-PS-SRX550-004966> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis AL3315AK0090 SRX550
+# Midplane REV 22 750-035027 ACMS7391
+# Routing Engine REV 12 711-035026 ACMT3985 RE-SRXSME-SRX550
+# FPC 0 FPC
+# PIC 0 6x GE, 4x GE SFP Base PIC
+# Power Supply 0 Rev 04 740-024283 ZF67321 PS 645W AC
+# Power Supply 1 Rev 04 740-024283 ZD63649 PS 645W AC
+#
+# grnoc-mon at LAWTON-PS-SRX550-004966> show chassis hardware models
+# grnoc-mon at LAWTON-PS-SRX550-004966> show chassis routing-engine
+# Routing Engine status:
+# Serial ID ACMT3985
+#
+# grnoc-mon at LAWTON-PS-SRX550-004966> show chassis scb
+# grnoc-mon at LAWTON-PS-SRX550-004966> show chassis sfm detail
+# grnoc-mon at LAWTON-PS-SRX550-004966> show chassis ssb
+# grnoc-mon at LAWTON-PS-SRX550-004966> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Copyright (c) 1996-2015, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD/SMP: Multiprocessor System Detected: 6 CPUs
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 6 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 63XX CPU Rev. 0.10 with no FPU implemented
+# L1 Cache: I size 37kb(128 line), D size 32kb(128 line), direct mapped.
+# L2 Cache: Size 2048kb, 16 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# cpld0 on obio0
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
+# Disabling Octeon big bar support
+# pcib0: Initialized controller
+# pci0: <PCI bus> on pcib0
+# pci0: <processor> at device 0.0 (no driver attached)
+# pcib1: <Cavium on-chip PCIe HOST bridge> on obio0
+# pci1: <PCI bus> on pcib1
+# pcib2: <PCI-PCI bridge> mem 0xf0000000-0xf001ffff irq 0 at device 0.0 on pci1
+# pci2: <PCI bus> on pcib2
+# pcib3: <PCI-PCI bridge> irq 0 at device 1.0 on pci2
+# pci3: <PCI bus> on pcib3
+# pcib4: <PCI-PCI bridge> irq 0 at device 2.0 on pci2
+# pci4: <PCI bus> on pcib4
+# pcib5: <PCI-PCI bridge> irq 0 at device 4.0 on pci2
+# pci5: <PCI bus> on pcib5
+# pci5: <network, ethernet> at device 0.0 (no driver attached)
+# pcib6: <PCI-PCI bridge> irq 0 at device 5.0 on pci2
+# pci6: <PCI bus> on pcib6
+# pcib7: <PCI-PCI bridge> irq 0 at device 6.0 on pci2
+# pci7: <PCI bus> on pcib7
+# pcib8: <PCI-PCI bridge> irq 0 at device 7.0 on pci2
+# pci8: <PCI bus> on pcib8
+# pcib9: <PCI-PCI bridge> irq 0 at device 8.0 on pci2
+# pci9: <PCI bus> on pcib9
+# atapci0: <SiI 3132 SATA300 controller> mem 0xf0700000-0xf070007f,0xf0740000-0xf0743fff irq 0 at device 0.0 on pci9
+# ata0: <ATA channel 0> on atapci0
+# ata0: signature=00000101
+# ata1: <ATA channel 1> on atapci0
+# pcib10: <PCI-PCI bridge> irq 0 at device 9.0 on pci2
+# pci10: <PCI bus> on pcib10
+# pcib11: <PCI-PCI bridge> irq 0 at device 10.0 on pci2
+# pci11: <PCI bus> on pcib11
+# pcib12: <PCI-PCI bridge> irq 0 at device 12.0 on pci2
+# pci12: <PCI bus> on pcib12
+# pcib13: <PCI-PCI bridge> irq 0 at device 14.0 on pci2
+# pci13: <PCI bus> on pcib13
+# ehci0: <Octeon EHCI USB 2.0 controller> on obio0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: vendor 0x0000 EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 2 ports with 2 removable, self powered
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <AMD/Fujitsu - 8MB> on obio0
+# Timecounter "mips" frequency 1300000000 Hz quality 0
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# ata0: signature=00000101
+# ad0: FAILURE - SETFEATURES ENABLE APM timed out
+# ad0: Changing APM level failed
+# ad0: 1919MB <ATP COMPACT FLASH 20140121> at ata0-master WDMA2
+# Trying to mount root from ufs:/dev/ad0s2a
+# WARNING: / was not properly dismounted
+# WARNING: / was not properly dismounted
+#
+# grnoc-mon at LAWTON-PS-SRX550-004966> show version
+# Hostname: LAWTON-PS-SRX550-004966 # Model: srx550 # JUNOS Software Release [12.1X46-D35.1] # # grnoc-mon at LAWTON-PS-SRX550-004966> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 14 2015 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at LAWTON-PS-SRX550-004966> show system uptime
+# System booted: 2015-12-31 15:12 CST
+# Protocols started: 2015-12-31 15:14 CST
+# Last configured: 2016-07-25 18:01 CDT by admin
+#
+# grnoc-mon at LAWTON-PS-SRX550-004966> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up up
+#ge-0/0/1.0 up up
+#ge-0/0/2 up up
+#ge-0/0/2.0 up up
+#ge-0/0/3 up up
+#ge-0/0/3.0 up up
+#ge-0/0/4 down down
+#ge-0/0/5 up up
+#ge-0/0/5.0 up up
+#ge-0/0/6 down down
+#ge-0/0/7 down down
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ae0 up up
+#ae0.0 up up
+#ae1 up up
+#ae1.0 up up
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#st0.0 up up
+#st0.1 up up
+#tap up up
+#vlan up up
+#vlan.999 up down
+# grnoc-mon at LAWTON-PS-SRX550-004966> show configuration
+## Last commit: 2016-07-25 18:01:53 CDT by admin
+version 12.1X46-D35.1;
+system {
+ host-name LAWTON-PS-SRX550-004966;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 156.110.86.2;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 156.110.86.2;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dhcp {
+ pool 10.1.0.0/24 {
+ address-range low 10.1.0.2 high 10.1.0.254;
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ aggregated-devices {
+ ethernet {
+ device-count 2;
+ }
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ ge-0/0/1 {
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ ge-0/0/2 {
+ gigether-options {
+ 802.3ad ae1;
+ }
+ }
+ ge-0/0/3 {
+ gigether-options {
+ 802.3ad ae1;
+ }
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ description "Verizon to Internal LAN";
+ unit 0 {
+ family inet {
+ address 192.168.254.34/30;
+ }
+ }
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ae0 {
+ description "AE0 WAN LINK";
+ aggregated-ether-options {
+ link-speed 1g;
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family inet {
+ address 156.110.86.2/30;
+ }
+ }
+ }
+ ae1 {
+ aggregated-ether-options {
+ link-speed 1g;
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family inet {
+ address 164.58.168.1/26;
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ st0 {
+ unit 0 {
+ description "Verizon VPN Dallas";
+ family inet {
+ address 192.168.254.2/30;
+ }
+ }
+ unit 1 {
+ description "Verizon VPN Schertz";
+ family inet {
+ address 192.168.254.6/30;
+ }
+ }
+ }
+ vlan {
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.86.1;
+ }
+ autonomous-system 65505;
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ policy-statement VERIZON-DALLAS-EXPORT {
+ term SEND-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement VERIZON-SCHERTZ-EXPORT {
+ term SEND-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then {
+ as-path-prepend "65505 65505 65505 65505";
+ accept;
+ }
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+}
+security {
+ ike {
+ proposal PRE-G2-VERIZON-MD5 {
+ authentication-method pre-shared-keys;
+ dh-group group2;
+ authentication-algorithm md5;
+ encryption-algorithm aes-256-cbc;
+ lifetime-seconds 86400;
+ }
+ policy IKE-VERIZON-DALLAS-VPN {
+ mode main;
+ proposals PRE-G2-VERIZON-MD5;
+# pre-shared-#key <removed>;
+ }
+ policy IKE-VERIZON-SCHERTZ-VPN {
+ mode main;
+ proposals PRE-G2-VERIZON-MD5;
+# pre-shared-#key <removed>;
+ }
+ gateway IKE-GATE-VERIZON-DALLAS-VPN {
+ ike-policy IKE-VERIZON-DALLAS-VPN;
+ address 66.174.248.228;
+ external-interface ae0.0;
+ }
+ gateway IKE-GATE-VERIZON-SCHERTZ-VPN {
+ ike-policy IKE-VERIZON-SCHERTZ-VPN;
+ address 66.174.184.45;
+ external-interface ae0.0;
+ }
+ }
+ ipsec {
+ proposal G2-ESP-VERIZON-SHA {
+ protocol esp;
+ authentication-algorithm hmac-sha1-96;
+ encryption-algorithm aes-256-cbc;
+ lifetime-seconds 3600;
+ }
+ proposal G2-ESP-VERIZON-MD5 {
+ protocol esp;
+ authentication-algorithm hmac-md5-96;
+ encryption-algorithm 3des-cbc;
+ lifetime-seconds 3600;
+ }
+ policy VPN-POLICY-VERIZON-DALLAS-VPN {
+ proposals G2-ESP-VERIZON-MD5;
+ }
+ policy VPN-POLICY-VERIZON-SCHERTZ-VPN {
+ proposals G2-ESP-VERIZON-MD5;
+ }
+ vpn IPSEC-VPN-VERIZON-DALLAS-VPN {
+ bind-interface st0.0;
+ ike {
+ gateway IKE-GATE-VERIZON-DALLAS-VPN;
+ ipsec-policy VPN-POLICY-VERIZON-DALLAS-VPN;
+ }
+ establish-tunnels immediately;
+ }
+ vpn IPSEC-VPN-VERIZON-SCHERTZ-VPN {
+ bind-interface st0.1;
+ ike {
+ gateway IKE-GATE-VERIZON-SCHERTZ-VPN;
+ ipsec-policy VPN-POLICY-VERIZON-SCHERTZ-VPN;
+ }
+ establish-tunnels immediately;
+ }
+ }
+ address-book {
+ global {
+ address HOST-164.58.168.9 164.58.168.9/32;
+ address NET-38.102.250.0/24 38.102.250.0/24;
+ address NET-38.108.120.0/24 30.108.120.0/24;
+ }
+ }
+ flow {
+ tcp-mss {
+ all-tcp {
+ mss 1350;
+ }
+ }
+ }
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone UNTRUST to-zone UNTRUST {
+ policy ALLOW-SIP-IN {
+ match {
+ source-address [ NET-38.102.250.0/24 NET-38.108.120.0/24 ];
+ destination-address HOST-164.58.168.9;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ policy ALLOW-SIP-OUT {
+ match {
+ source-address HOST-164.58.168.9;
+ destination-address [ NET-38.102.250.0/24 NET-38.108.120.0/24 ];
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ policy DENY-TO-SIP {
+ match {
+ source-address any;
+ destination-address HOST-164.58.168.9;
+ application any;
+ }
+ then {
+ deny;
+ }
+ }
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone VERIZON-VPN to-zone VERIZON-VPN {
+ policy VERIZON-VPN-TO-VERIZON-VPN {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ ae1.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ ae0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ snmp;
+ ssh;
+ ike;
+ }
+ }
+ }
+ }
+ }
+ security-zone VERIZON-VPN {
+ interfaces {
+ ge-0/0/5.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ st0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ protocols {
+ bgp;
+ }
+ }
+ }
+ st0.1 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ protocols {
+ bgp;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+routing-instances {
+ VERIZON-WIRELESS {
+ instance-type virtual-router;
+ interface ge-0/0/5.0;
+ interface st0.0;
+ interface st0.1;
+ routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 192.168.254.33;
+ }
+ }
+ protocols {
+ bgp {
+ group VERIZON-VPN {
+ type external;
+ family inet {
+ unicast;
+ }
+ peer-as 6167;
+ neighbor 192.168.254.1 {
+ export VERIZON-DALLAS-EXPORT;
+ }
+ neighbor 192.168.254.5 {
+ export VERIZON-SCHERTZ-EXPORT;
+ }
+ }
+ }
+ }
+ }
+}
+# grnoc-mon at LAWTON-PS-SRX550-004966> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at LAWTON-PS-SRX550-004966> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
Index: routers.all
===================================================================
--- routers.all (revision 144970)
+++ routers.all (working copy)
@@ -368,6 +368,7 @@
keota-hs.client.onenet.net:juniper
lane-frost-medical.client.onenet.net:juniper
law-adva.p.onenet.net:fsp3000
+lawton-ps.client.onenet.net:juniper
leflore-ps.client.onenet.net:juniper
lone-wolf-ps.client.onenet.net:juniper
lukfata-ps.client.onenet.net:juniper
@@ -597,6 +598,7 @@
swi1.rp5f0.onenet.net:cisco
swi1.towalt.onenet.net:juniper
swi1.wayne.onenet.net:juniper
+swi2.lawton-ps.onenet.net:juniper
swi5.okcdc.onenet.net:juniper
tagnet-elgin.nid.onenet.net:fsp150
tahlequah-isd.client.onenet.net:juniper
More information about the Nocrancid
mailing list