[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Nov 3 14:04:04 CDT 2016
Index: configs/maysville-es.client.onenet.net
===================================================================
--- configs/maysville-es.client.onenet.net (revision 147829)
+++ configs/maysville-es.client.onenet.net (working copy)
@@ -614,7 +614,6 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/core.mca.onenet.net
===================================================================
--- configs/core.mca.onenet.net (revision 147676)
+++ configs/core.mca.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MCALESTER-MX480-RE0> show system commit
+# 2016-11-03 13:55:34 CDT by sean via cli commit synchronize
+# 2016-11-03 13:42:30 CDT by sean via cli commit synchronize
+# 2016-11-03 13:39:23 CDT by sean via cli commit synchronize
+# 2016-11-03 13:30:40 CDT by sean via cli commit synchronize
+# 2016-11-03 13:11:03 CDT by sean via cli commit synchronize
# 2016-10-20 11:09:04 CDT by andrew via cli commit synchronize
-# 2016-09-08 12:51:01 CDT by andrew via cli commit synchronize
-# 2016-09-08 12:20:57 CDT by andrew via cli commit synchronize
-# 2016-09-07 12:11:19 CDT by andrew via cli commit synchronize
-# 2016-08-31 18:54:57 CDT by andrew via cli commit synchronize
-# 2016-08-31 14:49:44 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
# grnoc-mon at MCALESTER-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -249,14 +249,14 @@
# drwxr-xr-x 2 root field 512 Mar 13 2016 rtsdb/
# -rw-r----- 1 root field 356 Mar 13 2016 sampled.pkts
# drwxr-xr-x 3 root field 512 Jul 10 2012 sec-download/
-# drwxrwxrwt 2 root wheel 512 Aug 17 16:35 vi.recover/
+# drwxrwxrwt 2 root wheel 512 Nov 3 13:24 vi.recover/
# total files: 4
#
# {master}
# grnoc-mon at MCALESTER-MX480-RE0> show system uptime
# System booted: 2016-03-13 01:36 CST
# Protocols started: 2016-03-13 01:45 CST
-# Last configured: 2016-10-20 11:09 CDT by andrew
+# Last configured: 2016-11-03 13:55 CDT by sean
#
# {master}
# grnoc-mon at MCALESTER-MX480-RE0> show interface terse
@@ -411,7 +411,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MCALESTER-MX480-RE0> show configuration
-## Last commit: 2016-10-20 11:09:04 CDT by andrew
+## Last commit: 2016-11-03 13:55:34 CDT by sean
version 13.3R8.7;
groups {
re0 {
@@ -1024,8 +1024,18 @@
}
}
unit 401 {
- description "STIDHAM-PS-20M-CIR0019482 [ORDERED]";
+ description STIDHAM-PS-20M-CIR0019482;
vlan-id 401;
+ family inet {
+ policer {
+ input 20M-POL;
+ output 20M-POL;
+ }
+ sampling {
+ input;
+ }
+ address 156.110.27.101/30;
+ }
}
}
ge-0/3/3 {
@@ -1239,6 +1249,7 @@
route 164.58.28.0/30 next-hop 156.110.43.69;
route 164.58.63.224/30 next-hop 156.110.43.69;
route 164.58.69.224/28 next-hop 156.110.130.246;
+ route 156.110.107.16/29 next-hop 156.110.27.102;
}
router-id 164.58.199.92;
autonomous-system 5078;
@@ -2112,14 +2123,6 @@
}
then discard;
}
- policer 20M-POL {
- logical-interface-policer;
- if-exceeding {
- bandwidth-limit 19m;
- burst-size-limit 300k;
- }
- then discard;
- }
policer 500M-POL {
if-exceeding {
bandwidth-limit 500m;
@@ -2155,6 +2158,14 @@
}
then discard;
}
+ policer 20M-POL {
+ logical-interface-policer;
+ if-exceeding {
+ bandwidth-limit 20m;
+ burst-size-limit 5m;
+ }
+ then discard;
+ }
}
routing-instances {
ODOT-VPLS-2527 {
Index: configs/canadian-ps.client.onenet.net
===================================================================
--- configs/canadian-ps.client.onenet.net (revision 147827)
+++ configs/canadian-ps.client.onenet.net (working copy)
@@ -171,7 +171,7 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at CANADIAN-PS-SRX240-LR-004907> show configuration
-warning: error writing(valid) /var/db/feature.db: expecting 9203 bytes, only wrote 0
+warning: error writing(valid) /var/db/feature.db: expecting 9204 bytes, only wrote 0
## Last commit: 2016-06-23 13:05:01 CDT by admin
version 12.1X46-D20.5;
system {
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 147829)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE3-M120-RE0> show system commit
+# 2016-11-03 13:58:46 CDT by sean via cli commit synchronize
+# 2016-11-03 13:29:54 CDT by sean via cli commit synchronize
# 2016-10-31 09:57:59 CDT by aberrios via cli commit synchronize
# 2016-10-21 22:29:15 CDT by andrew via cli commit synchronize
# 2016-10-21 10:56:59 CDT by sean via cli commit synchronize
# 2016-10-20 17:40:45 CDT by andrew via cli commit synchronize
-# 2016-10-17 15:27:13 CDT by aberrios via cli commit synchronize
-# 2016-10-12 10:03:49 CDT by andrew via cli commit synchronize
# grnoc-mon at OKC-CORE3-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -370,7 +370,7 @@
# grnoc-mon at OKC-CORE3-M120-RE0> show system uptime
# System booted: 2016-10-12 08:15 CDT
# Protocols started: 2016-10-12 08:19 CDT
-# Last configured: 2016-10-31 09:57 CDT by aberrios
+# Last configured: 2016-11-03 13:58 CDT by sean
#
# {master}
# grnoc-mon at OKC-CORE3-M120-RE0> show interface terse
@@ -602,7 +602,7 @@
#t1-2/3/0:4:20 up up
#t1-2/3/0:4:20.0 up up
#t1-2/3/0:4:21 up up
-#t1-2/3/0:4:21.0 up down
+#t1-2/3/0:4:21.0 up up
#t1-2/3/0:4:22 up up
#t1-2/3/0:4:22.16 up up
#t1-2/3/0:4:22.17 up up
@@ -1195,19 +1195,16 @@
#t1-3/3/0:4:28 down down
#coc1-3/3/0:5 up up
#ct3-3/3/0:5 up up
-#t1-3/3/0:5:1 up up
-#t1-3/3/0:5:1.0 up up
+#t1-3/3/0:5:1 down up
#t1-3/3/0:5:2 down down
#t1-3/3/0:5:3 down down
#t1-3/3/0:5:4 down down
#t1-3/3/0:5:5 down down
#t1-3/3/0:5:6 down down
-#t1-3/3/0:5:7 up up
-#t1-3/3/0:5:7.0 up up
+#t1-3/3/0:5:7 down up
#t1-3/3/0:5:8 down down
#t1-3/3/0:5:9 down down
-#t1-3/3/0:5:10 up up
-#t1-3/3/0:5:10.0 up up
+#t1-3/3/0:5:10 down up
#t1-3/3/0:5:11 down down
#t1-3/3/0:5:12 down down
#t1-3/3/0:5:13 down down
@@ -1768,7 +1765,6 @@
#lsq-5/1/0.54 up up
#lsq-5/1/0.69 up up
#lsq-5/1/0.71 up up
-#lsq-5/1/0.116 up up
#lsq-5/1/0.125 up up
#lsq-5/1/0.131 up up
#lsq-5/1/0.148 up up
@@ -1851,7 +1847,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE3-M120-RE0> show configuration
-## Last commit: 2016-10-31 09:57:59 CDT by aberrios
+## Last commit: 2016-11-03 13:58:46 CDT by sean
version 13.3R9.13;
groups {
re0 {
@@ -5985,13 +5981,7 @@
partition 1-28 interface-type t1;
}
t1-3/3/0:5:1 {
- description Stidham-Public-School-T1-CIR0005183-lsq-5/1/0.116;
- encapsulation ppp;
- unit 0 {
- family mlppp {
- bundle lsq-5/1/0.116;
- }
- }
+ disable;
}
t1-3/3/0:5:2 {
disable;
@@ -6009,13 +5999,7 @@
disable;
}
t1-3/3/0:5:7 {
- description Stidham-Public-School-T1-CIR0003166-lsq-5/1/0.116;
- encapsulation ppp;
- unit 0 {
- family mlppp {
- bundle lsq-5/1/0.116;
- }
- }
+ disable;
}
t1-3/3/0:5:8 {
disable;
@@ -6024,13 +6008,7 @@
disable;
}
t1-3/3/0:5:10 {
- description Stidham-Public-School-T1-CIR0004606-lsq-5/1/0.116;
- encapsulation ppp;
- unit 0 {
- family mlppp {
- bundle lsq-5/1/0.116;
- }
- }
+ disable;
}
t1-3/3/0:5:11 {
disable;
@@ -8443,13 +8421,6 @@
address 156.110.46.249/30;
}
}
- unit 116 {
- description Stidham-PS;
- encapsulation multilink-ppp;
- family inet {
- address 164.58.184.125/30;
- }
- }
unit 125 {
description DOC-James-Hamilton-Center;
encapsulation multilink-ppp;
@@ -8864,7 +8835,6 @@
route 156.110.79.32/29 next-hop 164.58.12.78;
route 184.186.210.48/28 next-hop 164.58.255.246;
route 156.110.78.180/30 next-hop 156.110.46.250;
- route 156.110.107.16/29 next-hop 164.58.184.126;
route 156.110.235.144/29 next-hop 156.110.62.26;
route 164.58.148.64/27 next-hop 156.110.210.90;
route 164.58.237.104/30 next-hop 156.110.82.194;
Index: configs/hub.dun.onenet.net
===================================================================
--- configs/hub.dun.onenet.net (revision 147829)
+++ configs/hub.dun.onenet.net (working copy)
@@ -303,8 +303,8 @@
#t1-2/0/2:20 down down
#t1-2/0/2:21 down down
#t1-2/0/2:22 down down
-#t1-2/0/2:23 up down
-#t1-2/0/2:23.0 up down
+#t1-2/0/2:23 up up
+#t1-2/0/2:23.0 up up
#t1-2/0/2:24 up up
#t1-2/0/2:24.0 up up
#t1-2/0/2:25 up up
Index: configs/meeker-ps.client.onenet.net
===================================================================
--- configs/meeker-ps.client.onenet.net (revision 147829)
+++ configs/meeker-ps.client.onenet.net (working copy)
@@ -144,8 +144,8 @@
#ge-0/0/11 down down
#ge-0/0/12 down down
#ge-0/0/13 down down
-#ge-0/0/14 up up
-#ge-0/0/14.0 up up
+#ge-0/0/14 up down
+#ge-0/0/14.0 up down
#ge-0/0/15 up up
#ge-0/0/15.0 up up
#fxp2 up up
Index: configs/bearden-ps.client.onenet.net
===================================================================
--- configs/bearden-ps.client.onenet.net (revision 147187)
+++ configs/bearden-ps.client.onenet.net (working copy)
@@ -1,14 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at BEARDEN-PS-LR-004343> show system commit
+# 2016-11-03 13:23:30 CDT by aberrios via cli
# 2016-05-30 13:13:22 CDT by andrew via cli
# 2015-10-06 18:02:20 CDT by admin via cli
# 2015-05-13 10:31:44 CDT by admin via cli
# 2015-01-23 14:16:10 CST by admin via cli
# 2015-01-23 17:02:48 CST by root via cli
-# 2015-01-22 23:56:05 CST by root via other
-# rescue 2016-05-30 13:21:34 CDT by andrew via cli
-#
# grnoc-mon at BEARDEN-PS-LR-004343> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -100,7 +98,7 @@
# grnoc-mon at BEARDEN-PS-LR-004343> show system uptime
# System booted: 2016-10-11 10:11 CDT
# Protocols started: 2016-10-11 10:13 CDT
-# Last configured: 2016-05-30 13:13 CDT by andrew
+# Last configured: 2016-11-03 13:23 CDT by aberrios
#
# grnoc-mon at BEARDEN-PS-LR-004343> show interface terse
#Interface Admin Link
@@ -114,12 +112,12 @@
#sp-0/0/0 up up
#sp-0/0/0.0 up up
#sp-0/0/0.16383 up up
-#ge-0/0/1 down down
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
#ge-0/0/2 down down
#ge-0/0/3 down down
#ge-0/0/4 down down
-#ge-0/0/5 up down
-#ge-0/0/5.0 up down
+#ge-0/0/5 down down
#ge-0/0/6 down down
#ge-0/0/7 up up
#ge-0/0/7.0 up up
@@ -143,28 +141,28 @@
#st0 up up
#tap up up
#vlan up up
+#vlan.3 up up
#vlan.999 up down
# grnoc-mon at BEARDEN-PS-LR-004343> show configuration
-## Last commit: 2016-05-30 13:13:22 CDT by andrew
+## Last commit: 2016-11-03 13:23:30 CDT by aberrios
version 12.1X46-D20.5;
system {
host-name BEARDEN-PS-LR-004343;
- auto-snapshot;
+ domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
root-authentication {
# encrypted-password <removed>;
}
name-server {
164.58.253.10;
- 156.110.198.10;
- 164.58.233.202;
- 164.58.253.4;
+ 164.58.198.10;
}
radius-server {
156.110.31.11 {
- port 1812;
- accounting-port 1813;
# secret "<removed>"; ## SECRET-DATA
source-address 164.58.28.194;
}
@@ -177,7 +175,7 @@
login {
message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
class admin {
- idle-timeout 1044;
+ idle-timeout 30;
permissions all;
}
class lockdown {
@@ -202,6 +200,10 @@
# encrypted-password <removed>;
}
}
+ user client {
+ uid 2000;
+ class admin;
+ }
user eng {
uid 2018;
class admin;
@@ -230,10 +232,10 @@
dhcp {
pool 10.1.0.0/24 {
address-range low 10.1.0.2 high 10.1.0.254;
- domain-name test.pool.onenet.net;
+ domain-name test.local;
name-server {
164.58.253.10;
- 164.58.253.4;
+ 164.58.198.10;
}
router {
10.1.0.1;
@@ -253,7 +255,11 @@
file interactive-commands {
interactive-commands any;
}
- file TRAFFIC {
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
any any;
match RT_FLOW_SESSION;
}
@@ -262,13 +268,15 @@
match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
}
}
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
ntp {
server 164.58.3.98 prefer;
}
}
interfaces {
ge-0/0/0 {
- description "UNTRUST WAN Interface GE - 164.58.28.194/30";
+ description "L3 INTERFACE - UNTRUST-WAN - 164.58.28.194/30";
unit 0 {
family inet {
address 164.58.28.194/30;
@@ -276,7 +284,15 @@
}
}
ge-0/0/1 {
- disable;
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
}
ge-0/0/2 {
disable;
@@ -288,23 +304,19 @@
disable;
}
ge-0/0/5 {
- unit 0 {
- description TEST-TRUST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
+ disable;
}
ge-0/0/6 {
disable;
}
ge-0/0/7 {
- description "TRUST LAN Interface - 156.110.107.57/30";
+ description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
- family inet {
- address 156.110.107.57/29;
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
}
}
}
@@ -312,15 +324,20 @@
unit 0 {
family inet {
filter {
- input MGMT-FILTER;
+ input PROTECT-RE;
}
- address 127.0.0.1/32;
}
}
}
vlan {
+ unit 3 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
+ family inet {
+ address 172.16.1.1/16;
+ }
+ }
unit 999 {
- description "TRUST - L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
family inet {
address 10.1.0.1/24;
}
@@ -349,21 +366,46 @@
lldp {
interface all;
}
+ stp;
}
policy-options {
- prefix-list ONENET-MGMT {
- 10.0.0.0/8;
- 156.110.0.0/16;
- 164.58.0.0/16;
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
}
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
}
security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
nat {
source {
- rule-set TEST-NAT {
- from zone TEST-ZONE;
+ rule-set TRUST-TO-UNTRUST-NAT {
+ from zone TRUST;
to zone UNTRUST;
- rule TEST-SOURCE-NAT {
+ rule NAT-TRUST-TO-UNTRUST {
match {
source-address 0.0.0.0/0;
}
@@ -374,11 +416,25 @@
}
}
}
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
}
}
policies {
- from-zone TEST-ZONE to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
match {
source-address any;
destination-address any;
@@ -389,8 +445,8 @@
}
}
}
- from-zone UNTRUST to-zone UNTRUST {
- policy UNTRUST-TO-UNTRUST {
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
match {
source-address any;
destination-address any;
@@ -403,23 +459,24 @@
}
}
zones {
- security-zone UNTRUST {
+ security-zone TRUST {
interfaces {
- ge-0/0/0.0 {
+ vlan.3 {
host-inbound-traffic {
system-services {
ping;
- ssh;
- snmp;
traceroute;
}
}
}
- ge-0/0/7.0 {
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
host-inbound-traffic {
system-services {
- ssh;
- snmp;
+ dhcp;
ping;
traceroute;
}
@@ -427,14 +484,15 @@
}
}
}
- security-zone TEST-ZONE {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
interfaces {
- vlan.999 {
+ ge-0/0/0.0 {
host-inbound-traffic {
system-services {
- dhcp;
- dns;
ping;
+ snmp;
+ ssh;
traceroute;
}
}
@@ -445,19 +503,31 @@
}
firewall {
family inet {
- filter MGMT-FILTER {
- term ALLOW-ONENET {
+ filter PROTECT-RE {
+ term SSH-ALLOW {
from {
source-prefix-list {
- ONENET-MGMT;
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
- term DENY-ALL-OTHER {
+ term SNMP-ALLOW {
from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
protocol tcp;
destination-port ssh;
}
@@ -465,18 +535,42 @@
discard;
}
}
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
term ALL-TRAFFIC {
then accept;
}
}
}
}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
vlans {
TEST-VLAN {
- description "Test VLAN 999 for UNTRUST TESTING ONLY";
+ description "Test VLAN 999 for TESTING ONLY";
vlan-id 999;
l3-interface vlan.999;
}
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 3;
+ l3-interface vlan.3;
+ }
}
# grnoc-mon at BEARDEN-PS-LR-004343> show ospf neighbor
# OSPF instance is not running
Index: configs/perry-ps.client.onenet.net
===================================================================
--- configs/perry-ps.client.onenet.net (revision 147549)
+++ configs/perry-ps.client.onenet.net (working copy)
@@ -143,8 +143,8 @@
#ge-0/0/11 down down
#ge-0/0/12 down down
#ge-0/0/13 down down
-#ge-0/0/14 up up
-#ge-0/0/14.0 up up
+#ge-0/0/14 up down
+#ge-0/0/14.0 up down
#ge-0/0/15 up up
#ge-0/0/15.0 up up
#fxp2 up up
More information about the Nocrancid
mailing list