[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Mon Apr 3 12:04:15 CDT 2017
Index: configs/legal-aid-tulsa.client.onenet.net
===================================================================
--- configs/legal-aid-tulsa.client.onenet.net (revision 152080)
+++ configs/legal-aid-tulsa.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LEGAL-AID-TULSA-SRX240-LR-004955> show system commit
+# 2017-04-03 11:33:21 CDT by andrew via cli
+# 2017-04-03 11:07:14 CDT by andrew via cli
+# 2017-04-03 11:06:16 CDT by andrew via cli
+# 2017-04-03 11:05:04 CDT by andrew via cli
+# 2017-04-03 11:02:44 CDT by andrew via cli
# 2017-04-03 10:22:53 CDT by andrew via cli commit confirmed, rollback in 5mins
-# 2017-02-23 13:51:21 CST by aduenas via junoscript
-# 2017-01-27 14:02:54 CST by andrew via cli
-# 2017-01-27 10:57:32 CST by andrew via cli
-# 2017-01-23 11:08:06 CST by wguyton via junoscript
-# 2017-01-11 19:26:32 CST by andrew via cli
# grnoc-mon at LEGAL-AID-TULSA-SRX240-LR-004955> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -119,7 +119,7 @@
# grnoc-mon at LEGAL-AID-TULSA-SRX240-LR-004955> show system uptime
# System booted: 2016-12-29 11:23 CST
# Protocols started: 2016-12-29 11:27 CST
-# Last configured: 2017-04-03 10:22 CDT by andrew
+# Last configured: 2017-04-03 11:33 CDT by andrew
#
# grnoc-mon at LEGAL-AID-TULSA-SRX240-LR-004955> show interface terse
#Interface Admin Link
@@ -182,7 +182,7 @@
#tap up up
#vlan up up
# grnoc-mon at LEGAL-AID-TULSA-SRX240-LR-004955> show configuration
-## Last commit: 2017-04-03 10:22:53 CDT by andrew
+## Last commit: 2017-04-03 11:33:21 CDT by andrew
version 12.3X48-D35.7;
system {
host-name LEGAL-AID-TULSA-SRX240-LR-004955;
@@ -211,11 +211,17 @@
}
}
login {
- message "n+----------------------------------------------------------------------------+n| |n| Managed by Oklahoma State Regents for Higher Education |n| Oklahoma Network for Education Enrichment (ONENET) |n| |n| *** Unauthorized Use or Access Prohibited *** |n| |n| For more information, contact: |n| |n| Oklahoma State Regents for Higher Education |n| Educational Telecommunications Network -- ONENET |n| (888) 566-3638 |n| !
info at onenet.net |n| |n+----------------------------------------------------------------------------+n";
+ protect: message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n!
| info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
class admin {
idle-timeout 30;
permissions all;
}
+ class customer-admin {
+ idle-timeout 30;
+ permissions all;
+ deny-commands "load|shell";
+ deny-configuration "(system login)|(system root-authentication)";
+ }
class lockdown {
idle-timeout 2;
permissions view;
@@ -241,7 +247,7 @@
user aduenas {
full-name "Antonio Duenas";
uid 2100;
- class admin;
+ class customer-admin;
authentication {
# encrypted-password <removed>;
}
@@ -275,7 +281,7 @@
user wguyton {
full-name "William Guyton";
uid 2101;
- class admin;
+ class customer-admin;
authentication {
# encrypted-password <removed>;
}
@@ -747,7 +753,7 @@
lo0 {
unit 0 {
family inet {
- filter {
+ protect: filter {
input PROTECT-RE;
}
}
@@ -777,28 +783,73 @@
route 10.0.0.0/8 next-hop 10.199.6.13;
route 172.16.0.0/12 next-hop 10.199.6.13;
}
+ autonomous-system 64517;
}
protocols {
+ bgp {
+ group EBGP-ONENET-L3VPN {
+ neighbor 10.199.6.13 {
+ description "EBGP-LEGAL-AID-TULSA-L3VPN-50M-CIR0019800-LR [ORDERED]";
+ import EBGP-LEGAL-AID-IMPORT;
+# authentication-#key <removed>;
+ export EBGP-LEGAL-AID-EXPORT;
+ peer-as 5078;
+ }
+ }
+ }
lldp {
interface all;
}
stp;
}
policy-options {
- prefix-list PRE-MGMT-SOURCES {
+ protect: prefix-list PRE-MGMT-SOURCES {
156.110.31.0/27;
156.110.31.32/28;
164.58.28.58/32;
164.58.253.0/24;
192.168.1.0/24;
}
- prefix-list PRE-LOCALIPv4-SOURCES {
+ protect: prefix-list PRE-LOCALIPv4-SOURCES {
apply-path "interfaces <*> unit <*> family inet address <*>";
}
+ policy-statement EBGP-LEGAL-AID-EXPORT {
+ term SEND-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term ACCEPT-RFC1918 {
+ from {
+ protocol [ direct static ];
+ route-filter 10.0.0.0/8 orlonger;
+ route-filter 172.16.0.0/12 orlonger;
+ route-filter 192.168.0.0/16 orlonger;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-LEGAL-AID-IMPORT {
+ term ACCEPT-RFC1918 {
+ from {
+ route-filter 10.0.0.0/8 orlonger;
+ route-filter 172.16.0.0/12 orlonger;
+ route-filter 192.168.0.0/16 orlonger;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
}
firewall {
family inet {
- filter PROTECT-RE {
+ protect: filter PROTECT-RE {
term SSH-ALLOW {
from {
source-prefix-list {
Index: configs/core.say.onenet.net
===================================================================
--- configs/core.say.onenet.net (revision 151994)
+++ configs/core.say.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SAYRE-MX480-RE0> show system commit
+# 2017-04-03 11:49:18 CDT by andrew via cli commit synchronize
# 2017-02-24 23:16:11 CST by andrew via cli commit synchronize
# 2017-02-22 16:52:17 CST by sean via cli commit synchronize
# 2017-02-22 16:49:38 CST by sean via cli commit synchronize
# 2017-02-22 12:09:40 CST by sean via cli commit synchronize
# 2017-02-20 13:29:05 CST by andrew via cli commit synchronize
-# 2017-02-20 11:25:01 CST by andrew via cli commit synchronize
# grnoc-mon at SAYRE-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -253,7 +253,7 @@
# grnoc-mon at SAYRE-MX480-RE0> show system uptime
# System booted: 2016-03-21 00:48 CDT
# Protocols started: 2016-03-21 00:53 CDT
-# Last configured: 2017-02-24 23:16 CST by andrew
+# Last configured: 2017-04-03 11:49 CDT by andrew
#
# {master}
# grnoc-mon at SAYRE-MX480-RE0> show interface terse
@@ -386,7 +386,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SAYRE-MX480-RE0> show configuration
-## Last commit: 2017-02-24 23:16:11 CST by andrew
+## Last commit: 2017-04-03 11:49:18 CDT by andrew
version 13.3R8.7;
groups {
re0 {
@@ -673,7 +673,7 @@
}
}
ge-0/2/2 {
- description "SAYRE-SCHOOL-DISTRICT-500M-CIR0019292 [NO-MONITOR]";
+ description SAYRE-SCHOOL-DISTRICT-500M-CIR0019292;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 152080)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -869,8 +869,8 @@
#t1-2/3/0:10:18.0 up up
#t1-2/3/0:10:19 up up
#t1-2/3/0:10:19.0 up up
-#t1-2/3/0:10:20 up down
-#t1-2/3/0:10:20.0 up down
+#t1-2/3/0:10:20 up up
+#t1-2/3/0:10:20.0 up up
#t1-2/3/0:10:21 up up
#t1-2/3/0:10:21.0 up up
#t1-2/3/0:10:22 up up
Index: configs/core4.okc.onenet.net
===================================================================
--- configs/core4.okc.onenet.net (revision 152069)
+++ configs/core4.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE4-MX480-RE0> show system commit
+# 2017-04-03 11:45:31 CDT by andrew via cli commit synchronize
+# 2017-04-03 11:25:09 CDT by andrew via cli commit synchronize
# 2017-03-29 16:01:51 CDT by andrew via cli commit synchronize
# 2017-03-29 15:59:01 CDT by andrew via cli commit synchronize
# 2017-03-29 15:45:04 CDT by andrew via cli commit synchronize
# 2017-03-29 13:35:36 CDT by sean via cli commit synchronize
-# 2017-03-29 11:07:02 CDT by andrew via cli commit synchronize
-# 2017-03-28 14:21:22 CDT by andrew via cli commit synchronize
# grnoc-mon at OKC-CORE4-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -436,7 +436,7 @@
# grnoc-mon at OKC-CORE4-MX480-RE0> show system uptime
# System booted: 2016-10-12 18:12 CDT
# Protocols started: 2016-10-12 18:14 CDT
-# Last configured: 2017-03-29 16:01 CDT by andrew
+# Last configured: 2017-04-03 11:45 CDT by andrew
#
# {master}
# grnoc-mon at OKC-CORE4-MX480-RE0> show interface terse
@@ -1313,7 +1313,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE4-MX480-RE0> show configuration
-## Last commit: 2017-03-29 16:01:51 CDT by andrew
+## Last commit: 2017-04-03 11:45:31 CDT by andrew
version 13.3R9.13;
groups {
re0 {
@@ -10872,6 +10872,38 @@
then reject;
}
}
+ policy-statement EBGP-LEGAL-AID-EXPORT {
+ term SEND-RFC1918 {
+ from {
+ route-filter 10.0.0.0/8 orlonger;
+ route-filter 172.16.0.0/12 orlonger;
+ route-filter 192.168.0.0/16 orlonger;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-LEGAL-AID-IMPORT {
+ term ACCEPT-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term ACCEPT-RFC1918 {
+ from {
+ route-filter 10.0.0.0/8 orlonger;
+ route-filter 172.16.0.0/12 orlonger;
+ route-filter 192.168.0.0/16 orlonger;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
policy-statement EBGP-METRO-TECH-EXPORT {
term EXPORT-DEFAULT {
from {
@@ -11861,6 +11893,13 @@
accept;
}
}
+ term 4 {
+ from protocol bgp;
+ then {
+ community add LEGAL-AID-VPN;
+ accept;
+ }
+ }
}
policy-statement LEGAL-AID-VRF-IMPORT {
term 1 {
@@ -14808,6 +14847,20 @@
route 192.168.44.0/24 next-hop 10.199.6.6;
}
}
+ protocols {
+ bgp {
+ group EBGP-LEGAL-AID {
+ neighbor 10.199.6.2 {
+ description "EBGP-LEGAL-AID-OKC-MAIN-OFFICE-L3VPN-100M-CIR0019119 [ORDERED]";
+ import EBGP-LEGAL-AID-IMPORT;
+# authentication-#key <removed>;
+ export EBGP-LEGAL-AID-EXPORT;
+ peer-as 64517;
+ as-override;
+ }
+ }
+ }
+ }
}
METRO-TECH-VPLS-2012 {
description "Metro Tech VPLS";
Index: configs/odmhsas-tmhc-lawton-main.client.onenet.net
===================================================================
--- configs/odmhsas-tmhc-lawton-main.client.onenet.net (revision 151887)
+++ configs/odmhsas-tmhc-lawton-main.client.onenet.net (working copy)
@@ -88,14 +88,16 @@
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
# Trying to mount root from ufs:/dev/ad0s2a
+# WARNING: / was not properly dismounted
+# WARNING: / was not properly dismounted
#
# grnoc-mon at ODMHSAS-TALIAFERRO-MHC-LAWTON-MAIN-SRX220> show version
# Hostname: ODMHSAS-TALIAFERRO-MHC-LAWTON-MAIN-SRX220 # Model: srx220h2 # JUNOS Software Release [12.1X46-D20.5] # # grnoc-mon at ODMHSAS-TALIAFERRO-MHC-LAWTON-MAIN-SRX220> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 May 14 2014 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at ODMHSAS-TALIAFERRO-MHC-LAWTON-MAIN-SRX220> show system uptime
-# System booted: 2017-03-28 14:36 CDT
-# Protocols started: 2017-03-28 14:39 CDT
+# System booted: 2017-04-03 11:39 CDT
+# Protocols started: 2017-04-03 11:42 CDT
# Last configured: 2017-03-05 09:31 CST by andrew
#
# grnoc-mon at ODMHSAS-TALIAFERRO-MHC-LAWTON-MAIN-SRX220> show interface terse
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net (revision 152080)
+++ configs/hub.dur.onenet.net (working copy)
@@ -325,7 +325,7 @@
#fe-2/1/1.0 up up
#fe-2/1/2 up up
#fe-2/1/2.0 up up
-#fe-2/1/3 down down
+#fe-2/1/3 down up
#ge-2/2/0 up up
#ge-2/2/0.0 up up
#pc-2/2/0 up up
Index: configs/core5.tul.onenet.net
===================================================================
--- configs/core5.tul.onenet.net (revision 152080)
+++ configs/core5.tul.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE5-MX480-RE0> show system commit
+# 2017-04-03 11:45:08 CDT by andrew via cli commit synchronize
+# 2017-04-03 11:39:02 CDT by andrew via cli commit synchronize
+# 2017-04-03 11:32:18 CDT by andrew via cli commit synchronize
# 2017-04-03 10:22:44 CDT by andrew via cli commit synchronize
# 2017-03-29 11:39:55 CDT by sean via cli commit synchronize
# 2017-03-29 11:37:43 CDT by sean via cli commit synchronize
-# 2017-03-23 17:37:29 CDT by andrew via cli commit synchronize
-# 2017-03-23 15:53:24 CDT by sean via cli commit synchronize
-# 2017-03-23 12:52:17 CDT by sean via cli commit synchronize
# grnoc-mon at TULSA-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -392,7 +392,7 @@
# grnoc-mon at TULSA-CORE5-MX480-RE0> show system uptime
# System booted: 2016-08-15 04:47 CDT
# Protocols started: 2016-08-15 04:53 CDT
-# Last configured: 2017-04-03 10:22 CDT by andrew
+# Last configured: 2017-04-03 11:45 CDT by andrew
#
# {master}
# grnoc-mon at TULSA-CORE5-MX480-RE0> show interface terse
@@ -859,7 +859,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE5-MX480-RE0> show configuration
-## Last commit: 2017-04-03 10:22:44 CDT by andrew
+## Last commit: 2017-04-03 11:45:08 CDT by andrew
version 13.3R9.13;
groups {
re0 {
@@ -7080,6 +7080,41 @@
then reject;
}
}
+ policy-statement EBGP-LEGAL-AID-EXPORT {
+ term SEND-RFC1918 {
+ from {
+ route-filter 10.0.0.0/8 orlonger;
+ route-filter 172.16.0.0/12 orlonger;
+ route-filter 192.168.0.0/16 orlonger;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-LEGAL-AID-IMPORT {
+ term ACCEPT-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then {
+ as-path-prepend "64517 64517";
+ accept;
+ }
+ }
+ term ACCEPT-RFC1918 {
+ from {
+ route-filter 10.0.0.0/8 orlonger;
+ route-filter 172.16.0.0/12 orlonger;
+ route-filter 192.168.0.0/16 orlonger;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
policy-statement EBGP-NETFLIX-V4-EXPORT {
term DONT-SEND {
from community NETFLIX-REJECT;
@@ -7372,6 +7407,13 @@
accept;
}
}
+ term 4 {
+ from protocol bgp;
+ then {
+ community add LEGAL-AID-VPN;
+ accept;
+ }
+ }
}
policy-statement LEGAL-AID-VRF-IMPORT {
term 1 {
@@ -9416,14 +9458,22 @@
route 192.168.111.0/24 next-hop 10.199.6.14;
route 192.168.112.0/24 next-hop 10.199.6.14;
route 192.168.113.0/24 next-hop 10.199.6.14;
- route 192.168.2.0/24 next-hop 10.199.6.14;
- route 192.168.10.0/24 next-hop 10.199.6.14;
- route 192.168.11.0/24 next-hop 10.199.6.14;
- route 192.168.12.0/24 next-hop 10.199.6.14;
- route 192.168.13.0/24 next-hop 10.199.6.14;
- route 192.168.14.0/24 next-hop 10.199.6.14;
}
}
+ protocols {
+ bgp {
+ group EBGP-LEGAL-AID {
+ neighbor 10.199.6.14 {
+ description "EBGP-LEGAL-AID-TULSA-L3VPN-50M-CIR0019800-LR [ORDERED]";
+ import EBGP-LEGAL-AID-IMPORT;
+# authentication-#key <removed>;
+ export EBGP-LEGAL-AID-EXPORT;
+ peer-as 64517;
+ as-override;
+ }
+ }
+ }
+ }
}
NSU-L3VPN {
description NSU-L3VPN;
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net (revision 152062)
+++ configs/lavern-public-schools.client.onenet.net (working copy)
@@ -102,7 +102,7 @@
#
# grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse
#Interface Admin Link
-#ge-0/0/0 down down
+#ge-0/0/0 down up
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
Index: configs/legal-aid-okc.client.onenet.net
===================================================================
--- configs/legal-aid-okc.client.onenet.net (revision 152080)
+++ configs/legal-aid-okc.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show system commit
+# 2017-04-03 11:28:28 CDT by andrew via cli commit confirmed, rollback in 5mins
+# 2017-04-03 11:07:32 CDT by andrew via cli
# 2017-04-03 11:01:57 CDT by andrew via cli
# 2017-04-03 10:27:45 CDT by andrew via cli
# 2017-04-03 10:24:39 CDT by andrew via cli
# 2017-04-03 10:24:12 CDT by andrew via cli
-# 2017-03-24 15:37:59 CDT by andrew via cli
-# 2017-03-07 09:51:04 CST by andrew via cli
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -117,7 +117,7 @@
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show system uptime
# System booted: 2016-11-08 16:48 CST
# Protocols started: 2016-11-08 16:52 CST
-# Last configured: 2017-04-03 11:01 CDT by andrew
+# Last configured: 2017-04-03 11:28 CDT by andrew
#
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show interface terse
#Interface Admin Link
@@ -192,7 +192,7 @@
#tap up up
#vlan up up
# grnoc-mon at LEGAL-AID-OKC-SRX240-MR> show configuration
-## Last commit: 2017-04-03 11:01:57 CDT by andrew
+## Last commit: 2017-04-03 11:28:28 CDT by andrew
version 12.1X46-D40.2;
system {
host-name LEGAL-AID-OKC-SRX240-MR;
@@ -221,7 +221,7 @@
}
}
login {
- message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ protect: message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n!
| info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
class admin {
idle-timeout 30;
permissions all;
@@ -490,7 +490,7 @@
lo0 {
unit 0 {
family inet {
- filter {
+ protect: filter {
input PROTECT-RE;
}
}
@@ -634,8 +634,20 @@
route 192.168.13.0/24 next-hop 10.199.6.1;
route 192.168.14.0/24 next-hop 10.199.6.1;
}
+ autonomous-system 64517;
}
protocols {
+ bgp {
+ group EBGP-ONENET-L3VPN {
+ neighbor 10.199.6.1 {
+ description "EBGP-LEGAL-AID-OKC-MAIN-OFFICE-L3VPN-100M-CIR0019119 [ORDERED]";
+ import EBGP-LEGAL-AID-IMPORT;
+# authentication-#key <removed>;
+ export EBGP-LEGAL-AID-EXPORT;
+ peer-as 5078;
+ }
+ }
+ }
ospf {
export EXPORT-TO-OSPF;
area 0.0.0.0 {
@@ -648,14 +660,47 @@
stp;
}
policy-options {
- prefix-list PRE-MGMT-SOURCES {
+ protect: prefix-list PRE-MGMT-SOURCES {
156.110.31.0/27;
156.110.31.32/28;
164.58.253.0/24;
}
- prefix-list PRE-LOCALIPv4-SOURCES {
+ protect: prefix-list PRE-LOCALIPv4-SOURCES {
apply-path "interfaces <*> unit <*> family inet address <*>";
}
+ policy-statement EBGP-LEGAL-AID-EXPORT {
+ term SEND-DEFAULT {
+ from {
+ route-filter 0.0.0.0/0 exact;
+ }
+ then accept;
+ }
+ term ACCEPT-RFC1918 {
+ from {
+ protocol [ direct static ];
+ route-filter 10.0.0.0/8 orlonger;
+ route-filter 172.16.0.0/12 orlonger;
+ route-filter 192.168.0.0/16 orlonger;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
+ policy-statement EBGP-LEGAL-AID-IMPORT {
+ term ACCEPT-RFC1918 {
+ from {
+ route-filter 10.0.0.0/8 orlonger;
+ route-filter 172.16.0.0/12 orlonger;
+ route-filter 192.168.0.0/16 orlonger;
+ }
+ then accept;
+ }
+ term REJECT-ALL-ELSE {
+ then reject;
+ }
+ }
policy-statement EXPORT-TO-OSPF {
term REJECT-DEFAULT {
from {
@@ -1309,6 +1354,9 @@
ping;
traceroute;
}
+ protocols {
+ bgp;
+ }
}
}
ge-0/0/15.1 {
@@ -1523,7 +1571,7 @@
}
firewall {
family inet {
- filter PROTECT-RE {
+ protect: filter PROTECT-RE {
term SSH-ALLOW {
from {
source-prefix-list {
More information about the Nocrancid
mailing list