[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Tue Apr 4 19:05:11 CDT 2017
Index: configs/allen-public-library.client.onenet.net
===================================================================
--- configs/allen-public-library.client.onenet.net (revision 152119)
+++ configs/allen-public-library.client.onenet.net (working copy)
@@ -133,8 +133,8 @@
#ge-0/0/1.0 up down
#ge-0/0/2 up up
#ge-0/0/2.0 up up
-#ge-0/0/3 up up
-#ge-0/0/3.0 up up
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
#ge-0/0/4 up up
#ge-0/0/4.0 up up
#ge-0/0/5 up up
Index: configs/core.mca.onenet.net
===================================================================
--- configs/core.mca.onenet.net (revision 152113)
+++ configs/core.mca.onenet.net (working copy)
@@ -2405,7 +2405,6 @@
# grnoc-mon at MCALESTER-MX480-RE0> show ospf neighbor
# Address Interface State ID Pri Dead
# 164.58.245.6 ge-0/2/0.0 Full 164.58.199.90
-# 164.58.244.11 ge-0/2/1.42 Full 164.58.199.165
# 164.58.245.81 ge-0/2/3.42 Full 164.58.199.179
# 164.58.246.37 xe-0/0/0.69 Full 164.58.199.221
#
@@ -2413,14 +2412,13 @@
# grnoc-mon at MCALESTER-MX480-RE0> show bfd session
Detect Transmit
Address State Interface Time Interval Multiplier
-164.58.244.11 Up ge-0/2/1.42 1.200 0.400 3
164.58.245.6 Up ge-0/2/0.0 1.200 0.400 3
164.58.245.81 Up ge-0/2/3.42 1.200 0.400 3
164.58.246.37 Up xe-0/0/0.69 1.200 0.400 3
fe80::223:9cff:fea2:6fb Up ge-0/2/0.0 0.300 0.100 3
fe80::8618:8800:45ee:d974 Down xe-0/0/0.69 0.000 2.000 3
-6 sessions, 9 clients
-Cumulative transmit rate 20.5 pps, cumulative receive rate 20.0 pps
+5 sessions, 7 clients
+Cumulative transmit rate 18.0 pps, cumulative receive rate 17.5 pps
{master}
Index: configs/kiamichi-fmc-battiest.client.onenet.net
===================================================================
--- configs/kiamichi-fmc-battiest.client.onenet.net (revision 152126)
+++ configs/kiamichi-fmc-battiest.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at KIAMICHI-FMC-BATTIEST-LR-5230> show system commit
+# 2017-04-04 18:17:40 CDT by joel via cli
+# 2017-04-04 18:13:21 CDT by joel via cli
+# 2017-04-04 18:11:08 CDT by joel via cli
+# 2017-04-04 18:07:51 CDT by joel via cli commit confirmed, rollback in 3mins
+# 2017-04-04 18:04:42 CDT by joel via cli
# 2017-04-04 17:50:46 CDT by joel via cli
-# 2017-04-04 17:49:12 CDT by joel via cli
-# 2017-04-04 17:47:59 CDT by joel via cli
-# 2017-04-04 17:45:47 CDT by joel via cli
-# 2017-04-04 17:23:28 CDT by joel via cli
-# 2017-04-04 17:20:55 CDT by joel via cli
# grnoc-mon at KIAMICHI-FMC-BATTIEST-LR-5230> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -118,7 +118,7 @@
# Time Source: NTP CLOCK
# System booted: 2016-11-14 15:47 CST
# Protocols started: 2016-11-14 15:47 CST
-# Last configured: 2017-04-04 17:50 CDT by joel
+# Last configured: 2017-04-04 18:17 CDT by joel
#
# grnoc-mon at KIAMICHI-FMC-BATTIEST-LR-5230> show interface terse
#Interface Admin Link
@@ -171,12 +171,12 @@
#ppe0 up up
#st0 up up
#st0.0 up up
-#st0.1 up up
+#st0.1 up down
#tap up up
#vlan up down
#vtep up up
# grnoc-mon at KIAMICHI-FMC-BATTIEST-LR-5230> show configuration
-## Last commit: 2017-04-04 17:50:46 CDT by joel
+## Last commit: 2017-04-04 18:17:40 CDT by joel
version 15.1X49-D50.3;
system {
host-name KIAMICHI-FMC-BATTIEST-LR-5230;
@@ -341,9 +341,9 @@
proposal-set standard;
# pre-shared-#key <removed>;
}
- policy DYNAMIC-VPN-POLICY {
+ policy IKE-DYN-VPN-POLICY {
mode aggressive;
- description DYNAMIC-VPN-PSK;
+ description KFMC-Dynamic-VPN-Key;
proposal-set standard;
# pre-shared-#key <removed>;
}
@@ -363,11 +363,11 @@
}
external-interface ge-0/0/0.500;
}
- gateway DYNAMIC-VPN-LOCAL-GW {
- ike-policy DYNAMIC-VPN-POLICY;
+ gateway DYN-VPN-LOCAL-GATEWAY {
+ ike-policy IKE-DYN-VPN-POLICY;
dynamic {
- hostname DYNVPN;
- connections-limit 10;
+ hostname kiamichi.local;
+ connections-limit 5;
ike-user-type group-ike-id;
}
external-interface ge-0/0/0.500;
@@ -420,7 +420,7 @@
}
vpn DYN-VPN {
ike {
- gateway DYNAMIC-VPN-LOCAL-GW;
+ gateway DYN-VPN-LOCAL-GATEWAY;
ipsec-policy IPSEC-DYN-VPN-POLICY;
}
}
@@ -430,8 +430,28 @@
address MITEL-PHONES 192.168.0.230/32;
address net-192.168.0.2 192.168.0.2/32;
address net-10.3.87.86 10.3.87.86/32;
+ address DYN-VPN-192.168.0.248/29 {
+ wildcard-address 192.168.0.248/29;
+ }
}
}
+ dynamic-vpn {
+ access-profile DYN-VPN-ACCESS-PROFILE;
+ clients {
+ DYN-VPN-USERS {
+ remote-protected-resources {
+ 0.0.0.0/0;
+ }
+ remote-exceptions {
+ 0.0.0.0/0;
+ }
+ ipsec-vpn DYN-VPN;
+ user-groups {
+ DYN-VPN-CLIENT-GROUP;
+ }
+ }
+ }
+ }
forwarding-options {
family {
inet6 {
@@ -497,6 +517,20 @@
}
}
}
+ rule-set DYN-VPN-INTERFACE-NAT {
+ from zone UNTRUST;
+ to zone UNTRUST;
+ rule DYN-VPN-NAT {
+ match {
+ source-address 192.168.0.248/29;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
}
static {
rule-set MITEL-NAT {
@@ -517,10 +551,20 @@
}
}
policies {
- from-zone TRUST to-zone UNTRUST {
- policy TRUST-TO-UNTRUST {
+ from-zone UNTRUST to-zone TRUST {
+ policy UNTRUST-TO-TRUST {
match {
source-address any;
+ destination-address MITEL-PHONES;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ policy ALLOW-DYN-VPN-DNS {
+ match {
+ source-address DYN-VPN-192.168.0.248/29;
destination-address any;
application any;
}
@@ -528,22 +572,40 @@
permit;
}
}
- }
- from-zone TEST to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
+ policy ALLOW-DYN-VPN {
match {
source-address any;
destination-address any;
application any;
}
then {
- permit;
+ permit {
+ tunnel {
+ ipsec-vpn DYN-VPN;
+ }
+ }
}
}
}
- from-zone MPLS to-zone TRUST {
- policy MPLS-TO-TRUST {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy ALLOW-DYN-VPN {
match {
+ source-address DYN-VPN-192.168.0.248/29;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit {
+ tunnel {
+ ipsec-vpn DYN-VPN;
+ }
+ }
+ }
+ }
+ }
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
source-address any;
destination-address any;
application any;
@@ -553,8 +615,8 @@
}
}
}
- from-zone TRUST to-zone MPLS {
- policy TRUST-TO-MPLS {
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
match {
source-address any;
destination-address any;
@@ -565,8 +627,8 @@
}
}
}
- from-zone TRUST to-zone TRUST {
- policy TRUST-TO-TRUST {
+ from-zone MPLS to-zone TRUST {
+ policy MPLS-TO-TRUST {
match {
source-address any;
destination-address any;
@@ -577,29 +639,27 @@
}
}
}
- from-zone UNTRUST to-zone TRUST {
- policy UNTRUST-TO-TRUST {
+ from-zone TRUST to-zone MPLS {
+ policy TRUST-TO-MPLS {
match {
source-address any;
- destination-address MITEL-PHONES;
+ destination-address any;
application any;
}
then {
permit;
}
}
- policy DYN-VPN-POLICY {
+ }
+ from-zone TRUST to-zone TRUST {
+ policy TRUST-TO-TRUST {
match {
source-address any;
destination-address any;
application any;
}
then {
- permit {
- tunnel {
- ipsec-vpn DYN-VPN;
- }
- }
+ permit;
}
}
}
@@ -861,14 +921,16 @@
}
access {
profile DYN-VPN-ACCESS-PROFILE {
- client KFMC-User-1 {
+ client joelmoore {
+ client-group DYN-VPN-CLIENT-GROUP;
firewall-user {
- password "$9$S6MrM8X7VsgodbmfTzCAp0O1crleM-bYOBcr"; ## SECRET-DATA
+ password "$9$u/k-1IhXxdbwgLxjq.mTQEcSlWx2gJHqf-VjH"; ## SECRET-DATA
}
}
- client KFMC-User-2 {
+ client kiamichi-user {
+ client-group DYN-VPN-CLIENT-GROUP;
firewall-user {
- password "$9$uJ6JOEcylML7-vWZUjH5Tz3n/pOB1EKWXn6pO"; ## SECRET-DATA
+ password "$9$Hkfz3nCuBE/CLNb2GU/Ctp0IEhSM8X"; ## SECRET-DATA
}
}
address-assignment {
@@ -878,10 +940,20 @@
address-assignment {
pool DYN-VPN-ADDRESS-POOL {
family inet {
- network 10.255.255.0/24;
+ network 192.168.0.0/24;
+ range dvpn-range {
+ low 192.168.0.249;
+ high 192.168.0.254;
+ }
+ dhcp-attributes {
+ maximum-lease-time 300;
+ domain-name kiamichi.local;
+ name-server {
+ 164.58.253.10;
+ }
+ }
xauth-attributes {
primary-dns 164.58.253.10/32;
- secondary-dns 164.58.198.10/32;
}
}
}
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 152111)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -511,8 +511,8 @@
#t1-2/3/0:2:20 down down
#t1-2/3/0:2:21 up up
#t1-2/3/0:2:21.0 up up
-#t1-2/3/0:2:22 up down
-#t1-2/3/0:2:22.0 up down
+#t1-2/3/0:2:22 up up
+#t1-2/3/0:2:22.0 up up
#t1-2/3/0:2:23 up up
#t1-2/3/0:2:23.0 up up
#t1-2/3/0:2:24 down down
Index: configs/odmhsas-camhc-mcalester.client.onenet.net
===================================================================
--- configs/odmhsas-camhc-mcalester.client.onenet.net (revision 152064)
+++ configs/odmhsas-camhc-mcalester.client.onenet.net (working copy)
@@ -96,8 +96,8 @@
# total files: 1
#
# grnoc-mon at ODMHSAS-CARL-ALBERT-MHC-MCALESTER-SRX220> show system uptime
-# System booted: 2017-04-03 02:21 CDT
-# Protocols started: 2017-04-03 02:24 CDT
+# System booted: 2017-04-04 18:04 CDT
+# Protocols started: 2017-04-04 18:07 CDT
# Last configured: 2016-08-04 14:56 CDT by sky
#
# grnoc-mon at ODMHSAS-CARL-ALBERT-MHC-MCALESTER-SRX220> show interface terse
Index: configs/core4.okc.onenet.net
===================================================================
--- configs/core4.okc.onenet.net (revision 152126)
+++ configs/core4.okc.onenet.net (working copy)
@@ -676,14 +676,14 @@
#ge-0/3/5.32767 up up
#ge-0/3/6 down down
#ge-0/3/7 up down
-#ge-0/3/8 up up
-#ge-0/3/8.80 up up
-#ge-0/3/8.81 up up
-#ge-0/3/8.401 up up
-#ge-0/3/8.402 up up
-#ge-0/3/8.403 up up
-#ge-0/3/8.404 up up
-#ge-0/3/8.32767 up up
+#ge-0/3/8 up down
+#ge-0/3/8.80 up down
+#ge-0/3/8.81 up down
+#ge-0/3/8.401 up down
+#ge-0/3/8.402 up down
+#ge-0/3/8.403 up down
+#ge-0/3/8.404 up down
+#ge-0/3/8.32767 up down
#ge-0/3/9 up down
#lc-1/0/0 up up
#lc-1/0/0.32769 up up
Index: configs/swi.cai.eosc.onenet.net
===================================================================
--- configs/swi.cai.eosc.onenet.net (revision 152126)
+++ configs/swi.cai.eosc.onenet.net (working copy)
@@ -199,10 +199,10 @@
#ge-0/0/23.0 up up
#ge-0/1/0 up up
#ge-0/1/0.0 up up
-#ge-0/1/1 up up
-#ge-0/1/1.0 up up
-#ge-0/1/2 up down
-#ge-0/1/2.0 up down
+#ge-0/1/1 up down
+#ge-0/1/1.0 up down
+#ge-0/1/2 up up
+#ge-0/1/2.0 up up
#bme0 up up
#bme0.32768 up up
#dsc up up
Index: configs/odmhsas-tcbh-tulsa.client.onenet.net
===================================================================
--- configs/odmhsas-tcbh-tulsa.client.onenet.net (revision 152126)
+++ configs/odmhsas-tcbh-tulsa.client.onenet.net (working copy)
@@ -947,7 +947,6 @@
}
}
# grnoc-mon at ODMHSAS-TULSA-CENTER-FOR-BEHAVIORAL-HEALTH-SRX220> show ospf neighbor
-# quit
# OSPF instance is not running
#
# grnoc-mon at ODMHSAS-TULSA-CENTER-FOR-BEHAVIORAL-HEALTH-SRX220> show bfd session
Index: configs/keota-hs.client.onenet.net
===================================================================
--- configs/keota-hs.client.onenet.net (revision 152071)
+++ configs/keota-hs.client.onenet.net (working copy)
@@ -95,8 +95,8 @@
# total files: 1
#
# grnoc-mon at KEOTA-HS-LR-003942> show system uptime
-# System booted: 2017-04-03 06:26 CDT
-# Protocols started: 2017-04-03 06:28 CDT
+# System booted: 2017-04-04 18:51 CDT
+# Protocols started: 2017-04-04 18:53 CDT
# Last configured: 2016-11-28 08:11 CST by andrew
#
# grnoc-mon at KEOTA-HS-LR-003942> show interface terse
Index: configs/miami-ps-srx220.client.onenet.net
===================================================================
--- configs/miami-ps-srx220.client.onenet.net (revision 146320)
+++ configs/miami-ps-srx220.client.onenet.net (working copy)
@@ -119,8 +119,8 @@
#ge-0/0/4 down down
#ge-0/0/5 down down
#ge-0/0/6 down down
-#ge-0/0/7 up up
-#ge-0/0/7.0 up up
+#ge-0/0/7 up down
+#ge-0/0/7.0 up down
#fxp2 up up
#fxp2.0 up up
#gre up up
Index: configs/sayre-public-library-ex.client.onenet.net
===================================================================
--- configs/sayre-public-library-ex.client.onenet.net (revision 152125)
+++ configs/sayre-public-library-ex.client.onenet.net (working copy)
@@ -186,8 +186,8 @@
#ge-0/0/10.0 up down
#ge-0/0/11 up down
#ge-0/0/11.0 up down
-#ge-0/0/12 up up
-#ge-0/0/12.0 up up
+#ge-0/0/12 up down
+#ge-0/0/12.0 up down
#ge-0/0/13 up down
#ge-0/0/13.0 up down
#ge-0/0/14 up up
Index: configs/acx.cai.hart-acx2100.onenet.net
===================================================================
--- configs/acx.cai.hart-acx2100.onenet.net (revision 152093)
+++ configs/acx.cai.hart-acx2100.onenet.net (working copy)
@@ -191,10 +191,10 @@
#ge-1/2/0 up up
#ge-1/2/0.42 up up
#ge-1/2/0.32767 up up
-#ge-1/2/1 up up
-#ge-1/2/1.42 up up
-#ge-1/2/1.81 up up
-#ge-1/2/1.32767 up up
+#ge-1/2/1 up down
+#ge-1/2/1.42 up down
+#ge-1/2/1.81 up down
+#ge-1/2/1.32767 up down
#xe-1/3/0 down down
#xe-1/3/1 down down
#dsc up up
@@ -1185,14 +1185,12 @@
# grnoc-mon at HARTSHORNE-PUBLIC-LIBRARY-ACX2100> show ospf neighbor
# Address Interface State ID Pri Dead
# 164.58.244.8 ge-1/2/0.42 Full 164.58.199.99
-# 164.58.244.10 ge-1/2/1.42 Full 164.58.199.92
#
# grnoc-mon at HARTSHORNE-PUBLIC-LIBRARY-ACX2100> show bfd session
Detect Transmit
Address State Interface Time Interval Multiplier
164.58.244.8 Up ge-1/2/0.42 1.200 0.400 3
-164.58.244.10 Up ge-1/2/1.42 1.200 0.400 3
-2 sessions, 4 clients
-Cumulative transmit rate 5.0 pps, cumulative receive rate 5.0 pps
+1 sessions, 2 clients
+Cumulative transmit rate 2.5 pps, cumulative receive rate 2.5 pps
More information about the Nocrancid
mailing list