[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Apr 27 14:04:28 CDT 2017
Index: configs/vinita-public-library.client.onenet.net
===================================================================
--- configs/vinita-public-library.client.onenet.net (revision 152738)
+++ configs/vinita-public-library.client.onenet.net (working copy)
@@ -1,13 +1,13 @@
# RANCID-CONTENT-TYPE: juniper
#
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show system commit
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show system commit
+# 2017-04-27 13:59:13 CDT by sean via cli
+# 2017-04-27 13:54:21 CDT by sean via cli commit confirmed, rollback in 3mins
# 2017-04-26 16:09:28 CDT by sean via cli
# 2017-04-26 15:59:20 CDT by sean via cli
# 2016-11-15 14:00:11 CST by aberrios via cli
# 2016-11-15 13:44:50 CST by aberrios via cli commit confirmed, rollback in 5mins
-# 2016-10-20 15:57:18 CDT by sean via cli
-# 2016-10-20 15:55:00 CDT by sean via cli commit confirmed, rollback in 5mins
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis environment
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
# Routing Engine CPU OK
@@ -19,17 +19,17 @@
# SRX240 IO fan 2 OK
# Power Power Supply 0 OK
#
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis firmware
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis firmware
# Part Type Version
# FPC 0 O/S Version 12.1X44-D30 by builder on 2013-12-1
# FWDD O/S Version 12.1X44-D30 by builder on 2013-12-1
#
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis fpc detail
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis fpc detail
# Slot 0 information:
# State Online
# Total CPU DRAM ---- CPU less FPC ----
#
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis hardware
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis hardware
# Hardware inventory:
# Item Version Part number Serial number Description
# Chassis BU1814AK0364 SRX240H2
@@ -38,15 +38,15 @@
# PIC 0 16x GE Base PIC
# Power Supply 0
#
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis hardware models
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis routing-engine
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis hardware models
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis routing-engine
# Routing Engine status:
# Serial ID ACLK0574
#
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis scb
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis sfm detail
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis ssb
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show system boot-messages
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis scb
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis sfm detail
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis ssb
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
# Copyright (c) 1996-2013, Juniper Networks, Inc.
# All rights reserved.
@@ -109,16 +109,16 @@
# Trying to mount root from ufs:/dev/da0s2a
# WARNING: /altroot was not properly dismounted
#
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show version
-# Hostname: VINITA-PUBLIC-LIBRARY-CLIENT-OWNED # Model: srx240h2 # JUNOS Software Release [12.1X44-D30] # # grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 Dec 10 2013 /var/tmp@ -> /cf/var/tmp
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show version
+# Hostname: VINTIA-PL-CIENT-DEVICE # Model: srx240h2 # JUNOS Software Release [12.1X44-D30] # # grnoc-mon at VINTIA-PL-CIENT-DEVICE> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 Dec 10 2013 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show system uptime
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show system uptime
# System booted: 2016-11-15 11:51 CST
# Protocols started: 2016-11-15 11:54 CST
-# Last configured: 2017-04-26 16:09 CDT by sean
+# Last configured: 2017-04-27 13:59 CDT by sean
#
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show interface terse
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show interface terse
#Interface Admin Link
#ge-0/0/0 up up
#ge-0/0/0.0 up up
@@ -144,14 +144,14 @@
#ge-0/0/6.0 up down
#ge-0/0/7 up down
#ge-0/0/7.0 up down
-#ge-0/0/8 down down
-#ge-0/0/9 down down
-#ge-0/0/10 down down
-#ge-0/0/11 down down
-#ge-0/0/12 down down
-#ge-0/0/13 down down
-#ge-0/0/14 down down
-#ge-0/0/15 down down
+#ge-0/0/8 up down
+#ge-0/0/9 up down
+#ge-0/0/10 up down
+#ge-0/0/11 up down
+#ge-0/0/12 up down
+#ge-0/0/13 up down
+#ge-0/0/14 up down
+#ge-0/0/15 up down
#fxp2 up up
#fxp2.0 up up
#gre up up
@@ -172,13 +172,12 @@
#st0 up up
#tap up up
#vlan up up
-#vlan.1 up up
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show configuration
-## Last commit: 2017-04-26 16:09:28 CDT by sean
+#vlan.3 up up
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show configuration
+## Last commit: 2017-04-27 13:59:13 CDT by sean
version 12.1X44-D30;
system {
- host-name VINITA-PUBLIC-LIBRARY-CLIENT-OWNED;
- auto-snapshot;
+ host-name VINTIA-PL-CIENT-DEVICE;
domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
@@ -263,21 +262,10 @@
root-login deny;
protocol-version v2;
}
- web-management {
- http {
- interface vlan.1;
- }
- https {
- system-generated-certificate;
- interface [ vlan.1 ge-0/0/0.0 ];
- }
- session {
- idle-timeout 60;
- }
- }
dhcp {
pool 10.1.1.0/24 {
address-range low 10.1.1.30 high 10.1.1.240;
+ domain-name onenet.net;
name-server {
208.67.222.222;
208.67.220.220;
@@ -308,10 +296,6 @@
any any;
match RT_FLOW_SESSION;
}
- file blocked-traffic {
- any any;
- match RT_FLOW_SESSION_DENY;
- }
file updown {
any any;
match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
@@ -333,92 +317,82 @@
}
}
ge-0/0/1 {
+ description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
+ port-mode access;
vlan {
- members vlan1;
+ members TRUST-VLAN;
}
}
}
}
ge-0/0/2 {
+ description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
+ port-mode access;
vlan {
- members vlan1;
+ members TRUST-VLAN;
}
}
}
}
ge-0/0/3 {
+ description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
+ port-mode access;
vlan {
- members vlan1;
+ members TRUST-VLAN;
}
}
}
}
ge-0/0/4 {
+ description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
+ port-mode access;
vlan {
- members vlan1;
+ members TRUST-VLAN;
}
}
}
}
ge-0/0/5 {
+ description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
+ port-mode access;
vlan {
- members vlan1;
+ members TRUST-VLAN;
}
}
}
}
ge-0/0/6 {
+ description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
+ port-mode access;
vlan {
- members vlan1;
+ members TRUST-VLAN;
}
}
}
}
ge-0/0/7 {
+ description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
+ port-mode access;
vlan {
- members vlan1;
+ members TRUST-VLAN;
}
}
}
}
- ge-0/0/8 {
- disable;
- }
- ge-0/0/9 {
- disable;
- }
- ge-0/0/10 {
- disable;
- }
- ge-0/0/11 {
- disable;
- }
- ge-0/0/12 {
- disable;
- }
- ge-0/0/13 {
- disable;
- }
- ge-0/0/14 {
- disable;
- }
- ge-0/0/15 {
- disable;
- }
lo0 {
unit 0 {
family inet {
@@ -429,7 +403,8 @@
}
}
vlan {
- unit 1 {
+ unit 3 {
+ description "L3 INTERFACE - TRUST-VLAN - 10.1.1.1/24";
family inet {
address 10.1.1.1/24;
}
@@ -473,17 +448,13 @@
security {
address-book {
global {
- address destiny 192.168.100.3/32;
+ address NAT-156.110.28.193/32 156.110.28.193/32;
+ address ARUBA-INSTANT-AP-10.1.1.250/32 10.1.1.250/32;
address ONENET-164.58.69.122/32 164.58.69.122/32;
- address NAT-ARUBA-AP251-10.1.1.251/32 10.1.1.251/32;
- address NAT-ARUBA-AP250-10.1.1.250/32 10.1.1.250/32;
- address NAT-VIDEO-10.1.1.10/32 10.1.1.10/32;
- address VIDEO-164.58.9.86/32 164.58.9.86/32;
- address NAT-ARUBA-156.110.28.194/32 156.110.28.194/32;
}
}
screen {
- ids-option untrust-screen {
+ ids-option UNTRUST-SCREEN {
icmp {
ping-death;
}
@@ -505,51 +476,27 @@
}
nat {
source {
- pool VIDEO-NAT-POOL {
- address {
- 164.58.9.86/32;
- }
- }
- pool VINITA-PUBLIC-LIBRARY-OUTSIDE {
- address {
- 164.58.27.250/32;
- }
- }
- rule-set INTERNAL-TO-INTERNET {
- from zone Internal;
- to zone Internet;
- rule NAT-VIDEO-UNIT-OUT {
+ rule-set TRUST-TO-UNTRUST-NAT {
+ from zone TRUST;
+ to zone UNTRUST;
+ rule NAT-TRUST-TO-UNTRUST {
match {
- source-address 10.1.1.10/32;
- }
- then {
- source-nat {
- pool {
- VIDEO-NAT-POOL;
- }
- }
- }
- }
- rule NAT-INTERNAL-TO-INTERNET {
- match {
source-address 0.0.0.0/0;
}
then {
source-nat {
- pool {
- VINITA-PUBLIC-LIBRARY-OUTSIDE;
- }
+ interface;
}
}
}
}
}
static {
- rule-set STATIC-NAT {
- from zone Internet;
- rule NAT-Internet-TO-ARUBA-AP-250 {
+ rule-set STATIC-NAT-ARUBA {
+ from zone UNTRUST;
+ rule NAT-UNTRUST-TO-ARUBA {
match {
- destination-address 156.110.28.194/32;
+ destination-address 156.110.28.193/32;
}
then {
static-nat {
@@ -559,94 +506,59 @@
}
}
}
- rule NAT-Internet-VIDEO-IN {
- match {
- destination-address 164.58.9.86/32;
- }
- then {
- static-nat {
- prefix {
- 10.1.1.10/32;
- }
- }
- }
- }
}
}
}
policies {
- from-zone Internet to-zone Internal {
- policy STATIC-NAT-VIDEO {
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
match {
source-address any;
- destination-address NAT-VIDEO-10.1.1.10/32;
+ destination-address any;
application any;
}
then {
permit;
}
}
+ }
+ from-zone UNTRUST to-zone TRUST {
policy STATIC-NAT-ARUBA {
match {
- source-address ONENET-164.58.69.122/32;
- destination-address [ NAT-ARUBA-AP250-10.1.1.250/32 NAT-ARUBA-AP251-10.1.1.251/32 NAT-ARUBA-156.110.28.194/32 ];
- application any;
- }
- then {
- permit;
- }
- }
- policy DENY-ALL-ELSE {
- match {
source-address any;
- destination-address any;
- application any;
+ destination-address NAT-156.110.28.193/32;
+ application ARUBA-HTTPS;
}
then {
- deny;
- log {
- session-init;
- }
- }
- }
- }
- from-zone Internal to-zone Internet {
- policy All_Internal_Internet {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
permit;
}
}
}
}
zones {
- security-zone Internal {
+ security-zone TRUST {
interfaces {
- vlan.1 {
+ vlan.3 {
host-inbound-traffic {
system-services {
- ping;
dhcp;
- http;
- https;
- ssh;
+ ping;
+ traceroute;
}
}
}
}
}
- security-zone Internet {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
- ssh;
ping;
snmp;
+ ssh;
+ traceroute;
}
}
}
@@ -710,15 +622,16 @@
}
}
vlans {
- vlan1 {
+ TRUST-VLAN {
+ description TRUST-VLAN;
vlan-id 3;
- l3-interface vlan.1;
+ l3-interface vlan.3;
}
}
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show ospf neighbor
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show ospf neighbor
# OSPF instance is not running
#
-# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show bfd session
+# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show bfd session
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/core.mca.onenet.net
===================================================================
--- configs/core.mca.onenet.net (revision 152746)
+++ configs/core.mca.onenet.net (working copy)
@@ -273,9 +273,9 @@
#xe-0/0/0.32767 up up
#xe-0/0/1 up up
#xe-0/0/1.0 up up
-#xe-0/1/0 up down
-#xe-0/1/0.42 up down
-#xe-0/1/0.32767 up down
+#xe-0/1/0 up up
+#xe-0/1/0.42 up up
+#xe-0/1/0.32767 up up
#xe-0/1/1 up up
#xe-0/1/1.1020 up up
#xe-0/1/1.1032 up up
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 152761)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -598,7 +598,7 @@
#t1-2/3/0:4:20.0 up up
#t1-2/3/0:4:21 up up
#t1-2/3/0:4:21.0 up up
-#t1-2/3/0:4:22 up down
+#t1-2/3/0:4:22 up up
#t1-2/3/0:4:23 down down
#t1-2/3/0:4:24 down down
#t1-2/3/0:4:25 down down
Index: configs/hub.chi.onenet.net
===================================================================
--- configs/hub.chi.onenet.net (revision 152761)
+++ configs/hub.chi.onenet.net (working copy)
@@ -281,7 +281,7 @@
#t1-2/0/2:1 up up
#t1-2/0/2:1.16 up up
#t1-2/0/2:1.17 up up
-#t1-2/0/2:2 down up
+#t1-2/0/2:2 down down
#t1-2/0/2:3 down down
#t1-2/0/2:4 down down
#t1-2/0/2:5 down down
Index: configs/core.owtcred.onenet.net
===================================================================
--- configs/core.owtcred.onenet.net (revision 152750)
+++ configs/core.owtcred.onenet.net (working copy)
@@ -234,9 +234,9 @@
#pfe-0/0/0.16383 up up
#pfh-0/0/0 up up
#pfh-0/0/0.16383 up up
-#xe-0/0/0 up down
-#xe-0/0/0.42 up down
-#xe-0/0/0.32767 up down
+#xe-0/0/0 up up
+#xe-0/0/0.42 up up
+#xe-0/0/0.32767 up up
#xe-0/0/1 up up
#xe-0/0/1.42 up up
#xe-0/0/1.32767 up up
Index: configs/stringtown-high-school.client.onenet.net
===================================================================
--- configs/stringtown-high-school.client.onenet.net (revision 152761)
+++ configs/stringtown-high-school.client.onenet.net (working copy)
@@ -674,7 +674,6 @@
# OSPF instance is not running
#
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/core5.okc.onenet.net
===================================================================
--- configs/core5.okc.onenet.net (revision 152761)
+++ configs/core5.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE5-MX480-RE0> show system commit
+# 2017-04-27 13:18:10 CDT by andrew via cli commit synchronize
+# 2017-04-27 13:17:20 CDT by andrew via cli commit synchronize
# 2017-04-27 12:32:14 CDT by andrew via cli commit synchronize
# 2017-04-27 11:55:30 CDT by andrew via cli commit synchronize
# 2017-04-27 11:54:06 CDT by andrew via cli commit synchronize
# 2017-04-25 14:02:33 CDT by sky via cli commit synchronize
-# 2017-04-25 13:55:58 CDT by sky via cli commit synchronize
-# 2017-04-25 12:42:49 CDT by andrew via cli commit synchronize
# grnoc-mon at OKC-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -449,7 +449,7 @@
# grnoc-mon at OKC-CORE5-MX480-RE0> show system uptime
# System booted: 2016-10-12 08:16 CDT
# Protocols started: 2016-10-12 08:18 CDT
-# Last configured: 2017-04-27 12:32 CDT by andrew
+# Last configured: 2017-04-27 13:18 CDT by andrew
#
# {master}
# grnoc-mon at OKC-CORE5-MX480-RE0> show interface terse
@@ -1126,7 +1126,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE5-MX480-RE0> show configuration
-## Last commit: 2017-04-27 12:32:14 CDT by andrew
+## Last commit: 2017-04-27 13:18:10 CDT by andrew
version 13.3R9.13;
groups {
re0 {
Index: configs/opt.occ.onenet.net
===================================================================
--- configs/opt.occ.onenet.net (revision 152761)
+++ configs/opt.occ.onenet.net (working copy)
@@ -149,6 +149,7 @@
<interface name="CHAN-2-3-28-RX" abbr_name="CHAN-2-3-28-RX" admin_state="up" spanning_tree_metric="" description="" type="MUX" monitoring_state="monitor"></interface>
<interface name="CHAN-2-3-29-RX" abbr_name="CHAN-2-3-29-RX" admin_state="down" spanning_tree_metric="" description="" type="MUX" monitoring_state="no-monitor"></interface>
<interface name="CHAN-2-3-30-RX" abbr_name="CHAN-2-3-30-RX" admin_state="down" spanning_tree_metric="" description="" type="MUX" monitoring_state="no-monitor"></interface>
+ <interface name="CHAN-2-3-31-RX" abbr_name="CHAN-2-3-31-RX" admin_state="down" spanning_tree_metric="" description="" type="MUX" monitoring_state="no-monitor"></interface>
<interface name="CHAN-2-3-32-RX" abbr_name="CHAN-2-3-32-RX" admin_state="down" spanning_tree_metric="" description="" type="MUX" monitoring_state="no-monitor"></interface>
<interface name="CHAN-2-3-33-RX" abbr_name="CHAN-2-3-33-RX" admin_state="down" spanning_tree_metric="" description="" type="MUX" monitoring_state="no-monitor"></interface>
<interface name="CHAN-2-3-34-RX" abbr_name="CHAN-2-3-34-RX" admin_state="up" spanning_tree_metric="" description="" type="MUX" monitoring_state="monitor"></interface>
Index: configs/rpswi1.okc.onenet.net
===================================================================
--- configs/rpswi1.okc.onenet.net (revision 152760)
+++ configs/rpswi1.okc.onenet.net (working copy)
@@ -265,8 +265,8 @@
#ge-0/0/44.0 up down
#ge-0/0/45 up down
#ge-0/0/45.0 up down
-#ge-0/0/46 up up
-#ge-0/0/46.0 up up
+#ge-0/0/46 up down
+#ge-0/0/46.0 up down
#ge-0/0/47 up down
#ge-0/0/47.0 up down
#xe-0/1/0 up up
More information about the Nocrancid
mailing list