[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Apr 27 15:04:26 CDT 2017
Index: configs/vinita-public-library.client.onenet.net
===================================================================
--- configs/vinita-public-library.client.onenet.net (revision 152762)
+++ configs/vinita-public-library.client.onenet.net (working copy)
@@ -1,13 +1,13 @@
# RANCID-CONTENT-TYPE: juniper
#
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show system commit
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show system commit
+# 2017-04-27 14:23:41 CDT by sean via cli
+# 2017-04-27 14:07:26 CDT by sean via cli
# 2017-04-27 13:59:13 CDT by sean via cli
# 2017-04-27 13:54:21 CDT by sean via cli commit confirmed, rollback in 3mins
# 2017-04-26 16:09:28 CDT by sean via cli
# 2017-04-26 15:59:20 CDT by sean via cli
-# 2016-11-15 14:00:11 CST by aberrios via cli
-# 2016-11-15 13:44:50 CST by aberrios via cli commit confirmed, rollback in 5mins
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis environment
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
# Routing Engine CPU OK
@@ -19,17 +19,17 @@
# SRX240 IO fan 2 OK
# Power Power Supply 0 OK
#
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis firmware
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis firmware
# Part Type Version
# FPC 0 O/S Version 12.1X44-D30 by builder on 2013-12-1
# FWDD O/S Version 12.1X44-D30 by builder on 2013-12-1
#
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis fpc detail
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis fpc detail
# Slot 0 information:
# State Online
# Total CPU DRAM ---- CPU less FPC ----
#
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis hardware
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis hardware
# Hardware inventory:
# Item Version Part number Serial number Description
# Chassis BU1814AK0364 SRX240H2
@@ -38,15 +38,15 @@
# PIC 0 16x GE Base PIC
# Power Supply 0
#
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis hardware models
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis routing-engine
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis hardware models
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis routing-engine
# Routing Engine status:
# Serial ID ACLK0574
#
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis scb
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis sfm detail
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show chassis ssb
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show system boot-messages
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis scb
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis sfm detail
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show chassis ssb
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
# Copyright (c) 1996-2013, Juniper Networks, Inc.
# All rights reserved.
@@ -109,16 +109,16 @@
# Trying to mount root from ufs:/dev/da0s2a
# WARNING: /altroot was not properly dismounted
#
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show version
-# Hostname: VINTIA-PL-CIENT-DEVICE # Model: srx240h2 # JUNOS Software Release [12.1X44-D30] # # grnoc-mon at VINTIA-PL-CIENT-DEVICE> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 Dec 10 2013 /var/tmp@ -> /cf/var/tmp
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show version
+# Hostname: VINITA-PUBLIC-LIBRARY-CLIENT-OWNED # Model: srx240h2 # JUNOS Software Release [12.1X44-D30] # # grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> file list /var/tmp detail # lrw-r--r-- 1 root wheel 11 Dec 10 2013 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show system uptime
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show system uptime
# System booted: 2016-11-15 11:51 CST
# Protocols started: 2016-11-15 11:54 CST
-# Last configured: 2017-04-27 13:59 CDT by sean
+# Last configured: 2017-04-27 14:23 CDT by sean
#
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show interface terse
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show interface terse
#Interface Admin Link
#ge-0/0/0 up up
#ge-0/0/0.0 up up
@@ -144,14 +144,14 @@
#ge-0/0/6.0 up down
#ge-0/0/7 up down
#ge-0/0/7.0 up down
-#ge-0/0/8 up down
-#ge-0/0/9 up down
-#ge-0/0/10 up down
-#ge-0/0/11 up down
-#ge-0/0/12 up down
-#ge-0/0/13 up down
-#ge-0/0/14 up down
-#ge-0/0/15 up down
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ge-0/0/10 down down
+#ge-0/0/11 down down
+#ge-0/0/12 down down
+#ge-0/0/13 down down
+#ge-0/0/14 down down
+#ge-0/0/15 down down
#fxp2 up up
#fxp2.0 up up
#gre up up
@@ -172,12 +172,13 @@
#st0 up up
#tap up up
#vlan up up
-#vlan.3 up up
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show configuration
-## Last commit: 2017-04-27 13:59:13 CDT by sean
+#vlan.1 up up
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show configuration
+## Last commit: 2017-04-27 14:23:41 CDT by sean
version 12.1X44-D30;
system {
- host-name VINTIA-PL-CIENT-DEVICE;
+ host-name VINITA-PUBLIC-LIBRARY-CLIENT-OWNED;
+ auto-snapshot;
domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
@@ -262,10 +263,21 @@
root-login deny;
protocol-version v2;
}
+ web-management {
+ http {
+ interface vlan.1;
+ }
+ https {
+ system-generated-certificate;
+ interface [ vlan.1 ge-0/0/0.0 ];
+ }
+ session {
+ idle-timeout 60;
+ }
+ }
dhcp {
pool 10.1.1.0/24 {
address-range low 10.1.1.30 high 10.1.1.240;
- domain-name onenet.net;
name-server {
208.67.222.222;
208.67.220.220;
@@ -296,6 +308,10 @@
any any;
match RT_FLOW_SESSION;
}
+ file blocked-traffic {
+ any any;
+ match RT_FLOW_SESSION_DENY;
+ }
file updown {
any any;
match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
@@ -317,82 +333,92 @@
}
}
ge-0/0/1 {
- description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
- port-mode access;
vlan {
- members TRUST-VLAN;
+ members vlan1;
}
}
}
}
ge-0/0/2 {
- description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
- port-mode access;
vlan {
- members TRUST-VLAN;
+ members vlan1;
}
}
}
}
ge-0/0/3 {
- description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
- port-mode access;
vlan {
- members TRUST-VLAN;
+ members vlan1;
}
}
}
}
ge-0/0/4 {
- description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
- port-mode access;
vlan {
- members TRUST-VLAN;
+ members vlan1;
}
}
}
}
ge-0/0/5 {
- description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
- port-mode access;
vlan {
- members TRUST-VLAN;
+ members vlan1;
}
}
}
}
ge-0/0/6 {
- description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
- port-mode access;
vlan {
- members TRUST-VLAN;
+ members vlan1;
}
}
}
}
ge-0/0/7 {
- description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
- port-mode access;
vlan {
- members TRUST-VLAN;
+ members vlan1;
}
}
}
}
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ disable;
+ }
lo0 {
unit 0 {
family inet {
@@ -403,8 +429,7 @@
}
}
vlan {
- unit 3 {
- description "L3 INTERFACE - TRUST-VLAN - 10.1.1.1/24";
+ unit 1 {
family inet {
address 10.1.1.1/24;
}
@@ -448,13 +473,17 @@
security {
address-book {
global {
- address NAT-156.110.28.193/32 156.110.28.193/32;
- address ARUBA-INSTANT-AP-10.1.1.250/32 10.1.1.250/32;
+ address destiny 192.168.100.3/32;
address ONENET-164.58.69.122/32 164.58.69.122/32;
+ address NAT-ARUBA-AP251-10.1.1.251/32 10.1.1.251/32;
+ address NAT-ARUBA-AP250-10.1.1.250/32 10.1.1.250/32;
+ address NAT-VIDEO-10.1.1.10/32 10.1.1.10/32;
+ address VIDEO-164.58.9.86/32 164.58.9.86/32;
+ address NAT-ARUBA-156.110.28.194/32 156.110.28.194/32;
}
}
screen {
- ids-option UNTRUST-SCREEN {
+ ids-option untrust-screen {
icmp {
ping-death;
}
@@ -476,27 +505,51 @@
}
nat {
source {
- rule-set TRUST-TO-UNTRUST-NAT {
- from zone TRUST;
- to zone UNTRUST;
- rule NAT-TRUST-TO-UNTRUST {
+ pool VIDEO-NAT-POOL {
+ address {
+ 164.58.9.86/32;
+ }
+ }
+ pool VINITA-PUBLIC-LIBRARY-OUTSIDE {
+ address {
+ 164.58.27.250/32;
+ }
+ }
+ rule-set INTERNAL-TO-INTERNET {
+ from zone Internal;
+ to zone Internet;
+ rule NAT-VIDEO-UNIT-OUT {
match {
+ source-address 10.1.1.10/32;
+ }
+ then {
+ source-nat {
+ pool {
+ VIDEO-NAT-POOL;
+ }
+ }
+ }
+ }
+ rule NAT-INTERNAL-TO-INTERNET {
+ match {
source-address 0.0.0.0/0;
}
then {
source-nat {
- interface;
+ pool {
+ VINITA-PUBLIC-LIBRARY-OUTSIDE;
+ }
}
}
}
}
}
static {
- rule-set STATIC-NAT-ARUBA {
- from zone UNTRUST;
- rule NAT-UNTRUST-TO-ARUBA {
+ rule-set STATIC-NAT {
+ from zone Internet;
+ rule NAT-Internet-TO-ARUBA-AP-250 {
match {
- destination-address 156.110.28.193/32;
+ destination-address 156.110.28.194/32;
}
then {
static-nat {
@@ -506,59 +559,94 @@
}
}
}
+ rule NAT-Internet-VIDEO-IN {
+ match {
+ destination-address 164.58.9.86/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.1.1.10/32;
+ }
+ }
+ }
+ }
}
}
}
policies {
- from-zone TRUST to-zone UNTRUST {
- policy TRUST-TO-UNTRUST {
+ from-zone Internet to-zone Internal {
+ policy STATIC-NAT-VIDEO {
match {
source-address any;
- destination-address any;
+ destination-address NAT-VIDEO-10.1.1.10/32;
application any;
}
then {
permit;
}
}
- }
- from-zone UNTRUST to-zone TRUST {
policy STATIC-NAT-ARUBA {
match {
source-address any;
- destination-address NAT-156.110.28.193/32;
- application ARUBA-HTTPS;
+ destination-address NAT-ARUBA-156.110.28.194/32;
+ application any;
}
then {
permit;
}
}
+ policy DENY-ALL-ELSE {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ deny;
+ log {
+ session-init;
+ }
+ }
+ }
}
+ from-zone Internal to-zone Internet {
+ policy All_Internal_Internet {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
}
zones {
- security-zone TRUST {
+ security-zone Internal {
interfaces {
- vlan.3 {
+ vlan.1 {
host-inbound-traffic {
system-services {
+ ping;
dhcp;
- ping;
- traceroute;
+ http;
+ https;
+ ssh;
}
}
}
}
}
- security-zone UNTRUST {
- screen UNTRUST-SCREEN;
+ security-zone Internet {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
+ ssh;
ping;
snmp;
- ssh;
- traceroute;
}
}
}
@@ -622,16 +710,15 @@
}
}
vlans {
- TRUST-VLAN {
- description TRUST-VLAN;
+ vlan1 {
vlan-id 3;
- l3-interface vlan.3;
+ l3-interface vlan.1;
}
}
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show ospf neighbor
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show ospf neighbor
# OSPF instance is not running
#
-# grnoc-mon at VINTIA-PL-CIENT-DEVICE> show bfd session
+# grnoc-mon at VINITA-PUBLIC-LIBRARY-CLIENT-OWNED> show bfd session
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/core.owtcred.onenet.net
===================================================================
--- configs/core.owtcred.onenet.net (revision 152762)
+++ configs/core.owtcred.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at RED-OAK-MX80> show system commit
+# 2017-04-27 14:53:31 CDT by andrew via cli
# 2017-04-26 16:48:05 CDT by andrew via cli
# 2017-04-26 14:03:14 CDT by andrew via cli
# 2017-04-26 09:28:08 CDT by andrew via cli
# 2017-03-16 15:51:13 CDT by andrew via cli
# 2017-02-25 22:59:02 CST by andrew via cli
-# 2017-02-25 22:18:12 CST by andrew via cli commit confirmed, rollback in 3mins
# grnoc-mon at RED-OAK-MX80> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -224,7 +224,7 @@
# grnoc-mon at RED-OAK-MX80> show system uptime
# System booted: 2016-03-17 00:26 CDT
# Protocols started: 2016-03-17 00:28 CDT
-# Last configured: 2017-04-26 16:48 CDT by andrew
+# Last configured: 2017-04-27 14:53 CDT by andrew
#
# grnoc-mon at RED-OAK-MX80> show interface terse
#Interface Admin Link
@@ -307,6 +307,7 @@
#lsi.1053705 up up
#lsi.1053706 up up
#lsi.1053707 up up
+#lsi.1053708 up up
#me0 up up
#me0.0 up up
#mtun up up
@@ -316,7 +317,7 @@
#pp0 up up
#tap up up
# grnoc-mon at RED-OAK-MX80> show configuration
-## Last commit: 2017-04-26 16:48:05 CDT by andrew
+## Last commit: 2017-04-27 14:53:31 CDT by andrew
version 13.3R8.7;
groups {
ISIS-L2-INTERFACE {
@@ -1502,6 +1503,10 @@
vpls-id 2593;
neighbor 164.58.199.137;
}
+ mesh-group OWTCCLA-FLAGPOLE-MGMT {
+ vpls-id 2639;
+ neighbor 164.58.199.137;
+ }
mesh-group SKY-TEST {
vpls-id 9876;
neighbor 164.58.199.240;
Index: configs/acx.owtccla.onenet.net
===================================================================
--- configs/acx.owtccla.onenet.net (revision 152736)
+++ configs/acx.owtccla.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OWTC-CLAYTON-ACX4000> show system commit
+# 2017-04-27 14:54:13 CDT by andrew via cli
# 2017-04-26 14:04:17 CDT by andrew via cli
# 2017-02-17 17:29:31 CST by andrew via cli
# 2017-02-14 15:26:44 CST by andrew via cli
# 2017-01-28 22:53:01 CST by andrew via cli
# 2017-01-26 20:09:41 CST by andrew via cli
-# 2017-01-26 15:32:35 CST by andrew via cli
# grnoc-mon at OWTC-CLAYTON-ACX4000> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -186,7 +186,7 @@
# grnoc-mon at OWTC-CLAYTON-ACX4000> show system uptime
# System booted: 2015-09-01 15:57 CDT
# Protocols started: 2015-09-01 15:58 CDT
-# Last configured: 2017-04-26 14:04 CDT by andrew
+# Last configured: 2017-04-27 14:54 CDT by andrew
#
# grnoc-mon at OWTC-CLAYTON-ACX4000> show interface terse
#Interface Admin Link
@@ -215,6 +215,7 @@
#ge-0/0/4.500 up up
#ge-0/0/4.32767 up up
#ge-0/0/5 up up
+#ge-0/0/5.2 up up
#ge-0/0/5.80 up up
#ge-0/0/5.500 up up
#ge-0/0/5.501 up up
@@ -240,7 +241,6 @@
#ge-1/0/1 up up
#ge-1/0/1.0 up up
#ge-1/0/2 down down
-#ge-1/0/2.0 up down
#ge-1/0/3 down down
#ge-1/0/4 down down
#ge-1/0/5 up up
@@ -265,7 +265,7 @@
#pime up up
#tap up up
# grnoc-mon at OWTC-CLAYTON-ACX4000> show configuration
-## Last commit: 2017-04-26 14:04:17 CDT by andrew
+## Last commit: 2017-04-27 14:54:13 CDT by andrew
version 12.3X54-D15.3;
groups {
ISIS-L2-INTERFACE {
@@ -586,6 +586,11 @@
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
+ unit 2 {
+ encapsulation vlan-ccc;
+ vlan-id 2;
+ family ccc;
+ }
unit 80 {
vlan-id 80;
family inet {
@@ -705,11 +710,7 @@
}
}
ge-1/0/2 {
- description "OWTC-CLAYTON-TO-BUFFALO-VALLEY-100M-CIR000XXXX [ORDERED]";
disable;
- mtu 9192;
- media-type copper;
- unit 0;
}
ge-1/0/3 {
disable;
@@ -959,6 +960,11 @@
ignore-encapsulation-mismatch;
ignore-mtu-mismatch;
}
+ interface ge-0/0/5.2 {
+ virtual-circuit-id 2639;
+ ignore-encapsulation-mismatch;
+ ignore-mtu-mismatch;
+ }
}
neighbor 164.58.199.195 {
interface ge-1/0/5.311 {
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net (revision 152754)
+++ configs/hub.dur.onenet.net (working copy)
@@ -324,7 +324,7 @@
#fe-2/1/1.0 up up
#fe-2/1/2 up up
#fe-2/1/2.0 up up
-#fe-2/1/3 down down
+#fe-2/1/3 down up
#ge-2/2/0 up up
#ge-2/2/0.0 up up
#pc-2/2/0 up up
More information about the Nocrancid
mailing list