[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Fri Aug 4 17:04:54 CDT 2017
Index: router.db
===================================================================
--- router.db (revision 155501)
+++ router.db (working copy)
@@ -23,7 +23,7 @@
alex-ps.client.onenet.net:juniper:up
ALLEN-PUBLIC-LIBRARY.client.onenet.net:juniper:up
alt-adva.p.onenet.net:fsp3000:up
-antlers-head-start.client.onenet.net:juniper:up
+antlers-head-start.client.onenet.net:juniper:down
antlers-pl.client.onenet.net:juniper:up
ardmore-higher-ed-ctr.nid.onenet.net:fsp150:up
art-adva.p.onenet.net:fsp3000:up
Index: routers.up
===================================================================
--- routers.up (revision 155501)
+++ routers.up (working copy)
@@ -20,7 +20,6 @@
alex-ps.client.onenet.net:juniper
allen-public-library.client.onenet.net:juniper
alt-adva.p.onenet.net:fsp3000
-antlers-head-start.client.onenet.net:juniper
antlers-pl.client.onenet.net:juniper
ardmore-higher-ed-ctr.nid.onenet.net:fsp150
art-adva.p.onenet.net:fsp3000
Index: configs/core.mus.onenet.net
===================================================================
--- configs/core.mus.onenet.net (revision 155490)
+++ configs/core.mus.onenet.net (working copy)
@@ -509,6 +509,11 @@
#lsi.1050031 up up
#lsi.1050032 up up
#lsi.1050034 up up
+#lsi.1050035 up up
+#lsi.1050036 up up
+#lsi.1050037 up up
+#lsi.1050038 up up
+#lsi.1050039 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.hut.sal.onenet.net
===================================================================
--- configs/core.hut.sal.onenet.net (revision 155490)
+++ configs/core.hut.sal.onenet.net (working copy)
@@ -368,6 +368,8 @@
#lsi.1049429 up up
#lsi.1049431 up up
#lsi.1049432 up up
+#lsi.1049433 up up
+#lsi.1049434 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: configs/core.mca.onenet.net
===================================================================
--- configs/core.mca.onenet.net (revision 155490)
+++ configs/core.mca.onenet.net (working copy)
@@ -516,6 +516,11 @@
#lsi.1051289 up up
#lsi.1051290 up up
#lsi.1051292 up up
+#lsi.1051293 up up
+#lsi.1051294 up up
+#lsi.1051295 up up
+#lsi.1051296 up up
+#lsi.1051297 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.alt.onenet.net
===================================================================
--- configs/core.alt.onenet.net (revision 155490)
+++ configs/core.alt.onenet.net (working copy)
@@ -511,6 +511,15 @@
#lsi.1048879 up up
#lsi.1048880 up up
#lsi.1048882 up up
+#lsi.1048883 up up
+#lsi.1048884 up up
+#lsi.1048885 up up
+#lsi.1048886 up up
+#lsi.1048887 up up
+#lsi.1048888 up up
+#lsi.1048889 up up
+#lsi.1048890 up up
+#lsi.1048891 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/odot-heavener-residence.client.onenet.net
===================================================================
--- configs/odot-heavener-residence.client.onenet.net (revision 155419)
+++ configs/odot-heavener-residence.client.onenet.net (working copy)
@@ -137,8 +137,8 @@
#lsq-0/0/0:0 up up
#lsq-0/0/0:0.16 up up
#lsq-0/0/0:0.17 up up
-#ge-0/0/1 up up
-#ge-0/0/1.0 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
#ge-0/0/2 up up
#ge-0/0/2.0 up up
#ge-0/0/3 up up
Index: configs/core4.tul.onenet.net
===================================================================
--- configs/core4.tul.onenet.net (revision 155490)
+++ configs/core4.tul.onenet.net (working copy)
@@ -842,6 +842,8 @@
#lsi.1048738 up up
#lsi.1048742 up up
#lsi.1048743 up up
+#lsi.1048744 up up
+#lsi.1048745 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/swink-public-schools-srx.client.onenet.net
===================================================================
--- configs/swink-public-schools-srx.client.onenet.net (revision 155500)
+++ configs/swink-public-schools-srx.client.onenet.net (working copy)
@@ -0,0 +1,934 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show system commit
+# 2017-08-04 16:25:12 CDT by admin via cli
+# 2017-07-13 17:28:05 CDT by admin via cli
+# 2017-07-13 17:25:09 CDT by admin via cli
+# 2017-07-13 17:13:46 CDT by admin via cli
+# 2017-07-13 14:49:59 CDT by admin via cli
+# 2017-07-13 14:09:53 CDT by root via cli
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show chassis environment
+# Class Item Status Measurement
+# Temp Routing Engine OK
+# Routing Engine CPU OK
+# Fans SRX340 Chassis fan 0 OK
+# SRX340 Chassis fan 1 OK
+# SRX340 Chassis fan 2 OK
+# SRX340 Chassis fan 3 OK
+# Power Power Supply 0 OK
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show chassis firmware
+# Part Type Version
+# FPC 0 O/S Version 15.1X49-D90.7 by builder on 2017-04-29 06:10:46 UTC
+# FWDD O/S Version 15.1X49-D90.7 by builder on 2017-04-29 06:10:46 UTC
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM ---- CPU less FPC ----
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis CY2017AF0289 SRX340
+# Routing Engine REV 0x08 650-065043 CY2017AF0289 RE-SRX340
+# FPC 0 FPC
+# PIC 0 8xGE,8xGE SFP Base PIC
+# Power Supply 0
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show chassis hardware models
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show chassis routing-engine
+# Routing Engine status:
+# Serial ID CY2017AF0289
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show chassis scb
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show chassis sfm detail
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show chassis ssb
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show system boot-messages
+# kld_map_v: 0x8ff80000, kld_map_p: 0x0
+# Running in PARTITIONED TLB MODE
+# Copyright (c) 1996-2017, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2007 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# FreeBSD is a registered trademark of The FreeBSD Foundation.
+# can't re-use a leaf (debug)!
+# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
+# cpu0 on motherboard
+# : CAVIUM's OCTEON 70XX/71XX CPU Rev. 0.2 with no FPU implemented
+# L1 Cache: I size 78kb(128 line), D size 32kb(128 line), thirty two way.
+# L2 Cache: Size 512kb, 4 way
+# obio0 on motherboard
+# uart0: <Octeon-16550 channel 0> on obio0
+# uart0: console (9600,n,8,1)
+# twsi0 on obio0
+# set clock 0x58
+# xhci0: <Cavium Octeon 7xxx xHCI Host Driver> on obio0
+# usb0: <USB bus for xHCI Controller> on xhci0
+# usb0: USB revision 3.0
+# uhub0: vendor 0x0000 XHCI root hub, class 9/0, rev 3.00/1.00, addr 1
+# uhub0: 2 ports with 2 removable, self powered
+# xhci1: <Cavium Octeon 7xxx xHCI Host Driver> on obio0
+# usb1: <USB bus for xHCI Controller> on xhci1
+# usb1: USB revision 3.0
+# uhub1: vendor 0x0000 XHCI root hub, class 9/0, rev 3.00/1.00, addr 1
+# uhub1: 2 ports with 2 removable, self powered
+# cpld0 on obio0
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
+# Disabling Octeon big bar support
+# pcib0: Initialized controller
+# pci0: <PCI bus> on pcib0
+# pci0: <network, ethernet> at device 0.0 (no driver attached)
+# pci0: <network, ethernet> at device 0.1 (no driver attached)
+# gblmem0 on obio0
+# octpkt0: <Octeon RGMII> on obio0
+# cfi0: <Macronix MX25L64 - 8MB> on obio0
+# cfi1: <Macronix MX25L64 - 8MB> on obio0
+# octagl0: <Octeon AGL> on obio0
+# umass0: ATP Electronics ATP CG eUSB, rev 2.00/11.00, addr 2
+# miibus0: <MII bus> on octagl0
+# brgphy0: <BCM54616S 10/100/1000baseTX PHY> on miibus0
+# brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
+# Timecounter "mips" frequency 1200000000 Hz quality 0
+# Registered AMT tunnel Encap with UDP Tunnel!
+# Loading Redundant LT driver
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ATP ATP CG eUSB 1100> Fixed Direct Access SCSI-4 device
+# da0: 40.000MB/s transfers
+# da0: 7672MB (15712256 512 byte sectors: 255H 63S/T 978C)
+# Trying to mount root from ufs:/dev/da0s2a
+#
+# LPC bus driver
+# lpcbus0 on cpld0
+# tpm0: <Trusted Platform Module> on lpcbus0
+# tpm: IFX SLB 9660 TT 1.2 rev 0x10
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show version
+# Hostname: SWINK-PUBLIC-SCHOOLS-SRX-005440
+# Model: srx340
+# Junos: 15.1X49-D90.7
+# JUNOS Software Release [15.1X49-D90.7]
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show version invoke-on all-routing-engines
+# Hostname: SWINK-PUBLIC-SCHOOLS-SRX-005440
+# Model: srx340
+# Junos: 15.1X49-D90.7
+# JUNOS Software Release [15.1X49-D90.7]
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> file list /var/tmp detail
+# lrw-r--r-- 1 root wheel 11 Apr 29 02:34 /var/tmp@ -> /cf/var/tmp
+# total files: 1
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show system uptime
+# Time Source: NTP CLOCK
+# System booted: 2017-07-13 14:18 CDT
+# Protocols started: 2017-07-13 14:18 CDT
+# Last configured: 2017-08-04 16:25 CDT by admin
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.80 up up
+#ge-0/0/0.500 up up
+#ge-0/0/0.32767 up up
+#gr-0/0/0 up up
+#ip-0/0/0 up up
+#lsq-0/0/0 up up
+#lt-0/0/0 up up
+#mt-0/0/0 up up
+#sp-0/0/0 up up
+#sp-0/0/0.0 up up
+#sp-0/0/0.16383 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 up down
+#ge-0/0/3 up down
+#ge-0/0/4 up down
+#ge-0/0/5 up down
+#ge-0/0/6 up down
+#ge-0/0/7 up up
+#ge-0/0/7.0 up up
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ge-0/0/10 down down
+#ge-0/0/11 down down
+#ge-0/0/12 down down
+#ge-0/0/13 down down
+#ge-0/0/14 down down
+#ge-0/0/15 down down
+#fxp0 down down
+#fxp2 up up
+#fxp2.0 up up
+#gre up up
+#ipip up up
+#irb up up
+#irb.80 up up
+#irb.99 up down
+#irb.100 up up
+#irb.300 up up
+#jsrv up up
+#jsrv.1 up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lo0.16385 up up
+#lo0.32768 up up
+#lsi up up
+#mtun up up
+#pimd up up
+#pime up up
+#pp0 up up
+#ppd0 up up
+#ppe0 up up
+#st0 up up
+#tap up up
+#vlan up down
+#vtep up up
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show configuration
+## Last commit: 2017-08-04 16:25:12 CDT by admin
+version 15.1X49-D90.7;
+system {
+ host-name SWINK-PUBLIC-SCHOOLS-SRX-005440;
+ auto-snapshot;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.200.200;
+ 156.110.200.200;
+ }
+ radius-server {
+ 156.110.31.11 {
+# secret "<removed>"; ## SECRET-DATA
+ source-address 10.199.10.1;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 10.199.10.1;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class customer-admin {
+ idle-timeout 30;
+ permissions all;
+ deny-commands "load|shell";
+ deny-configuration "(system login)|(system root-authentication)";
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class customer-admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ dns {
+ forwarders {
+ 208.67.220.220;
+ 208.67.222.222;
+ }
+ dns-proxy {
+ interface {
+ irb.100;
+ }
+ cache {
+ www.google.com inet 216.239.38.120;
+ }
+ }
+ }
+ dhcp-local-server {
+ group ONENET-MGMT-L3VPN-DHCP {
+ interface irb.80;
+ }
+ group JDHCP-LAN {
+ interface irb.100;
+ }
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ }
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ config-button no-rescue no-clear;
+}
+security {
+ address-book {
+ global {
+ address GUEST-VLAN 10.3.0.0/23;
+ address TEST-VLAN 10.99.0.0/24;
+ address Aruba-Wireless {
+ description "SSID - SwinkPS /Pass - 0000011111";
+ 10.199.10.34/32;
+ }
+ address TRUST-VLAN 172.16.0.0/22;
+ address SWI1-SWINK-GYM 10.199.10.5/32;
+ address SWI1-SWINK-ELEMENTARY 10.199.10.3/32;
+ address SWI1-SWINK-4TH-GRADE 10.199.10.4/32;
+ address SWI1-SWINK-JENKINS 10.199.10.9/32;
+ address SWI1-SWINK-ADMIN 10.199.10.11/32;
+ address SWI2-SWINK-ELEMENTARY 10.199.10.12/32;
+ address SWI1-SWINK-NEWBUILDING 10.199.10.13/32;
+ }
+ }
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ pool TRUST-VLAN-NAT {
+ address {
+ 156.110.26.244/32;
+ }
+ }
+ pool GUEST-VLAN-NAT {
+ address {
+ 156.110.26.245/32;
+ }
+ }
+ rule-set CLIENT-TO-UNTRUST-NAT {
+ from zone [ GUEST TRUST ];
+ to zone UNTRUST;
+ rule NAT-TRUST-TO-UNTRUST {
+ match {
+ source-address 172.16.0.0/22;
+ }
+ then {
+ source-nat {
+ pool {
+ TRUST-VLAN-NAT;
+ }
+ }
+ }
+ }
+ rule NAT-GUEST-TO-UNTRUST {
+ match {
+ source-address 10.3.0.0/23;
+ }
+ then {
+ source-nat {
+ pool {
+ GUEST-VLAN-NAT;
+ }
+ }
+ }
+ }
+ }
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 10.99.0.0/24;
+ }
+ then {
+ source-nat {
+ pool {
+ TRUST-VLAN-NAT;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone ONENET-MGMT-L3VPN to-zone ONENET-MGMT-L3VPN {
+ policy ONENET-MGMT-L3VPN-TO-ONENET-MGMT-L3VPN {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TRUST to-zone TRUST {
+ policy TRUST-TO-TRUST {
+ match {
+ source-address TRUST-VLAN;
+ destination-address TRUST-VLAN;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address TRUST-VLAN;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone GUEST to-zone UNTRUST {
+ policy GUEST-TO-UNTRUST {
+ match {
+ source-address GUEST-VLAN;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address TEST-VLAN;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone ONENET-MGMT-L3VPN {
+ host-inbound-traffic {
+ system-services {
+ all;
+ }
+ protocols {
+ all;
+ }
+ }
+ interfaces {
+ ge-0/0/0.80;
+ irb.80;
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ ge-0/0/0.500 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TRUST {
+ interfaces {
+ irb.100 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone GUEST {
+ interfaces {
+ irb.300 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ irb.99 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
+interfaces {
+ ge-0/0/0 {
+ vlan-tagging;
+ unit 80 {
+ description "L3 INTERFACE - ONENET-MGMT-L3VPN - 10.199.255.101/31";
+ vlan-id 80;
+ family inet {
+ address 10.199.255.101/31;
+ }
+ }
+ unit 500 {
+ description "L3 INTERFACE - UNTRUST-WAN - 156.110.26.241/31";
+ vlan-id 500;
+ family inet {
+ address 156.110.26.241/31;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ interface-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/7 {
+ description "L2 TRUNK TO SWI1-SWINK-GYM";
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ONENET-MGMT-L3VPN-VLAN ];
+ }
+ }
+ }
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ disable;
+ }
+ fxp0 {
+ disable;
+ }
+ irb {
+ unit 80 {
+ description "L3 INTERFACE - ONENET-MGMT-L3VPN-VLAN - 10.199.10.1/26";
+ family inet {
+ address 10.199.10.1/26;
+ }
+ }
+ unit 99 {
+ description "L3 INTERFACE - TEST-VLAN - 10.99.0.1/24";
+ family inet {
+ address 10.99.0.1/24;
+ }
+ }
+ unit 100 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.0.1/22";
+ family inet {
+ address 172.16.0.1/22;
+ }
+ }
+ unit 300 {
+ description "L3 INTERFACE - GUEST-VLAN - 10.3.0.1/23";
+ family inet {
+ address 10.3.0.1/23;
+ }
+ }
+ }
+ protect: lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+}
+snmp {
+ description OneNet-SRX300-Template-3.0.0;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.255.100;
+ }
+}
+protocols {
+ l2-learning {
+ global-mode switching;
+ }
+ lldp {
+ interface all;
+ }
+ rstp {
+ bridge-priority 4k;
+ interface ge-0/0/1 {
+ edge;
+ bpdu-timeout-action {
+ block;
+ alarm;
+ }
+ }
+ bpdu-block-on-edge;
+ }
+}
+policy-options {
+ protect: prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ protect: prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
+firewall {
+ family inet {
+ protect: filter PROTECT-RE {
+ term SSH-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
+ term SNMP-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol udp;
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term SSH-DENY {
+ from {
+ protocol tcp;
+ destination-port ssh;
+ }
+ then {
+ discard;
+ }
+ }
+ term SNMP-DENY {
+ from {
+ protocol udp;
+ destination-port snmp;
+ }
+ then {
+ discard;
+ }
+ }
+ term ALL-TRAFFIC {
+ then accept;
+ }
+ }
+ }
+}
+access {
+ address-assignment {
+ pool WIFI-MGMT-POOL {
+ family inet {
+ network 10.199.10.1/26;
+ range WIFI-MGMT-RANGE {
+ low 10.199.10.34;
+ high 10.199.10.62;
+ }
+ dhcp-attributes {
+ domain-name onenet.net;
+ name-server {
+ 164.58.200.200;
+ }
+ router {
+ 10.199.10.1;
+ }
+ }
+ }
+ }
+ }
+}
+routing-instances {
+ CLIENT {
+ instance-type virtual-router;
+ system {
+ services {
+ dhcp-local-server {
+ group CLIENT-DHCP {
+ interface irb.99;
+ interface irb.100;
+ interface irb.300;
+ }
+ }
+ }
+ }
+ access {
+ address-assignment {
+ pool TRUST-VLAN-POOL {
+ family inet {
+ network 172.16.0.0/22;
+ range TRUST-VLAN-RANGE {
+ low 172.16.2.1;
+ high 172.16.3.254;
+ }
+ dhcp-attributes {
+ domain-name onenet.net;
+ name-server {
+ 172.16.0.1;
+ 208.67.220.220;
+ 208.67.222.222;
+ }
+ router {
+ 172.16.0.1;
+ }
+ }
+ host MAC-MINI-SERVER {
+ hardware-address c4:2c:03:0b:58:da;
+ ip-address 172.16.1.10;
+ }
+ host MAC-MINI-SERVER-WIFI {
+ hardware-address 60:33:4b:00:04:08;
+ ip-address 172.16.1.11;
+ }
+ }
+ }
+ pool GUEST-VLAN-POOL {
+ family inet {
+ network 10.3.0.0/23;
+ range GUEST-VLAN-RANGE {
+ low 10.3.0.10;
+ high 10.3.1.250;
+ }
+ dhcp-attributes {
+ domain-name onenet.net;
+ name-server {
+ 208.67.220.220;
+ 208.67.222.222;
+ }
+ router {
+ 10.3.0.1;
+ }
+ }
+ }
+ }
+ pool TEST-VLAN-POOL {
+ family inet {
+ network 10.99.0.0/24;
+ range TEST-VLAN-RANGE {
+ low 10.99.0.2;
+ high 10.99.0.254;
+ }
+ dhcp-attributes {
+ domain-name test.local;
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ router {
+ 10.99.0.1;
+ }
+ }
+ }
+ }
+ }
+ }
+ interface ge-0/0/0.500;
+ interface irb.99;
+ interface irb.100;
+ interface irb.300;
+ routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.26.240;
+ }
+ }
+ }
+}
+switch-options {
+ interface-mac-limit {
+ packet-action shutdown;
+ }
+ interface ge-0/0/1.0 {
+ interface-mac-limit {
+ 3;
+ }
+ }
+}
+vlans {
+ GUEST-VLAN {
+ description GUEST-VLAN;
+ vlan-id 300;
+ l3-interface irb.300;
+ }
+ ONENET-MGMT-L3VPN-VLAN {
+ description ONENET-MGMT-L3VPN-VLAN;
+ vlan-id 80;
+ l3-interface irb.80;
+ }
+ TEST-VLAN {
+ description "Test VLAN 99 for TESTING ONLY";
+ vlan-id 99;
+ l3-interface irb.99;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 100;
+ l3-interface irb.100;
+ }
+}
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show ospf neighbor
+# OSPF instance is not running
+#
+# grnoc-mon at SWINK-PUBLIC-SCHOOLS-SRX-005440> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
Index: configs/core.pot.onenet.net
===================================================================
--- configs/core.pot.onenet.net (revision 155490)
+++ configs/core.pot.onenet.net (working copy)
@@ -520,6 +520,11 @@
#lsi.1049456 up up
#lsi.1049457 up up
#lsi.1049459 up up
+#lsi.1049460 up up
+#lsi.1049461 up up
+#lsi.1049462 up up
+#lsi.1049463 up up
+#lsi.1049464 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/swi1-swink-newbuilding.client.onenet.net
===================================================================
--- configs/swi1-swink-newbuilding.client.onenet.net (revision 155498)
+++ configs/swi1-swink-newbuilding.client.onenet.net (working copy)
@@ -0,0 +1,572 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show system commit
+# 2017-07-13 16:40:59 CDT by admin via cli
+# 2017-07-13 16:32:28 CDT by admin via cli
+# 2015-08-18 13:59:35 CDT by root via other
+# 2015-08-18 13:56:29 CDT by onenet via cli commit confirmed, rollback in 2mins
+# 2015-08-18 13:50:54 CDT by onenet via cli
+# 2015-08-18 13:42:54 CDT by onenet via cli
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show chassis environment
+# Class Item Status Measurement
+# Power FPC 0 Power Supply 0 OK
+# Temp FPC 0 GEPHY1 OK
+# FPC 0 GEPHY2 OK
+# FPC 0 GEPHY3 OK
+# FPC 0 GEPHY4 OK
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show chassis firmware
+# Part Type Version
+# FPC 0 uboot U-Boot 1.1.6 (Apr 4 2013 - 10:33:10) 1.0
+# loader FreeBSD/arm U-Boot loader 1.1
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM 512 MB
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis GR0214450530 EX2200-C-12P-2G, POE+
+# Routing Engine 0 REV 10 650-036547 GR0214450530 EX2200-C-12P-2G, POE+
+# FPC 0 REV 10 650-036547 GR0214450530 EX2200-C-12P-2G, POE+
+# CPU BUILTIN BUILTIN FPC CPU
+# PIC 0 BUILTIN BUILTIN 12x 10/100/1000 Base-T
+# PIC 1 REV 10 650-036547 GR0214450530 2x (10/100/1000 Base-T or GE SFP)
+# Power Supply 0 PS 180W AC
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show chassis hardware models
+# Hardware inventory:
+# Item Version Part number Serial number FRU model number
+# Routing Engine 0 REV 10 650-036547 GR0214450530 EX2200-C-12P-2G
+# FPC 0 REV 10 650-036547 GR0214450530 EX2200-C-12P-2G
+# PIC 0 BUILTIN BUILTIN EX2200-C-12P-2G
+# PIC 1 REV 10 650-036547 GR0214450530 EX2200-C-12P-2G
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show chassis routing-engine
+# Routing Engine status:
+# Slot 0:
+# Current state Master
+# DRAM 512
+# Serial ID GR0214450530
+#
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show chassis scb
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show chassis sfm detail
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show chassis ssb
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show system boot-messages
+# fpc0:
+# --------------------------------------------------------------------------
+# GDB: debug ports: uart
+# GDB: current port: uart
+# KDB: debugger backends: ddb gdb
+# KDB: current backend: ddb
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# can't re-use a leaf (all_slot_serialid)!
+# CPU: Feroceon 88FR131 rev 1 (Marvell core)
+# cpu53: Feroceon 88FR131 revision WB enabled EABT branch prediction enabled
+# 16KB/32B 4-way Instruction cache
+# 16KB/32B 4-way write-back-locking-C Data cache
+# SOC: Marvell 88F6281 rev A0, TClock 200MHz
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
+# ETHERNET SOCKET BRIDGE initialising
+# Initializing EXSERIES properties ...
+# mbus0: <Marvell Internal Bus (Mbus)> on motherboard
+# ic0: <Marvell Integrated Interrupt Controller> at mem 0xf1020200-0xf102023b on mbus0
+# timer0: <Marvell CPU Timer> at mem 0xf1020300-0xf102032f irq 1 on mbus0
+# gpio0: <Marvell Integrated GPIO Controller> at mem 0xf1010100-0xf101011f irq 35,36,37,38,39,40,41 on mbus0
+# uart0: <16550 or compatible> at mem 0xf1012000-0xf101201f irq 33 on mbus0
+# uart0: console (9600,n,8,1)
+# uart1: <16550 or compatible> at mem 0xf1012100-0xf101211f irq 34 on mbus0
+# ehci0: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1050000-0xf1050fff irq 48,19 on mbus0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: Marvell EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x04b4 product 0x6560, class 9/0, rev 2.00/90.15, addr 2
+# uhub1: single transaction translator
+# uhub1: 2 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# mge0: <Marvell Gigabit Ethernet controller> at mem 0xf1072000-0xf1073fff irq 12,13,14,11,46 on mbus0
+# mge0: hardware MAC address f0:1c:2d:b8:65:bf
+# miibus0: <MII bus> on mge0
+# e1000phy0: <Marvell 88E1118 Gigabit PHY> on miibus0
+# e1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, auto
+# i2c0: <Marvell I2C ARM OnChip Controller> at mem 0xf1011000-0xf101101f irq 29 on mbus0
+# syspld0: <SYSPLD> on i2c0
+# poe0: <POE> on i2c0
+# cfi0: <SPI flash - 8MB> at mem 0xf1010600-0xf101062f,0xf8000000-0xf87fffff irq 23 on mbus0
+# mpfe0: <Juniper EX-series Packet Forwarding Engine> at mem 0xf4000000-0xf7ffffff irq 113 on mbus0
+# pcib0: <Marvell 88F6281 PCI-Express host controller> at mem 0xf1040000-0xf1041fff,0xe8000000-0xefffffff irq 9 on mbus0
+# pci0: <PCI bus> on pcib0
+# Initializing product: 119 ..
+# bmeb: bmeb_lib_init done 0xc3386800, addr 0xc1d5bac0
+# bme0:Virtual BME driver initializing
+# Timecounter "CPU Timer" frequency 200000000 Hz quality 1000
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)
+# Kernel thread "wkupdaemon" (pid 42) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s1a
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show version
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-NEWBUILDING-004785
+# Model: ex2200-c-12p-2g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show version invoke-on all-routing-engines
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-NEWBUILDING-004785
+# Model: ex2200-c-12p-2g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> file list /var/tmp detail
+#
+# /var/tmp:
+# total blocks: 44
+# drwxrwxr-x 2 root wheel 512 Dec 31 2009 .snap/
+# -rw-r--r-- 1 root field 2700 Mar 13 2014 ex_autod_config
+# -rw-r--r-- 1 root field 1796 Mar 13 2014 ex_autod_rollback_cfg
+# drwxr-xr-x 2 root wheel 512 Mar 13 2014 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 install/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 pics/
+# drwxr-xr-x 2 root field 512 Mar 13 2014 rtsdb/
+# drwxrwxrwt 2 root wheel 512 Mar 13 2014 vi.recover/
+# total files: 2
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show system uptime
+# fpc0:
+# --------------------------------------------------------------------------
+# System booted: 2017-07-23 20:23 CDT
+# Protocols started: 2017-07-23 20:26 CDT
+# Last configured: 2017-07-13 16:40 CDT by admin
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 up up
+#ge-0/0/2.0 up up
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
+#ge-0/0/4 up up
+#ge-0/0/4.0 up up
+#ge-0/0/5 up up
+#ge-0/0/5.0 up up
+#ge-0/0/6 up down
+#ge-0/0/6.0 up down
+#ge-0/0/7 up down
+#ge-0/0/7.0 up down
+#ge-0/0/8 up down
+#ge-0/0/8.0 up down
+#ge-0/0/9 up down
+#ge-0/0/9.0 up down
+#ge-0/0/10 up down
+#ge-0/0/10.0 up down
+#ge-0/0/11 up down
+#ge-0/0/11.0 up down
+#ge-0/1/0 up up
+#ge-0/1/0.0 up up
+#ge-0/1/1 down down
+#bme0 up up
+#bme0.32768 up up
+#dsc up up
+#gre up up
+#ipip up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lsi up up
+#me0 down down
+#me0.0 up down
+#mtun up up
+#pimd up up
+#pime up up
+#tap up up
+#vlan up up
+#vlan.80 up up
+#vme up down
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show configuration
+## Last commit: 2017-07-13 16:40:59 CDT by admin
+version 12.3R6.6;
+system {
+ host-name SWI1-SWINK-NEWBUILDING-004785;
+ auto-snapshot;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+ port 1812;
+ accounting-port 1813;
+# secret "<removed>"; ## SECRET-DATA
+ source-address 10.199.10.13;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 10.199.10.13;
+ }
+ }
+ login {
+ message "\n\n************************************ WARNING ****************************************\n\n* To protect the system from unauthorized use, *\n\n* activities on this system are monitored,recorded and subject to audit. *\n\n* Use of this system is expressed consent to such monitoring and recording. *\n\n* Any unauthorized access or use of this system is prohibited and *\n\n* is subject to criminal and civil penalties and/or administrative action. *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ max-sessions-per-connection 32;
+ }
+ netconf {
+ ssh;
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ host 164.58.253.92 {
+ any any;
+ }
+ host 164.58.253.38 {
+ any any;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ source-address 10.199.10.13;
+ }
+ max-configurations-on-flash 20;
+ ##
+ ## Warning: statement ignored: unsupported platform (ex2200-c-12p-2g)
+ ##
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+}
+interfaces {
+ interface-range TRUST-INTERACES {
+ member ge-0/0/1;
+ member ge-0/0/3;
+ member-range ge-0/0/5 to ge-0/0/11;
+ description TRUST-INTERACES;
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ interface-range WIFI {
+ member ge-0/0/0;
+ member ge-0/0/2;
+ member ge-0/0/4;
+ description WIFI-AP;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ];
+ }
+ native-vlan-id ONENET-MGMT-L3VPN-VLAN;
+ }
+ }
+ }
+ interface-range TRUNK-INTERFACES {
+ member ge-0/1/0;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ONENET-MGMT-L3VPN-VLAN ];
+ }
+ }
+ }
+ }
+ ge-0/1/0 {
+ description "L2 TRUNK TO SWI1-SWINK-ELEMENTRY";
+ media-type copper;
+ }
+ ge-0/1/1 {
+ disable;
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ me0 {
+ disable;
+ }
+ vlan {
+ unit 80 {
+ description "L3 INTERFACE - ONENET-MGMT-L3VPN-VLAN - 10.199.10.13/26";
+ family inet {
+ address 10.199.10.13/26;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.10.1;
+ }
+}
+protocols {
+ igmp-snooping {
+ vlan all;
+ }
+ rstp {
+ interface TRUST-INTERACES {
+ edge;
+ }
+ bpdu-block-on-edge;
+ }
+ lldp {
+ management-address 10.199.10.13;
+ interface all;
+ }
+ lldp-med {
+ interface all;
+ }
+}
+policy-options {
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term MGMT {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-DNS-SOURCES;
+ PRE-NTP-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ }
+ then accept;
+ }
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
+ term Reject {
+ then {
+ discard;
+ }
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface TRUST-INTERACES {
+ mac-limit 3 action log;
+ no-dhcp-trusted;
+ }
+ }
+ storm-control {
+ action-shutdown;
+ interface all {
+ bandwidth 2097152;
+ }
+ }
+ bpdu-block {
+ interface TRUST-INTERACES {
+ shutdown;
+ }
+ disable-timeout 300;
+ }
+}
+vlans {
+ GUEST-VLAN {
+ description GUEST-VLAN;
+ vlan-id 300;
+ }
+ ONENET-MGMT-L3VPN-VLAN {
+ description ONENET-MGMT-L3VPN-VLAN;
+ vlan-id 80;
+ l3-interface vlan.80;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 100;
+ }
+}
+poe {
+ interface all;
+}
+{master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show ospf neighbor
+# OSPF instance is not running
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-NEWBUILDING-004785> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+{master:0}
Index: configs/core.hut.wea.onenet.net
===================================================================
--- configs/core.hut.wea.onenet.net (revision 155490)
+++ configs/core.hut.wea.onenet.net (working copy)
@@ -352,6 +352,12 @@
#lsi.1051984 up up
#lsi.1051986 up up
#lsi.1051988 up up
+#lsi.1051989 up up
+#lsi.1051990 up up
+#lsi.1051991 up up
+#lsi.1051992 up up
+#lsi.1051993 up up
+#lsi.1051994 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: configs/swi1-swink-4th-grade.client.onenet.net
===================================================================
--- configs/swi1-swink-4th-grade.client.onenet.net (revision 155493)
+++ configs/swi1-swink-4th-grade.client.onenet.net (working copy)
@@ -0,0 +1,588 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show system commit
+# 2017-08-04 16:31:41 CDT by admin via cli
+# 2017-08-04 16:27:43 CDT by joel via cli
+# 2017-07-13 16:01:16 CDT by admin via cli
+# 2017-07-13 15:29:31 CDT by onenet via cli
+# 2014-03-13 05:30:35 CDT by root via cli
+# 2014-03-13 05:25:58 CDT by root via button
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show chassis environment
+# Class Item Status Measurement
+# Power FPC 0 Power Supply 0 OK
+# Temp FPC 0 GEPHY1 OK
+# FPC 0 GEPHY2 OK
+# FPC 0 GEPHY3 OK
+# FPC 0 GEPHY4 OK
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show chassis firmware
+# Part Type Version
+# FPC 0 uboot U-Boot 1.1.6 (Apr 4 2013 - 10:33:10) 1.0
+# loader FreeBSD/arm U-Boot loader 1.1
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM 512 MB
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis GR0214450704 EX2200-C-12P-2G, POE+
+# Routing Engine 0 REV 10 650-036547 GR0214450704 EX2200-C-12P-2G, POE+
+# FPC 0 REV 10 650-036547 GR0214450704 EX2200-C-12P-2G, POE+
+# CPU BUILTIN BUILTIN FPC CPU
+# PIC 0 BUILTIN BUILTIN 12x 10/100/1000 Base-T
+# PIC 1 REV 10 650-036547 GR0214450704 2x (10/100/1000 Base-T or GE SFP)
+# Xcvr 0 REV 01 740-031851 AM1144SW5YW SFP-SX
+# Power Supply 0 PS 180W AC
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show chassis hardware models
+# Hardware inventory:
+# Item Version Part number Serial number FRU model number
+# Routing Engine 0 REV 10 650-036547 GR0214450704 EX2200-C-12P-2G
+# FPC 0 REV 10 650-036547 GR0214450704 EX2200-C-12P-2G
+# PIC 0 BUILTIN BUILTIN EX2200-C-12P-2G
+# PIC 1 REV 10 650-036547 GR0214450704 EX2200-C-12P-2G
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show chassis routing-engine
+# Routing Engine status:
+# Slot 0:
+# Current state Master
+# DRAM 512
+# Serial ID GR0214450704
+#
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show chassis scb
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show chassis sfm detail
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show chassis ssb
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show system boot-messages
+# fpc0:
+# --------------------------------------------------------------------------
+# GDB: debug ports: uart
+# GDB: current port: uart
+# KDB: debugger backends: ddb gdb
+# KDB: current backend: ddb
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# can't re-use a leaf (all_slot_serialid)!
+# CPU: Feroceon 88FR131 rev 1 (Marvell core)
+# cpu53: Feroceon 88FR131 revision WB enabled EABT branch prediction enabled
+# 16KB/32B 4-way Instruction cache
+# 16KB/32B 4-way write-back-locking-C Data cache
+# SOC: Marvell 88F6281 rev A0, TClock 200MHz
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
+# ETHERNET SOCKET BRIDGE initialising
+# Initializing EXSERIES properties ...
+# mbus0: <Marvell Internal Bus (Mbus)> on motherboard
+# ic0: <Marvell Integrated Interrupt Controller> at mem 0xf1020200-0xf102023b on mbus0
+# timer0: <Marvell CPU Timer> at mem 0xf1020300-0xf102032f irq 1 on mbus0
+# gpio0: <Marvell Integrated GPIO Controller> at mem 0xf1010100-0xf101011f irq 35,36,37,38,39,40,41 on mbus0
+# uart0: <16550 or compatible> at mem 0xf1012000-0xf101201f irq 33 on mbus0
+# uart0: console (9600,n,8,1)
+# uart1: <16550 or compatible> at mem 0xf1012100-0xf101211f irq 34 on mbus0
+# ehci0: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1050000-0xf1050fff irq 48,19 on mbus0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: Marvell EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x04b4 product 0x6560, class 9/0, rev 2.00/90.15, addr 2
+# uhub1: single transaction translator
+# uhub1: 2 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# mge0: <Marvell Gigabit Ethernet controller> at mem 0xf1072000-0xf1073fff irq 12,13,14,11,46 on mbus0
+# mge0: hardware MAC address f0:1c:2d:b8:7f:3f
+# miibus0: <MII bus> on mge0
+# e1000phy0: <Marvell 88E1118 Gigabit PHY> on miibus0
+# e1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, auto
+# i2c0: <Marvell I2C ARM OnChip Controller> at mem 0xf1011000-0xf101101f irq 29 on mbus0
+# syspld0: <SYSPLD> on i2c0
+# poe0: <POE> on i2c0
+# cfi0: <SPI flash - 8MB> at mem 0xf1010600-0xf101062f,0xf8000000-0xf87fffff irq 23 on mbus0
+# mpfe0: <Juniper EX-series Packet Forwarding Engine> at mem 0xf4000000-0xf7ffffff irq 113 on mbus0
+# pcib0: <Marvell 88F6281 PCI-Express host controller> at mem 0xf1040000-0xf1041fff,0xe8000000-0xefffffff irq 9 on mbus0
+# pci0: <PCI bus> on pcib0
+# Initializing product: 119 ..
+# bmeb: bmeb_lib_init done 0xc3386800, addr 0xc1d5bac0
+# bme0:Virtual BME driver initializing
+# Timecounter "CPU Timer" frequency 200000000 Hz quality 1000
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)
+# Kernel thread "wkupdaemon" (pid 42) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s1a
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show version
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-4TH-GRADE-004786
+# Model: ex2200-c-12p-2g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show version invoke-on all-routing-engines
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-4TH-GRADE-004786
+# Model: ex2200-c-12p-2g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> file list /var/tmp detail
+#
+# /var/tmp:
+# total blocks: 76
+# drwxrwxr-x 2 root wheel 512 Mar 13 2014 .snap/
+# -rw-r--r-- 1 root field 2700 Mar 13 2014 ex_autod_config
+# -rw-r--r-- 1 root field 1796 Mar 13 2014 ex_autod_rollback_cfg
+# drwxr-xr-x 2 root wheel 512 Mar 13 2014 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 install/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 pics/
+# drwxr-xr-x 2 root field 512 Mar 13 2014 rtsdb/
+# drwxrwxrwt 2 root wheel 512 Mar 13 2014 vi.recover/
+# total files: 2
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show system uptime
+# fpc0:
+# --------------------------------------------------------------------------
+# System booted: 2017-07-23 20:23 CDT
+# Protocols started: 2017-07-23 20:26 CDT
+# Last configured: 2017-08-04 16:31 CDT by admin
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up up
+#ge-0/0/0.0 up up
+#ge-0/0/1 up up
+#ge-0/0/1.0 up up
+#ge-0/0/2 up up
+#ge-0/0/2.0 up up
+#ge-0/0/3 up up
+#ge-0/0/3.0 up up
+#ge-0/0/4 up down
+#ge-0/0/4.0 up down
+#ge-0/0/5 up down
+#ge-0/0/5.0 up down
+#ge-0/0/6 up down
+#ge-0/0/6.0 up down
+#ge-0/0/7 up down
+#ge-0/0/7.0 up down
+#ge-0/0/8 up up
+#ge-0/0/8.0 up up
+#ge-0/0/9 up down
+#ge-0/0/9.0 up down
+#ge-0/0/10 up down
+#ge-0/0/10.0 up down
+#ge-0/0/11 up down
+#ge-0/0/11.0 up down
+#ge-0/1/0 up up
+#ge-0/1/0.0 up up
+#ge-0/1/1 up down
+#bme0 up up
+#bme0.32768 up up
+#dsc up up
+#gre up up
+#ipip up up
+#jsrv up up
+#jsrv.1 up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lsi up up
+#me0 down down
+#me0.0 up down
+#mtun up up
+#pimd up up
+#pime up up
+#tap up up
+#vlan up up
+#vlan.80 up up
+#vme up down
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show configuration
+## Last commit: 2017-08-04 16:31:41 CDT by admin
+version 12.3R6.6;
+system {
+ host-name SWI1-SWINK-4TH-GRADE-004786;
+ auto-snapshot;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+ port 1812;
+ accounting-port 1813;
+# secret "<removed>"; ## SECRET-DATA
+ source-address 10.199.10.4;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 10.199.10.4;
+ }
+ }
+ login {
+ message "\n\n************************************ WARNING ****************************************\n\n* To protect the system from unauthorized use, *\n\n* activities on this system are monitored,recorded and subject to audit. *\n\n* Use of this system is expressed consent to such monitoring and recording. *\n\n* Any unauthorized access or use of this system is prohibited and *\n\n* is subject to criminal and civil penalties and/or administrative action. *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ max-sessions-per-connection 32;
+ }
+ netconf {
+ ssh;
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ host 164.58.253.92 {
+ any any;
+ }
+ host 164.58.253.38 {
+ any any;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ source-address 10.199.10.4;
+ }
+ max-configurations-on-flash 20;
+ ##
+ ## Warning: statement ignored: unsupported platform (ex2200-c-12p-2g)
+ ##
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+}
+interfaces {
+ interface-range TRUST-INTERACES {
+ member-range ge-0/0/5 to ge-0/0/7;
+ member-range ge-0/0/9 to ge-0/0/11;
+ description TRUST-INTERACES;
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ interface-range WIFI {
+ member ge-0/0/0;
+ member ge-0/0/2;
+ member ge-0/0/8;
+ description WIFI-AP;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ];
+ }
+ native-vlan-id ONENET-MGMT-L3VPN-VLAN;
+ }
+ }
+ }
+ interface-range TRUNK-INTERFACES {
+ member ge-0/0/1;
+ member ge-0/0/3;
+ member ge-0/0/4;
+ member ge-0/1/0;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ONENET-MGMT-L3VPN-VLAN ];
+ }
+ }
+ }
+ }
+ ge-0/0/0 {
+ description "WIFI-AP - Principalage";
+ }
+ ge-0/0/1 {
+ description "Link to Library Switch - down";
+ }
+ ge-0/0/2 {
+ description "WIFI-AP - Reading Room";
+ }
+ ge-0/0/3 {
+ description "L2 TRUNK TO SWI1-SWINK-JENKINS";
+ }
+ ge-0/0/4 {
+ description "Link to Print Shop Switch - down";
+ }
+ ge-0/1/0 {
+ description "L2 TRUNK TO SWI1-SWINK-GYM";
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ me0 {
+ disable;
+ }
+ vlan {
+ unit 80 {
+ description "L3 INTERFACE - ONENET-MGMT-L3VPN-VLAN - 10.199.10.4/26";
+ family inet {
+ address 10.199.10.4/26;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.10.1;
+ }
+}
+protocols {
+ igmp-snooping {
+ vlan all;
+ }
+ rstp {
+ interface TRUST-INTERACES {
+ edge;
+ }
+ bpdu-block-on-edge;
+ }
+ lldp {
+ management-address 10.199.10.4;
+ interface all;
+ }
+ lldp-med {
+ interface all;
+ }
+}
+policy-options {
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term MGMT {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-DNS-SOURCES;
+ PRE-NTP-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ }
+ then accept;
+ }
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
+ term Reject {
+ then {
+ discard;
+ }
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface TRUST-INTERACES {
+ mac-limit 3 action log;
+ no-dhcp-trusted;
+ }
+ }
+ storm-control {
+ action-shutdown;
+ interface all {
+ bandwidth 2097152;
+ }
+ }
+ bpdu-block {
+ interface TRUST-INTERACES {
+ shutdown;
+ }
+ disable-timeout 300;
+ }
+}
+vlans {
+ GUEST-VLAN {
+ description GUEST-VLAN;
+ vlan-id 300;
+ }
+ ONENET-MGMT-L3VPN-VLAN {
+ description ONENET-MGMT-L3VPN-VLAN;
+ vlan-id 80;
+ l3-interface vlan.80;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 100;
+ }
+}
+poe {
+ interface all;
+}
+{master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show ospf neighbor
+# OSPF instance is not running
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-4TH-GRADE-004786> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+{master:0}
Index: configs/core.hut.pra.onenet.net
===================================================================
--- configs/core.hut.pra.onenet.net (revision 155490)
+++ configs/core.hut.pra.onenet.net (working copy)
@@ -361,6 +361,8 @@
#lsi.1048815 up up
#lsi.1048817 up up
#lsi.1048818 up up
+#lsi.1048819 up up
+#lsi.1048820 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: configs/poteau-ps.nid.onenet.net
===================================================================
--- configs/poteau-ps.nid.onenet.net (revision 155366)
+++ configs/poteau-ps.nid.onenet.net (working copy)
@@ -1796,8 +1796,7 @@
#
home
configure system
- ecpa-streams 7
- stream-name "stream-7"
+ ecpa-streams8100 stream-name "stream-7"
framesize 64
rate 10048000
payload-type fixed
Index: configs/core1.okccc.onenet.net
===================================================================
--- configs/core1.okccc.onenet.net (revision 155490)
+++ configs/core1.okccc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKCCC-MX960-RE0> show system commit
+# 2017-08-04 16:25:35 CDT by andrew via cli commit synchronize
+# 2017-08-04 16:22:49 CDT by andrew via cli commit synchronize
# 2017-08-04 15:11:04 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
# 2017-07-30 12:28:49 CDT by andrew via cli commit synchronize
# 2017-07-29 21:20:05 CDT by andrew via cli commit synchronize
# 2017-07-28 20:24:44 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
-# 2017-07-26 19:58:52 CDT by andrew via cli commit synchronize
-# 2017-07-14 17:03:10 CDT by andrew via cli commit synchronize
# grnoc-mon at OKCCC-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -526,7 +526,7 @@
# grnoc-mon at OKCCC-MX960-RE0> show system uptime
# System booted: 2016-03-20 01:24 CDT
# Protocols started: 2016-03-20 01:26 CDT
-# Last configured: 2017-08-04 15:11 CDT by andrew
+# Last configured: 2017-08-04 16:25 CDT by andrew
#
# {master}
# grnoc-mon at OKCCC-MX960-RE0> show interface terse
@@ -664,6 +664,7 @@
#lo0.16385 up up
#lsi up up
#lsi.0 up up
+#lsi.1053440 up up
#mtun up up
#pimd up up
#pime up up
@@ -671,7 +672,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKCCC-MX960-RE0> show configuration
-## Last commit: 2017-08-04 15:11:04 CDT by andrew
+## Last commit: 2017-08-04 16:25:35 CDT by andrew
version 13.3R8.7;
groups {
re0 {
@@ -979,6 +980,7 @@
mtu 9000;
address 2610:1d8:2000::21/127;
}
+ family mpls;
}
}
ge-0/2/0 {
@@ -1474,6 +1476,7 @@
interface xe-2/1/0.40;
interface ae0.42;
interface ge-0/3/0.42;
+ interface xe-0/1/1.42;
}
bgp {
group CORE-RR-OKC-V6 {
@@ -1847,6 +1850,7 @@
interface ge-0/0/0.0;
interface xe-0/0/0.212;
interface xe-0/1/0.216;
+ interface xe-0/1/1.42;
interface ge-0/2/0.0;
interface ge-0/3/0.42;
interface xe-1/0/1.0;
Index: configs/swi1-swink-jenkins.client.onenet.net
===================================================================
--- configs/swi1-swink-jenkins.client.onenet.net (revision 155497)
+++ configs/swi1-swink-jenkins.client.onenet.net (working copy)
@@ -0,0 +1,578 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show system commit
+# 2017-07-13 16:57:06 CDT by admin via cli
+# 2014-03-18 23:54:05 CDT by admin via cli
+# 2014-03-14 07:36:33 CDT by admin via cli
+# 2014-03-14 07:35:07 CDT by admin via cli
+# 2014-03-14 07:32:49 CDT by admin via cli
+# 2014-03-14 07:30:53 CDT by admin via cli commit confirmed, rollback in 3mins
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show chassis environment
+# Class Item Status Measurement
+# Power FPC 0 Power Supply 0 OK
+# Temp FPC 0 GEPHY1 OK
+# FPC 0 GEPHY2 OK
+# FPC 0 GEPHY3 OK
+# FPC 0 GEPHY4 OK
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show chassis firmware
+# Part Type Version
+# FPC 0 uboot U-Boot 1.1.6 (Apr 4 2013 - 10:33:10) 1.0
+# loader FreeBSD/arm U-Boot loader 1.1
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM 512 MB
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis GR0214460881 EX2200-C-12P-2G, POE+
+# Routing Engine 0 REV 10 650-036547 GR0214460881 EX2200-C-12P-2G, POE+
+# FPC 0 REV 10 650-036547 GR0214460881 EX2200-C-12P-2G, POE+
+# CPU BUILTIN BUILTIN FPC CPU
+# PIC 0 BUILTIN BUILTIN 12x 10/100/1000 Base-T
+# PIC 1 REV 10 650-036547 GR0214460881 2x (10/100/1000 Base-T or GE SFP)
+# Power Supply 0 PS 180W AC
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show chassis hardware models
+# Hardware inventory:
+# Item Version Part number Serial number FRU model number
+# Routing Engine 0 REV 10 650-036547 GR0214460881 EX2200-C-12P-2G
+# FPC 0 REV 10 650-036547 GR0214460881 EX2200-C-12P-2G
+# PIC 0 BUILTIN BUILTIN EX2200-C-12P-2G
+# PIC 1 REV 10 650-036547 GR0214460881 EX2200-C-12P-2G
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show chassis routing-engine
+# Routing Engine status:
+# Slot 0:
+# Current state Master
+# DRAM 512
+# Serial ID GR0214460881
+#
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show chassis scb
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show chassis sfm detail
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show chassis ssb
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show system boot-messages
+# fpc0:
+# --------------------------------------------------------------------------
+# GDB: debug ports: uart
+# GDB: current port: uart
+# KDB: debugger backends: ddb gdb
+# KDB: current backend: ddb
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# can't re-use a leaf (all_slot_serialid)!
+# CPU: Feroceon 88FR131 rev 1 (Marvell core)
+# cpu53: Feroceon 88FR131 revision WB enabled EABT branch prediction enabled
+# 16KB/32B 4-way Instruction cache
+# 16KB/32B 4-way write-back-locking-C Data cache
+# SOC: Marvell 88F6281 rev A0, TClock 200MHz
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
+# ETHERNET SOCKET BRIDGE initialising
+# Initializing EXSERIES properties ...
+# mbus0: <Marvell Internal Bus (Mbus)> on motherboard
+# ic0: <Marvell Integrated Interrupt Controller> at mem 0xf1020200-0xf102023b on mbus0
+# timer0: <Marvell CPU Timer> at mem 0xf1020300-0xf102032f irq 1 on mbus0
+# gpio0: <Marvell Integrated GPIO Controller> at mem 0xf1010100-0xf101011f irq 35,36,37,38,39,40,41 on mbus0
+# uart0: <16550 or compatible> at mem 0xf1012000-0xf101201f irq 33 on mbus0
+# uart0: console (9600,n,8,1)
+# uart1: <16550 or compatible> at mem 0xf1012100-0xf101211f irq 34 on mbus0
+# ehci0: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1050000-0xf1050fff irq 48,19 on mbus0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: Marvell EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x04b4 product 0x6560, class 9/0, rev 2.00/90.15, addr 2
+# uhub1: single transaction translator
+# uhub1: 2 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# mge0: <Marvell Gigabit Ethernet controller> at mem 0xf1072000-0xf1073fff irq 12,13,14,11,46 on mbus0
+# mge0: hardware MAC address f0:1c:2d:b7:e0:bf
+# miibus0: <MII bus> on mge0
+# e1000phy0: <Marvell 88E1118 Gigabit PHY> on miibus0
+# e1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, auto
+# i2c0: <Marvell I2C ARM OnChip Controller> at mem 0xf1011000-0xf101101f irq 29 on mbus0
+# syspld0: <SYSPLD> on i2c0
+# poe0: <POE> on i2c0
+# cfi0: <SPI flash - 8MB> at mem 0xf1010600-0xf101062f,0xf8000000-0xf87fffff irq 23 on mbus0
+# mpfe0: <Juniper EX-series Packet Forwarding Engine> at mem 0xf4000000-0xf7ffffff irq 113 on mbus0
+# pcib0: <Marvell 88F6281 PCI-Express host controller> at mem 0xf1040000-0xf1041fff,0xe8000000-0xefffffff irq 9 on mbus0
+# pci0: <PCI bus> on pcib0
+# Initializing product: 119 ..
+# bmeb: bmeb_lib_init done 0xc3386800, addr 0xc1d5bac0
+# bme0:Virtual BME driver initializing
+# Timecounter "CPU Timer" frequency 200000000 Hz quality 1000
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)
+# Kernel thread "wkupdaemon" (pid 42) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s1a
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show version
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-JENKINS-004742
+# Model: ex2200-c-12p-2g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show version invoke-on all-routing-engines
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-JENKINS-004742
+# Model: ex2200-c-12p-2g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> file list /var/tmp detail
+#
+# /var/tmp:
+# total blocks: 44
+# drwxrwxr-x 2 root wheel 512 Dec 31 2009 .snap/
+# -rw-r--r-- 1 root field 2700 Mar 13 2014 ex_autod_config
+# -rw-r--r-- 1 root field 1796 Mar 13 2014 ex_autod_rollback_cfg
+# drwxr-xr-x 2 root wheel 512 Mar 13 2014 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 install/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 pics/
+# drwxr-xr-x 2 root field 512 Mar 13 2014 rtsdb/
+# drwxrwxrwt 2 root wheel 512 Mar 13 2014 vi.recover/
+# total files: 2
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show system uptime
+# fpc0:
+# --------------------------------------------------------------------------
+# System booted: 2017-07-23 20:23 CDT
+# Protocols started: 2017-07-23 20:26 CDT
+# Last configured: 2017-07-13 16:57 CDT by admin
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up down
+#ge-0/0/0.0 up down
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 up down
+#ge-0/0/2.0 up down
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
+#ge-0/0/4 up down
+#ge-0/0/4.0 up down
+#ge-0/0/5 up down
+#ge-0/0/5.0 up down
+#ge-0/0/6 up down
+#ge-0/0/6.0 up down
+#ge-0/0/7 up down
+#ge-0/0/7.0 up down
+#ge-0/0/8 up down
+#ge-0/0/8.0 up down
+#ge-0/0/9 up down
+#ge-0/0/9.0 up down
+#ge-0/0/10 up down
+#ge-0/0/10.0 up down
+#ge-0/0/11 up up
+#ge-0/0/11.0 up up
+#ge-0/1/0 up up
+#ge-0/1/0.0 up up
+#ge-0/1/1 down down
+#bme0 up up
+#bme0.32768 up up
+#dsc up up
+#gre up up
+#ipip up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lsi up up
+#me0 down down
+#me0.0 up down
+#mtun up up
+#pimd up up
+#pime up up
+#tap up up
+#vlan up up
+#vlan.80 up up
+#vme up down
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show configuration
+## Last commit: 2017-07-13 16:57:06 CDT by admin
+version 12.3R6.6;
+system {
+ host-name SWI1-SWINK-JENKINS-004742;
+ auto-snapshot;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+ port 1812;
+ accounting-port 1813;
+# secret "<removed>"; ## SECRET-DATA
+ source-address 10.199.10.9;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 10.199.10.9;
+ }
+ }
+ login {
+ message "\n\n************************************ WARNING ****************************************\n\n* To protect the system from unauthorized use, *\n\n* activities on this system are monitored,recorded and subject to audit. *\n\n* Use of this system is expressed consent to such monitoring and recording. *\n\n* Any unauthorized access or use of this system is prohibited and *\n\n* is subject to criminal and civil penalties and/or administrative action. *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ max-sessions-per-connection 32;
+ }
+ netconf {
+ ssh;
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ host 164.58.253.92 {
+ any any;
+ }
+ host 164.58.253.38 {
+ any any;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ source-address 10.199.10.9;
+ }
+ max-configurations-on-flash 20;
+ ##
+ ## Warning: statement ignored: unsupported platform (ex2200-c-12p-2g)
+ ##
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+}
+interfaces {
+ interface-range TRUST-INTERACES {
+ member-range ge-0/0/0 to ge-0/0/10;
+ description TRUST-INTERACES;
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ interface-range WIFI {
+ member ge-0/0/11;
+ description WIFI-AP;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ];
+ }
+ native-vlan-id ONENET-MGMT-L3VPN-VLAN;
+ }
+ }
+ }
+ interface-range TRUNK-INTERFACES {
+ member ge-0/1/0;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ONENET-MGMT-L3VPN-VLAN ];
+ }
+ }
+ }
+ }
+ ge-0/0/42 {
+ description "L2 TRUNK TO SWI1-SWINK-ADMIN";
+ }
+ ge-0/0/46 {
+ description "L2 TRUNK TO SWI2-SWINK-GYMNASIUM";
+ }
+ ge-0/0/47 {
+ description "L2 TRUNK TO SWINK-PUBLIC-SCHOOLS-SRX (GYM)";
+ }
+ ge-0/1/0 {
+ description "L2 TRUNK TO SWI1-SWINK-4TH-GRADE";
+ media-type copper;
+ }
+ ge-0/1/1 {
+ description "L2 TRUNK TO SWI1-SWINK-4TH-GRADE";
+ disable;
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ me0 {
+ disable;
+ }
+ vlan {
+ unit 80 {
+ description "L3 INTERFACE - ONENET-MGMT-L3VPN-VLAN - 10.199.10.9/26";
+ family inet {
+ address 10.199.10.9/26;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.10.1;
+ }
+}
+protocols {
+ igmp-snooping {
+ vlan all;
+ }
+ rstp {
+ interface TRUST-INTERACES {
+ edge;
+ }
+ bpdu-block-on-edge;
+ }
+ lldp {
+ management-address 10.199.10.9;
+ interface all;
+ }
+ lldp-med {
+ interface all;
+ }
+}
+policy-options {
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term MGMT {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-DNS-SOURCES;
+ PRE-NTP-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ }
+ then accept;
+ }
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
+ term Reject {
+ then {
+ discard;
+ }
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface TRUST-INTERACES {
+ mac-limit 3 action log;
+ no-dhcp-trusted;
+ }
+ }
+ storm-control {
+ action-shutdown;
+ interface all {
+ bandwidth 2097152;
+ }
+ }
+ bpdu-block {
+ interface TRUST-INTERACES {
+ shutdown;
+ }
+ disable-timeout 300;
+ }
+}
+vlans {
+ GUEST-VLAN {
+ description GUEST-VLAN;
+ vlan-id 300;
+ }
+ ONENET-MGMT-L3VPN-VLAN {
+ description ONENET-MGMT-L3VPN-VLAN;
+ vlan-id 80;
+ l3-interface vlan.80;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 100;
+ }
+}
+poe {
+ interface all;
+}
+{master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show ospf neighbor
+# OSPF instance is not running
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-JENKINS-004742> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+{master:0}
Index: configs/core.chi.onenet.net
===================================================================
--- configs/core.chi.onenet.net (revision 155490)
+++ configs/core.chi.onenet.net (working copy)
@@ -460,6 +460,9 @@
#lsi.1049022 up up
#lsi.1049026 up up
#lsi.1049028 up up
+#lsi.1049029 up up
+#lsi.1049030 up up
+#lsi.1049031 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/swi1-swink-elementary.client.onenet.net
===================================================================
--- configs/swi1-swink-elementary.client.onenet.net (revision 155495)
+++ configs/swi1-swink-elementary.client.onenet.net (working copy)
@@ -0,0 +1,655 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show system commit
+# 2017-07-13 16:00:22 CDT by admin via cli
+# 2014-03-20 20:40:12 CDT by admin via cli commit confirmed, rollback in 3mins
+# 2014-03-20 20:39:11 CDT by admin via cli commit confirmed, rollback in 3mins
+# 2014-03-17 06:01:18 CDT by admin via cli commit confirmed, rollback in 3mins
+# 2014-03-13 04:37:44 CDT by root via other
+# 2013-09-13 07:30:19 CDT by admin via cli
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show chassis environment
+# Class Item Status Measurement
+# Power FPC 0 Power Supply 0 OK
+# Temp FPC 0 CPU OK
+# FPC 0 Exhaust Area OK
+# FPC 0 EX-PFE1 OK
+# FPC 0 EX-PFE2 OK
+# FPC 0 Local Intake OK
+# FPC 0 Remote Intake OK
+# FPC 0 GEPHY1 OK
+# FPC 0 GEPHY2 OK
+# FPC 0 GEPHY3 OK
+# FPC 0 GEPHY4 OK
+# FPC 0 GEPHY5 OK
+# FPC 0 GEPHY6 OK
+# FPC 0 GEPHY7 OK
+# FPC 0 GEPHY8 OK
+# FPC 0 GEPHY9 OK
+# FPC 0 GEPHY10 OK
+# FPC 0 GEPHY11 OK
+# FPC 0 GEPHY12 OK
+# Fans FPC 0 Fan 1 OK
+# FPC 0 Fan 2 OK
+# FPC 0 PSU Fan OK
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show chassis firmware
+# Part Type Version
+# FPC 0 uboot U-Boot 1.1.6 (Jul 26 2011 - 03:49:27) 1.0
+# loader FreeBSD/arm U-Boot loader 1.1
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM 512 MB
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis CT0214161786 EX2200-48P-4G
+# Routing Engine 0 REV 28 750-026331 CT0214161786 EX2200-48P-4G, POE
+# FPC 0 REV 28 750-026331 CT0214161786 EX2200-48P-4G, POE
+# CPU BUILTIN BUILTIN FPC CPU
+# PIC 0 BUILTIN BUILTIN 48x 10/100/1000 Base-T
+# PIC 1 REV 28 750-026331 CT0214161786 4x GE SFP
+# Xcvr 0 REV 01 740-031851 AM1144SW6RH SFP-SX
+# Power Supply 0 PS 550W AC
+# Fan Tray Fan Tray
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show chassis hardware models
+# Hardware inventory:
+# Item Version Part number Serial number FRU model number
+# Routing Engine 0 REV 28 750-026331 CT0214161786 EX2200-48P-4G
+# FPC 0 REV 28 750-026331 CT0214161786 EX2200-48P-4G
+# PIC 0 BUILTIN BUILTIN EX2200-48P-4G
+# PIC 1 REV 28 750-026331 CT0214161786 EX2200-48P-4G
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show chassis routing-engine
+# Routing Engine status:
+# Slot 0:
+# Current state Master
+# DRAM 512
+# Serial ID CT0214161786
+#
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show chassis scb
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show chassis sfm detail
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show chassis ssb
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show system boot-messages
+# fpc0:
+# --------------------------------------------------------------------------
+# GDB: debug ports: uart
+# GDB: current port: uart
+# KDB: debugger backends: ddb gdb
+# KDB: current backend: ddb
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# can't re-use a leaf (all_slot_serialid)!
+# CPU: Feroceon 88FR131 rev 1 (Marvell core)
+# cpu53: Feroceon 88FR131 revision WB enabled EABT branch prediction enabled
+# 16KB/32B 4-way Instruction cache
+# 16KB/32B 4-way write-back-locking-C Data cache
+# SOC: Marvell 88F6281 rev A0, TClock 200MHz
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
+# ETHERNET SOCKET BRIDGE initialising
+# Initializing EXSERIES properties ...
+# mbus0: <Marvell Internal Bus (Mbus)> on motherboard
+# ic0: <Marvell Integrated Interrupt Controller> at mem 0xf1020200-0xf102023b on mbus0
+# timer0: <Marvell CPU Timer> at mem 0xf1020300-0xf102032f irq 1 on mbus0
+# gpio0: <Marvell Integrated GPIO Controller> at mem 0xf1010100-0xf101011f irq 35,36,37,38,39,40,41 on mbus0
+# uart0: <16550 or compatible> at mem 0xf1012000-0xf101201f irq 33 on mbus0
+# uart0: console (9600,n,8,1)
+# uart1: <16550 or compatible> at mem 0xf1012100-0xf101211f irq 34 on mbus0
+# ehci0: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1050000-0xf1050fff irq 48,19 on mbus0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: Marvell EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x04b4 product 0x6560, class 9/0, rev 2.00/90.15, addr 2
+# uhub1: single transaction translator
+# uhub1: 2 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# mge0: <Marvell Gigabit Ethernet controller> at mem 0xf1072000-0xf1073fff irq 12,13,14,11,46 on mbus0
+# mge0: hardware MAC address 84:b5:9c:85:5a:7f
+# miibus0: <MII bus> on mge0
+# e1000phy0: <Marvell 88E1118 Gigabit PHY> on miibus0
+# e1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, auto
+# i2c0: <Marvell I2C ARM OnChip Controller> at mem 0xf1011000-0xf101101f irq 29 on mbus0
+# syspld0: <SYSPLD> on i2c0
+# 8564 rtc0: <8564 RTC> on i2c0
+# poe0: <POE> on i2c0
+# cfi0: <SPI flash - 8MB> at mem 0xf1010600-0xf101062f,0xf8000000-0xf87fffff irq 23 on mbus0
+# mpfe0: <Juniper EX-series Packet Forwarding Engine> at mem 0xf4000000-0xf7ffffff irq 113 on mbus0
+# pcib0: <Marvell 88F6281 PCI-Express host controller> at mem 0xf1040000-0xf1041fff,0xe8000000-0xefffffff irq 9 on mbus0
+# pci0: <PCI bus> on pcib0
+# mpfe1: <Juniper EX-series Packet Forwarding Engine> mem 0xe8000000-0xebffffff irq 78 at device 1.0 on pci0
+# Initializing product: 78 ..
+# bmeb: bmeb_lib_init done 0xc3486800, addr 0xc1d5bac0
+# bme0:Virtual BME driver initializing
+# Timecounter "CPU Timer" frequency 200000000 Hz quality 1000
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)
+# Kernel thread "wkupdaemon" (pid 42) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s1a
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show version
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-ELEMENTARY-004750
+# Model: ex2200-48p-4g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show version invoke-on all-routing-engines
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-ELEMENTARY-004750
+# Model: ex2200-48p-4g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> file list /var/tmp detail
+#
+# /var/tmp:
+# total blocks: 36
+# drwxrwxr-x 2 root wheel 512 Nov 15 2011 .snap/
+# drwxr-xr-x 2 root field 512 Mar 19 2014 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 install/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 pics/
+# drwxr-xr-x 2 root field 512 Mar 19 2014 rtsdb/
+# ---------- 1 root field 472 Jul 13 16:07 snap
+# drwxrwxrwt 2 root wheel 512 Mar 13 2014 vi.recover/
+# total files: 1
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show system uptime
+# fpc0:
+# --------------------------------------------------------------------------
+# System booted: 2017-07-01 01:02 CDT
+# Protocols started: 2017-07-01 01:05 CDT
+# Last configured: 2017-07-13 16:00 CDT by admin
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up down
+#ge-0/0/0.0 up down
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 up down
+#ge-0/0/2.0 up down
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
+#ge-0/0/4 up down
+#ge-0/0/4.0 up down
+#ge-0/0/5 up down
+#ge-0/0/5.0 up down
+#ge-0/0/6 up down
+#ge-0/0/6.0 up down
+#ge-0/0/7 up down
+#ge-0/0/7.0 up down
+#ge-0/0/8 up down
+#ge-0/0/8.0 up down
+#ge-0/0/9 up up
+#ge-0/0/9.0 up up
+#ge-0/0/10 up down
+#ge-0/0/10.0 up down
+#ge-0/0/11 up down
+#ge-0/0/11.0 up down
+#ge-0/0/12 up down
+#ge-0/0/12.0 up down
+#ge-0/0/13 up down
+#ge-0/0/13.0 up down
+#ge-0/0/14 up down
+#ge-0/0/14.0 up down
+#ge-0/0/15 up down
+#ge-0/0/15.0 up down
+#ge-0/0/16 up down
+#ge-0/0/16.0 up down
+#ge-0/0/17 up down
+#ge-0/0/17.0 up down
+#ge-0/0/18 up down
+#ge-0/0/18.0 up down
+#ge-0/0/19 up down
+#ge-0/0/19.0 up down
+#ge-0/0/20 up down
+#ge-0/0/20.0 up down
+#ge-0/0/21 up down
+#ge-0/0/21.0 up down
+#ge-0/0/22 up down
+#ge-0/0/22.0 up down
+#ge-0/0/23 up down
+#ge-0/0/23.0 up down
+#ge-0/0/24 up down
+#ge-0/0/24.0 up down
+#ge-0/0/25 up down
+#ge-0/0/25.0 up down
+#ge-0/0/26 up down
+#ge-0/0/26.0 up down
+#ge-0/0/27 up down
+#ge-0/0/27.0 up down
+#ge-0/0/28 up down
+#ge-0/0/28.0 up down
+#ge-0/0/29 up down
+#ge-0/0/29.0 up down
+#ge-0/0/30 up down
+#ge-0/0/30.0 up down
+#ge-0/0/31 up down
+#ge-0/0/31.0 up down
+#ge-0/0/32 up down
+#ge-0/0/32.0 up down
+#ge-0/0/33 up down
+#ge-0/0/33.0 up down
+#ge-0/0/34 up down
+#ge-0/0/34.0 up down
+#ge-0/0/35 up down
+#ge-0/0/35.0 up down
+#ge-0/0/36 up down
+#ge-0/0/36.0 up down
+#ge-0/0/37 up down
+#ge-0/0/37.0 up down
+#ge-0/0/38 up down
+#ge-0/0/38.0 up down
+#ge-0/0/39 up down
+#ge-0/0/39.0 up down
+#ge-0/0/40 up up
+#ge-0/0/40.0 up up
+#ge-0/0/41 up down
+#ge-0/0/41.0 up down
+#ge-0/0/42 up down
+#ge-0/0/42.0 up down
+#ge-0/0/43 up up
+#ge-0/0/43.0 up up
+#ge-0/0/44 up down
+#ge-0/0/44.0 up down
+#ge-0/0/45 up down
+#ge-0/0/45.0 up down
+#ge-0/0/46 up down
+#ge-0/0/46.0 up down
+#ge-0/0/47 up up
+#ge-0/0/47.0 up up
+#ge-0/1/0 up up
+#ge-0/1/0.0 up up
+#bme0 up up
+#bme0.32768 up up
+#dsc up up
+#gre up up
+#ipip up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lsi up up
+#me0 down down
+#me0.0 up down
+#mtun up up
+#pimd up up
+#pime up up
+#tap up up
+#vlan up up
+#vlan.80 up up
+#vme up down
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show configuration
+## Last commit: 2017-07-13 16:00:22 CDT by admin
+version 12.3R6.6;
+system {
+ host-name SWI1-SWINK-ELEMENTARY-004750;
+ auto-snapshot;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+ port 1812;
+ accounting-port 1813;
+# secret "<removed>"; ## SECRET-DATA
+ source-address 10.199.10.3;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 10.199.10.3;
+ }
+ }
+ login {
+ message "\n\n************************************ WARNING ****************************************\n\n* To protect the system from unauthorized use, *\n\n* activities on this system are monitored,recorded and subject to audit. *\n\n* Use of this system is expressed consent to such monitoring and recording. *\n\n* Any unauthorized access or use of this system is prohibited and *\n\n* is subject to criminal and civil penalties and/or administrative action. *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ max-sessions-per-connection 32;
+ }
+ netconf {
+ ssh;
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ host 164.58.253.92 {
+ any any;
+ }
+ host 164.58.253.38 {
+ any any;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ source-address 10.199.10.3;
+ }
+ max-configurations-on-flash 20;
+ ##
+ ## Warning: statement ignored: unsupported platform (ex2200-48p-4g)
+ ##
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+}
+interfaces {
+ interface-range TRUST-INTERACES {
+ member-range ge-0/0/0 to ge-0/0/46;
+ description TRUST-INTERACES;
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ interface-range TRUNK-INTERFACES {
+ member ge-0/0/47;
+ member ge-0/1/0;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ONENET-MGMT-L3VPN-VLAN ];
+ }
+ }
+ }
+ }
+ ge-0/0/47 {
+ description "L2 TRUNK TO SWI2-SWINK-ELEMENTARY";
+ }
+ ge-0/1/0 {
+ description "L2 TRUNK TO SWI1-SWINK-GYM";
+ }
+ ge-0/1/1 {
+ disable;
+ }
+ ge-0/1/2 {
+ disable;
+ }
+ ge-0/1/3 {
+ disable;
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ me0 {
+ disable;
+ }
+ vlan {
+ unit 80 {
+ description "L3 INTERFACE - ONENET-MGMT-L3VPN-VLAN - 10.199.10.3/26";
+ family inet {
+ address 10.199.10.3/26;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.10.1;
+ }
+}
+protocols {
+ igmp-snooping {
+ vlan all;
+ }
+ rstp {
+ interface TRUST-INTERACES {
+ edge;
+ }
+ bpdu-block-on-edge;
+ }
+ lldp {
+ management-address 10.199.10.3;
+ interface all;
+ }
+ lldp-med {
+ interface all;
+ }
+}
+policy-options {
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term MGMT {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-DNS-SOURCES;
+ PRE-NTP-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ }
+ then accept;
+ }
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
+ term Reject {
+ then {
+ discard;
+ }
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface TRUST-INTERACES {
+ mac-limit 3 action log;
+ no-dhcp-trusted;
+ }
+ }
+ storm-control {
+ action-shutdown;
+ interface all {
+ bandwidth 2097152;
+ }
+ }
+ bpdu-block {
+ interface TRUST-INTERACES {
+ shutdown;
+ }
+ disable-timeout 300;
+ }
+}
+vlans {
+ GUEST-VLAN {
+ description GUEST-VLAN;
+ vlan-id 300;
+ }
+ ONENET-MGMT-L3VPN-VLAN {
+ description ONENET-MGMT-L3VPN-VLAN;
+ vlan-id 80;
+ l3-interface vlan.80;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 100;
+ }
+}
+poe {
+ interface all;
+}
+{master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show ospf neighbor
+# OSPF instance is not running
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+{master:0}
Index: configs/core1.tul-mx960.onenet.net
===================================================================
--- configs/core1.tul-mx960.onenet.net (revision 155446)
+++ configs/core1.tul-mx960.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE1-MX960-RE0> show system commit
+# 2017-08-04 16:25:33 CDT by andrew via cli commit synchronize
+# 2017-08-04 16:22:44 CDT by andrew via cli commit synchronize
# 2017-08-01 10:41:43 CDT by joel via cli commit synchronize
# 2017-07-29 23:24:46 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
# 2017-07-29 21:49:01 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
# 2017-07-29 21:18:46 CDT by andrew via cli commit synchronize
-# 2017-07-28 20:44:34 CDT by andrew via cli commit confirmed, rollback in 3mins synchronize
-# 2017-07-26 19:57:31 CDT by andrew via cli commit synchronize
# grnoc-mon at TULSA-CORE1-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -645,7 +645,7 @@
# grnoc-mon at TULSA-CORE1-MX960-RE0> show system uptime
# System booted: 2016-03-20 00:58 CDT
# Protocols started: 2016-03-20 01:01 CDT
-# Last configured: 2017-08-01 10:41 CDT by joel
+# Last configured: 2017-08-04 16:25 CDT by andrew
#
# {master}
# grnoc-mon at TULSA-CORE1-MX960-RE0> show interface terse
@@ -843,7 +843,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE1-MX960-RE0> show configuration
-## Last commit: 2017-08-01 10:41:43 CDT by joel
+## Last commit: 2017-08-04 16:25:33 CDT by andrew
version 13.3R8.7;
groups {
re0 {
@@ -1337,6 +1337,7 @@
}
address 2610:1d8:2000::20/127;
}
+ family mpls;
}
}
xe-1/3/1 {
@@ -1898,6 +1899,7 @@
interface xe-2/2/0.42;
interface ge-0/2/0.42;
interface xe-2/1/1.69;
+ interface xe-1/3/0.42;
}
bgp {
group CORE-RR-OKC-V6 {
@@ -2322,6 +2324,7 @@
interface ge-0/3/1.0;
interface ge-0/3/2.0;
interface xe-1/2/0.156;
+ interface xe-1/3/0.42;
interface xe-2/0/1.0;
interface xe-2/0/1.69;
interface xe-2/1/0.69;
Index: configs/core1.ptc.onenet.net
===================================================================
--- configs/core1.ptc.onenet.net (revision 155490)
+++ configs/core1.ptc.onenet.net (working copy)
@@ -603,6 +603,7 @@
#lsi.9 up up
#lsi.1048641 up up
#lsi.1048642 up up
+#lsi.1048643 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/sayre-public-library-ex.client.onenet.net
===================================================================
--- configs/sayre-public-library-ex.client.onenet.net (revision 155482)
+++ configs/sayre-public-library-ex.client.onenet.net (working copy)
@@ -220,10 +220,10 @@
#ge-0/0/10.0 up down
#ge-0/0/11 up down
#ge-0/0/11.0 up down
-#ge-0/0/12 up up
-#ge-0/0/12.0 up up
-#ge-0/0/13 up up
-#ge-0/0/13.0 up up
+#ge-0/0/12 up down
+#ge-0/0/12.0 up down
+#ge-0/0/13 up down
+#ge-0/0/13.0 up down
#ge-0/0/14 up up
#ge-0/0/14.0 up up
#ge-0/0/15 up down
@@ -232,8 +232,8 @@
#ge-0/0/16.0 up down
#ge-0/0/17 up down
#ge-0/0/17.0 up down
-#ge-0/0/18 up up
-#ge-0/0/18.0 up up
+#ge-0/0/18 up down
+#ge-0/0/18.0 up down
#ge-0/0/19 up down
#ge-0/0/19.0 up down
#ge-0/0/20 up down
Index: configs/swi2-swink-elementary.client.onenet.net
===================================================================
--- configs/swi2-swink-elementary.client.onenet.net (revision 155499)
+++ configs/swi2-swink-elementary.client.onenet.net (working copy)
@@ -0,0 +1,614 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show system commit
+# 2017-07-13 15:45:48 CDT by admin via cli
+# 2015-08-18 13:25:21 CDT by onenet via cli
+# 2015-08-18 13:22:17 CDT by onenet via cli
+# 2015-01-05 09:01:13 CST by admin via cli
+# 2014-12-31 14:24:19 CST by admin via cli
+# 2014-12-31 13:53:49 CST by admin via cli commit confirmed, rollback in 3mins
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show chassis environment
+# Class Item Status Measurement
+# Power FPC 0 Power Supply 0 OK
+# Temp FPC 0 CPU OK
+# FPC 0 Exhaust Area OK
+# FPC 0 EX-PFE1 OK
+# FPC 0 Local Intake OK
+# FPC 0 Remote Intake OK
+# FPC 0 GEPHY1 OK
+# FPC 0 GEPHY2 OK
+# FPC 0 GEPHY3 OK
+# FPC 0 GEPHY4 OK
+# FPC 0 GEPHY5 OK
+# FPC 0 GEPHY6 OK
+# Fans FPC 0 Fan 1 OK
+# FPC 0 Fan 2 OK
+# FPC 0 PSU Fan OK
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show chassis firmware
+# Part Type Version
+# FPC 0 uboot U-Boot 1.1.6 (Jul 26 2011 - 03:49:27) 1.0
+# loader FreeBSD/arm U-Boot loader 1.1
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM 512 MB
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis CV0214320659 EX2200-24P-4G
+# Routing Engine 0 REV 28 750-026464 CV0214320659 EX2200-24P-4G, POE
+# FPC 0 REV 28 750-026464 CV0214320659 EX2200-24P-4G, POE
+# CPU BUILTIN BUILTIN FPC CPU
+# PIC 0 BUILTIN BUILTIN 24x 10/100/1000 Base-T
+# PIC 1 REV 28 750-026464 CV0214320659 4x GE SFP
+# Power Supply 0 PS 550W AC
+# Fan Tray Fan Tray
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show chassis hardware models
+# Hardware inventory:
+# Item Version Part number Serial number FRU model number
+# Routing Engine 0 REV 28 750-026464 CV0214320659 EX2200-24P-4G
+# FPC 0 REV 28 750-026464 CV0214320659 EX2200-24P-4G
+# PIC 0 BUILTIN BUILTIN EX2200-24P-4G
+# PIC 1 REV 28 750-026464 CV0214320659 EX2200-24P-4G
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show chassis routing-engine
+# Routing Engine status:
+# Slot 0:
+# Current state Master
+# DRAM 512
+# Serial ID CV0214320659
+#
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show chassis scb
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show chassis sfm detail
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show chassis ssb
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show system boot-messages
+# fpc0:
+# --------------------------------------------------------------------------
+# GDB: debug ports: uart
+# GDB: current port: uart
+# KDB: debugger backends: ddb gdb
+# KDB: current backend: ddb
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# can't re-use a leaf (all_slot_serialid)!
+# CPU: Feroceon 88FR131 rev 1 (Marvell core)
+# cpu53: Feroceon 88FR131 revision WB enabled EABT branch prediction enabled
+# 16KB/32B 4-way Instruction cache
+# 16KB/32B 4-way write-back-locking-C Data cache
+# SOC: Marvell 88F6281 rev A0, TClock 200MHz
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
+# ETHERNET SOCKET BRIDGE initialising
+# Initializing EXSERIES properties ...
+# mbus0: <Marvell Internal Bus (Mbus)> on motherboard
+# ic0: <Marvell Integrated Interrupt Controller> at mem 0xf1020200-0xf102023b on mbus0
+# timer0: <Marvell CPU Timer> at mem 0xf1020300-0xf102032f irq 1 on mbus0
+# gpio0: <Marvell Integrated GPIO Controller> at mem 0xf1010100-0xf101011f irq 35,36,37,38,39,40,41 on mbus0
+# uart0: <16550 or compatible> at mem 0xf1012000-0xf101201f irq 33 on mbus0
+# uart0: console (9600,n,8,1)
+# uart1: <16550 or compatible> at mem 0xf1012100-0xf101211f irq 34 on mbus0
+# ehci0: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1050000-0xf1050fff irq 48,19 on mbus0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: Marvell EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x04b4 product 0x6560, class 9/0, rev 2.00/90.15, addr 2
+# uhub1: single transaction translator
+# uhub1: 2 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# mge0: <Marvell Gigabit Ethernet controller> at mem 0xf1072000-0xf1073fff irq 12,13,14,11,46 on mbus0
+# mge0: hardware MAC address 64:64:9b:f9:8a:3f
+# miibus0: <MII bus> on mge0
+# e1000phy0: <Marvell 88E1118 Gigabit PHY> on miibus0
+# e1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, auto
+# i2c0: <Marvell I2C ARM OnChip Controller> at mem 0xf1011000-0xf101101f irq 29 on mbus0
+# syspld0: <SYSPLD> on i2c0
+# 8564 rtc0: <8564 RTC> on i2c0
+# poe0: <POE> on i2c0
+# cfi0: <SPI flash - 8MB> at mem 0xf1010600-0xf101062f,0xf8000000-0xf87fffff irq 23 on mbus0
+# mpfe0: <Juniper EX-series Packet Forwarding Engine> at mem 0xf4000000-0xf7ffffff irq 113 on mbus0
+# pcib0: <Marvell 88F6281 PCI-Express host controller> at mem 0xf1040000-0xf1041fff,0xe8000000-0xefffffff irq 9 on mbus0
+# pci0: <PCI bus> on pcib0
+# Initializing product: 76 ..
+# bmeb: bmeb_lib_init done 0xc3386800, addr 0xc1d5bac0
+# bme0:Virtual BME driver initializing
+# Timecounter "CPU Timer" frequency 200000000 Hz quality 1000
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)
+# Kernel thread "wkupdaemon" (pid 42) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s1a
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show version
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI2-SWINK-ELEMENTARY-004750
+# Model: ex2200-24p-4g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show version invoke-on all-routing-engines
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI2-SWINK-ELEMENTARY-004750
+# Model: ex2200-24p-4g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> file list /var/tmp detail
+#
+# /var/tmp:
+# total blocks: 48
+# drwxrwxr-x 2 root wheel 512 Nov 15 2011 .snap/
+# -rw-r--r-- 1 root field 3926 Mar 13 2014 ex_autod_config
+# -rw-r--r-- 1 root field 3026 Mar 13 2014 ex_autod_rollback_cfg
+# drwxr-xr-x 2 root wheel 512 Mar 13 2014 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 install/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 pics/
+# drwxr-xr-x 2 root field 512 Mar 13 2014 rtsdb/
+# drwxrwxrwt 2 root wheel 512 Mar 13 2014 vi.recover/
+# total files: 2
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show system uptime
+# fpc0:
+# --------------------------------------------------------------------------
+# System booted: 2017-07-01 01:02 CDT
+# Protocols started: 2017-07-01 01:05 CDT
+# Last configured: 2017-07-13 15:45 CDT by admin
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up down
+#ge-0/0/0.0 up down
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 up down
+#ge-0/0/2.0 up down
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
+#ge-0/0/4 up up
+#ge-0/0/4.0 up up
+#ge-0/0/5 up up
+#ge-0/0/5.0 up up
+#ge-0/0/6 up up
+#ge-0/0/6.0 up up
+#ge-0/0/7 up down
+#ge-0/0/7.0 up down
+#ge-0/0/8 up up
+#ge-0/0/8.0 up up
+#ge-0/0/9 up down
+#ge-0/0/9.0 up down
+#ge-0/0/10 up down
+#ge-0/0/10.0 up down
+#ge-0/0/11 up down
+#ge-0/0/11.0 up down
+#ge-0/0/12 up down
+#ge-0/0/12.0 up down
+#ge-0/0/13 up down
+#ge-0/0/13.0 up down
+#ge-0/0/14 up down
+#ge-0/0/14.0 up down
+#ge-0/0/15 up down
+#ge-0/0/15.0 up down
+#ge-0/0/16 up down
+#ge-0/0/16.0 up down
+#ge-0/0/17 up down
+#ge-0/0/17.0 up down
+#ge-0/0/18 up down
+#ge-0/0/18.0 up down
+#ge-0/0/19 up down
+#ge-0/0/19.0 up down
+#ge-0/0/20 up down
+#ge-0/0/20.0 up down
+#ge-0/0/21 up down
+#ge-0/0/21.0 up down
+#ge-0/0/22 up up
+#ge-0/0/22.0 up up
+#ge-0/0/23 up up
+#ge-0/0/23.0 up up
+#bme0 up up
+#bme0.32768 up up
+#dsc up up
+#gre up up
+#ipip up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lsi up up
+#me0 down down
+#me0.0 up down
+#mtun up up
+#pimd up up
+#pime up up
+#tap up up
+#vlan up up
+#vlan.80 up up
+#vme up down
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show configuration
+## Last commit: 2017-07-13 15:45:48 CDT by admin
+version 12.3R6.6;
+system {
+ host-name SWI2-SWINK-ELEMENTARY-004750;
+ auto-snapshot;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+ port 1812;
+ accounting-port 1813;
+# secret "<removed>"; ## SECRET-DATA
+ source-address 10.199.10.12;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 10.199.10.12;
+ }
+ }
+ login {
+ message "\n\n************************************ WARNING ****************************************\n\n* To protect the system from unauthorized use, *\n\n* activities on this system are monitored,recorded and subject to audit. *\n\n* Use of this system is expressed consent to such monitoring and recording. *\n\n* Any unauthorized access or use of this system is prohibited and *\n\n* is subject to criminal and civil penalties and/or administrative action. *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ max-sessions-per-connection 32;
+ }
+ netconf {
+ ssh;
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ host 164.58.253.92 {
+ any any;
+ }
+ host 164.58.253.38 {
+ any any;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ source-address 10.199.10.12;
+ }
+ max-configurations-on-flash 20;
+ ##
+ ## Warning: statement ignored: unsupported platform (ex2200-24p-4g)
+ ##
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+}
+interfaces {
+ interface-range TRUST-INTERACES {
+ member-range ge-0/0/0 to ge-0/0/3;
+ member-range ge-0/0/7 to ge-0/0/21;
+ description TRUST-INTERACES;
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ interface-range WIFI {
+ member-range ge-0/0/4 to ge-0/0/6;
+ description WIFI-AP;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ];
+ }
+ native-vlan-id ONENET-MGMT-L3VPN-VLAN;
+ }
+ }
+ }
+ interface-range TRUNK-INTERFACES {
+ member ge-0/0/22;
+ member ge-0/0/23;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ONENET-MGMT-L3VPN-VLAN ];
+ }
+ }
+ }
+ }
+ ge-0/0/22 {
+ description "L2 TRUNK TO SWI1-SWINK-NEWBUILDING";
+ }
+ ge-0/0/23 {
+ description "L2 TRUNK TO SWI1-SWINK-ELEMENTARY";
+ }
+ ge-0/1/0 {
+ disable;
+ }
+ ge-0/1/1 {
+ disable;
+ }
+ ge-0/1/2 {
+ disable;
+ }
+ ge-0/1/3 {
+ disable;
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ me0 {
+ disable;
+ }
+ vlan {
+ unit 80 {
+ description "L3 INTERFACE - ONENET-MGMT-L3VPN-VLAN - 10.199.10.12/26";
+ family inet {
+ address 10.199.10.12/26;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.10.1;
+ }
+}
+protocols {
+ igmp-snooping {
+ vlan all;
+ }
+ rstp {
+ interface TRUST-INTERACES {
+ edge;
+ }
+ bpdu-block-on-edge;
+ }
+ lldp {
+ management-address 10.199.10.12;
+ interface all;
+ }
+ lldp-med {
+ interface all;
+ }
+}
+policy-options {
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term MGMT {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-DNS-SOURCES;
+ PRE-NTP-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ }
+ then accept;
+ }
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
+ term Reject {
+ then {
+ discard;
+ }
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface TRUST-INTERACES {
+ mac-limit 3 action log;
+ no-dhcp-trusted;
+ }
+ }
+ storm-control {
+ action-shutdown;
+ interface all {
+ bandwidth 2097152;
+ }
+ }
+ bpdu-block {
+ interface TRUST-INTERACES {
+ shutdown;
+ }
+ disable-timeout 300;
+ }
+}
+vlans {
+ GUEST-VLAN {
+ description GUEST-VLAN;
+ vlan-id 300;
+ }
+ ONENET-MGMT-L3VPN-VLAN {
+ description ONENET-MGMT-L3VPN-VLAN;
+ vlan-id 80;
+ l3-interface vlan.80;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 100;
+ }
+}
+poe {
+ interface all;
+}
+{master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show ospf neighbor
+# OSPF instance is not running
+#
+# {master:0}
+# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+{master:0}
Index: configs/swi1-swink-admin.client.onenet.net
===================================================================
--- configs/swi1-swink-admin.client.onenet.net (revision 155494)
+++ configs/swi1-swink-admin.client.onenet.net (working copy)
@@ -0,0 +1,560 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show system commit
+# 2017-08-04 16:30:17 CDT by admin via cli
+# 2017-08-04 16:29:36 CDT by admin via cli
+# 2017-08-04 16:28:50 CDT by admin via cli
+# 2017-07-13 17:27:47 CDT by root via other
+# 2017-07-13 17:23:20 CDT by onenet via cli commit confirmed, rollback in 4mins
+# 2015-02-03 10:29:48 CST by root via other
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show chassis environment
+# Class Item Status Measurement
+# Power FPC 0 Power Supply 0 OK
+# Temp FPC 0 GEPHY1 OK
+# FPC 0 GEPHY2 OK
+# FPC 0 GEPHY3 OK
+# FPC 0 GEPHY4 OK
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show chassis firmware
+# Part Type Version
+# FPC 0 uboot U-Boot 1.1.6 (Apr 4 2013 - 10:33:10) 1.0
+# loader FreeBSD/arm U-Boot loader 1.1
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM 512 MB
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis GR0214450787 EX2200-C-12P-2G, POE+
+# Routing Engine 0 REV 10 650-036547 GR0214450787 EX2200-C-12P-2G, POE+
+# FPC 0 REV 10 650-036547 GR0214450787 EX2200-C-12P-2G, POE+
+# CPU BUILTIN BUILTIN FPC CPU
+# PIC 0 BUILTIN BUILTIN 12x 10/100/1000 Base-T
+# PIC 1 REV 10 650-036547 GR0214450787 2x (10/100/1000 Base-T or GE SFP)
+# Power Supply 0 PS 180W AC
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show chassis hardware models
+# Hardware inventory:
+# Item Version Part number Serial number FRU model number
+# Routing Engine 0 REV 10 650-036547 GR0214450787 EX2200-C-12P-2G
+# FPC 0 REV 10 650-036547 GR0214450787 EX2200-C-12P-2G
+# PIC 0 BUILTIN BUILTIN EX2200-C-12P-2G
+# PIC 1 REV 10 650-036547 GR0214450787 EX2200-C-12P-2G
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show chassis routing-engine
+# Routing Engine status:
+# Slot 0:
+# Current state Master
+# DRAM 512
+# Serial ID GR0214450787
+#
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show chassis scb
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show chassis sfm detail
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show chassis ssb
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show system boot-messages
+# fpc0:
+# --------------------------------------------------------------------------
+# GDB: debug ports: uart
+# GDB: current port: uart
+# KDB: debugger backends: ddb gdb
+# KDB: current backend: ddb
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# can't re-use a leaf (all_slot_serialid)!
+# CPU: Feroceon 88FR131 rev 1 (Marvell core)
+# cpu53: Feroceon 88FR131 revision WB enabled EABT branch prediction enabled
+# 16KB/32B 4-way Instruction cache
+# 16KB/32B 4-way write-back-locking-C Data cache
+# SOC: Marvell 88F6281 rev A0, TClock 200MHz
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
+# ETHERNET SOCKET BRIDGE initialising
+# Initializing EXSERIES properties ...
+# mbus0: <Marvell Internal Bus (Mbus)> on motherboard
+# ic0: <Marvell Integrated Interrupt Controller> at mem 0xf1020200-0xf102023b on mbus0
+# timer0: <Marvell CPU Timer> at mem 0xf1020300-0xf102032f irq 1 on mbus0
+# gpio0: <Marvell Integrated GPIO Controller> at mem 0xf1010100-0xf101011f irq 35,36,37,38,39,40,41 on mbus0
+# uart0: <16550 or compatible> at mem 0xf1012000-0xf101201f irq 33 on mbus0
+# uart0: console (9600,n,8,1)
+# uart1: <16550 or compatible> at mem 0xf1012100-0xf101211f irq 34 on mbus0
+# ehci0: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1050000-0xf1050fff irq 48,19 on mbus0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: Marvell EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x04b4 product 0x6560, class 9/0, rev 2.00/90.15, addr 2
+# uhub1: single transaction translator
+# uhub1: 2 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# mge0: <Marvell Gigabit Ethernet controller> at mem 0xf1072000-0xf1073fff irq 12,13,14,11,46 on mbus0
+# mge0: hardware MAC address f0:1c:2d:b8:4d:3f
+# miibus0: <MII bus> on mge0
+# e1000phy0: <Marvell 88E1118 Gigabit PHY> on miibus0
+# e1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, auto
+# i2c0: <Marvell I2C ARM OnChip Controller> at mem 0xf1011000-0xf101101f irq 29 on mbus0
+# syspld0: <SYSPLD> on i2c0
+# poe0: <POE> on i2c0
+# cfi0: <SPI flash - 8MB> at mem 0xf1010600-0xf101062f,0xf8000000-0xf87fffff irq 23 on mbus0
+# mpfe0: <Juniper EX-series Packet Forwarding Engine> at mem 0xf4000000-0xf7ffffff irq 113 on mbus0
+# pcib0: <Marvell 88F6281 PCI-Express host controller> at mem 0xf1040000-0xf1041fff,0xe8000000-0xefffffff irq 9 on mbus0
+# pci0: <PCI bus> on pcib0
+# Initializing product: 119 ..
+# bmeb: bmeb_lib_init done 0xc3386800, addr 0xc1d5bac0
+# bme0:Virtual BME driver initializing
+# Timecounter "CPU Timer" frequency 200000000 Hz quality 1000
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)
+# Kernel thread "wkupdaemon" (pid 42) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s1a
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show version
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-ADMIN-EX2200-12P
+# Model: ex2200-c-12p-2g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show version invoke-on all-routing-engines
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-ADMIN-EX2200-12P
+# Model: ex2200-c-12p-2g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> file list /var/tmp detail
+#
+# /var/tmp:
+# total blocks: 44
+# drwxrwxr-x 2 root wheel 512 Dec 31 2009 .snap/
+# -rw-r--r-- 1 root field 2700 Mar 13 2014 ex_autod_config
+# -rw-r--r-- 1 root field 1796 Mar 13 2014 ex_autod_rollback_cfg
+# drwxr-xr-x 2 root wheel 512 Mar 13 2014 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 install/
+# drwxrwxrwx 2 root wheel 512 Mar 13 2014 pics/
+# drwxr-xr-x 2 root field 512 Mar 13 2014 rtsdb/
+# drwxrwxrwt 2 root wheel 512 Mar 13 2014 vi.recover/
+# total files: 2
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show system uptime
+# fpc0:
+# --------------------------------------------------------------------------
+# System booted: 2017-07-23 20:23 CDT
+# Protocols started: 2017-07-23 20:26 CDT
+# Last configured: 2017-08-04 16:30 CDT by admin
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up down
+#ge-0/0/0.0 up down
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 up down
+#ge-0/0/2.0 up down
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
+#ge-0/0/4 up down
+#ge-0/0/4.0 up down
+#ge-0/0/5 up down
+#ge-0/0/5.0 up down
+#ge-0/0/6 up down
+#ge-0/0/6.0 up down
+#ge-0/0/7 up up
+#ge-0/0/7.0 up up
+#ge-0/0/8 up down
+#ge-0/0/8.0 up down
+#ge-0/0/9 up down
+#ge-0/0/9.0 up down
+#ge-0/0/10 up up
+#ge-0/0/10.0 up up
+#ge-0/0/11 up up
+#ge-0/0/11.0 up up
+#ge-0/1/0 down down
+#ge-0/1/1 up up
+#ge-0/1/1.0 up up
+#bme0 up up
+#bme0.32768 up up
+#dsc up up
+#gre up up
+#ipip up up
+#jsrv up up
+#jsrv.1 up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lsi up up
+#me0 down down
+#me0.0 up down
+#mtun up up
+#pimd up up
+#pime up up
+#tap up up
+#vlan up up
+#vlan.80 up up
+#vme up down
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show configuration
+## Last commit: 2017-08-04 16:30:17 CDT by admin
+version 12.3R6.6;
+system {
+ host-name SWI1-SWINK-ADMIN-EX2200-12P;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+ port 1812;
+ accounting-port 1813;
+# secret "<removed>"; ## SECRET-DATA
+ source-address 10.199.10.11;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 10.199.10.11;
+ }
+ }
+ login {
+ message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 2000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user onenet {
+ uid 2004;
+ class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ }
+ netconf {
+ ssh;
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ host 164.58.253.92 {
+ any any;
+ }
+ host 164.58.253.38 {
+ any any;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ match "!(.*LI Packet length.*|.* grnoc-mon.*|.*Connection closed by 164.58.253.113.*|.* exited, status 255.*)";
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file default-log-messages {
+ any any;
+ match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete) | CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD";
+ structured-data;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ source-address 10.199.10.11;
+ }
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+}
+interfaces {
+ interface-range EDGE-PORTS {
+ member-range ge-0/0/0 to ge-0/0/9;
+ description "Edge Port";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ interface-range AP {
+ member ge-0/0/10;
+ member ge-0/0/11;
+ description "Link to AP";
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members 100;
+ }
+ native-vlan-id 81;
+ }
+ }
+ }
+ ge-0/1/0 {
+ disable;
+ media-type copper;
+ }
+ ge-0/1/1 {
+ description "Link to SWI1-SWINK-GYMNASIUM";
+ media-type copper;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ 80-81 100 ];
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ me0 {
+ disable;
+ }
+ vlan {
+ unit 80 {
+ family inet {
+ address 10.199.10.11/27;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ client-list snmp-management {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ 0.0.0.0/0 {
+ restrict;
+ }
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+ trap-group "<removed>" {
+ version v2;
+ targets {
+ 164.58.253.34;
+ 164.58.253.35;
+ }
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.10.1;
+ }
+}
+protocols {
+ igmp-snooping {
+ vlan all;
+ }
+ rstp {
+ interface EDGE-PORTS {
+ edge;
+ }
+ }
+ lldp {
+ interface all;
+ }
+ lldp-med {
+ interface all;
+ }
+}
+policy-options {
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term MGMT {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-DNS-SOURCES;
+ PRE-NTP-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ }
+ then accept;
+ }
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
+ term Reject {
+ then {
+ discard;
+ }
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface EDGE-PORTS {
+ mac-limit 3 action shutdown;
+ }
+ }
+ storm-control {
+ interface all;
+ }
+ bpdu-block {
+ interface EDGE-PORTS;
+ disable-timeout 30;
+ }
+}
+vlans {
+ SWINK-DATA {
+ vlan-id 100;
+ }
+ SWINK-SWITCH-MGMT {
+ vlan-id 80;
+ l3-interface vlan.80;
+ }
+ SWINK-WIFI-MGMT {
+ vlan-id 81;
+ }
+}
+poe {
+ interface all;
+}
+{master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show ospf neighbor
+# OSPF instance is not running
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-ADMIN-EX2200-12P> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+{master:0}
Index: configs/core.wea.onenet.net
===================================================================
--- configs/core.wea.onenet.net (revision 155490)
+++ configs/core.wea.onenet.net (working copy)
@@ -461,6 +461,9 @@
#lsi.1050559 up up
#lsi.1050563 up up
#lsi.1050565 up up
+#lsi.1050566 up up
+#lsi.1050567 up up
+#lsi.1050568 up up
#mtun up up
#pimd up up
#pime up up
Index: configs/core.hut.ato.onenet.net
===================================================================
--- configs/core.hut.ato.onenet.net (revision 155374)
+++ configs/core.hut.ato.onenet.net (working copy)
@@ -26,16 +26,6 @@
# TFEB 0 TBB PFE Chip OK
# TFEB 0 TFEB PCIE TSen OK
# TFEB 0 TFEB PCIE Chip OK
-# TFEB 0 QX 0 TSen OK
-# TFEB 0 QX 0 Chip OK
-# TFEB 0 LU 0 TSen OK
-# TFEB 0 LU 0 Chip OK
-# TFEB 0 MQ 0 TSen OK
-# TFEB 0 MQ 0 Chip OK
-# TFEB 0 TBB PFE TSen OK
-# TFEB 0 TBB PFE Chip OK
-# TFEB 0 TFEB PCIE TSen OK
-# TFEB 0 TFEB PCIE Chip OK
# Fans Fan 1 OK
# Fan 2 OK
# Fan 3 OK
Index: configs/swi1-swink-gym.client.onenet.net
===================================================================
--- configs/swi1-swink-gym.client.onenet.net (revision 155496)
+++ configs/swi1-swink-gym.client.onenet.net (working copy)
@@ -0,0 +1,679 @@
+# RANCID-CONTENT-TYPE: juniper
+#
+# grnoc-mon at SWI1-SWINK-GYM> show system commit
+# 2017-07-13 14:38:58 CDT by onenet via cli
+# 2014-12-31 13:55:29 CST by admin via cli commit confirmed, rollback in 3mins
+# 2014-12-31 13:41:53 CST by admin via cli commit confirmed, rollback in 3mins
+# 2014-12-31 13:40:41 CST by admin via cli commit confirmed, rollback in 3mins
+# 2014-12-31 13:04:25 CST by admin via cli commit confirmed, rollback in 3mins
+# 2014-12-31 13:01:43 CST by admin via cli commit confirmed, rollback in 3mins
+# grnoc-mon at SWI1-SWINK-GYM> show chassis environment
+# Class Item Status Measurement
+# Power FPC 0 Power Supply 0 OK
+# Temp FPC 0 CPU OK
+# FPC 0 Exhaust Area OK
+# FPC 0 EX-PFE1 OK
+# FPC 0 EX-PFE2 OK
+# FPC 0 Local Intake OK
+# FPC 0 Remote Intake OK
+# FPC 0 GEPHY1 OK
+# FPC 0 GEPHY2 OK
+# FPC 0 GEPHY3 OK
+# FPC 0 GEPHY4 OK
+# FPC 0 GEPHY5 OK
+# FPC 0 GEPHY6 OK
+# FPC 0 GEPHY7 OK
+# FPC 0 GEPHY8 OK
+# FPC 0 GEPHY9 OK
+# FPC 0 GEPHY10 OK
+# FPC 0 GEPHY11 OK
+# FPC 0 GEPHY12 OK
+# Fans FPC 0 Fan 1 OK
+# FPC 0 Fan 2 OK
+# FPC 0 PSU Fan OK
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show chassis firmware
+# Part Type Version
+# FPC 0 uboot U-Boot 1.1.6 (Jul 26 2011 - 03:49:27) 1.0
+# loader FreeBSD/arm U-Boot loader 1.1
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show chassis fpc detail
+# Slot 0 information:
+# State Online
+# Total CPU DRAM 512 MB
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show chassis hardware
+# Hardware inventory:
+# Item Version Part number Serial number Description
+# Chassis CT0214161114 EX2200-48P-4G
+# Routing Engine 0 REV 28 750-026331 CT0214161114 EX2200-48P-4G, POE
+# FPC 0 REV 28 750-026331 CT0214161114 EX2200-48P-4G, POE
+# CPU BUILTIN BUILTIN FPC CPU
+# PIC 0 BUILTIN BUILTIN 48x 10/100/1000 Base-T
+# PIC 1 REV 28 750-026331 CT0214161114 4x GE SFP
+# Xcvr 0 REV 01 740-031851 AM1144SW6RP SFP-SX
+# Xcvr 1 REV 01 740-031851 AM1041SU3EG SFP-SX
+# Power Supply 0 PS 550W AC
+# Fan Tray Fan Tray
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show chassis hardware models
+# Hardware inventory:
+# Item Version Part number Serial number FRU model number
+# Routing Engine 0 REV 28 750-026331 CT0214161114 EX2200-48P-4G
+# FPC 0 REV 28 750-026331 CT0214161114 EX2200-48P-4G
+# PIC 0 BUILTIN BUILTIN EX2200-48P-4G
+# PIC 1 REV 28 750-026331 CT0214161114 EX2200-48P-4G
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show chassis routing-engine
+# Routing Engine status:
+# Slot 0:
+# Current state Master
+# DRAM 512
+# Serial ID CT0214161114
+#
+# grnoc-mon at SWI1-SWINK-GYM> show chassis scb
+# grnoc-mon at SWI1-SWINK-GYM> show chassis sfm detail
+# grnoc-mon at SWI1-SWINK-GYM> show chassis ssb
+# grnoc-mon at SWI1-SWINK-GYM> show system boot-messages
+# fpc0:
+# --------------------------------------------------------------------------
+# GDB: debug ports: uart
+# GDB: current port: uart
+# KDB: debugger backends: ddb gdb
+# KDB: current backend: ddb
+# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# All rights reserved.
+# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+# The Regents of the University of California. All rights reserved.
+# can't re-use a leaf (all_slot_serialid)!
+# CPU: Feroceon 88FR131 rev 1 (Marvell core)
+# cpu53: Feroceon 88FR131 revision WB enabled EABT branch prediction enabled
+# 16KB/32B 4-way Instruction cache
+# 16KB/32B 4-way write-back-locking-C Data cache
+# SOC: Marvell 88F6281 rev A0, TClock 200MHz
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
+# ETHERNET SOCKET BRIDGE initialising
+# Initializing EXSERIES properties ...
+# mbus0: <Marvell Internal Bus (Mbus)> on motherboard
+# ic0: <Marvell Integrated Interrupt Controller> at mem 0xf1020200-0xf102023b on mbus0
+# timer0: <Marvell CPU Timer> at mem 0xf1020300-0xf102032f irq 1 on mbus0
+# gpio0: <Marvell Integrated GPIO Controller> at mem 0xf1010100-0xf101011f irq 35,36,37,38,39,40,41 on mbus0
+# uart0: <16550 or compatible> at mem 0xf1012000-0xf101201f irq 33 on mbus0
+# uart0: console (9600,n,8,1)
+# uart1: <16550 or compatible> at mem 0xf1012100-0xf101211f irq 34 on mbus0
+# ehci0: <88F5XXX Integrated USB 2.0 controller> at mem 0xf1050000-0xf1050fff irq 48,19 on mbus0
+# usb0: EHCI version 1.0
+# usb0 on ehci0
+# usb0: USB revision 2.0
+# uhub0: Marvell EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
+# uhub0: 1 port with 1 removable, self powered
+# uhub1: vendor 0x04b4 product 0x6560, class 9/0, rev 2.00/90.15, addr 2
+# uhub1: single transaction translator
+# uhub1: 2 ports with 2 removable, self powered
+# umass0: STMicroelectronics ST72682 High Speed Mode, rev 2.00/2.10, addr 3
+# mge0: <Marvell Gigabit Ethernet controller> at mem 0xf1072000-0xf1073fff irq 12,13,14,11,46 on mbus0
+# mge0: hardware MAC address 84:b5:9c:84:91:ff
+# miibus0: <MII bus> on mge0
+# e1000phy0: <Marvell 88E1118 Gigabit PHY> on miibus0
+# e1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX-FDX, auto
+# i2c0: <Marvell I2C ARM OnChip Controller> at mem 0xf1011000-0xf101101f irq 29 on mbus0
+# syspld0: <SYSPLD> on i2c0
+# 8564 rtc0: <8564 RTC> on i2c0
+# poe0: <POE> on i2c0
+# cfi0: <SPI flash - 8MB> at mem 0xf1010600-0xf101062f,0xf8000000-0xf87fffff irq 23 on mbus0
+# mpfe0: <Juniper EX-series Packet Forwarding Engine> at mem 0xf4000000-0xf7ffffff irq 113 on mbus0
+# pcib0: <Marvell 88F6281 PCI-Express host controller> at mem 0xf1040000-0xf1041fff,0xe8000000-0xefffffff irq 9 on mbus0
+# pci0: <PCI bus> on pcib0
+# mpfe1: <Juniper EX-series Packet Forwarding Engine> mem 0xe8000000-0xebffffff irq 78 at device 1.0 on pci0
+# Initializing product: 78 ..
+# bmeb: bmeb_lib_init done 0xc3486800, addr 0xc1d5bac0
+# bme0:Virtual BME driver initializing
+# Timecounter "CPU Timer" frequency 200000000 Hz quality 1000
+# ###PCB Group initialized for udppcbgroup
+# ###PCB Group initialized for tcppcbgroup
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
+# da0: 40.000MB/s transfers
+# da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)
+# Kernel thread "wkupdaemon" (pid 42) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s2a
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show version
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-GYM
+# Model: ex2200-48p-4g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show version invoke-on all-routing-engines
+# fpc0:
+# --------------------------------------------------------------------------
+# Hostname: SWI1-SWINK-GYM
+# Model: ex2200-48p-4g
+# JUNOS Base OS boot [12.3R6.6]
+# JUNOS Base OS Software Suite [12.3R6.6]
+# JUNOS Kernel Software Suite [12.3R6.6]
+# JUNOS Crypto Software Suite [12.3R6.6]
+# JUNOS Online Documentation [12.3R6.6]
+# JUNOS Enterprise Software Suite [12.3R6.6]
+# JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R6.6]
+# JUNOS Routing Software Suite [12.3R6.6]
+# JUNOS Web Management [12.3R6.6]
+# JUNOS FIPS mode utilities [12.3R6.6]
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> file list /var/tmp detail
+#
+# /var/tmp:
+# total blocks: 32
+# drwxrwxr-x 2 root wheel 512 Nov 15 2011 .snap/
+# drwxr-xr-x 2 root field 512 Dec 30 2014 gres-tp/
+# drwxrwxrwx 2 root wheel 512 Dec 23 2014 install/
+# drwxrwxrwx 2 root wheel 512 Dec 23 2014 pics/
+# drwxr-xr-x 2 root field 512 Dec 30 2014 rtsdb/
+# drwxrwxrwt 2 root wheel 512 Dec 23 2014 vi.recover/
+# total files: 0
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show system uptime
+# fpc0:
+# --------------------------------------------------------------------------
+# System booted: 2017-07-13 17:44 CDT
+# Protocols started: 2017-07-13 17:48 CDT
+# Last configured: 2017-07-13 14:38 CDT by onenet
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show interface terse
+#Interface Admin Link
+#ge-0/0/0 up down
+#ge-0/0/0.0 up down
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
+#ge-0/0/2 up down
+#ge-0/0/2.0 up down
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
+#ge-0/0/4 up down
+#ge-0/0/4.0 up down
+#ge-0/0/5 up down
+#ge-0/0/5.0 up down
+#ge-0/0/6 up down
+#ge-0/0/6.0 up down
+#ge-0/0/7 up down
+#ge-0/0/7.0 up down
+#ge-0/0/8 up down
+#ge-0/0/8.0 up down
+#ge-0/0/9 up down
+#ge-0/0/9.0 up down
+#ge-0/0/10 up down
+#ge-0/0/10.0 up down
+#ge-0/0/11 up down
+#ge-0/0/11.0 up down
+#ge-0/0/12 up down
+#ge-0/0/12.0 up down
+#ge-0/0/13 up down
+#ge-0/0/13.0 up down
+#ge-0/0/14 up down
+#ge-0/0/14.0 up down
+#ge-0/0/15 up down
+#ge-0/0/15.0 up down
+#ge-0/0/16 up down
+#ge-0/0/16.0 up down
+#ge-0/0/17 up down
+#ge-0/0/17.0 up down
+#ge-0/0/18 up down
+#ge-0/0/18.0 up down
+#ge-0/0/19 up down
+#ge-0/0/19.0 up down
+#ge-0/0/20 up down
+#ge-0/0/20.0 up down
+#ge-0/0/21 up down
+#ge-0/0/21.0 up down
+#ge-0/0/22 up down
+#ge-0/0/22.0 up down
+#ge-0/0/23 up down
+#ge-0/0/23.0 up down
+#ge-0/0/24 up down
+#ge-0/0/24.0 up down
+#ge-0/0/25 up down
+#ge-0/0/25.0 up down
+#ge-0/0/26 up down
+#ge-0/0/26.0 up down
+#ge-0/0/27 up down
+#ge-0/0/27.0 up down
+#ge-0/0/28 up down
+#ge-0/0/28.0 up down
+#ge-0/0/29 up down
+#ge-0/0/29.0 up down
+#ge-0/0/30 up down
+#ge-0/0/30.0 up down
+#ge-0/0/31 up down
+#ge-0/0/31.0 up down
+#ge-0/0/32 up down
+#ge-0/0/32.0 up down
+#ge-0/0/33 up down
+#ge-0/0/33.0 up down
+#ge-0/0/34 up down
+#ge-0/0/34.0 up down
+#ge-0/0/35 up down
+#ge-0/0/35.0 up down
+#ge-0/0/36 up down
+#ge-0/0/36.0 up down
+#ge-0/0/37 up down
+#ge-0/0/37.0 up down
+#ge-0/0/38 up down
+#ge-0/0/38.0 up down
+#ge-0/0/39 up down
+#ge-0/0/39.0 up down
+#ge-0/0/40 up down
+#ge-0/0/40.0 up down
+#ge-0/0/41 up down
+#ge-0/0/41.0 up down
+#ge-0/0/42 up up
+#ge-0/0/42.0 up up
+#ge-0/0/43 up up
+#ge-0/0/43.0 up up
+#ge-0/0/44 up up
+#ge-0/0/44.0 up up
+#ge-0/0/45 up up
+#ge-0/0/45.0 up up
+#ge-0/0/46 up up
+#ge-0/0/46.0 up up
+#ge-0/0/47 up up
+#ge-0/0/47.0 up up
+#ge-0/1/0 up up
+#ge-0/1/0.0 up up
+#ge-0/1/1 up up
+#ge-0/1/1.0 up up
+#bme0 up up
+#bme0.32768 up up
+#dsc up up
+#gre up up
+#ipip up up
+#lo0 up up
+#lo0.0 up up
+#lo0.16384 up up
+#lsi up up
+#me0 down down
+#me0.0 up down
+#mtun up up
+#pimd up up
+#pime up up
+#tap up up
+#vlan up up
+#vlan.80 up up
+#vme up down
+# grnoc-mon at SWI1-SWINK-GYM> show configuration
+## Last commit: 2017-07-13 14:38:58 CDT by onenet
+version 12.3R6.6;
+system {
+ host-name SWI1-SWINK-GYM;
+ auto-snapshot;
+ domain-name onenet.net;
+ time-zone America/Chicago;
+ authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+# encrypted-password <removed>;
+ }
+ name-server {
+ 164.58.253.10;
+ 164.58.198.10;
+ }
+ radius-server {
+ 156.110.31.11 {
+ port 1812;
+ accounting-port 1813;
+# secret "<removed>"; ## SECRET-DATA
+ source-address 10.199.10.2;
+ }
+ }
+ radius-options {
+ attributes {
+ nas-ip-address 10.199.10.2;
+ }
+ }
+ login {
+ message "\n\n************************************ WARNING ****************************************\n\n* To protect the system from unauthorized use, *\n\n* activities on this system are monitored,recorded and subject to audit. *\n\n* Use of this system is expressed consent to such monitoring and recording. *\n\n* Any unauthorized access or use of this system is prohibited and *\n\n* is subject to criminal and civil penalties and/or administrative action. *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n";
+ class admin {
+ idle-timeout 30;
+ permissions all;
+ }
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
+ user admin {
+ uid 1000;
+ class super-user;
+ authentication {
+# encrypted-password <removed>;
+ }
+ }
+ user client {
+ uid 2000;
+ class admin;
+ }
+ user eng {
+ uid 2018;
+ class admin;
+ }
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
+ user upgrades {
+ uid 2003;
+ class operator;
+ authentication {
+# ssh-rsa <removed>;
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ max-sessions-per-connection 32;
+ }
+ netconf {
+ ssh;
+ }
+ }
+ syslog {
+ archive size 10m files 5;
+ user * {
+ any emergency;
+ }
+ host 164.58.253.92 {
+ any any;
+ }
+ host 164.58.253.38 {
+ any any;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
+ any any;
+ match RT_FLOW_SESSION;
+ }
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ source-address 10.199.10.2;
+ }
+ max-configurations-on-flash 20;
+ ##
+ ## Warning: statement ignored: unsupported platform (ex2200-48p-4g)
+ ##
+ max-configuration-rollbacks 20;
+ ntp {
+ server 164.58.3.98 prefer;
+ }
+}
+chassis {
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+}
+interfaces {
+ interface-range TRUST-INTERACES {
+ member-range ge-0/0/0 to ge-0/0/41;
+ description TRUST-INTERACES;
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ interface-range WIFI {
+ member-range ge-0/0/43 to ge-0/0/45;
+ description WIFI-AP;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ];
+ }
+ native-vlan-id ONENET-MGMT-L3VPN-VLAN;
+ }
+ }
+ }
+ interface-range TRUNK-INTERFACES {
+ member ge-0/0/42;
+ member ge-0/0/46;
+ member ge-0/0/47;
+ member ge-0/1/0;
+ member ge-0/1/1;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN GUEST-VLAN ONENET-MGMT-L3VPN-VLAN ];
+ }
+ }
+ }
+ }
+ ge-0/0/42 {
+ description "L2 TRUNK TO SWI1-SWINK-ADMIN";
+ }
+ ge-0/0/46 {
+ description "L2 TRUNK TO SWI2-SWINK-GYMNASIUM";
+ }
+ ge-0/0/47 {
+ description "L2 TRUNK TO SWINK-PUBLIC-SCHOOLS-SRX (GYM)";
+ }
+ ge-0/1/0 {
+ description "L2 TRUNK TO SWI1-SWINK-ELEMENTARY";
+ }
+ ge-0/1/1 {
+ description "L2 TRUNK TO SWI1-SWINK-4TH-GRADE";
+ }
+ ge-0/1/2 {
+ disable;
+ }
+ ge-0/1/3 {
+ disable;
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ me0 {
+ disable;
+ }
+ vlan {
+ unit 80 {
+ description "L3 INTERFACE - ONENET-MGMT-L3VPN-VLAN - 10.199.10.2/26";
+ family inet {
+ address 10.199.10.2/26;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.10.1;
+ }
+}
+protocols {
+ igmp-snooping {
+ vlan all;
+ }
+ rstp {
+ interface TRUST-INTERACES {
+ edge;
+ }
+ bpdu-block-on-edge;
+ }
+ lldp {
+ management-address 10.199.10.2;
+ interface all;
+ }
+ lldp-med {
+ interface all;
+ }
+}
+policy-options {
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+}
+firewall {
+ family inet {
+ filter PROTECT-RE {
+ term MGMT {
+ from {
+ source-prefix-list {
+ PRE-MGMT-SOURCES;
+ PRE-DNS-SOURCES;
+ PRE-NTP-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
+ }
+ }
+ then accept;
+ }
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
+ term Reject {
+ then {
+ discard;
+ }
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface TRUST-INTERACES {
+ mac-limit 3 action log;
+ no-dhcp-trusted;
+ }
+ }
+ storm-control {
+ action-shutdown;
+ interface all {
+ bandwidth 2097152;
+ }
+ }
+ bpdu-block {
+ interface TRUST-INTERACES {
+ shutdown;
+ }
+ disable-timeout 300;
+ }
+}
+vlans {
+ GUEST-VLAN {
+ description GUEST-VLAN;
+ vlan-id 300;
+ }
+ ONENET-MGMT-L3VPN-VLAN {
+ description ONENET-MGMT-L3VPN-VLAN;
+ vlan-id 80;
+ l3-interface vlan.80;
+ }
+ TRUST-VLAN {
+ description TRUST-VLAN;
+ vlan-id 100;
+ }
+}
+poe {
+ interface all;
+}
+{master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show ospf neighbor
+# OSPF instance is not running
+#
+# {master:0}
+# grnoc-mon at SWI1-SWINK-GYM> show bfd session
+
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+
+{master:0}
Index: routers.down
===================================================================
--- routers.down (revision 155501)
+++ routers.down (working copy)
@@ -20,6 +20,7 @@
SWI1.STROUD.onenet.net:juniper:down
acx.war.onenet.net:juniper:down
adair-ps.client.onenet.net:juniper:down
+antlers-head-start.client.onenet.net:juniper:down
atoka-ps-srx240.client.onenet.net:juniper:down
choctaw-nation-head-start-hugo.client.onenet.net:juniper:down
cleveland-ps-srx220.client.onenet.net:juniper:down
More information about the Nocrancid
mailing list