[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sat Aug 5 22:04:54 CDT 2017
Index: configs/allen-public-library.client.onenet.net
===================================================================
--- configs/allen-public-library.client.onenet.net (revision 155533)
+++ configs/allen-public-library.client.onenet.net (working copy)
@@ -149,8 +149,8 @@
#ge-0/0/2.0 up up
#ge-0/0/3 up down
#ge-0/0/3.0 up down
-#ge-0/0/4 up up
-#ge-0/0/4.0 up up
+#ge-0/0/4 up down
+#ge-0/0/4.0 up down
#ge-0/0/5 up up
#ge-0/0/5.0 up up
#ge-0/0/6 up up
Index: configs/okay-ps.client.onenet.net
===================================================================
--- configs/okay-ps.client.onenet.net (revision 155127)
+++ configs/okay-ps.client.onenet.net (working copy)
@@ -7,7 +7,7 @@
# 2016-06-29 19:38:56 CDT by admin via cli commit confirmed, rollback in 2mins
# 2016-06-27 19:29:41 CDT by root via cli
# 2016-06-27 17:39:07 CDT by root via other
-# rescue 2017-07-22 14:20:39 CDT by andrew via cli
+# rescue 2017-08-05 21:38:54 CDT by andrew via cli
#
# grnoc-mon at OKAY-PS-LR-004931> show chassis environment
# Class Item Status Measurement
Index: configs/choctaw-interlocal-coop.client.onenet.net
===================================================================
--- configs/choctaw-interlocal-coop.client.onenet.net (revision 155533)
+++ configs/choctaw-interlocal-coop.client.onenet.net (working copy)
@@ -7,7 +7,7 @@
# 2016-02-17 10:29:41 CST by root via cli
# 2015-11-27 07:14:28 CST by root via other
# 2015-11-25 13:47:27 CST by root via other
-# rescue 2017-08-05 20:38:28 CDT by andrew via cli
+# rescue 2017-08-05 21:01:55 CDT by andrew via cli
#
# grnoc-mon at CHOCTAW-INTERLOCAL-SRX240-004878-LR> show chassis environment
# Class Item Status Measurement
Index: configs/canadian-ps.client.onenet.net
===================================================================
--- configs/canadian-ps.client.onenet.net (revision 155533)
+++ configs/canadian-ps.client.onenet.net (working copy)
@@ -3,7 +3,7 @@
# grnoc-mon at CANADIAN-PS-SRX240-LR-004907> show system commit
# 2017-08-05 20:57:43 CDT by root via other
# 2017-08-02 23:12:43 CDT by root via other
-# rescue 2017-08-05 20:37:47 CDT by andrew via cli
+# rescue 2017-08-05 21:01:35 CDT by andrew via cli
#
# grnoc-mon at CANADIAN-PS-SRX240-LR-004907> show chassis environment
# Class Item Status Measurement
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 155533)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -766,8 +766,8 @@
#t1-2/3/0:6:9 down down
#t1-2/3/0:6:10 down down
#t1-2/3/0:6:11 down down
-#t1-2/3/0:6:12 up up
-#t1-2/3/0:6:12.0 up up
+#t1-2/3/0:6:12 up down
+#t1-2/3/0:6:12.0 up down
#t1-2/3/0:6:13 down down
#t1-2/3/0:6:14 up up
#t1-2/3/0:6:14.0 up up
Index: configs/choctaw-nation-head-start-stigler.client.onenet.net
===================================================================
--- configs/choctaw-nation-head-start-stigler.client.onenet.net (revision 155150)
+++ configs/choctaw-nation-head-start-stigler.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-STIGLER-004938> show system commit
+# 2017-08-05 20:58:09 CDT by root via other
# 2017-07-23 13:53:51 CDT by root via other
# 2017-02-24 16:48:15 CST by admin via cli
# 2017-02-24 16:44:26 CST by admin via cli
# 2017-02-24 15:30:07 CST by admin via cli
# 2017-02-24 15:20:54 CST by admin via cli
-# 2016-08-02 13:17:40 CDT by admin via cli
# grnoc-mon at CHOCTAW-NATION-HEAD-START-STIGLER-004938> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -21,8 +21,8 @@
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-STIGLER-004938> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-STIGLER-004938> show chassis fpc detail
# Slot 0 information:
@@ -54,8 +54,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -106,26 +109,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
-# Trying to mount root from ufs:/dev/da0s2a
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s1a
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-STIGLER-004938> show version
# Hostname: CHOCTAW-NATION-HEAD-START-STIGLER-004938
# Model: srx240h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-STIGLER-004938> show version invoke-on all-routing-engines
# Hostname: CHOCTAW-NATION-HEAD-START-STIGLER-004938
# Model: srx240h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-STIGLER-004938> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-STIGLER-004938> show system uptime
-# System booted: 2017-07-23 13:50 CDT
-# Protocols started: 2017-07-23 13:55 CDT
-# Last configured: 2017-07-23 13:53 CDT by root
+# System booted: 2017-08-05 20:55 CDT
+# Protocols started: 2017-08-05 21:00 CDT
+# Last configured: 2017-08-05 20:58 CDT by root
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-STIGLER-004938> show interface terse
#Interface Admin Link
@@ -179,8 +183,8 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at CHOCTAW-NATION-HEAD-START-STIGLER-004938> show configuration
-## Last commit: 2017-07-23 13:53:51 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-05 20:58:09 CDT by root
+version 12.3X48-D40.5;
system {
host-name CHOCTAW-NATION-HEAD-START-STIGLER-004938;
auto-snapshot;
@@ -313,6 +317,112 @@
server 164.58.3.98 prefer;
}
}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
interfaces {
ge-0/0/0 {
description "L3 INTERFACE - UNTRUST-WAN - 156.110.42.226/30";
@@ -446,112 +556,6 @@
apply-path "interfaces <*> unit <*> family inet address <*>";
}
}
-security {
- screen {
- ids-option UNTRUST-SCREEN {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- rule-set TEST-TO-UNTRUST-NAT {
- from zone TEST;
- to zone UNTRUST;
- rule NAT-TEST-TO-UNTRUST {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- }
- policies {
- from-zone UNTRUST to-zone UNTRUST {
- policy TRUST-TO-UNTRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone TEST to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone UNTRUST {
- screen UNTRUST-SCREEN;
- interfaces {
- vlan.3 {
- host-inbound-traffic {
- system-services {
- dhcp;
- ping;
- traceroute;
- }
- }
- }
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- ping;
- snmp;
- ssh;
- traceroute;
- }
- }
- }
- }
- }
- security-zone TEST {
- interfaces {
- vlan.999 {
- host-inbound-traffic {
- system-services {
- dhcp;
- ping;
- traceroute;
- }
- }
- }
- }
- }
- }
-}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/blackwell-ps.client.onenet.net
===================================================================
--- configs/blackwell-ps.client.onenet.net (revision 155441)
+++ configs/blackwell-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show system commit
+# 2017-08-05 20:57:47 CDT by root via other
# 2017-08-02 23:11:37 CDT by root via other
# 2016-12-06 11:32:23 CST by sean via cli commit confirmed, rollback in 3mins
# 2016-04-30 11:42:19 CDT by andrew via cli
# 2015-10-08 14:14:14 CDT by sky via cli
# 2015-10-08 14:11:34 CDT by sky via cli
-# 2015-10-08 14:05:16 CDT by sky via cli
# grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -21,8 +21,8 @@
#
# grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show chassis fpc detail
# Slot 0 information:
@@ -54,8 +54,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -106,26 +109,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
-# Trying to mount root from ufs:/dev/da0s1a
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s2a
#
# grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show version
# Hostname: BLACKWELL-PS-SRX240-LR-004896
# Model: srx240h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show version invoke-on all-routing-engines
# Hostname: BLACKWELL-PS-SRX240-LR-004896
# Model: srx240h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show system uptime
-# System booted: 2017-08-02 23:09 CDT
-# Protocols started: 2017-08-02 23:12 CDT
-# Last configured: 2017-08-02 23:11 CDT by root
+# System booted: 2017-08-05 20:54 CDT
+# Protocols started: 2017-08-05 21:00 CDT
+# Last configured: 2017-08-05 20:57 CDT by root
#
# grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show interface terse
#Interface Admin Link
@@ -180,8 +184,8 @@
#vlan.4 up up
#vlan.999 up down
# grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show configuration
-## Last commit: 2017-08-02 23:11:37 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-05 20:57:47 CDT by root
+version 12.3X48-D40.5;
system {
host-name BLACKWELL-PS-SRX240-LR-004896;
auto-snapshot;
@@ -314,145 +318,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "UNTRUST WAN Interface";
- unit 0 {
- family ethernet-switching {
- vlan {
- members UNTRUST-VLAN;
- }
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- description TEST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- disable;
- }
- ge-0/0/8 {
- disable;
- }
- ge-0/0/9 {
- disable;
- }
- ge-0/0/10 {
- disable;
- }
- ge-0/0/11 {
- disable;
- }
- ge-0/0/12 {
- disable;
- }
- ge-0/0/13 {
- disable;
- }
- ge-0/0/14 {
- disable;
- }
- ge-0/0/15 {
- description "TRUST LAN Interface";
- unit 0 {
- family ethernet-switching {
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description "L3 INTERFACE - UNTRUST-VLAN - 164.58.45.34/30";
- family inet {
- address 164.58.45.34/30;
- }
- }
- unit 4 {
- description "L3 INTERFACE - TRUST-VLAN - 10.7.0.1/24";
- family inet {
- address 192.168.0.1/30 {
- preferred;
- }
- address 156.110.39.225/28;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 164.58.45.33;
- route 192.168.1.0/24 next-hop 192.168.0.2;
- route 172.16.0.0/16 next-hop 192.168.0.2;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
address-book {
global {
@@ -771,6 +636,145 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - UNTRUST-VLAN - 164.58.45.34/30";
+ family inet {
+ address 164.58.45.34/30;
+ }
+ }
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN - 10.7.0.1/24";
+ family inet {
+ address 192.168.0.1/30 {
+ preferred;
+ }
+ address 156.110.39.225/28;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.45.33;
+ route 192.168.1.0/24 next-hop 192.168.0.2;
+ route 172.16.0.0/16 next-hop 192.168.0.2;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net (revision 155528)
+++ configs/hub.dur.onenet.net (working copy)
@@ -433,7 +433,7 @@
#fe-2/1/1 up up
#fe-2/1/1.0 up up
#fe-2/1/2 up down
-#fe-2/1/3 down down
+#fe-2/1/3 down up
#ge-2/2/0 up up
#ge-2/2/0.0 up up
#pc-2/2/0 up up
Index: configs/choctaw-nation-head-start-wilburton.client.onenet.net
===================================================================
--- configs/choctaw-nation-head-start-wilburton.client.onenet.net (revision 155150)
+++ configs/choctaw-nation-head-start-wilburton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935> show system commit
+# 2017-08-05 20:58:09 CDT by root via other
# 2017-07-23 13:48:04 CDT by root via other
# 2017-04-25 16:02:03 CDT by joel via cli
# 2016-05-11 10:45:35 CDT by admin via cli
# 2016-01-04 22:21:27 CST by admin via cli
# 2016-01-04 16:15:10 CST by admin via cli
-# 2015-12-31 23:23:49 CST by root via cli
# grnoc-mon at CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -21,8 +21,8 @@
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935> show chassis fpc detail
# Slot 0 information:
@@ -54,8 +54,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -106,26 +109,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
-# Trying to mount root from ufs:/dev/da0s2a
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s1a
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935> show version
# Hostname: CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935
# Model: srx240h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935> show version invoke-on all-routing-engines
# Hostname: CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935
# Model: srx240h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935> show system uptime
-# System booted: 2017-07-23 13:45 CDT
-# Protocols started: 2017-07-23 13:49 CDT
-# Last configured: 2017-07-23 13:48 CDT by root
+# System booted: 2017-08-05 20:55 CDT
+# Protocols started: 2017-08-05 20:59 CDT
+# Last configured: 2017-08-05 20:58 CDT by root
#
# grnoc-mon at CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935> show interface terse
#Interface Admin Link
@@ -180,8 +184,8 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935> show configuration
-## Last commit: 2017-07-23 13:48:04 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-05 20:58:09 CDT by root
+version 12.3X48-D40.5;
system {
host-name CHOCTAW-NATION-HEAD-START-WILBURTON-SRX240-LEASED-004935;
auto-snapshot;
@@ -301,6 +305,112 @@
server 164.58.3.98 prefer;
}
}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
interfaces {
ge-0/0/0 {
description "L3 INTERFACE - UNTRUST-WAN - 164.58.22.134/30";
@@ -438,112 +548,6 @@
apply-path "interfaces <*> unit <*> family inet address <*>";
}
}
-security {
- screen {
- ids-option UNTRUST-SCREEN {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- rule-set TEST-TO-UNTRUST-NAT {
- from zone TEST;
- to zone UNTRUST;
- rule NAT-TEST-TO-UNTRUST {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- }
- policies {
- from-zone UNTRUST to-zone UNTRUST {
- policy TRUST-TO-UNTRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone TEST to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone UNTRUST {
- screen UNTRUST-SCREEN;
- interfaces {
- vlan.3 {
- host-inbound-traffic {
- system-services {
- dhcp;
- ping;
- traceroute;
- }
- }
- }
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- ping;
- snmp;
- ssh;
- traceroute;
- }
- }
- }
- }
- }
- security-zone TEST {
- interfaces {
- vlan.999 {
- host-inbound-traffic {
- system-services {
- dhcp;
- ping;
- traceroute;
- }
- }
- }
- }
- }
- }
-}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/ninnekah-ps.client.onenet.net
===================================================================
--- configs/ninnekah-ps.client.onenet.net (revision 155441)
+++ configs/ninnekah-ps.client.onenet.net (working copy)
@@ -2,7 +2,7 @@
#
# grnoc-mon at NINNEKAH-PS-LR-004926> show system commit
# 2017-08-02 23:40:13 CDT by root via other
-# rescue 2017-08-02 23:07:06 CDT by andrew via cli
+# rescue 2017-08-05 21:38:53 CDT by andrew via cli
#
# grnoc-mon at NINNEKAH-PS-LR-004926> show chassis environment
# Class Item Status Measurement
More information about the Nocrancid
mailing list