[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Wed Aug 9 15:05:34 CDT 2017
Index: configs/core.say.onenet.net
===================================================================
--- configs/core.say.onenet.net (revision 155614)
+++ configs/core.say.onenet.net (working copy)
@@ -415,8 +415,8 @@
#ge-0/3/3 up up
#ge-0/3/3.0 up up
#ge-0/3/4 down down
-#ge-0/3/5 up up
-#ge-0/3/5.0 up up
+#ge-0/3/5 up down
+#ge-0/3/5.0 up down
#ge-0/3/6 down down
#ge-0/3/6.0 up down
#ge-0/3/7 up up
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 155630)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -761,8 +761,8 @@
#t1-2/3/0:6:9 down down
#t1-2/3/0:6:10 down down
#t1-2/3/0:6:11 down down
-#t1-2/3/0:6:12 up up
-#t1-2/3/0:6:12.0 up up
+#t1-2/3/0:6:12 up down
+#t1-2/3/0:6:12.0 up down
#t1-2/3/0:6:13 down down
#t1-2/3/0:6:14 up up
#t1-2/3/0:6:14.0 up up
Index: configs/whitesboro-ps.client.onenet.net
===================================================================
--- configs/whitesboro-ps.client.onenet.net (revision 155603)
+++ configs/whitesboro-ps.client.onenet.net (working copy)
@@ -1,13 +1,13 @@
# RANCID-CONTENT-TYPE: juniper
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show system commit
+# grnoc-mon at WHITESBORO-PS-LR-004656> show system commit
+# 2017-08-09 14:57:52 CDT by joel via cli commit confirmed, rollback in 5mins
# 2017-07-23 16:38:21 CDT by root via other
# 2017-05-08 10:00:27 CDT by root via button
# 2017-05-08 09:59:47 CDT by root via button
# 2017-05-08 09:57:44 CDT by root via button
# 2016-03-13 05:08:39 CDT by andrew via cli
-# 2015-08-20 10:11:15 CDT by sean via cli
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show chassis environment
+# grnoc-mon at WHITESBORO-PS-LR-004656> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
# Routing Engine CPU Absent
@@ -15,17 +15,17 @@
# SRX220 Chassis fan 1 OK
# Power Power Supply 0 OK
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show chassis firmware
+# grnoc-mon at WHITESBORO-PS-LR-004656> show chassis firmware
# Part Type Version
# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show chassis fpc detail
+# grnoc-mon at WHITESBORO-PS-LR-004656> show chassis fpc detail
# Slot 0 information:
# State Online
# Total CPU DRAM ---- CPU less FPC ----
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show chassis hardware
+# grnoc-mon at WHITESBORO-PS-LR-004656> show chassis hardware
# Hardware inventory:
# Item Version Part number Serial number Description
# Chassis CF0614AK0364 SRX220H2
@@ -34,15 +34,15 @@
# PIC 0 8x GE Base PIC
# Power Supply 0
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show chassis hardware models
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show chassis routing-engine
+# grnoc-mon at WHITESBORO-PS-LR-004656> show chassis hardware models
+# grnoc-mon at WHITESBORO-PS-LR-004656> show chassis routing-engine
# Routing Engine status:
# Serial ID ACKZ3313
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show chassis scb
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show chassis sfm detail
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show chassis ssb
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show system boot-messages
+# grnoc-mon at WHITESBORO-PS-LR-004656> show chassis scb
+# grnoc-mon at WHITESBORO-PS-LR-004656> show chassis sfm detail
+# grnoc-mon at WHITESBORO-PS-LR-004656> show chassis ssb
+# grnoc-mon at WHITESBORO-PS-LR-004656> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
@@ -92,26 +92,26 @@
# WARNING: / was not properly dismounted
# WARNING: R/W mount of /cf/var denied. Filesystem is not clean - run fsck
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show version
-# Hostname: WHITESBORO-PS-SRX220-LR-004656
+# grnoc-mon at WHITESBORO-PS-LR-004656> show version
+# Hostname: WHITESBORO-PS-LR-004656
# Model: srx220h2
# JUNOS Software Release [12.1X46-D65.4]
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show version invoke-on all-routing-engines
-# Hostname: WHITESBORO-PS-SRX220-LR-004656
+# grnoc-mon at WHITESBORO-PS-LR-004656> show version invoke-on all-routing-engines
+# Hostname: WHITESBORO-PS-LR-004656
# Model: srx220h2
# JUNOS Software Release [12.1X46-D65.4]
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> file list /var/tmp detail
+# grnoc-mon at WHITESBORO-PS-LR-004656> file list /var/tmp detail
# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show system uptime
+# grnoc-mon at WHITESBORO-PS-LR-004656> show system uptime
# System booted: 2017-08-08 12:00 CDT
# Protocols started: 2017-08-08 12:02 CDT
-# Last configured: 2017-07-23 16:38 CDT by root
+# Last configured: 2017-08-09 14:57 CDT by joel
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show interface terse
+# grnoc-mon at WHITESBORO-PS-LR-004656> show interface terse
#Interface Admin Link
#ge-0/0/0 up up
#ge-0/0/0.0 up up
@@ -129,8 +129,7 @@
#ge-0/0/3 down down
#ge-0/0/4 down down
#ge-0/0/5 down down
-#ge-0/0/6 up down
-#ge-0/0/6.0 up down
+#ge-0/0/6 down down
#ge-0/0/7 up up
#ge-0/0/7.0 up up
#fxp2 up up
@@ -153,14 +152,12 @@
#st0 up up
#tap up up
#vlan up up
-#vlan.3 up up
-#vlan.4 up up
#vlan.999 up down
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show configuration
-## Last commit: 2017-07-23 16:38:21 CDT by root
+# grnoc-mon at WHITESBORO-PS-LR-004656> show configuration
+## Last commit: 2017-08-09 14:57:52 CDT by joel
version 12.1X46-D65.4;
system {
- host-name WHITESBORO-PS-SRX220-LR-004656;
+ host-name WHITESBORO-PS-LR-004656;
auto-snapshot;
domain-name onenet.net;
time-zone America/Chicago;
@@ -172,8 +169,8 @@
# encrypted-password <removed>;
}
name-server {
- 164.58.253.10;
- 164.58.198.10;
+ 164.58.200.200;
+ 156.110.200.200;
}
radius-server {
156.110.31.11 {
@@ -192,6 +189,12 @@
idle-timeout 30;
permissions all;
}
+ class customer-admin {
+ idle-timeout 30;
+ permissions all;
+ deny-commands "load|shell";
+ deny-configuration "(system login)|(system root-authentication)";
+ }
class lockdown {
idle-timeout 2;
permissions view;
@@ -216,7 +219,7 @@
}
user client {
uid 2000;
- class admin;
+ class customer-admin;
authentication {
# encrypted-password <removed>;
}
@@ -246,18 +249,13 @@
root-login deny;
protocol-version v2;
}
- dhcp {
- pool 10.1.0.0/24 {
- address-range low 10.1.0.2 high 10.1.0.254;
- domain-name test.local;
- name-server {
- 164.58.253.10;
- 164.58.198.10;
- }
- router {
- 10.1.0.1;
- }
+ dhcp-local-server {
+ group TEST-DHCP {
+ interface vlan.999;
}
+ group TRUST-DHCP {
+ interface ge-0/0/7.0;
+ }
}
}
syslog {
@@ -291,21 +289,23 @@
server 164.58.3.98 prefer;
}
}
+chassis {
+ config-button no-rescue no-clear;
+}
interfaces {
ge-0/0/0 {
- description "UNTRUST WAN Interface";
+ description "L3 INTERFACE - UNTRUST-WAN - 164.58.27.230/30";
unit 0 {
- family ethernet-switching {
- vlan {
- members UNTRUST-WAN-VLAN-3;
- }
+ family inet {
+ address 164.58.27.230/30;
}
}
}
ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
unit 0 {
- description TEST-INTERFACE;
family ethernet-switching {
+ port-mode access;
vlan {
members TEST-VLAN;
}
@@ -325,26 +325,17 @@
disable;
}
ge-0/0/6 {
- description VIDEO-WAN;
- unit 0 {
- family ethernet-switching {
- vlan {
- members UNTRUST-WAN-VLAN-4;
- }
- }
- }
+ disable;
}
ge-0/0/7 {
- description "UNTRUST LAN Interface";
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
unit 0 {
- family ethernet-switching {
- vlan {
- members UNTRUST-WAN-VLAN-4;
- }
+ family inet {
+ address 172.16.1.1/16;
}
}
}
- lo0 {
+ protect: lo0 {
unit 0 {
family inet {
filter {
@@ -354,18 +345,6 @@
}
}
vlan {
- unit 3 {
- description "L3 INTERFACE - UNTRUST-WAN-VLAN-3 - 164.58.27.230/30";
- family inet {
- address 164.58.27.230/30;
- }
- }
- unit 4 {
- description "L3 INTERFACE - UNTRUST-WAN-VLAN-4 - 156.110.139.17/29";
- family inet {
- address 156.110.139.17/29;
- }
- }
unit 999 {
description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
family inet {
@@ -375,8 +354,8 @@
}
}
snmp {
- description OneNet;
- contact "Net Group";
+ description OneNet-SRX200-Template-3.0.0;
+ contact "Net Group - (888)566-3638";
community "<removed>" {
authorization read-only;
}
@@ -399,12 +378,12 @@
stp;
}
policy-options {
- prefix-list PRE-MGMT-SOURCES {
+ protect: prefix-list PRE-MGMT-SOURCES {
156.110.31.0/27;
156.110.31.32/28;
164.58.253.0/24;
}
- prefix-list PRE-LOCALIPv4-SOURCES {
+ protect: prefix-list PRE-LOCALIPv4-SOURCES {
apply-path "interfaces <*> unit <*> family inet address <*>";
}
}
@@ -432,6 +411,20 @@
}
nat {
source {
+ rule-set TRUST-TO-UNTRUST-NAT {
+ from zone TRUST;
+ to zone UNTRUST;
+ rule NAT-TRUST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
rule-set TEST-TO-UNTRUST-NAT {
from zone TEST;
to zone UNTRUST;
@@ -449,8 +442,8 @@
}
}
policies {
- from-zone UNTRUST to-zone UNTRUST {
- policy UNTRUST-TO-UNTRUST {
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
match {
source-address any;
destination-address any;
@@ -475,39 +468,41 @@
}
}
zones {
- security-zone UNTRUST {
- screen UNTRUST-SCREEN;
+ security-zone TRUST {
interfaces {
- vlan.4 {
+ ge-0/0/7.0 {
host-inbound-traffic {
system-services {
dhcp;
- dns;
ping;
traceroute;
}
}
}
- vlan.3 {
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
host-inbound-traffic {
system-services {
+ dhcp;
ping;
- snmp;
- ssh;
traceroute;
}
}
}
}
}
- security-zone TEST {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
interfaces {
- vlan.999 {
+ ge-0/0/0.0 {
host-inbound-traffic {
system-services {
- dhcp;
- dns;
ping;
+ snmp;
+ ssh;
traceroute;
}
}
@@ -518,7 +513,7 @@
}
firewall {
family inet {
- filter PROTECT-RE {
+ protect: filter PROTECT-RE {
term SSH-ALLOW {
from {
source-prefix-list {
@@ -565,6 +560,48 @@
}
}
}
+access {
+ address-assignment {
+ pool TRUST-POOL {
+ family inet {
+ network 172.16.0.0/16;
+ range TRUST-RANGE {
+ low 172.16.199.10;
+ high 172.16.255.254;
+ }
+ dhcp-attributes {
+ domain-name WHITES.BORO;
+ name-server {
+ 172.16.8.2;
+ 172.16.2.1;
+ }
+ router {
+ 172.16.1.1;
+ }
+ }
+ }
+ }
+ pool TEST-POOL {
+ family inet {
+ network 10.1.0.0/24;
+ range TEST-RANGE {
+ low 10.1.0.10;
+ high 10.1.0.250;
+ }
+ dhcp-attributes {
+ domain-name test.local;
+ name-server {
+ 164.58.200.200;
+ 156.110.200.200;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ }
+}
ethernet-switching-options {
secure-access-port {
interface ge-0/0/1.0 {
@@ -581,21 +618,11 @@
vlan-id 999;
l3-interface vlan.999;
}
- UNTRUST-WAN-VLAN-3 {
- description UNTRUST-WAN-VLAN-3;
- vlan-id 3;
- l3-interface vlan.3;
- }
- UNTRUST-WAN-VLAN-4 {
- description UNTRUST-WAN-VLAN-4;
- vlan-id 4;
- l3-interface vlan.4;
- }
}
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show ospf neighbor
+# grnoc-mon at WHITESBORO-PS-LR-004656> show ospf neighbor
# OSPF instance is not running
#
-# grnoc-mon at WHITESBORO-PS-SRX220-LR-004656> show bfd session
+# grnoc-mon at WHITESBORO-PS-LR-004656> show bfd session
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/hub.say.onenet.net
===================================================================
--- configs/hub.say.onenet.net (revision 155325)
+++ configs/hub.say.onenet.net (working copy)
@@ -9,7 +9,7 @@
# 2017-05-22 13:15:54 CDT by joel via cli commit confirmed, rollback in 5mins synchronize
# grnoc-mon at SAYRE-M120-RE0> show chassis environment
# Class Item Status Measurement
-# Temp PEM 0 OK
+# Temp PEM 0 Check
# PEM 1 OK
# Routing Engine 0 OK
# Routing Engine 0 CPU OK
Index: configs/rpswi1.okc.onenet.net
===================================================================
--- configs/rpswi1.okc.onenet.net (revision 155629)
+++ configs/rpswi1.okc.onenet.net (working copy)
@@ -247,8 +247,8 @@
#ge-0/0/18.0 up up
#ge-0/0/19 up up
#ge-0/0/19.0 up up
-#ge-0/0/20 up down
-#ge-0/0/20.0 up down
+#ge-0/0/20 up up
+#ge-0/0/20.0 up up
#ge-0/0/21 up up
#ge-0/0/21.0 up up
#ge-0/0/22 up up
More information about the Nocrancid
mailing list