[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Aug 10 16:05:43 CDT 2017
Index: configs/core.mca.onenet.net
===================================================================
--- configs/core.mca.onenet.net (revision 155659)
+++ configs/core.mca.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MCALESTER-MX480-RE0> show system commit
+# 2017-08-10 15:04:35 CDT by joel via cli commit synchronize
# 2017-07-31 15:20:16 CDT by sky via cli commit synchronize
# 2017-07-30 12:34:22 CDT by andrew via cli commit synchronize
# 2017-07-30 12:24:26 CDT by andrew via cli commit synchronize
# 2017-07-29 21:10:43 CDT by andrew via cli commit synchronize
# 2017-07-28 20:13:49 CDT by andrew via cli commit synchronize
-# 2017-07-26 19:49:30 CDT by andrew via cli commit synchronize
# grnoc-mon at MCALESTER-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -369,7 +369,7 @@
# grnoc-mon at MCALESTER-MX480-RE0> show system uptime
# System booted: 2016-03-13 01:36 CST
# Protocols started: 2016-03-13 01:45 CST
-# Last configured: 2017-07-31 15:20 CDT by sky
+# Last configured: 2017-08-10 15:04 CDT by joel
#
# {master}
# grnoc-mon at MCALESTER-MX480-RE0> show interface terse
@@ -528,7 +528,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MCALESTER-MX480-RE0> show configuration
-## Last commit: 2017-07-31 15:20:16 CDT by sky
+## Last commit: 2017-08-10 15:04:35 CDT by joel
version 13.3R8.7;
groups {
re0 {
@@ -1152,13 +1152,13 @@
}
}
unit 400 {
- description TANNEHILL-ISD-20M-CIR00005948;
- bandwidth 20m;
+ description TANNEHILL-ISD-100M-CIR0020443;
+ bandwidth 100m;
vlan-id 400;
family inet {
policer {
- input 20M-POL;
- output 20M-POL;
+ input 100M-POL;
+ output 100M-POL;
}
address 164.58.4.165/30;
}
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 155648)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -948,7 +948,7 @@
#t1-2/3/0:10:14.0 up up
#t1-2/3/0:10:15 up up
#t1-2/3/0:10:15.0 up up
-#t1-2/3/0:10:16 down up
+#t1-2/3/0:10:16 down down
#t1-2/3/0:10:17 up up
#t1-2/3/0:10:17.0 up up
#t1-2/3/0:10:18 up up
Index: configs/odot-vinita-regmaint.client.onenet.net
===================================================================
--- configs/odot-vinita-regmaint.client.onenet.net (revision 155553)
+++ configs/odot-vinita-regmaint.client.onenet.net (working copy)
@@ -118,8 +118,8 @@
#
# grnoc-mon at ODOT-VINITA-REGMAINT-SRX220> show interface terse
#Interface Admin Link
-#ge-0/0/0 up up
-#ge-0/0/0.0 up up
+#ge-0/0/0 up down
+#ge-0/0/0.0 up down
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
Index: configs/justice-ps.client.onenet.net
===================================================================
--- configs/justice-ps.client.onenet.net (revision 155659)
+++ configs/justice-ps.client.onenet.net (working copy)
@@ -150,8 +150,8 @@
#ge-0/0/2 up down
#ge-0/0/2.0 up down
#ge-0/0/2.32767 up down
-#ge-0/0/3 up down
-#ge-0/0/3.0 up down
+#ge-0/0/3 up up
+#ge-0/0/3.0 up up
#ge-0/0/4 down down
#ge-0/0/5 down down
#ge-0/0/6 down down
@@ -184,7 +184,7 @@
#st0 up up
#tap up up
#vlan up up
-#vlan.999 up down
+#vlan.999 up up
# grnoc-mon at JUSTICE-PS-LR-004934> show configuration
## Last commit: 2017-08-10 14:44:08 CDT by sky
version 12.3X48-D40.5;
Index: configs/wilson-henryetta-isd.client.onenet.net
===================================================================
--- configs/wilson-henryetta-isd.client.onenet.net (revision 155521)
+++ configs/wilson-henryetta-isd.client.onenet.net (working copy)
@@ -1,13 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show system commit
-# 2017-07-26 10:49:24 CDT by sky via cli
-# 2017-06-13 12:10:56 CDT by aberrios via cli
-# 2017-02-24 12:18:15 CST by admin via cli
-# 2017-02-24 12:12:04 CST by admin via cli
-# 2015-08-14 12:46:45 CDT by admin via cli
-# 2015-08-14 12:45:25 CDT by admin via cli
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show chassis environment
+# grnoc-mon> show system commit
+# 2017-08-09 16:54:46 CDT by admin via cli
+# 2017-08-07 14:09:46 CDT by root via cli
+# 2017-08-04 18:54:26 CDT by root via other
+# rescue 2017-08-09 16:55:37 CDT by root via recovery-mgmt
+#
+# grnoc-mon> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
# Routing Engine CPU OK
@@ -19,43 +18,46 @@
# SRX240 IO fan 2 OK
# Power Power Supply 0 OK
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show chassis firmware
+# grnoc-mon> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
-# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show chassis fpc detail
+# grnoc-mon> show chassis fpc detail
# Slot 0 information:
# State Online
# Total CPU DRAM ---- CPU less FPC ----
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show chassis hardware
+# grnoc-mon> show chassis hardware
# Hardware inventory:
# Item Version Part number Serial number Description
-# Chassis BU2215AK0029 SRX240H2
-# Routing Engine REV 14 750-043609 ACML1220 RE-SRX240H2
+# Chassis BU2615AK0785 SRX240H2
+# Routing Engine REV 14 750-043609 ACMP4208 RE-SRX240H2
# FPC 0 FPC
# PIC 0 16x GE Base PIC
# Power Supply 0
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show chassis hardware models
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show chassis routing-engine
+# grnoc-mon> show chassis hardware models
+# grnoc-mon> show chassis routing-engine
# Routing Engine status:
-# Serial ID ACML1220
+# Serial ID ACMP4208
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show chassis scb
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show chassis sfm detail
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show chassis ssb
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show system boot-messages
+# grnoc-mon> show chassis scb
+# grnoc-mon> show chassis sfm detail
+# grnoc-mon> show chassis ssb
+# grnoc-mon> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2006 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -106,29 +108,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
-# Trying to mount root from ufs:/dev/da0s2a
-# WARNING: / was not properly dismounted
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s1a
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show version
-# Hostname: WILSON-HENRYETTA-ISD-SRX240-LR-004881
+# grnoc-mon> show version
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show version invoke-on all-routing-engines
-# Hostname: WILSON-HENRYETTA-ISD-SRX240-LR-004881
+# grnoc-mon> show version invoke-on all-routing-engines
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# grnoc-mon> file list /var/tmp detail
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show system uptime
-# System booted: 2017-08-05 08:52 CDT
-# Protocols started: 2017-08-05 08:55 CDT
-# Last configured: 2017-07-26 10:49 CDT by sky
+# grnoc-mon> show system uptime
+# System booted: 2017-08-10 15:43 CDT
+# Protocols started: 2017-08-10 15:46 CDT
+# Last configured: 2017-08-09 16:54 CDT by admin
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show interface terse
+# grnoc-mon> show interface terse
#Interface Admin Link
#ge-0/0/0 up up
#ge-0/0/0.0 up up
@@ -178,14 +178,11 @@
#tap up up
#vlan up up
#vlan.3 up up
-#vlan.4 up up
#vlan.999 up down
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show configuration
-## Last commit: 2017-07-26 10:49:24 CDT by sky
-version 12.1X44-D35.5;
+# grnoc-mon> show configuration
+## Last commit: 2017-08-09 16:54:46 CDT by admin
+version 12.3X48-D40.5;
system {
- host-name WILSON-HENRYETTA-ISD-SRX240-LR-004881;
- auto-snapshot;
domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
@@ -241,6 +238,9 @@
user client {
uid 2000;
class admin;
+ authentication {
+# encrypted-password <removed>;
+ }
}
user eng {
uid 2018;
@@ -312,21 +312,126 @@
server 164.58.3.98 prefer;
}
}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
interfaces {
ge-0/0/0 {
- description "UNTRUST WAN Interface";
+ description "L3 INTERFACE - UNTRUST-WAN - 156.110.35.30/30";
unit 0 {
- family ethernet-switching {
- vlan {
- members UNTRUST-WAN-VLAN;
- }
+ family inet {
+ address 156.110.35.30/30;
}
}
}
ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
unit 0 {
- description TEST-INTERFACE;
family ethernet-switching {
+ port-mode access;
vlan {
members TEST-VLAN;
}
@@ -373,16 +478,17 @@
disable;
}
ge-0/0/15 {
- description "UNTRUST LAN Interface";
+ description "L2 INTERFACE - TRUST-VLAN";
unit 0 {
family ethernet-switching {
+ port-mode access;
vlan {
- members UNTRUST-LAN-VLAN;
+ members TRUST-VLAN;
}
}
}
}
- lo0 {
+ protect: lo0 {
unit 0 {
family inet {
filter {
@@ -393,14 +499,8 @@
}
vlan {
unit 3 {
- description "L3 INTERFACE - UNTRUST-WAN-VLAN - 156.110.35.30/30";
+ description "L3 INTERFACE - TRUST-VLAN - 1164.58.58.73/29";
family inet {
- address 156.110.35.30/30;
- }
- }
- unit 4 {
- description "L3 INTERFACE - UNTRUST-LAN-VLAN - 164.58.58.73/29";
- family inet {
address 164.58.58.73/29;
}
}
@@ -437,125 +537,18 @@
stp;
}
policy-options {
- prefix-list PRE-MGMT-SOURCES {
+ protect: prefix-list PRE-MGMT-SOURCES {
156.110.31.0/27;
156.110.31.32/28;
164.58.253.0/24;
}
- prefix-list PRE-LOCALIPv4-SOURCES {
+ protect: prefix-list PRE-LOCALIPv4-SOURCES {
apply-path "interfaces <*> unit <*> family inet address <*>";
}
}
-security {
- screen {
- ids-option UNTRUST-SCREEN {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- rule-set TEST-TO-UNTRUST-NAT {
- from zone TEST;
- to zone UNTRUST;
- rule NAT-TEST-TO-UNTRUST {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- }
- policies {
- from-zone UNTRUST to-zone UNTRUST {
- policy UNTRUST-TO-UNTRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone TEST to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone UNTRUST {
- screen UNTRUST-SCREEN;
- interfaces {
- vlan.4 {
- host-inbound-traffic {
- system-services {
- dns;
- ping;
- traceroute;
- }
- }
- }
- vlan.3 {
- host-inbound-traffic {
- system-services {
- ping;
- snmp;
- ssh;
- traceroute;
- }
- }
- }
- }
- }
- security-zone TEST {
- interfaces {
- vlan.999 {
- host-inbound-traffic {
- system-services {
- dhcp;
- dns;
- ping;
- traceroute;
- }
- }
- }
- }
- }
- }
-}
firewall {
family inet {
- filter PROTECT-RE {
+ protect: filter PROTECT-RE {
term SSH-ALLOW {
from {
source-prefix-list {
@@ -618,21 +611,16 @@
vlan-id 999;
l3-interface vlan.999;
}
- UNTRUST-LAN-VLAN {
- description UNTRUST-LAN-VLAN;
- vlan-id 4;
- l3-interface vlan.4;
- }
- UNTRUST-WAN-VLAN {
- description UNTRUST-WAN-VLAN;
+ TRUST-VLAN {
+ description TRUST-VLAN;
vlan-id 3;
l3-interface vlan.3;
}
}
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show ospf neighbor
+# grnoc-mon> show ospf neighbor
# OSPF instance is not running
#
-# grnoc-mon at WILSON-HENRYETTA-ISD-SRX240-LR-004881> show bfd session
+# grnoc-mon> show bfd session
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/eodls-muskogee-main-office.client.onenet.net
===================================================================
--- configs/eodls-muskogee-main-office.client.onenet.net (revision 155654)
+++ configs/eodls-muskogee-main-office.client.onenet.net (working copy)
@@ -1168,6 +1168,7 @@
# 10.0.0.46 gr-0/0/0.111 Full 10.0.0.46
# 10.0.0.50 gr-0/0/0.112 Full 10.0.0.50
# 10.0.0.54 gr-0/0/0.113 Full 10.0.0.54
+# 10.0.0.58 gr-0/0/0.114 Full 10.0.0.58
#
# grnoc-mon at EODLS-Muskogee-Main-Office-ASSET-004937> show bfd session
Index: configs/stringtown-high-school.client.onenet.net
===================================================================
--- configs/stringtown-high-school.client.onenet.net (revision 155637)
+++ configs/stringtown-high-school.client.onenet.net (working copy)
@@ -691,6 +691,7 @@
# OSPF instance is not running
#
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show bfd session
+quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/doh-sallisaw.client.onenet.net
===================================================================
--- configs/doh-sallisaw.client.onenet.net (revision 154608)
+++ configs/doh-sallisaw.client.onenet.net (working copy)
@@ -93,9 +93,7 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 1006MB <CF 1GB 20080112> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
-# WARNING: / was not properly dismounted
-# WARNING: / was not properly dismounted
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at DOH-SALLISAW-SRX220> show version
# Hostname: DOH-SALLISAW-SRX220
@@ -112,8 +110,8 @@
# total files: 1
#
# grnoc-mon at DOH-SALLISAW-SRX220> show system uptime
-# System booted: 2017-07-03 08:43 CDT
-# Protocols started: 2017-07-03 08:45 CDT
+# System booted: 2017-08-10 12:49 CDT
+# Protocols started: 2017-08-10 12:51 CDT
# Last configured: 2016-11-09 22:20 CST by admin
#
# grnoc-mon at DOH-SALLISAW-SRX220> show interface terse
Index: configs/maysville-hs.client.onenet.net
===================================================================
--- configs/maysville-hs.client.onenet.net (revision 155636)
+++ configs/maysville-hs.client.onenet.net (working copy)
@@ -612,6 +612,7 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show bfd session
+quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/odot-bartlesville-regmaint.client.onenet.net
===================================================================
--- configs/odot-bartlesville-regmaint.client.onenet.net (revision 155650)
+++ configs/odot-bartlesville-regmaint.client.onenet.net (working copy)
@@ -136,8 +136,8 @@
#ge-0/0/3.0 up down
#ge-0/0/4 up down
#ge-0/0/4.0 up down
-#ge-0/0/5 up up
-#ge-0/0/5.0 up up
+#ge-0/0/5 up down
+#ge-0/0/5.0 up down
#ge-0/0/6 up up
#ge-0/0/6.0 up up
#ge-0/0/7 up up
More information about the Nocrancid
mailing list