[Nocrancid] autopop-onenet.net router config diffs

Thu Aug 24 21:04:56 CDT 2017

Index: configs/lavern-public-schools.client.onenet.net
===================================================================

--- configs/lavern-public-schools.client.onenet.net	(revision 156060)
+++ configs/lavern-public-schools.client.onenet.net	(working copy)
@@ -110,7 +110,7 @@
 # 
 # grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse 
 #Interface Admin Link
-#ge-0/0/0 down up
+#ge-0/0/0 down down
 #gr-0/0/0 up up
 #ip-0/0/0 up up
 #lsq-0/0/0 up up
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net	(revision 156059)
+++ configs/city-of-lawton.client.onenet.net	(working copy)
@@ -1,12 +1,12 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show system commit 
+#   2017-08-24 20:36:12 CDT by joel via cli
+#   2017-08-24 20:16:03 CDT by joel via cli commit confirmed, rollback in 5mins
 #   2017-08-24 17:31:04 CDT by joel via cli
 #   2017-08-24 16:11:45 CDT by andrew via cli
 #   2017-08-24 16:10:43 CDT by andrew via cli
 #   2017-08-24 16:05:52 CDT by andrew via cli
-#   2017-08-24 15:58:48 CDT by andrew via cli commit confirmed, rollback in 3mins
-#   2017-08-24 15:02:25 CDT by joel via cli
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show chassis environment 
 # Class Item                           Status     Measurement
 # Temp  Routing Engine                 OK        
@@ -128,7 +128,7 @@
 # Time Source:  NTP CLOCK 
 # System booted: 2017-08-24 17:37 CDT 
 # Protocols started: 2017-08-24 17:37 CDT 
-# Last configured: 2017-08-24 17:31 CDT  by joel
+# Last configured: 2017-08-24 20:36 CDT  by joel
 # 
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show interface terse 
 #Interface Admin Link
@@ -152,8 +152,10 @@
 #ge-0/0/5.0 up up
 #ge-0/0/6 up up
 #ge-0/0/6.0 up up
-#ge-0/0/7 down down
-#ge-0/0/7.0 up down
+#ge-0/0/7 up up
+#ge-0/0/7.5 up up
+#ge-0/0/7.911 up up
+#ge-0/0/7.32767 up up
 #ge-0/0/8 down down
 #ge-0/0/9 down down
 #ge-0/0/10 down down
@@ -185,7 +187,7 @@
 #vlan up down
 #vtep up up
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show configuration 
-## Last commit: 2017-08-24 17:31:04 CDT by joel
+## Last commit: 2017-08-24 20:36:12 CDT by joel
 version 15.1X49-D50.3;
 groups {
     DENY-ALL-ELSE {
@@ -314,19 +316,6 @@
             root-login deny;
             protocol-version v2;
         }
-        dhcp {
-            pool 10.1.0.0/24 {
-                address-range low 10.1.0.2 high 10.1.0.254;
-                domain-name test.local;
-                name-server {
-                    164.58.200.200;
-                    156.110.200.200;
-                }
-                router {
-                    10.1.0.1;
-                }
-            }
-        }
     }
     syslog {
         archive size 10m files 5;
@@ -723,6 +712,8 @@
             address ABUSE-86.27.41.234 86.27.41.234/32;
             address ABUSE-91.93.4.222 91.93.4.222/32;
             address ABUSE-50.101.245.7 50.101.245.7/32;
+            address E911-172.16.26.0 172.16.26.0/23;
+            address SERVERS-172.16.1.0 172.16.1.0/24;
             address-set VERIZON-STATIC-FT-SILL-1 {
                 description "Fort Sill MP Static IPs for CAD Access";
                 address VERIZON-STATIC-FT-SILL-1-166.148.145.240;
@@ -1042,6 +1033,22 @@
                     }
                 }
             }
+            rule-set E911-TO-UNTRUST-NAT {
+                from zone E911;
+                to zone UNTRUST;
+                rule NAT-E911-TO-UNTRUST {
+                    match {
+                        source-address 172.16.26.0/23;
+                    }
+                    then {
+                        source-nat {
+                            pool {
+                                CITY-OF-LAWTON-OUTSIDE;
+                            }
+                        }
+                    }
+                }
+            }
         }
         static {
             rule-set STATIC-NAT {
@@ -1657,6 +1664,70 @@
                 }
             }
         }
+        from-zone E911 to-zone E911 {
+            policy E911-TO-E911 {
+                match {
+                    source-address E911-172.16.26.0;
+                    destination-address E911-172.16.26.0;
+                    application any;
+                }
+                then {
+                    permit;
+                    log {
+                        session-init;
+                        session-close;
+                    }
+                }
+            }
+        }
+        from-zone E911 to-zone TRUST {
+            policy E911-TO-TRUST {
+                match {
+                    source-address E911-172.16.26.0;
+                    destination-address SERVERS-172.16.1.0;
+                    application any;
+                }
+                then {
+                    permit;
+                    log {
+                        session-init;
+                        session-close;
+                    }
+                }
+            }
+        }
+        from-zone E911 to-zone UNTRUST {
+            policy E911-TO-UNTRUST {
+                match {
+                    source-address E911-172.16.26.0;
+                    destination-address any;
+                    application any;
+                }
+                then {
+                    permit;
+                    log {
+                        session-init;
+                        session-close;
+                    }
+                }
+            }
+        }
+        from-zone TRUST to-zone E911 {
+            policy TRUST-TO-E911 {
+                match {
+                    source-address SERVERS-172.16.1.0;
+                    destination-address E911-172.16.26.0;
+                    application any;
+                }
+                then {
+                    permit;
+                    log {
+                        session-init;
+                        session-close;
+                    }
+                }
+            }
+        }
     }
     zones {
         security-zone DMZ {
@@ -1676,7 +1747,6 @@
                 ge-0/0/1.0 {
                     host-inbound-traffic {
                         system-services {
-                            dhcp;
                             ping;
                             traceroute;
                         }
@@ -1686,7 +1756,7 @@
         }
         security-zone TRUST {
             interfaces {
-                ge-0/0/7.0 {
+                ge-0/0/7.5 {
                     host-inbound-traffic {
                         system-services {
                             ping;
@@ -1727,6 +1797,19 @@
                 }
             }
         }
+        security-zone E911 {
+            interfaces {
+                ge-0/0/7.911 {
+                    host-inbound-traffic {
+                        system-services {
+                            ping;
+                            traceroute;
+                            inactive: dhcp;
+                        }
+                    }
+                }
+            }
+        }
     }
 }
 interfaces {
@@ -1780,13 +1863,22 @@
         }
     }
     ge-0/0/7 {
-        description "L3 INTERFACE - TRUST-LAN - 172.16.1.2/12";
-        disable;
-        unit 0 {
+        description TRUNK-TO-INSIDE;
+        vlan-tagging;
+        unit 5 {
+            description "L3 INTERFACE - TRUST-LAN - 172.16.1.2/12";
+            vlan-id 5;
             family inet {
                 address 172.16.1.2/12;
             }
         }
+        unit 911 {
+            description "L3 INTERFACE - E911 - 172.16.26.1/23";
+            vlan-id 911;
+            family inet {
+                address 172.16.26.1/23;
+            }
+        }
     }
     ge-0/0/8 {
         disable;
@@ -1838,6 +1930,20 @@
         authorization read-write;
     }
 }
+forwarding-options {
+    dhcp-relay {
+        server-group {
+            DHCP-SERVERS {
+                172.16.1.3;
+            }
+        }
+        active-server-group DHCP-SERVERS;
+        group CLIENTS {
+            interface ge-0/0/7.5;
+            interface ge-0/0/7.911;
+        }
+    }
+}
 routing-options {
     static {
         route 0.0.0.0/0 next-hop 164.58.58.117;

