[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sun Aug 27 18:05:19 CDT 2017
Index: configs/bray-doyle-hs.client.onenet.net
===================================================================
--- configs/bray-doyle-hs.client.onenet.net (revision 155555)
+++ configs/bray-doyle-hs.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at BRAY-DOYLE-HS-LR-004927> show system commit
+# 2017-08-27 17:49:41 CDT by root via other
# 2017-08-06 16:32:08 CDT by root via other
# 2016-09-09 11:09:04 CDT by sky via cli
# 2016-09-02 17:11:59 CDT by admin via cli commit confirmed, rollback in 2mins
# 2016-09-02 17:02:00 CDT by admin via cli
# 2016-09-02 16:53:20 CDT by admin via cli
-# 2016-09-02 16:30:30 CDT by admin via cli
# grnoc-mon at BRAY-DOYLE-HS-LR-004927> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -21,8 +21,8 @@
#
# grnoc-mon at BRAY-DOYLE-HS-LR-004927> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at BRAY-DOYLE-HS-LR-004927> show chassis fpc detail
# Slot 0 information:
@@ -54,8 +54,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -106,26 +109,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
-# Trying to mount root from ufs:/dev/da0s1a
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s2a
#
# grnoc-mon at BRAY-DOYLE-HS-LR-004927> show version
# Hostname: BRAY-DOYLE-HS-LR-004927
# Model: srx240h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BRAY-DOYLE-HS-LR-004927> show version invoke-on all-routing-engines
# Hostname: BRAY-DOYLE-HS-LR-004927
# Model: srx240h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BRAY-DOYLE-HS-LR-004927> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at BRAY-DOYLE-HS-LR-004927> show system uptime
-# System booted: 2017-08-06 16:29 CDT
-# Protocols started: 2017-08-06 16:33 CDT
-# Last configured: 2017-08-06 16:32 CDT by root
+# System booted: 2017-08-27 17:46 CDT
+# Protocols started: 2017-08-27 17:51 CDT
+# Last configured: 2017-08-27 17:49 CDT by root
#
# grnoc-mon at BRAY-DOYLE-HS-LR-004927> show interface terse
#Interface Admin Link
@@ -179,8 +183,8 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at BRAY-DOYLE-HS-LR-004927> show configuration
-## Last commit: 2017-08-06 16:32:08 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 17:49:41 CDT by root
+version 12.3X48-D40.5;
system {
host-name BRAY-DOYLE-HS-LR-004927;
auto-snapshot;
@@ -310,6 +314,129 @@
server 164.58.3.98 prefer;
}
}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ rule-set TRUST-TO-UNTRUST-NAT {
+ from zone TRUST;
+ to zone UNTRUST;
+ rule NAT-TRUST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TRUST {
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
interfaces {
ge-0/0/0 {
description "L3 INTERFACE - UNTRUST-WAN - 164.58.16.233/31";
@@ -438,129 +565,6 @@
apply-path "interfaces <*> unit <*> family inet address <*>";
}
}
-security {
- screen {
- ids-option UNTRUST-SCREEN {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- rule-set TEST-TO-UNTRUST-NAT {
- from zone TEST;
- to zone UNTRUST;
- rule NAT-TEST-TO-UNTRUST {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- rule-set TRUST-TO-UNTRUST-NAT {
- from zone TRUST;
- to zone UNTRUST;
- rule NAT-TRUST-TO-UNTRUST {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- }
- policies {
- from-zone TEST to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone TRUST to-zone UNTRUST {
- policy TRUST-TO-UNTRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone UNTRUST {
- screen UNTRUST-SCREEN;
- interfaces {
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- ping;
- snmp;
- ssh;
- traceroute;
- }
- }
- }
- }
- }
- security-zone TEST {
- interfaces {
- vlan.999 {
- host-inbound-traffic {
- system-services {
- dhcp;
- ping;
- traceroute;
- }
- }
- }
- }
- }
- security-zone TRUST {
- interfaces {
- vlan.3 {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- }
- }
- }
- }
- }
- }
-}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/baptist-girls-home-srx220.client.onenet.net
===================================================================
--- configs/baptist-girls-home-srx220.client.onenet.net (revision 155150)
+++ configs/baptist-girls-home-srx220.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at BAPTIST-GIRLS-HOME-LR-004663> show system commit
+# 2017-08-27 17:24:27 CDT by root via other
# 2017-07-23 13:50:29 CDT by root via other
# 2016-12-05 11:18:24 CST by sean via cli
# 2016-12-05 11:15:05 CST by sean via cli
# 2016-12-05 11:13:13 CST by sean via cli commit confirmed, rollback in 3mins
# 2016-12-05 10:28:56 CST by sean via cli
-# 2016-12-05 10:18:14 CST by sean via cli commit confirmed, rollback in 3mins
# grnoc-mon at BAPTIST-GIRLS-HOME-LR-004663> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at BAPTIST-GIRLS-HOME-LR-004663> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at BAPTIST-GIRLS-HOME-LR-004663> show chassis fpc detail
# Slot 0 information:
@@ -50,8 +50,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -87,26 +90,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at BAPTIST-GIRLS-HOME-LR-004663> show version
# Hostname: BAPTIST-GIRLS-HOME-LR-004663
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BAPTIST-GIRLS-HOME-LR-004663> show version invoke-on all-routing-engines
# Hostname: BAPTIST-GIRLS-HOME-LR-004663
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BAPTIST-GIRLS-HOME-LR-004663> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at BAPTIST-GIRLS-HOME-LR-004663> show system uptime
-# System booted: 2017-07-23 13:49 CDT
-# Protocols started: 2017-07-23 13:51 CDT
-# Last configured: 2017-07-23 13:50 CDT by root
+# System booted: 2017-08-27 17:22 CDT
+# Protocols started: 2017-08-27 17:25 CDT
+# Last configured: 2017-08-27 17:24 CDT by root
#
# grnoc-mon at BAPTIST-GIRLS-HOME-LR-004663> show interface terse
#Interface Admin Link
@@ -154,8 +158,8 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at BAPTIST-GIRLS-HOME-LR-004663> show configuration
-## Last commit: 2017-07-23 13:50:29 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 17:24:27 CDT by root
+version 12.3X48-D40.5;
system {
host-name BAPTIST-GIRLS-HOME-LR-004663;
domain-name onenet.net;
@@ -284,122 +288,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "UNTRUST WAN Interface - 164.58.255.46/30";
- unit 0 {
- family inet {
- address 164.58.255.46/30;
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- description TEST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- description "UNTRUST WAN Interface - 156.110.43.97/29";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members UNTRUST-VLAN;
- }
- }
- }
- }
- ge-0/0/6 {
- description "UNTRUST WAN Interface - 156.110.43.97/29";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members UNTRUST-VLAN;
- }
- }
- }
- }
- ge-0/0/7 {
- description "UNTRUST WAN Interface - 156.110.130.161/29";
- unit 0 {
- family inet {
- address 156.110.130.161/29;
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description UNTRUST-LAN;
- family inet {
- address 156.110.43.97/29;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 164.58.255.45;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
screen {
ids-option UNTRUST-SCREEN {
@@ -523,6 +411,122 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface - 164.58.255.46/30";
+ unit 0 {
+ family inet {
+ address 164.58.255.46/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ description "UNTRUST WAN Interface - 156.110.43.97/29";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/6 {
+ description "UNTRUST WAN Interface - 156.110.43.97/29";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/7 {
+ description "UNTRUST WAN Interface - 156.110.130.161/29";
+ unit 0 {
+ family inet {
+ address 156.110.130.161/29;
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description UNTRUST-LAN;
+ family inet {
+ address 156.110.43.97/29;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.255.45;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/butner-ps.client.onenet.net
===================================================================
--- configs/butner-ps.client.onenet.net (revision 156055)
+++ configs/butner-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at BUTNER-SRX220-LEASED-ASSET-TAG-004662> show system commit
+# 2017-08-27 17:29:00 CDT by root via other
# 2017-08-24 13:58:10 CDT by andrew via cli
# 2017-08-24 13:52:11 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2017-08-24 13:47:43 CDT by andrew via cli commit confirmed, rollback in 2mins
# 2017-08-24 13:43:38 CDT by root via other
# 2017-08-24 13:37:53 CDT by andrew via cli commit confirmed, rollback in 5mins
-# 2017-08-24 13:31:40 CDT by andrew via cli
# grnoc-mon at BUTNER-SRX220-LEASED-ASSET-TAG-004662> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at BUTNER-SRX220-LEASED-ASSET-TAG-004662> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at BUTNER-SRX220-LEASED-ASSET-TAG-004662> show chassis fpc detail
# Slot 0 information:
@@ -50,8 +50,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -87,26 +90,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at BUTNER-SRX220-LEASED-ASSET-TAG-004662> show version
# Hostname: BUTNER-SRX220-LEASED-ASSET-TAG-004662
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BUTNER-SRX220-LEASED-ASSET-TAG-004662> show version invoke-on all-routing-engines
# Hostname: BUTNER-SRX220-LEASED-ASSET-TAG-004662
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BUTNER-SRX220-LEASED-ASSET-TAG-004662> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at BUTNER-SRX220-LEASED-ASSET-TAG-004662> show system uptime
-# System booted: 2017-08-15 13:48 CDT
-# Protocols started: 2017-08-15 13:50 CDT
-# Last configured: 2017-08-24 13:58 CDT by andrew
+# System booted: 2017-08-27 17:26 CDT
+# Protocols started: 2017-08-27 17:30 CDT
+# Last configured: 2017-08-27 17:29 CDT by root
#
# grnoc-mon at BUTNER-SRX220-LEASED-ASSET-TAG-004662> show interface terse
#Interface Admin Link
@@ -156,8 +160,8 @@
#vlan.100 up up
#vlan.999 up down
# grnoc-mon at BUTNER-SRX220-LEASED-ASSET-TAG-004662> show configuration
-## Last commit: 2017-08-24 13:58:10 CDT by andrew
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 17:29:00 CDT by root
+version 12.3X48-D40.5;
system {
host-name BUTNER-SRX220-LEASED-ASSET-TAG-004662;
domain-name onenet.net;
@@ -293,134 +297,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "UNTRUST WAN Interface";
- flexible-vlan-tagging;
- speed 100m;
- link-mode full-duplex;
- gigether-options {
- no-auto-negotiation;
- }
- unit 900 {
- vlan-id 900;
- family inet {
- address 156.110.25.30/30;
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- description TEST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- unit 0 {
- family ethernet-switching {
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- ge-0/0/7 {
- description "TRUST LAN Interface";
- unit 0 {
- family ethernet-switching {
- port-mode trunk;
- vlan {
- members [ TRUST-VLAN SWITCH-MGMT WIFI-MGMT ];
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 90 {
- description "L3 INTERFACE - SWITCH MGMT - 10.199.10.65/27";
- family inet {
- address 10.199.10.65/27;
- }
- }
- unit 91 {
- description "L3 INTERFACE - WIFI MGMT - 10.199.10.97/27";
- family inet {
- address 10.199.10.97/27;
- }
- }
- unit 100 {
- description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
- family inet {
- address 172.16.1.1/16;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 156.110.25.29;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
address-book {
global {
@@ -492,7 +368,9 @@
rule ROCKET-80 {
match {
destination-address 156.110.25.30/32;
- destination-port 80;
+ destination-port {
+ 80;
+ }
protocol tcp;
}
then {
@@ -506,7 +384,9 @@
rule ROCKET-443 {
match {
destination-address 156.110.25.30/32;
- destination-port 443;
+ destination-port {
+ 443;
+ }
protocol tcp;
}
then {
@@ -688,6 +568,134 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ flexible-vlan-tagging;
+ speed 100m;
+ link-mode full-duplex;
+ gigether-options {
+ no-auto-negotiation;
+ }
+ unit 900 {
+ vlan-id 900;
+ family inet {
+ address 156.110.25.30/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/7 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ TRUST-VLAN SWITCH-MGMT WIFI-MGMT ];
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 90 {
+ description "L3 INTERFACE - SWITCH MGMT - 10.199.10.65/27";
+ family inet {
+ address 10.199.10.65/27;
+ }
+ }
+ unit 91 {
+ description "L3 INTERFACE - WIFI MGMT - 10.199.10.97/27";
+ family inet {
+ address 10.199.10.97/27;
+ }
+ }
+ unit 100 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
+ family inet {
+ address 172.16.1.1/16;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.25.29;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/byng-ps.client.onenet.net
===================================================================
--- configs/byng-ps.client.onenet.net (revision 156137)
+++ configs/byng-ps.client.onenet.net (working copy)
@@ -1,12 +1,13 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at BYNG-PS-LR-005454> show system commit
+# 2017-08-27 17:17:13 CDT by root via other
# 2017-08-07 11:49:07 CDT by admin via cli
# 2017-08-07 11:47:59 CDT by admin via cli
# 2017-08-04 15:50:20 CDT by root via cli
# 2017-08-04 15:27:42 CDT by root via cli
# 2017-07-31 11:08:49 CDT by root via other
-# rescue 2017-08-27 16:29:33 CDT by andrew via cli
+# rescue 2017-08-27 17:22:35 CDT by andrew via cli
#
# grnoc-mon at BYNG-PS-LR-005454> show chassis environment
# Class Item Status Measurement
@@ -20,8 +21,8 @@
#
# grnoc-mon at BYNG-PS-LR-005454> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 15.1X49-D45 by builder on 2016-04-25 07:17:11 UTC
-# FWDD O/S Version 15.1X49-D45 by builder on 2016-04-25 07:17:11 UTC
+# FPC 0 O/S Version 15.1X49-D90.7 by builder on 2017-04-29 06:10:46 UTC
+# FWDD O/S Version 15.1X49-D90.7 by builder on 2017-04-29 06:10:46 UTC
#
# grnoc-mon at BYNG-PS-LR-005454> show chassis fpc detail
# Slot 0 information:
@@ -48,7 +49,7 @@
# grnoc-mon at BYNG-PS-LR-005454> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
# Running in PARTITIONED TLB MODE
-# Copyright (c) 1996-2016, Juniper Networks, Inc.
+# Copyright (c) 1996-2017, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2007 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
@@ -107,31 +108,34 @@
# da0: <ATP ATP CG eUSB 1100> Fixed Direct Access SCSI-4 device
# da0: 40.000MB/s transfers
# da0: 7672MB (15712256 512 byte sectors: 255H 63S/T 978C)
-# Trying to mount root from ufs:/dev/da0s1a
-# WARNING: / was not properly dismounted
-# WARNING: / was not properly dismounted
+# Trying to mount root from ufs:/dev/da0s2a
#
+# LPC bus driver
+# lpcbus0 on cpld0
+# tpm0: <Trusted Platform Module> on lpcbus0
+# tpm: IFX SLB 9660 TT 1.2 rev 0x10
+#
# grnoc-mon at BYNG-PS-LR-005454> show version
# Hostname: BYNG-PS-LR-005454
# Model: srx340
-# Junos: 15.1X49-D45
-# JUNOS Software Release [15.1X49-D45]
+# Junos: 15.1X49-D90.7
+# JUNOS Software Release [15.1X49-D90.7]
#
# grnoc-mon at BYNG-PS-LR-005454> show version invoke-on all-routing-engines
# Hostname: BYNG-PS-LR-005454
# Model: srx340
-# Junos: 15.1X49-D45
-# JUNOS Software Release [15.1X49-D45]
+# Junos: 15.1X49-D90.7
+# JUNOS Software Release [15.1X49-D90.7]
#
# grnoc-mon at BYNG-PS-LR-005454> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Apr 25 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Apr 29 02:34 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at BYNG-PS-LR-005454> show system uptime
# Time Source: NTP CLOCK
-# System booted: 2017-08-27 16:37 CDT
-# Protocols started: 2017-08-27 16:37 CDT
-# Last configured: 2017-08-07 11:49 CDT by admin
+# System booted: 2017-08-27 17:14 CDT
+# Protocols started: 2017-08-27 17:14 CDT
+# Last configured: 2017-08-27 17:17 CDT by root
#
# grnoc-mon at BYNG-PS-LR-005454> show interface terse
#Interface Admin Link
@@ -170,6 +174,8 @@
#ipip up up
#irb up up
#irb.999 up down
+#jsrv up up
+#jsrv.1 up up
#lo0 up up
#lo0.0 up up
#lo0.16384 up up
@@ -187,8 +193,8 @@
#vlan up down
#vtep up up
# grnoc-mon at BYNG-PS-LR-005454> show configuration
-## Last commit: 2017-08-07 11:49:07 CDT by admin
-version 15.1X49-D45;
+## Last commit: 2017-08-27 17:17:13 CDT by root
+version 15.1X49-D90.7;
system {
host-name BYNG-PS-LR-005454;
auto-snapshot;
@@ -627,9 +633,6 @@
}
switch-options {
interface ge-0/0/1.0 {
- ##
- ## Warning: configuration block ignored: unsupported platform (srx340)
- ##
interface-mac-limit {
3;
packet-action drop;
Index: configs/bearden-ps.client.onenet.net
===================================================================
--- configs/bearden-ps.client.onenet.net (revision 155153)
+++ configs/bearden-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at BEARDEN-PS-LR-004343> show system commit
+# 2017-08-27 17:24:37 CDT by root via other
# 2017-07-23 15:09:04 CDT by root via other
# 2016-11-03 13:23:30 CDT by aberrios via cli
# 2016-05-30 13:13:22 CDT by andrew via cli
# 2015-10-06 18:02:20 CDT by admin via cli
# 2015-05-13 10:31:44 CDT by admin via cli
-# 2015-01-23 14:16:10 CST by admin via cli
# grnoc-mon at BEARDEN-PS-LR-004343> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at BEARDEN-PS-LR-004343> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at BEARDEN-PS-LR-004343> show chassis fpc detail
# Slot 0 information:
@@ -50,8 +50,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -87,26 +90,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at BEARDEN-PS-LR-004343> show version
# Hostname: BEARDEN-PS-LR-004343
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BEARDEN-PS-LR-004343> show version invoke-on all-routing-engines
# Hostname: BEARDEN-PS-LR-004343
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BEARDEN-PS-LR-004343> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at BEARDEN-PS-LR-004343> show system uptime
-# System booted: 2017-07-23 15:07 CDT
-# Protocols started: 2017-07-23 15:10 CDT
-# Last configured: 2017-07-23 15:09 CDT by root
+# System booted: 2017-08-27 17:22 CDT
+# Protocols started: 2017-08-27 17:25 CDT
+# Last configured: 2017-08-27 17:24 CDT by root
#
# grnoc-mon at BEARDEN-PS-LR-004343> show interface terse
#Interface Admin Link
@@ -152,8 +156,8 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at BEARDEN-PS-LR-004343> show configuration
-## Last commit: 2017-07-23 15:09:04 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 17:24:37 CDT by root
+version 12.3X48-D40.5;
system {
host-name BEARDEN-PS-LR-004343;
domain-name onenet.net;
@@ -282,110 +286,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "L3 INTERFACE - UNTRUST-WAN - 164.58.28.194/30";
- unit 0 {
- family inet {
- address 164.58.28.194/30;
- }
- }
- }
- ge-0/0/1 {
- description "L2 INTERFACE - TEST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- description "L2 INTERFACE - TRUST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
- family inet {
- address 172.16.1.1/16;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 164.58.28.193;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
screen {
ids-option UNTRUST-SCREEN {
@@ -509,6 +409,110 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "L3 INTERFACE - UNTRUST-WAN - 164.58.28.194/30";
+ unit 0 {
+ family inet {
+ address 164.58.28.194/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
+ family inet {
+ address 172.16.1.1/16;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.28.193;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/swi1-swink-elementary.client.onenet.net
===================================================================
--- configs/swi1-swink-elementary.client.onenet.net (revision 156055)
+++ configs/swi1-swink-elementary.client.onenet.net (working copy)
@@ -284,13 +284,13 @@
#ge-0/0/38.0 up down
#ge-0/0/39 up down
#ge-0/0/39.0 up down
-#ge-0/0/40 up up
-#ge-0/0/40.0 up up
+#ge-0/0/40 up down
+#ge-0/0/40.0 up down
#ge-0/0/41 up down
#ge-0/0/41.0 up down
#ge-0/0/42 up down
#ge-0/0/42.0 up down
-#ge-0/0/43 up up
+#ge-0/0/43 up down
#ge-0/0/43.0 up up
#ge-0/0/44 up down
#ge-0/0/44.0 up down
Index: configs/bennington-ps-srx220.client.onenet.net
===================================================================
--- configs/bennington-ps-srx220.client.onenet.net (revision 155824)
+++ configs/bennington-ps-srx220.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at BENNINGTON-PS-LR-004630> show system commit
+# 2017-08-27 17:24:49 CDT by root via other
# 2017-07-23 14:00:57 CDT by root via other
# 2016-10-04 15:30:38 CDT by sky via cli
# 2016-10-04 15:22:46 CDT by sky via cli commit confirmed, rollback in 2mins
# 2016-09-27 16:25:52 CDT by sky via cli commit confirmed, rollback in 3mins
# 2016-09-12 09:49:16 CDT by admin via cli
-# 2016-08-22 10:30:52 CDT by sky via cli
# grnoc-mon at BENNINGTON-PS-LR-004630> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at BENNINGTON-PS-LR-004630> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at BENNINGTON-PS-LR-004630> show chassis fpc detail
# Slot 0 information:
@@ -50,8 +50,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -87,29 +90,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s2a
-# WARNING: / was not properly dismounted
-# WARNING: / was not properly dismounted
-# WARNING: R/W mount of /cf/var denied. Filesystem is not clean - run fsck
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s1a
#
# grnoc-mon at BENNINGTON-PS-LR-004630> show version
# Hostname: BENNINGTON-PS-LR-004630
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BENNINGTON-PS-LR-004630> show version invoke-on all-routing-engines
# Hostname: BENNINGTON-PS-LR-004630
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BENNINGTON-PS-LR-004630> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at BENNINGTON-PS-LR-004630> show system uptime
-# System booted: 2017-08-06 21:42 CDT
-# Protocols started: 2017-08-06 21:44 CDT
-# Last configured: 2017-07-23 14:00 CDT by root
+# System booted: 2017-08-27 17:22 CDT
+# Protocols started: 2017-08-27 17:25 CDT
+# Last configured: 2017-08-27 17:24 CDT by root
#
# grnoc-mon at BENNINGTON-PS-LR-004630> show interface terse
#Interface Admin Link
@@ -157,8 +158,8 @@
#vlan.4 up up
#vlan.999 up down
# grnoc-mon at BENNINGTON-PS-LR-004630> show configuration
-## Last commit: 2017-07-23 14:00:57 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 17:24:49 CDT by root
+version 12.3X48-D40.5;
system {
host-name BENNINGTON-PS-LR-004630;
auto-snapshot;
@@ -288,121 +289,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "UNTRUST WAN Interface";
- unit 0 {
- family ethernet-switching {
- vlan {
- members UNTRUST-VLAN;
- }
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- description TEST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- description "Video Unit";
- unit 0 {
- family inet {
- address 164.58.17.225/29;
- }
- }
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- description "TRUST LAN Interface";
- unit 0 {
- family ethernet-switching {
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description "L3 INTERFACE - UNTRUST-VLAN - 164.58.9.18/30";
- family inet {
- address 164.58.9.18/30;
- }
- }
- unit 4 {
- description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
- family inet {
- address 172.16.1.1/16;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 164.58.9.17;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
screen {
ids-option UNTRUST-SCREEN {
@@ -531,7 +417,9 @@
rule TRUST-DNS-NAT-RULE {
match {
destination-address 0.0.0.0/0;
- destination-port 53;
+ destination-port {
+ 53;
+ }
}
then {
destination-nat {
@@ -635,6 +523,121 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ description "Video Unit";
+ unit 0 {
+ family inet {
+ address 164.58.17.225/29;
+ }
+ }
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - UNTRUST-VLAN - 164.58.9.18/30";
+ family inet {
+ address 164.58.9.18/30;
+ }
+ }
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
+ family inet {
+ address 172.16.1.1/16;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.9.17;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/swi2-swink-elementary.client.onenet.net
===================================================================
--- configs/swi2-swink-elementary.client.onenet.net (revision 155760)
+++ configs/swi2-swink-elementary.client.onenet.net (working copy)
@@ -213,8 +213,8 @@
#ge-0/0/6.0 up up
#ge-0/0/7 up down
#ge-0/0/7.0 up down
-#ge-0/0/8 up up
-#ge-0/0/8.0 up up
+#ge-0/0/8 up down
+#ge-0/0/8.0 up down
#ge-0/0/9 up down
#ge-0/0/9.0 up down
#ge-0/0/10 up down
Index: configs/avant-ps-srx220.client.onenet.net
===================================================================
--- configs/avant-ps-srx220.client.onenet.net (revision 155150)
+++ configs/avant-ps-srx220.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at AVANT-PS-LR-004643> show system commit
+# 2017-08-27 17:24:25 CDT by root via other
# 2017-07-23 13:47:49 CDT by root via other
# 2016-06-21 10:27:47 CDT by joel via cli
# 2015-11-24 09:58:23 CST by admin via cli commit confirmed, rollback in 3mins
# 2015-11-24 09:57:28 CST by root via other
# 2015-11-24 09:54:05 CST by admin via cli commit confirmed, rollback in 3mins
-# 2015-11-24 09:27:23 CST by andrew via cli
# grnoc-mon at AVANT-PS-LR-004643> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,9 +17,9 @@
#
# grnoc-mon at AVANT-PS-LR-004643> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FPC 1 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FPC 1 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at AVANT-PS-LR-004643> show chassis fpc detail
# Slot 0 information:
@@ -56,8 +56,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -93,26 +96,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at AVANT-PS-LR-004643> show version
# Hostname: AVANT-PS-LR-004643
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at AVANT-PS-LR-004643> show version invoke-on all-routing-engines
# Hostname: AVANT-PS-LR-004643
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at AVANT-PS-LR-004643> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at AVANT-PS-LR-004643> show system uptime
-# System booted: 2017-07-23 13:46 CDT
-# Protocols started: 2017-07-23 13:48 CDT
-# Last configured: 2017-07-23 13:47 CDT by root
+# System booted: 2017-08-27 17:22 CDT
+# Protocols started: 2017-08-27 17:25 CDT
+# Last configured: 2017-08-27 17:24 CDT by root
#
# grnoc-mon at AVANT-PS-LR-004643> show interface terse
#Interface Admin Link
@@ -159,8 +163,8 @@
#vlan.4 up up
#vlan.999 up down
# grnoc-mon at AVANT-PS-LR-004643> show configuration
-## Last commit: 2017-07-23 13:47:49 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 17:24:25 CDT by root
+version 12.3X48-D40.5;
system {
host-name AVANT-PS-LR-004643;
auto-snapshot;
@@ -293,111 +297,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "L3 INTERFACE - UNTRUST-WAN - 164.58.7.254/30";
- unit 0 {
- family inet {
- address 164.58.7.254/30;
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- description TEST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- description "TRUST LAN Interface";
- unit 0 {
- family ethernet-switching {
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- t1-1/0/0 {
- disable;
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 4 {
- description "L3 INTERFACE - TRUST-VLAN - 10.2.0.10/22";
- family inet {
- address 10.2.0.10/22;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 164.58.7.253;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
screen {
ids-option UNTRUST-SCREEN {
@@ -522,6 +421,111 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "L3 INTERFACE - UNTRUST-WAN - 164.58.7.254/30";
+ unit 0 {
+ family inet {
+ address 164.58.7.254/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ t1-1/0/0 {
+ disable;
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN - 10.2.0.10/22";
+ family inet {
+ address 10.2.0.10/22;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.7.253;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/chhc-hartshorne-srx340.onenet.net
===================================================================
--- configs/chhc-hartshorne-srx340.onenet.net (revision 156137)
+++ configs/chhc-hartshorne-srx340.onenet.net (working copy)
@@ -1,12 +1,13 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CHHC-HARTSHORNE-5449> show system commit
+# 2017-08-27 17:18:47 CDT by root via other
# 2017-07-07 16:31:02 CDT by admin via cli
# 2017-07-06 16:42:51 CDT by root via cli
# 2017-07-06 16:14:49 CDT by root via cli
# 2017-07-06 16:10:36 CDT by root via cli
# 2017-07-06 13:44:36 CDT by root via other
-# rescue 2017-08-27 16:29:40 CDT by andrew via cli
+# rescue 2017-08-27 17:22:52 CDT by andrew via cli
#
# grnoc-mon at CHHC-HARTSHORNE-5449> show chassis environment
# Class Item Status Measurement
@@ -20,8 +21,8 @@
#
# grnoc-mon at CHHC-HARTSHORNE-5449> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 15.1X49-D45 by builder on 2016-04-25 07:17:11 UTC
-# FWDD O/S Version 15.1X49-D45 by builder on 2016-04-25 07:17:11 UTC
+# FPC 0 O/S Version 15.1X49-D90.7 by builder on 2017-04-29 06:10:46 UTC
+# FWDD O/S Version 15.1X49-D90.7 by builder on 2017-04-29 06:10:46 UTC
#
# grnoc-mon at CHHC-HARTSHORNE-5449> show chassis fpc detail
# Slot 0 information:
@@ -48,7 +49,7 @@
# grnoc-mon at CHHC-HARTSHORNE-5449> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
# Running in PARTITIONED TLB MODE
-# Copyright (c) 1996-2016, Juniper Networks, Inc.
+# Copyright (c) 1996-2017, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2007 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
@@ -107,29 +108,34 @@
# da0: <ATP ATP CG eUSB 1100> Fixed Direct Access SCSI-4 device
# da0: 40.000MB/s transfers
# da0: 7672MB (15712256 512 byte sectors: 255H 63S/T 978C)
-# Trying to mount root from ufs:/dev/da0s1a
+# Trying to mount root from ufs:/dev/da0s2a
#
+# LPC bus driver
+# lpcbus0 on cpld0
+# tpm0: <Trusted Platform Module> on lpcbus0
+# tpm: IFX SLB 9660 TT 1.2 rev 0x10
+#
# grnoc-mon at CHHC-HARTSHORNE-5449> show version
# Hostname: CHHC-HARTSHORNE-5449
# Model: srx340
-# Junos: 15.1X49-D45
-# JUNOS Software Release [15.1X49-D45]
+# Junos: 15.1X49-D90.7
+# JUNOS Software Release [15.1X49-D90.7]
#
# grnoc-mon at CHHC-HARTSHORNE-5449> show version invoke-on all-routing-engines
# Hostname: CHHC-HARTSHORNE-5449
# Model: srx340
-# Junos: 15.1X49-D45
-# JUNOS Software Release [15.1X49-D45]
+# Junos: 15.1X49-D90.7
+# JUNOS Software Release [15.1X49-D90.7]
#
# grnoc-mon at CHHC-HARTSHORNE-5449> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Apr 25 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Apr 29 02:34 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at CHHC-HARTSHORNE-5449> show system uptime
# Time Source: NTP CLOCK
-# System booted: 2017-08-27 16:37 CDT
-# Protocols started: 2017-08-27 16:37 CDT
-# Last configured: 2017-07-07 16:31 CDT by admin
+# System booted: 2017-08-27 17:16 CDT
+# Protocols started: 2017-08-27 17:16 CDT
+# Last configured: 2017-08-27 17:18 CDT by root
#
# grnoc-mon at CHHC-HARTSHORNE-5449> show interface terse
#Interface Admin Link
@@ -167,6 +173,8 @@
#ipip up up
#irb up up
#irb.999 up down
+#jsrv up up
+#jsrv.1 up up
#lo0 up up
#lo0.0 up up
#lo0.16384 up up
@@ -184,8 +192,8 @@
#vlan up down
#vtep up up
# grnoc-mon at CHHC-HARTSHORNE-5449> show configuration
-## Last commit: 2017-07-07 16:31:02 CDT by admin
-version 15.1X49-D45;
+## Last commit: 2017-08-27 17:18:47 CDT by root
+version 15.1X49-D90.7;
system {
host-name CHHC-HARTSHORNE-5449;
auto-snapshot;
@@ -623,9 +631,6 @@
}
switch-options {
interface ge-0/0/1.0 {
- ##
- ## Warning: configuration block ignored: unsupported platform (srx340)
- ##
interface-mac-limit {
3;
packet-action drop;
More information about the Nocrancid
mailing list