[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sun Aug 27 19:05:01 CDT 2017
Index: configs/clayton-ps-srx220.client.onenet.net
===================================================================
--- configs/clayton-ps-srx220.client.onenet.net (revision 155153)
+++ configs/clayton-ps-srx220.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CLAYTON-PS-LR-004623> show system commit
+# 2017-08-27 18:24:06 CDT by root via other
# 2017-07-23 15:06:53 CDT by root via other
# 2016-05-20 11:14:57 CDT by andrew via cli
# 2015-10-02 22:05:13 CDT by andrew via cli
# 2015-08-27 11:35:49 CDT by andrew via cli
# 2015-08-14 16:21:03 CDT by andrew via cli
-# 2015-07-20 15:19:40 CDT by joel via cli
# grnoc-mon at CLAYTON-PS-LR-004623> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at CLAYTON-PS-LR-004623> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at CLAYTON-PS-LR-004623> show chassis fpc detail
# Slot 0 information:
@@ -50,8 +50,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -87,26 +90,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at CLAYTON-PS-LR-004623> show version
# Hostname: CLAYTON-PS-LR-004623
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CLAYTON-PS-LR-004623> show version invoke-on all-routing-engines
# Hostname: CLAYTON-PS-LR-004623
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CLAYTON-PS-LR-004623> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at CLAYTON-PS-LR-004623> show system uptime
-# System booted: 2017-07-23 15:05 CDT
-# Protocols started: 2017-07-23 15:07 CDT
-# Last configured: 2017-07-23 15:06 CDT by root
+# System booted: 2017-08-27 18:21 CDT
+# Protocols started: 2017-08-27 18:25 CDT
+# Last configured: 2017-08-27 18:24 CDT by root
#
# grnoc-mon at CLAYTON-PS-LR-004623> show interface terse
#Interface Admin Link
@@ -155,8 +159,8 @@
#vlan.5 up up
#vlan.999 up down
# grnoc-mon at CLAYTON-PS-LR-004623> show configuration
-## Last commit: 2017-07-23 15:06:53 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 18:24:06 CDT by root
+version 12.3X48-D40.5;
system {
host-name CLAYTON-PS-LR-004623;
auto-snapshot;
@@ -289,6 +293,120 @@
server 164.58.3.98 prefer;
}
}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy UNTRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ vlan.4 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ vlan.5 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
interfaces {
ge-0/0/0 {
description "UNTRUST WAN Interface";
@@ -416,120 +534,6 @@
apply-path "interfaces <*> unit <*> family inet address <*>";
}
}
-security {
- screen {
- ids-option UNTRUST-SCREEN {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- rule-set TEST-TO-UNTRUST-NAT {
- from zone TEST;
- to zone UNTRUST;
- rule NAT-TEST-TO-UNTRUST {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- }
- policies {
- from-zone UNTRUST to-zone UNTRUST {
- policy UNTRUST-TO-UNTRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone TEST to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone TEST {
- interfaces {
- vlan.999 {
- host-inbound-traffic {
- system-services {
- dhcp;
- dns;
- ping;
- traceroute;
- }
- }
- }
- }
- }
- security-zone UNTRUST {
- screen UNTRUST-SCREEN;
- interfaces {
- vlan.3 {
- host-inbound-traffic {
- system-services {
- ping;
- snmp;
- ssh;
- traceroute;
- }
- }
- }
- vlan.4 {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- }
- }
- }
- vlan.5 {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- }
- }
- }
- }
- }
- }
-}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/chisholm-ps.client.onenet.net
===================================================================
--- configs/chisholm-ps.client.onenet.net (revision 156079)
+++ configs/chisholm-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CHISHOLM-PS-LR-004647> show system commit
+# 2017-08-27 18:20:33 CDT by root via other
# 2017-07-23 15:06:55 CDT by root via other
# 2016-08-04 09:21:40 CDT by sean via cli commit confirmed, rollback in 2mins
# 2015-10-02 22:08:50 CDT by andrew via cli
# 2015-08-14 08:54:10 CDT by andrew via cli
# 2015-07-20 15:19:18 CDT by joel via cli
-# 2015-07-01 11:14:38 CDT by admin via cli
# grnoc-mon at CHISHOLM-PS-LR-004647> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at CHISHOLM-PS-LR-004647> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at CHISHOLM-PS-LR-004647> show chassis fpc detail
# Slot 0 information:
@@ -50,8 +50,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -87,26 +90,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at CHISHOLM-PS-LR-004647> show version
# Hostname: CHISHOLM-PS-LR-004647
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CHISHOLM-PS-LR-004647> show version invoke-on all-routing-engines
# Hostname: CHISHOLM-PS-LR-004647
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CHISHOLM-PS-LR-004647> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at CHISHOLM-PS-LR-004647> show system uptime
-# System booted: 2017-07-23 15:05 CDT
-# Protocols started: 2017-07-23 15:07 CDT
-# Last configured: 2017-07-23 15:06 CDT by root
+# System booted: 2017-08-27 18:18 CDT
+# Protocols started: 2017-08-27 18:21 CDT
+# Last configured: 2017-08-27 18:20 CDT by root
#
# grnoc-mon at CHISHOLM-PS-LR-004647> show interface terse
#Interface Admin Link
@@ -154,8 +158,8 @@
#vlan.4 up up
#vlan.999 up down
# grnoc-mon at CHISHOLM-PS-LR-004647> show configuration
-## Last commit: 2017-07-23 15:06:55 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 18:20:33 CDT by root
+version 12.3X48-D40.5;
system {
host-name CHISHOLM-PS-LR-004647;
domain-name onenet.net;
@@ -287,6 +291,122 @@
server 164.58.3.98 prefer;
}
}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ vlan.4 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ ge-0/0/6.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ dns;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
interfaces {
ge-0/0/0 {
description "UNTRUST WAN Interface";
@@ -403,122 +523,6 @@
apply-path "interfaces <*> unit <*> family inet address <*>";
}
}
-security {
- screen {
- ids-option UNTRUST-SCREEN {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- rule-set TEST-TO-UNTRUST-NAT {
- from zone TEST;
- to zone UNTRUST;
- rule NAT-TEST-TO-UNTRUST {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- }
- policies {
- from-zone UNTRUST to-zone UNTRUST {
- policy TRUST-TO-UNTRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone TEST to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone UNTRUST {
- screen UNTRUST-SCREEN;
- interfaces {
- vlan.3 {
- host-inbound-traffic {
- system-services {
- ping;
- snmp;
- ssh;
- traceroute;
- }
- }
- }
- vlan.4 {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- }
- }
- }
- ge-0/0/6.0 {
- host-inbound-traffic {
- system-services {
- ping;
- snmp;
- ssh;
- traceroute;
- }
- }
- }
- }
- }
- security-zone TEST {
- interfaces {
- vlan.999 {
- host-inbound-traffic {
- system-services {
- dhcp;
- dns;
- ping;
- traceroute;
- }
- }
- }
- }
- }
- }
-}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/calvin-ps.client.onenet.net
===================================================================
--- configs/calvin-ps.client.onenet.net (revision 156027)
+++ configs/calvin-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CALVIN-PS-LR-004641> show system commit
+# 2017-08-27 18:19:15 CDT by root via other
# 2017-07-23 15:06:20 CDT by root via other
# 2017-06-07 11:54:28 CDT by joel via cli
# 2015-10-06 21:54:18 CDT by admin via cli
# 2015-10-06 21:23:23 CDT by admin via cli
# 2015-06-23 15:45:59 CDT by admin via cli
-# 2015-06-23 11:31:23 CDT by admin via cli
# grnoc-mon at CALVIN-PS-LR-004641> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at CALVIN-PS-LR-004641> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at CALVIN-PS-LR-004641> show chassis fpc detail
# Slot 0 information:
@@ -50,8 +50,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -87,29 +90,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
-# WARNING: / was not properly dismounted
-# WARNING: / was not properly dismounted
-# WARNING: R/W mount of /cf/var denied. Filesystem is not clean - run fsck
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at CALVIN-PS-LR-004641> show version
# Hostname: CALVIN-PS-LR-004641
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CALVIN-PS-LR-004641> show version invoke-on all-routing-engines
# Hostname: CALVIN-PS-LR-004641
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CALVIN-PS-LR-004641> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at CALVIN-PS-LR-004641> show system uptime
-# System booted: 2017-08-23 13:26 CDT
-# Protocols started: 2017-08-23 13:28 CDT
-# Last configured: 2017-07-23 15:06 CDT by root
+# System booted: 2017-08-27 18:16 CDT
+# Protocols started: 2017-08-27 18:20 CDT
+# Last configured: 2017-08-27 18:19 CDT by root
#
# grnoc-mon at CALVIN-PS-LR-004641> show interface terse
#Interface Admin Link
@@ -156,8 +157,8 @@
#vlan.4 up up
#vlan.999 up down
# grnoc-mon at CALVIN-PS-LR-004641> show configuration
-## Last commit: 2017-07-23 15:06:20 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 18:19:15 CDT by root
+version 12.3X48-D40.5;
system {
host-name CALVIN-PS-LR-004641;
auto-snapshot;
@@ -301,116 +302,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "UNTRUST WAN Interface";
- unit 0 {
- family ethernet-switching {
- vlan {
- members UNTRUST-VLAN;
- }
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- description TEST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- description "TRUST LAN Interface";
- unit 0 {
- family ethernet-switching {
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description "L3 INTERFACE - UNTRUST-VLAN - 156.110.25.142";
- family inet {
- address 156.110.25.142/30;
- }
- }
- unit 4 {
- description "L3 INTERFACE - TRUST-VLAN - 10.127.4.1/16";
- family inet {
- address 10.127.4.1/16;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 156.110.25.141;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
screen {
ids-option UNTRUST-SCREEN {
@@ -560,6 +451,116 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - UNTRUST-VLAN - 156.110.25.142";
+ family inet {
+ address 156.110.25.142/30;
+ }
+ }
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN - 10.127.4.1/16";
+ family inet {
+ address 10.127.4.1/16;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.25.141;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/carney-ps.client.onenet.net
===================================================================
--- configs/carney-ps.client.onenet.net (revision 155960)
+++ configs/carney-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CARNEY-PS-LR-004631> show system commit
+# 2017-08-27 18:19:51 CDT by root via other
# 2017-08-21 11:13:50 CDT by sky via cli
# 2017-07-23 15:06:13 CDT by root via other
# 2017-07-05 11:49:22 CDT by sean via cli
# 2017-07-05 11:33:55 CDT by sean via cli
# 2017-06-19 16:09:07 CDT by sky via cli commit confirmed, rollback in 2mins
-# 2016-10-24 09:15:02 CDT by sean via cli
# grnoc-mon at CARNEY-PS-LR-004631> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at CARNEY-PS-LR-004631> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at CARNEY-PS-LR-004631> show chassis fpc detail
# Slot 0 information:
@@ -50,8 +50,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -87,29 +90,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
-# WARNING: / was not properly dismounted
-# WARNING: / was not properly dismounted
-# WARNING: R/W mount of /cf/var denied. Filesystem is not clean - run fsck
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at CARNEY-PS-LR-004631> show version
# Hostname: CARNEY-PS-LR-004631
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CARNEY-PS-LR-004631> show version invoke-on all-routing-engines
# Hostname: CARNEY-PS-LR-004631
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CARNEY-PS-LR-004631> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at CARNEY-PS-LR-004631> show system uptime
-# System booted: 2017-08-18 13:33 CDT
-# Protocols started: 2017-08-18 13:36 CDT
-# Last configured: 2017-08-21 11:13 CDT by sky
+# System booted: 2017-08-27 18:17 CDT
+# Protocols started: 2017-08-27 18:20 CDT
+# Last configured: 2017-08-27 18:19 CDT by root
#
# grnoc-mon at CARNEY-PS-LR-004631> show interface terse
#Interface Admin Link
@@ -155,8 +156,8 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at CARNEY-PS-LR-004631> show configuration
-## Last commit: 2017-08-21 11:13:50 CDT by sky
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 18:19:51 CDT by root
+version 12.3X48-D40.5;
system {
host-name CARNEY-PS-LR-004631;
domain-name onenet.net;
@@ -295,110 +296,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "L3 INTERFACE - UNTRUST-WAN - 164.58.9.1/31";
- unit 0 {
- family inet {
- address 164.58.9.1/31;
- }
- }
- }
- ge-0/0/1 {
- description "L2 INTERFACE - TEST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- description "L2 INTERFACE - TRUST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
- family inet {
- address 172.16.1.1/16;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 164.58.9.0;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
address-book {
global {
@@ -574,6 +471,110 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "L3 INTERFACE - UNTRUST-WAN - 164.58.9.1/31";
+ unit 0 {
+ family inet {
+ address 164.58.9.1/31;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.1.1/16";
+ family inet {
+ address 172.16.1.1/16;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.9.0;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/swi1-swink-elementary.client.onenet.net
===================================================================
--- configs/swi1-swink-elementary.client.onenet.net (revision 156138)
+++ configs/swi1-swink-elementary.client.onenet.net (working copy)
@@ -290,7 +290,7 @@
#ge-0/0/41.0 up down
#ge-0/0/42 up down
#ge-0/0/42.0 up down
-#ge-0/0/43 up down
+#ge-0/0/43 up up
#ge-0/0/43.0 up up
#ge-0/0/44 up down
#ge-0/0/44.0 up down
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net (revision 156128)
+++ configs/lavern-public-schools.client.onenet.net (working copy)
@@ -110,7 +110,7 @@
#
# grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse
#Interface Admin Link
-#ge-0/0/0 down down
+#ge-0/0/0 down up
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
Index: configs/accele-bio.client.onenet.net
===================================================================
--- configs/accele-bio.client.onenet.net (revision 155441)
+++ configs/accele-bio.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ACCELE-BIOPHARMA-TAG-004340> show system commit
+# 2017-08-27 18:19:01 CDT by root via other
# 2017-08-02 23:12:09 CDT by root via other
# 2017-05-11 09:53:35 CDT by joel via cli
# 2015-11-18 11:58:00 CST by onenet via cli commit confirmed, rollback in 3mins
# 2014-08-12 17:27:35 CDT by onenet via cli commit confirmed, rollback in 4mins
# 2014-08-08 12:31:33 CDT by onenet via cli
-# 2014-08-08 12:28:10 CDT by onenet via cli
# grnoc-mon at ACCELE-BIOPHARMA-TAG-004340> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at ACCELE-BIOPHARMA-TAG-004340> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at ACCELE-BIOPHARMA-TAG-004340> show chassis fpc detail
# Slot 0 information:
@@ -50,8 +50,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -87,26 +90,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at ACCELE-BIOPHARMA-TAG-004340> show version
# Hostname: ACCELE-BIOPHARMA-TAG-004340
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at ACCELE-BIOPHARMA-TAG-004340> show version invoke-on all-routing-engines
# Hostname: ACCELE-BIOPHARMA-TAG-004340
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at ACCELE-BIOPHARMA-TAG-004340> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at ACCELE-BIOPHARMA-TAG-004340> show system uptime
-# System booted: 2017-08-02 23:10 CDT
-# Protocols started: 2017-08-02 23:13 CDT
-# Last configured: 2017-08-02 23:12 CDT by root
+# System booted: 2017-08-27 18:16 CDT
+# Protocols started: 2017-08-27 18:20 CDT
+# Last configured: 2017-08-27 18:19 CDT by root
#
# grnoc-mon at ACCELE-BIOPHARMA-TAG-004340> show interface terse
#Interface Admin Link
@@ -152,8 +156,8 @@
#vlan.999 up down
#vlan.1314 up up
# grnoc-mon at ACCELE-BIOPHARMA-TAG-004340> show configuration
-## Last commit: 2017-08-02 23:12:09 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 18:19:01 CDT by root
+version 12.3X48-D40.5;
system {
host-name ACCELE-BIOPHARMA-TAG-004340;
auto-snapshot;
@@ -323,113 +327,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "OUTSIDE WAN Interface GE - 164.58.27.206/30";
- unit 0 {
- family inet {
- address 164.58.27.206/30 {
- primary;
- }
- address 156.110.26.153/30;
- }
- }
- }
- ge-0/0/1 {
- description "L2 INTERFACE - TEST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- description "INSIDE LAN Interface - INSIDE";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members INSIDE;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- unit 1314 {
- description "INSIDE - L3 INTERFACE";
- family inet {
- address 10.1.1.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 164.58.27.205;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
address-book {
global {
@@ -630,6 +527,113 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "OUTSIDE WAN Interface GE - 164.58.27.206/30";
+ unit 0 {
+ family inet {
+ address 164.58.27.206/30 {
+ primary;
+ }
+ address 156.110.26.153/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "INSIDE LAN Interface - INSIDE";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members INSIDE;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ unit 1314 {
+ description "INSIDE - L3 INTERFACE";
+ family inet {
+ address 10.1.1.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.27.205;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/copan-public-schools.client.onenet.net
===================================================================
--- configs/copan-public-schools.client.onenet.net (revision 155677)
+++ configs/copan-public-schools.client.onenet.net (working copy)
@@ -1,13 +1,13 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at COPAN-PUBLIC-SCHOOLS-TAG-004634> show system commit
+# 2017-08-27 18:24:13 CDT by root via other
# 2017-07-23 15:06:55 CDT by root via other
# 2016-05-04 12:00:15 CDT by sean via cli
# 2016-05-04 11:59:46 CDT by sean via cli
# 2016-01-13 11:00:20 CST by sky via cli
# 2
# 2015-12-04 11:12:48 CST by onenet via cli commit confirmed, rollback in 5mins
-# 2015-06-01 15:17:28 CDT by onenet via cli
# grnoc-mon at COPAN-PUBLIC-SCHOOLS-TAG-004634> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -18,8 +18,8 @@
#
# grnoc-mon at COPAN-PUBLIC-SCHOOLS-TAG-004634> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at COPAN-PUBLIC-SCHOOLS-TAG-004634> show chassis fpc detail
# Slot 0 information:
@@ -51,8 +51,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -88,29 +91,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
-# WARNING: / was not properly dismounted
-# WARNING: / was not properly dismounted
-# WARNING: R/W mount of /cf/var denied. Filesystem is not clean - run fsck
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at COPAN-PUBLIC-SCHOOLS-TAG-004634> show version
# Hostname: COPAN-PUBLIC-SCHOOLS-TAG-004634
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at COPAN-PUBLIC-SCHOOLS-TAG-004634> show version invoke-on all-routing-engines
# Hostname: COPAN-PUBLIC-SCHOOLS-TAG-004634
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at COPAN-PUBLIC-SCHOOLS-TAG-004634> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at COPAN-PUBLIC-SCHOOLS-TAG-004634> show system uptime
-# System booted: 2017-08-11 05:26 CDT
-# Protocols started: 2017-08-11 05:28 CDT
-# Last configured: 2017-07-23 15:06 CDT by root
+# System booted: 2017-08-27 18:21 CDT
+# Protocols started: 2017-08-27 18:25 CDT
+# Last configured: 2017-08-27 18:24 CDT by root
#
# grnoc-mon at COPAN-PUBLIC-SCHOOLS-TAG-004634> show interface terse
#Interface Admin Link
@@ -158,8 +159,8 @@
#vlan.4 up down
#vlan.999 up down
# grnoc-mon at COPAN-PUBLIC-SCHOOLS-TAG-004634> show configuration
-## Last commit: 2017-07-23 15:06:55 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 18:24:13 CDT by root
+version 12.3X48-D40.5;
system {
host-name COPAN-PUBLIC-SCHOOLS-TAG-004634;
domain-name onenet.net;
@@ -302,124 +303,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "L3 INTERFACE - UNTRUST-WAN - 156.110.130.22/30";
- unit 0 {
- family inet {
- address 156.110.130.22/30;
- }
- }
- }
- ge-0/0/1 {
- description "L2 INTERFACE - TEST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- description "L2 INTERFACE - TRUST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- ge-0/0/7 {
- description "L2 INTERFACE - UNTRUST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members UNTRUST-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description "L3 INTERFACE - TRUST-VLAN - 192.168.1.1/16";
- family inet {
- address 192.168.1.1/16;
- }
- }
- unit 4 {
- description "L3 INTERFACE - UNTRUST-VLAN - 164.58.109.193/28";
- family inet {
- address 164.58.109.193/28;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 156.110.130.21;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
address-book {
global {
@@ -489,7 +372,9 @@
rule r1 {
match {
destination-address 156.110.130.22/32;
- destination-port 8848;
+ destination-port {
+ 8848;
+ }
}
then {
destination-nat {
@@ -640,6 +525,124 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "L3 INTERFACE - UNTRUST-WAN - 156.110.130.22/30";
+ unit 0 {
+ family inet {
+ address 156.110.130.22/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/7 {
+ description "L2 INTERFACE - UNTRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - TRUST-VLAN - 192.168.1.1/16";
+ family inet {
+ address 192.168.1.1/16;
+ }
+ }
+ unit 4 {
+ description "L3 INTERFACE - UNTRUST-VLAN - 164.58.109.193/28";
+ family inet {
+ address 164.58.109.193/28;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.130.21;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/cameron-ps.client.onenet.net
===================================================================
--- configs/cameron-ps.client.onenet.net (revision 155153)
+++ configs/cameron-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CAMERON-PS-LR-004625> show system commit
+# 2017-08-27 18:19:31 CDT by root via other
# 2017-07-23 15:06:56 CDT by root via other
# 2015-10-06 18:13:49 CDT by andrew via cli
# 2015-10-06 17:31:31 CDT by andrew via cli
# 2015-10-02 16:45:52 CDT by admin via cli
# 2015-05-29 21:52:20 CDT by root via cli
-# 2015-02-26 02:35:54 CST by root via other
# grnoc-mon at CAMERON-PS-LR-004625> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at CAMERON-PS-LR-004625> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at CAMERON-PS-LR-004625> show chassis fpc detail
# Slot 0 information:
@@ -50,8 +50,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
@@ -87,26 +90,27 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
+# Kernel thread "wkupdaemon" (pid 47) exited prematurely.
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at CAMERON-PS-LR-004625> show version
# Hostname: CAMERON-PS-LR-004625
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CAMERON-PS-LR-004625> show version invoke-on all-routing-engines
# Hostname: CAMERON-PS-LR-004625
# Model: srx220h2
-# JUNOS Software Release [12.1X46-D65.4]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at CAMERON-PS-LR-004625> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at CAMERON-PS-LR-004625> show system uptime
-# System booted: 2017-07-23 15:05 CDT
-# Protocols started: 2017-07-23 15:07 CDT
-# Last configured: 2017-07-23 15:06 CDT by root
+# System booted: 2017-08-27 18:17 CDT
+# Protocols started: 2017-08-27 18:20 CDT
+# Last configured: 2017-08-27 18:19 CDT by root
#
# grnoc-mon at CAMERON-PS-LR-004625> show interface terse
#Interface Admin Link
@@ -152,8 +156,8 @@
#vlan.4 up up
#vlan.999 up down
# grnoc-mon at CAMERON-PS-LR-004625> show configuration
-## Last commit: 2017-07-23 15:06:56 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-08-27 18:19:31 CDT by root
+version 12.3X48-D40.5;
system {
host-name CAMERON-PS-LR-004625;
domain-name onenet.net;
@@ -285,109 +289,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "UNTRUST WAN Interface";
- unit 0 {
- family inet {
- address 156.110.34.14/30;
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- description TEST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- description "TRUST LAN Interface";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 4 {
- description "L3 INTERFACE - TRUST-VLAN - 172.16.1.3/16";
- family inet {
- address 172.16.1.3/16;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 156.110.34.13;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
screen {
ids-option UNTRUST-SCREEN {
@@ -512,6 +413,109 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ unit 0 {
+ family inet {
+ address 156.110.34.14/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.1.3/16";
+ family inet {
+ address 172.16.1.3/16;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.34.13;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
More information about the Nocrancid
mailing list