[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sun Aug 27 22:04:55 CDT 2017
Index: configs/swi1-swink-elementary.client.onenet.net
===================================================================
--- configs/swi1-swink-elementary.client.onenet.net (revision 156141)
+++ configs/swi1-swink-elementary.client.onenet.net (working copy)
@@ -143,7 +143,7 @@
# da0: 40.000MB/s transfers
# da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)
# Kernel thread "wkupdaemon" (pid 42) exited prematurely.
-# Trying to mount root from ufs:/dev/da0s1a
+# Trying to mount root from ufs:/dev/da0s2a
#
# {master:0}
# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show version
@@ -197,8 +197,8 @@
# grnoc-mon at SWI1-SWINK-ELEMENTARY-004750> show system uptime
# fpc0:
# --------------------------------------------------------------------------
-# System booted: 2017-08-14 09:16 CDT
-# Protocols started: 2017-08-14 09:20 CDT
+# System booted: 2017-08-27 21:20 CDT
+# Protocols started: 2017-08-27 21:24 CDT
# Last configured: 2017-07-13 16:00 CDT by admin
#
# {master:0}
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net (revision 156140)
+++ configs/lavern-public-schools.client.onenet.net (working copy)
@@ -110,7 +110,7 @@
#
# grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse
#Interface Admin Link
-#ge-0/0/0 down down
+#ge-0/0/0 down up
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
Index: configs/stringtown-high-school.client.onenet.net
===================================================================
--- configs/stringtown-high-school.client.onenet.net (revision 156141)
+++ configs/stringtown-high-school.client.onenet.net (working copy)
@@ -691,7 +691,6 @@
# OSPF instance is not running
#
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/swi2-swink-elementary.client.onenet.net
===================================================================
--- configs/swi2-swink-elementary.client.onenet.net (revision 156138)
+++ configs/swi2-swink-elementary.client.onenet.net (working copy)
@@ -134,7 +134,7 @@
# da0: 40.000MB/s transfers
# da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)
# Kernel thread "wkupdaemon" (pid 42) exited prematurely.
-# Trying to mount root from ufs:/dev/da0s2a
+# Trying to mount root from ufs:/dev/da0s1a
#
# {master:0}
# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show version
@@ -190,8 +190,8 @@
# grnoc-mon at SWI2-SWINK-ELEMENTARY-004750> show system uptime
# fpc0:
# --------------------------------------------------------------------------
-# System booted: 2017-08-14 09:16 CDT
-# Protocols started: 2017-08-14 09:20 CDT
+# System booted: 2017-08-27 21:20 CDT
+# Protocols started: 2017-08-27 21:23 CDT
# Last configured: 2017-07-13 15:45 CDT by admin
#
# {master:0}
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net (revision 156134)
+++ configs/city-of-lawton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show system commit
+# 2017-08-27 21:17:55 CDT by joel via cli
+# 2017-08-27 21:11:38 CDT by joel via cli commit confirmed, rollback in 5mins
# 2017-08-27 14:19:10 CDT by joel via cli
# 2017-08-27 14:16:05 CDT by joel via cli
# 2017-08-26 14:53:13 CDT by joel via cli commit confirmed, rollback in 5mins
# 2017-08-26 13:27:29 CDT by joel via cli
-# 2017-08-26 12:06:25 CDT by joel via cli commit confirmed, rollback in 5mins
-# 2017-08-26 11:40:16 CDT by joel via cli
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -133,7 +133,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-08-25 14:03 CDT
# Protocols started: 2017-08-25 14:03 CDT
-# Last configured: 2017-08-27 14:19 CDT by joel
+# Last configured: 2017-08-27 21:17 CDT by joel
#
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show interface terse
#Interface Admin Link
@@ -174,7 +174,18 @@
#ipip up up
#irb up up
#irb.5 up up
+#irb.100 up down
+#irb.200 up down
+#irb.300 up down
+#irb.400 up down
+#irb.500 up down
+#irb.600 up down
+#irb.700 up down
+#irb.800 up down
+#irb.900 up down
#irb.911 up up
+#irb.1000 up down
+#irb.2000 up down
#jsrv up up
#jsrv.1 up up
#lo0 up up
@@ -194,7 +205,7 @@
#vlan up down
#vtep up up
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show configuration
-## Last commit: 2017-08-27 14:19:10 CDT by joel
+## Last commit: 2017-08-27 21:17:55 CDT by joel
version 15.1X49-D90.7;
groups {
DENY-ALL-ELSE {
@@ -234,6 +245,48 @@
}
}
}
+ COMMON-APPLICATIONS {
+ security {
+ policies {
+ from-zone <*> to-zone <*> {
+ policy COMMON-APPLICATIONS {
+ match {
+ application [ junos-icmp-all junos-http junos-https ];
+ }
+ then {
+ permit;
+ log {
+ session-init;
+ session-close;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ ALLOW-PRINTING {
+ security {
+ policies {
+ from-zone <*> to-zone TR-0300-PRINTERS_SCANNERS {
+ policy ALLOW-PRINTING {
+ match {
+ source-address <*>;
+ destination-address TR-0300-PRINTERS_SCANNERS-10.3.0.0/16;
+ application any;
+ }
+ then {
+ permit;
+ log {
+ session-init;
+ session-close;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
}
apply-groups [ DENY-ALL-ELSE LOG-TRAFFIC ];
system {
@@ -740,6 +793,19 @@
address ABUSE-64.90.40.26 64.90.40.26/32;
address ABUSE-162.252.172.79 162.252.172.79/32;
address NAT-EXEMPT-ACTIVE-DIRECTORY-164.58.2.192/28 164.58.2.192/28;
+ address TR-2000-SERVERS-10.16.0.0/16 10.16.0.0/16;
+ address TR-00999-MANAGEMENT-10.255.0.0/16 10.255.0.0/16;
+ address TR-0100-USERS-10.1.0.0/16 10.1.0.0/16;
+ address UN-0200-PHONES-10.2.0.0/16 10.2.0.0/16;
+ address TR-0300-PRINTERS_SCANNERS-10.3.0.0/16 10.3.0.0/16;
+ address DMZ-0400-HVAC-10.4.0.0/16 10.4.0.0/16;
+ address TR-0500-CAMERAS-10.5.0.0/16 10.5.0.0/16;
+ address TR-0600-ACCESS_CONTROL-10.6.0.0/16 10.6.0.0/16;
+ address TR-0700-ENT-WIRELESS-10.7.0.0/16 10.7.0.0/16;
+ address UN-0800-PUB-WIRELESS-10.8.0.0/16 10.8.0.0/16;
+ address UN-0900-IOT-KIOSKS-10.9.0.0/16 10.9.0.0/16;
+ address UN-1000-VID-CONFERENCE-10.10.0.0/16 10.10.0.0/16;
+ address TRUST-172.16.0.0/12 172.16.0.0/12;
address-set VERIZON-STATIC-FT-SILL-1 {
description "Fort Sill MP Static IPs for CAD Access";
address VERIZON-STATIC-FT-SILL-1-166.148.145.240;
@@ -1353,6 +1419,7 @@
}
}
from-zone TRUST to-zone UNTRUST {
+ apply-groups COMMON-APPLICATIONS;
policy ABUSE-DENY {
match {
source-address any;
@@ -1376,7 +1443,7 @@
permit;
}
}
- policy TRUST-TO-UNTRUST {
+ inactive: policy TRUST-TO-UNTRUST {
match {
source-address any;
destination-address any;
@@ -1386,8 +1453,14 @@
permit;
}
}
+ policy COMMON-APPLICATIONS {
+ match {
+ source-address TRUST-172.16.0.0/12;
+ destination-address any;
+ }
+ }
}
- from-zone TRUST to-zone DMZ {
+ inactive: from-zone TRUST to-zone DMZ {
policy ALLOW-TRUST-TO-DMZ {
match {
source-address any;
@@ -1677,7 +1750,7 @@
}
}
}
- from-zone DMZ to-zone TRUST {
+ inactive: from-zone DMZ to-zone TRUST {
policy ALLOW-DMZ-SERVERS-TO-DOMAIN-CONTROLLERS {
description "Traffic from the DMZ servers to the inside Domain Controllers.";
match {
@@ -1868,7 +1941,7 @@
}
}
}
- from-zone TRUST to-zone TRUST {
+ inactive: from-zone TRUST to-zone TRUST {
policy TRUST-TO-TRUST {
match {
source-address any;
@@ -1884,6 +1957,40 @@
}
}
}
+ from-zone TR-0100-USERS to-zone TR-0300-PRINTERS_SCANNERS {
+ apply-groups ALLOW-PRINTING;
+ policy ALLOW-PRINTING {
+ match {
+ source-address TR-0100-USERS-10.1.0.0/16;
+ }
+ }
+ }
+ from-zone TR-0100-USERS to-zone UNTRUST {
+ apply-groups COMMON-APPLICATIONS;
+ policy COMMON-APPLICATIONS {
+ match {
+ source-address TR-0100-USERS-10.1.0.0/16;
+ destination-address any;
+ }
+ }
+ }
+ from-zone TR-0100-USERS to-zone TRUST {
+ apply-groups COMMON-APPLICATIONS;
+ policy COMMON-APPLICATIONS {
+ match {
+ source-address TR-0100-USERS-10.1.0.0/16;
+ destination-address TRUST-172.16.0.0/12;
+ }
+ }
+ }
+ from-zone TRUST to-zone TR-0300-PRINTERS_SCANNERS {
+ apply-groups ALLOW-PRINTING;
+ policy ALLOW-PRINTING {
+ match {
+ source-address TRUST-172.16.0.0/12;
+ }
+ }
+ }
}
zones {
security-zone DMZ {
@@ -1967,6 +2074,138 @@
}
}
}
+ security-zone TR-0100-USERS {
+ interfaces {
+ irb.100 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UN-0200-PHONES {
+ interfaces {
+ irb.200 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0300-PRINTERS_SCANNERS {
+ interfaces {
+ irb.300 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone DMZ-0400-HVAC {
+ interfaces {
+ irb.400 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0500-CAMERAS {
+ interfaces {
+ irb.500 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0600-ACCESS_CONTROL {
+ interfaces {
+ irb.600 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-0700-ENT-WIRELESS {
+ interfaces {
+ irb.700 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UN-0800-PUB-WIRELESS {
+ interfaces {
+ irb.800 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UN-0900-IOT-KIOSKS {
+ interfaces {
+ irb.900 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone UN-1000-VID-CONFERENCE {
+ interfaces {
+ irb.1000 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TR-2000-SERVERS {
+ interfaces {
+ irb.2000 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
}
}
interfaces {
@@ -2064,12 +2303,78 @@
address 172.16.1.2/12;
}
}
+ unit 100 {
+ description "L3 INTERFACE - TR-0100-USERS - 10.1.0.1/23";
+ family inet {
+ address 10.1.0.1/23;
+ }
+ }
+ unit 200 {
+ description "L3 INTERFACE - UN-0200-PHONES - 10.2.0.1/23";
+ family inet {
+ address 10.2.0.1/23;
+ }
+ }
+ unit 300 {
+ description "L3 INTERFACE - TR-0300-PRINTERS_SCANNERS - 10.3.0.1/23";
+ family inet {
+ address 10.3.0.1/23;
+ }
+ }
+ unit 400 {
+ description "L3 INTERFACE - DMZ-0400-HVAC - 10.4.0.1/23";
+ family inet {
+ address 10.4.0.1/23;
+ }
+ }
+ unit 500 {
+ description "L3 INTERFACE - TR-0500-CAMERAS - 10.5.0.1/23";
+ family inet {
+ address 10.5.0.1/23;
+ }
+ }
+ unit 600 {
+ description "L3 INTERFACE - TR-0600-ACCESS_CONTROL - 10.6.0.1/23";
+ family inet {
+ address 10.6.0.1/23;
+ }
+ }
+ unit 700 {
+ description "L3 INTERFACE - TR-0700-ENT-WIRELESS - 10.7.0.1/23";
+ family inet {
+ address 10.7.0.1/23;
+ }
+ }
+ unit 800 {
+ description "L3 INTERFACE - UN-0800-PUB-WIRELESS - 10.8.0.1/23";
+ family inet {
+ address 10.8.0.1/23;
+ }
+ }
+ unit 900 {
+ description "L3 INTERFACE - UN-0900-IOT-KIOSKS - 10.9.0.1/23";
+ family inet {
+ address 10.9.0.1/23;
+ }
+ }
unit 911 {
description "L3 INTERFACE - E911 - 172.16.26.1/23";
family inet {
address 172.16.26.1/23;
}
}
+ unit 1000 {
+ description "L3 INTERFACE - UN-1000-VID-CONFERENCE - 10.10.0.1/23";
+ family inet {
+ address 10.10.0.1/23;
+ }
+ }
+ unit 2000 {
+ description "L3 INTERFACE - TR-2000-SERVERS - 10.16.0.1/23";
+ family inet {
+ address 10.16.0.1/23;
+ }
+ }
}
lo0 {
unit 0 {
@@ -2105,6 +2410,15 @@
active-server-group DHCP-SERVERS;
group CLIENTS {
interface irb.5;
+ interface irb.100;
+ interface irb.200;
+ interface irb.300;
+ interface irb.400;
+ interface irb.500;
+ interface irb.600;
+ interface irb.700;
+ interface irb.800;
+ interface irb.900;
interface irb.911;
}
}
@@ -2222,14 +2536,71 @@
}
}
vlans {
+ DMZ-0400-HVAC {
+ description DMZ-0400-HVAC;
+ vlan-id 400;
+ l3-interface irb.400;
+ }
E911 {
+ description E911;
vlan-id 911;
l3-interface irb.911;
}
+ TR-0100-USERS {
+ description TR-0100-USERS;
+ vlan-id 100;
+ l3-interface irb.100;
+ }
+ TR-0300-PRINTERS_SCANNERS {
+ description TR-0300-PRINTERS_SCANNERS;
+ vlan-id 300;
+ l3-interface irb.300;
+ }
+ TR-0500-CAMERAS {
+ description TR-0500-CAMERAS;
+ vlan-id 500;
+ l3-interface irb.500;
+ }
+ TR-0600-ACCESS_CONTROL {
+ description TR-0600-ACCESS_CONTROL;
+ vlan-id 600;
+ l3-interface irb.600;
+ }
+ TR-0700-ENT-WIRELESS {
+ description TR-0700-ENT-WIRELESS;
+ vlan-id 700;
+ l3-interface irb.700;
+ }
+ TR-2000-SERVERS {
+ description TR-2000-SERVERS;
+ vlan-id 2000;
+ l3-interface irb.2000;
+ }
TRUST-LAN {
+ description TRUST-LAN;
vlan-id 5;
l3-interface irb.5;
}
+ UN-0200-PHONES {
+ description UN-0200-PHONES;
+ vlan-id 200;
+ l3-interface irb.200;
+ }
+ UN-0800-PUB-WIRELESS {
+ description UN-0800-PUB-WIRELESS;
+ vlan-id 800;
+ l3-interface irb.800;
+ }
+ UN-0900-IOT-KIOSKS {
+ description UN-0900-IOT-KIOSKS;
+ vlan-id 900;
+ l3-interface irb.900;
+ }
+ UN-1000-VID-CONFERENCE {
+ description UN-1000-VID-CONFERENCE;
+ vlan-id 1000;
+ l3-interface irb.1000;
+ }
}
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show ospf neighbor
# OSPF instance is not running
More information about the Nocrancid
mailing list