[Nocrancid] autopop-onenet.net router config diffs

Mon Aug 28 11:04:52 CDT 2017

Index: configs/wanette-ps.client.onenet.net
===================================================================

--- configs/wanette-ps.client.onenet.net	(revision 156107)
+++ configs/wanette-ps.client.onenet.net	(working copy)
@@ -107,8 +107,8 @@
 # total files: 1
 # 
 # grnoc-mon at WANETTE-PS-LR-004667> show system uptime 
-# System booted: 2017-08-26 11:27 CDT 
-# Protocols started: 2017-08-26 11:29 CDT 
+# System booted: 2017-08-28 10:39 CDT 
+# Protocols started: 2017-08-28 10:41 CDT 
 # Last configured: 2017-07-23 16:37 CDT  by root
 # 
 # grnoc-mon at WANETTE-PS-LR-004667> show interface terse 
Index: configs/hub.mca.onenet.net
===================================================================
--- configs/hub.mca.onenet.net	(revision 156026)
+++ configs/hub.mca.onenet.net	(working copy)
@@ -384,9 +384,9 @@
 #t3-2/0/0 up down
 #ct3-2/0/1 down down
 #t3-2/0/1 down down
-#ct3-2/0/2 up up
-#t1-2/0/2:1 up up
-#t1-2/0/2:1.0 up up
+#ct3-2/0/2 up down
+#t1-2/0/2:1 up down
+#t1-2/0/2:1.0 up down
 #t1-2/0/2:2 down down
 #t1-2/0/2:3 down down
 #t1-2/0/2:4 down down
@@ -432,8 +432,8 @@
 #t1-2/0/3:15 down down
 #t1-2/0/3:16 down down
 #t1-2/0/3:17 down down
-#t1-2/0/3:18 up up
-#t1-2/0/3:18.0 up up
+#t1-2/0/3:18 up down
+#t1-2/0/3:18.0 up down
 #t1-2/0/3:19 down down
 #t1-2/0/3:20 down down
 #t1-2/0/3:21 down down
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net	(revision 156154)
+++ configs/city-of-lawton.client.onenet.net	(working copy)
@@ -1,12 +1,12 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show system commit 
+#   2017-08-28 10:54:34 CDT by joel via cli
+#   2017-08-28 10:51:11 CDT by joel via cli
+#   2017-08-28 10:45:51 CDT by joel via cli commit confirmed, rollback in 5mins
+#   2017-08-28 10:37:35 CDT by joel via cli commit confirmed, rollback in 5mins
 #   2017-08-28 09:50:05 CDT by joel via cli
 #   2017-08-28 09:43:42 CDT by joel via cli commit confirmed, rollback in 5mins
-#   2017-08-27 23:23:09 CDT by joel via cli
-#   2017-08-27 23:20:53 CDT by joel via cli
-#   2017-08-27 23:18:32 CDT by joel via cli
-#   2017-08-27 23:08:21 CDT by joel via cli
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show chassis environment 
 # Class Item                           Status     Measurement
 # Temp  Routing Engine                 OK        
@@ -134,7 +134,7 @@
 # Time Source:  NTP CLOCK 
 # System booted: 2017-08-25 14:03 CDT 
 # Protocols started: 2017-08-25 14:03 CDT 
-# Last configured: 2017-08-28 09:50 CDT  by joel
+# Last configured: 2017-08-28 10:54 CDT  by joel
 # 
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show interface terse 
 #Interface Admin Link
@@ -166,7 +166,12 @@
 #ge-0/0/12 down down
 #ge-0/0/13 down down
 #ge-0/0/14 down down
-#ge-0/0/15 down down
+#ge-0/0/15 up up
+#ge-0/0/15.2 up up
+#ge-0/0/15.32767 up up
+#ae0 up up
+#ae0.2 up up
+#ae0.32767 up up
 #fxp0 down down
 #fxp2 up up
 #fxp2.0 up up
@@ -205,7 +210,7 @@
 #vlan up down
 #vtep up up
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show configuration 
-## Last commit: 2017-08-28 09:50:05 CDT by joel
+## Last commit: 2017-08-28 10:54:34 CDT by joel
 version 15.1X49-D90.7;
 groups {
     DENY-ALL-ELSE {
@@ -289,15 +294,15 @@
             }
         }
     }
-    DNS-TO-SERVERS {
+    SERVER-SERVICES {
         security {
             policies {
                 from-zone <*> to-zone TR-2000-SERVERS {
-                    policy DNS-TO-SERVERS {
+                    policy SERVER-SERVICES {
                         match {
                             source-address any;
                             destination-address [ SERVER-DC1-10.16.0.3 SERVER-DC2-10.16.0.4 ];
-                            application junos-dns-udp;
+                            application [ junos-dns-udp junos-dhcp-relay ];
                         }
                         then {
                             permit;
@@ -308,11 +313,11 @@
                     }
                 }
                 from-zone <*> to-zone TRUST {
-                    policy DNS-TO-SERVERS {
+                    policy SERVER-SERVICES {
                         match {
                             source-address any;
                             destination-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
-                            application junos-dns-udp;
+                            application [ junos-dns-udp junos-dhcp-relay ];
                         }
                         then {
                             permit;
@@ -325,6 +330,26 @@
             }
         }
     }
+    QUASAR-ACCESS {
+        security {
+            policies {
+                from-zone <*> to-zone QUASAR {
+                    policy <*> {
+                        match {
+                            destination-address QUASAR-VCENTER-ENV-192.168.11.0;
+                            application [ junos-https junos-ping junos-icmp-all ];
+                        }
+                        then {
+                            permit;
+                            log {
+                                session-init;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
 }
 apply-groups [ DENY-ALL-ELSE LOG-TRAFFIC ];
 system {
@@ -454,6 +479,13 @@
         server 164.58.3.98 prefer;
     }
 }
+chassis {
+    aggregated-devices {
+        ethernet {
+            device-count 1;
+        }
+    }
+}
 security {
     log {
         mode stream;
@@ -845,6 +877,7 @@
             address UN-1000-VID-CONFERENCE-10.10.0.0/16 10.10.0.0/16;
             address TRUST-172.16.0.0/12 172.16.0.0/12;
             address SERVER-DC2-10.16.0.4 10.16.0.4/32;
+            address QUASAR-VCENTER-ENV-192.168.11.0 192.168.11.0/24;
             address-set VERIZON-STATIC-FT-SILL-1 {
                 description "Fort Sill MP Static IPs for CAD Access";
                 address VERIZON-STATIC-FT-SILL-1-166.148.145.240;
@@ -1988,7 +2021,7 @@
             }
         }
         from-zone TR-0100-USERS to-zone TRUST {
-            apply-groups [ COMMON-APPLICATIONS DNS-TO-SERVERS ];
+            apply-groups [ COMMON-APPLICATIONS SERVER-SERVICES ];
             policy ALLOW-TELNET-DELETE-ME {
                 match {
                     source-address TR-0100-USERS-10.1.0.0/16;
@@ -2032,6 +2065,30 @@
                 }
             }
         }
+        from-zone TR-0100-USERS to-zone QUASAR {
+            policy TR-0100-USERS-TO-QUASAR {
+                apply-groups QUASAR-ACCESS;
+                match {
+                    source-address TR-0100-USERS-10.1.0.0/16;
+                }
+            }
+        }
+        from-zone TRUST to-zone QUASAR {
+            policy TRUST-TO-QUASAR {
+                apply-groups QUASAR-ACCESS;
+                match {
+                    source-address TRUST-172.16.0.0/12;
+                }
+            }
+        }
+        from-zone TR-2000-SERVERS to-zone QUASAR {
+            policy TR-2000-SERVERS-TO-QUASAR {
+                apply-groups QUASAR-ACCESS;
+                match {
+                    source-address TR-2000-SERVERS-10.16.0.0/16;
+                }
+            }
+        }
     }
     zones {
         security-zone DMZ {
@@ -2233,6 +2290,18 @@
                 }
             }
         }
+        security-zone QUASAR {
+            interfaces {
+                ae0.2 {
+                    host-inbound-traffic {
+                        system-services {
+                            ping;
+                            traceroute;
+                        }
+                    }
+                }
+            }
+        }
     }
 }
 interfaces {
@@ -2313,8 +2382,28 @@
         disable;
     }
     ge-0/0/15 {
-        disable;
+        description "Link to Quasar VM Env - ae0";
+        gigether-options {
+            802.3ad ae0;
+        }
     }
+    ae0 {
+        description "L3 Interface - Link to Quasar P2P - 192.168.255.3/29";
+        vlan-tagging;
+        aggregated-ether-options {
+            link-speed 1g;
+            lacp {
+                passive;
+                periodic slow;
+            }
+        }
+        unit 2 {
+            vlan-id 2;
+            family inet {
+                address 192.168.255.3/29;
+            }
+        }
+    }
     fxp0 {
         disable;
     }
@@ -2448,6 +2537,7 @@
 routing-options {
     static {
         route 0.0.0.0/0 next-hop 164.58.58.117;
+        route 192.168.11.0/24 next-hop 192.168.255.5;
     }
 }
 protocols {
Index: configs/ardmore-higher-ed-ctr.nid.onenet.net
===================================================================
--- configs/ardmore-higher-ed-ctr.nid.onenet.net	(revision 156154)
+++ configs/ardmore-higher-ed-ctr.nid.onenet.net	(working copy)
@@ -2049,7 +2049,8 @@
   configure src-addr out-ip-intf-addr "eth0"
 #
 #CLI:FLOW-1-1-1-2-1  Create
-  home
+#
+home
 network-element ne-1
   configure nte nte112pro-1-1-1
     configure access-port access-1-1-1-2

