[Nocrancid] autopop-onenet.net router config diffs

Mon Aug 28 15:04:53 CDT 2017

Index: configs/blackwell-ps.client.onenet.net
===================================================================

--- configs/blackwell-ps.client.onenet.net	(revision 155534)
+++ configs/blackwell-ps.client.onenet.net	(working copy)
@@ -1,12 +1,12 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show system commit 
+#   2017-08-28 14:52:57 CDT by sean via cli
 #   2017-08-05 20:57:47 CDT by root via other
 #   2017-08-02 23:11:37 CDT by root via other
 #   2016-12-06 11:32:23 CST by sean via cli commit confirmed, rollback in 3mins
 #   2016-04-30 11:42:19 CDT by andrew via cli
 #   2015-10-08 14:14:14 CDT by sky via cli
-#   2015-10-08 14:11:34 CDT by sky via cli
 # grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show chassis environment 
 # Class Item                           Status     Measurement
 # Temp  Routing Engine                 OK        
@@ -129,7 +129,7 @@
 # grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show system uptime 
 # System booted: 2017-08-05 20:54 CDT 
 # Protocols started: 2017-08-05 21:00 CDT 
-# Last configured: 2017-08-05 20:57 CDT  by root
+# Last configured: 2017-08-28 14:52 CDT  by sean
 # 
 # grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show interface terse 
 #Interface Admin Link
@@ -145,7 +145,7 @@
 #sp-0/0/0.16383 up up
 #ge-0/0/1 up down
 #ge-0/0/1.0 up down
-#ge-0/0/2 down down
+#ge-0/0/2 up up
 #ge-0/0/3 down down
 #ge-0/0/4 down down
 #ge-0/0/5 down down
@@ -184,7 +184,7 @@
 #vlan.4 up up
 #vlan.999 up down
 # grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show configuration 
-## Last commit: 2017-08-05 20:57:47 CDT by root
+## Last commit: 2017-08-28 14:52:57 CDT by sean
 version 12.3X48-D40.5;
 system {
     host-name BLACKWELL-PS-SRX240-LR-004896;
@@ -657,9 +657,6 @@
             }
         }
     }
-    ge-0/0/2 {
-        disable;
-    }
     ge-0/0/3 {
         disable;
     }
Index: configs/odmhsas-camhc-idabel.client.onenet.net
===================================================================
--- configs/odmhsas-camhc-idabel.client.onenet.net	(revision 156055)
+++ configs/odmhsas-camhc-idabel.client.onenet.net	(working copy)
@@ -959,3 +959,4 @@
 1 sessions, 1 clients
 Cumulative transmit rate 0.5 pps, cumulative receive rate 0.5 pps
 
+quit
Index: configs/swi1-swink-elementary.client.onenet.net
===================================================================
--- configs/swi1-swink-elementary.client.onenet.net	(revision 156154)
+++ configs/swi1-swink-elementary.client.onenet.net	(working copy)
@@ -212,8 +212,8 @@
 #ge-0/0/2.0 up down
 #ge-0/0/3 up down
 #ge-0/0/3.0 up down
-#ge-0/0/4 up down
-#ge-0/0/4.0 up down
+#ge-0/0/4 up up
+#ge-0/0/4.0 up up
 #ge-0/0/5 up down
 #ge-0/0/5.0 up down
 #ge-0/0/6 up down
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net	(revision 156159)
+++ configs/lavern-public-schools.client.onenet.net	(working copy)
@@ -110,7 +110,7 @@
 # 
 # grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse 
 #Interface Admin Link
-#ge-0/0/0 down down
+#ge-0/0/0 down up
 #gr-0/0/0 up up
 #ip-0/0/0 up up
 #lsq-0/0/0 up up
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net	(revision 156158)
+++ configs/city-of-lawton.client.onenet.net	(working copy)
@@ -1,12 +1,12 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show system commit 
+#   2017-08-28 14:34:42 CDT by root via other
+#   2017-08-28 14:31:37 CDT by joel via cli commit confirmed, rollback in 2mins
+#   2017-08-28 14:26:20 CDT by joel via cli
 #   2017-08-28 12:13:03 CDT by joel via cli commit confirmed, rollback in 5mins
 #   2017-08-28 12:01:06 CDT by joel via cli
 #   2017-08-28 11:56:28 CDT by joel via cli
-#   2017-08-28 11:54:02 CDT by joel via cli
-#   2017-08-28 11:46:57 CDT by joel via cli
-#   2017-08-28 11:43:01 CDT by joel via cli
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show chassis environment 
 # Class Item                           Status     Measurement
 # Temp  Routing Engine                 OK        
@@ -134,7 +134,7 @@
 # Time Source:  NTP CLOCK 
 # System booted: 2017-08-25 14:03 CDT 
 # Protocols started: 2017-08-25 14:03 CDT 
-# Last configured: 2017-08-28 12:13 CDT  by joel
+# Last configured: 2017-08-28 14:34 CDT  by root
 # 
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show interface terse 
 #Interface Admin Link
@@ -210,7 +210,7 @@
 #vlan up down
 #vtep up up
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show configuration 
-## Last commit: 2017-08-28 12:13:03 CDT by joel
+## Last commit: 2017-08-28 14:34:42 CDT by root
 version 15.1X49-D90.7;
 groups {
     COMMON-APPLICATIONS {
@@ -221,7 +221,7 @@
                         match {
                             source-address <*>;
                             destination-address <*>;
-                            application [ junos-icmp-all junos-http junos-https junos-ping junos-dns-udp junos-dhcp-relay ];
+                            application [ junos-icmp-all junos-http junos-https ];
                         }
                         then {
                             permit;
@@ -235,6 +235,44 @@
             }
         }
     }
+    SERVER-SERVICES {
+        security {
+            policies {
+                from-zone <*> to-zone TRUST {
+                    policy SERVER-SERVICES {
+                        match {
+                            source-address <*>;
+                            destination-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
+                            application [ junos-dns-udp junos-dhcp-relay ];
+                        }
+                        then {
+                            permit;
+                            log {
+                                session-init;
+                                session-close;
+                            }
+                        }
+                    }
+                }
+                from-zone <*> to-zone TR-2000-SERVERS {
+                    policy SERVER-SERVICES {
+                        match {
+                            source-address <*>;
+                            destination-address [ SERVER-DC1-10.16.0.3 SERVER-DC2-10.16.0.4 ];
+                            application [ junos-dns-udp junos-dhcp-relay ];
+                        }
+                        then {
+                            permit;
+                            log {
+                                session-init;
+                                session-close;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
     ALLOW-PRINTING {
         security {
             policies {
@@ -264,7 +302,7 @@
                     policy <*> {
                         match {
                             source-address <*>;
-                            destination-address [ QUASAR-VCENTER-ENV-192.168.11.0 QUASAR-VM-ENVIRONMENT-LINK ];
+                            destination-address [ QUASAR-VCENTER-ENV-192.168.11.0 QUASAR-VCENTER-ENV-LINK ];
                             application [ junos-https junos-ping junos-icmp-all junos-http ];
                         }
                         then {
@@ -843,7 +881,8 @@
             address TRUST-172.16.0.0/12 172.16.0.0/12;
             address SERVER-DC2-10.16.0.4 10.16.0.4/32;
             address QUASAR-VCENTER-ENV-192.168.11.0 192.168.11.0/24;
-            address QUASAR-VM-ENVIRONMENT-LINK 192.168.255.0/29;
+            address QUASAR-VCENTER-ENV-LINK 192.168.255.0/29;
+            address SERVER-DC1-10.16.0.3 10.16.0.3/32;
             address-set VERIZON-STATIC-FT-SILL-1 {
                 description "Fort Sill MP Static IPs for CAD Access";
                 address VERIZON-STATIC-FT-SILL-1-166.148.145.240;
@@ -1442,48 +1481,6 @@
                 }
             }
         }
-        from-zone TRUST to-zone UNTRUST {
-            apply-groups COMMON-APPLICATIONS;
-            policy ABUSE-DENY {
-                match {
-                    source-address any;
-                    destination-address ABUSE;
-                    application any;
-                }
-                then {
-                    deny;
-                    log {
-                        session-init;
-                    }
-                }
-            }
-            policy NAT-EXEMPT-ACTIVE-DIRECTORY-POLICY-OUT {
-                match {
-                    source-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
-                    destination-address NAT-EXEMPT-ACTIVE-DIRECTORY-164.58.2.192/28;
-                    application any;
-                }
-                then {
-                    permit;
-                }
-            }
-            inactive: policy TRUST-TO-UNTRUST {
-                match {
-                    source-address any;
-                    destination-address any;
-                    application any;
-                }
-                then {
-                    permit;
-                }
-            }
-            policy COMMON-APPLICATIONS {
-                match {
-                    source-address TRUST-172.16.0.0/12;
-                    destination-address any;
-                }
-            }
-        }
         inactive: from-zone TRUST to-zone DMZ {
             policy ALLOW-TRUST-TO-DMZ {
                 match {
@@ -1987,24 +1984,16 @@
             }
         }
         from-zone TR-0100-USERS to-zone TRUST {
-            apply-groups COMMON-APPLICATIONS;
-            policy ALLOW-TELNET-DELETE-ME {
+            apply-groups [ COMMON-APPLICATIONS SERVER-SERVICES ];
+            policy COMMON-APPLICATIONS {
                 match {
                     source-address TR-0100-USERS-10.1.0.0/16;
                     destination-address TRUST-172.16.0.0/12;
-                    application junos-telnet;
                 }
-                then {
-                    permit;
-                    log {
-                        session-init;
-                    }
-                }
             }
-            policy COMMON-APPLICATIONS {
+            policy SERVER-SERVICES {
                 match {
                     source-address TR-0100-USERS-10.1.0.0/16;
-                    destination-address TRUST-172.16.0.0/12;
                 }
             }
         }
@@ -2016,21 +2005,6 @@
                 }
             }
         }
-        from-zone TR-0100-USERS to-zone DMZ {
-            policy ALLOW-LIZ {
-                match {
-                    source-address any;
-                    destination-address any;
-                    application junos-https;
-                }
-                then {
-                    permit;
-                    log {
-                        session-init;
-                    }
-                }
-            }
-        }
         from-zone TR-0100-USERS to-zone QUASAR {
             policy TR-0100-USERS-TO-QUASAR {
                 apply-groups QUASAR-ACCESS;
@@ -2058,7 +2032,7 @@
         global {
             policy ALLOW-QUASAR-PING {
                 match {
-                    source-address [ QUASAR-VM-ENVIRONMENT-LINK QUASAR-VCENTER-ENV-192.168.11.0 ];
+                    source-address [ QUASAR-VCENTER-ENV-LINK QUASAR-VCENTER-ENV-192.168.11.0 ];
                     destination-address any;
                     application [ junos-icmp-all junos-ping ];
                 }
Index: configs/opt.occ.onenet.net
===================================================================
--- configs/opt.occ.onenet.net	(revision 155884)
+++ configs/opt.occ.onenet.net	(working copy)
@@ -218,12 +218,16 @@
         <interface name="FAC-2-13-1-1" abbr_name="FAC-2-13-1-1" admin_state="up" spanning_tree_metric="" description="" type="FAC" monitoring_state="monitor"></interface>
         <interface name="VFAC-2-13-2" abbr_name="VFAC-2-13-2" admin_state="up" spanning_tree_metric="" description="" type="VFAC" monitoring_state="monitor"></interface>
       </part>
-      <part name="SLOT-2-14" description="15454-OTU2-XP=" hw_version="A0" part_id="15454-OTU2-XP=" part_num="800-29414-02" serial_number="CA61524B0AV" slot="SLOT-2-14" vendor_id="Cisco" temp_channel="1531.12">
+      <part name="SLOT-2-14" description="15454-OTU2-XP=" hw_version="A0" part_id="15454-OTU2-XP=" part_num="800-29414-02" serial_number="CA61524B0AV" slot="SLOT-2-14" vendor_id="Cisco" temp_channel="1535.82">
         <part name="PPM-2-14-1" description="ONS-XC-10G-SR-MM" hw_version="C" part_id="ONS-XC-10G-SR-MM" part_num="10-2420-01" serial_number="FNS152000Y1" slot="PPM-2-14-1" vendor_id="Cisco"></part>
         <part name="PPM-2-14-3" description="ONS-XC-10G-C" hw_version="00" part_id="ONS-XC-10G-C" part_num="10-2480-01" serial_number="JFX1520200K" slot="PPM-2-14-3" vendor_id="Cisco"></part>
+        <interface name="CHAN-2-14-2-1" abbr_name="CHAN-2-14-2-1" admin_state="down" spanning_tree_metric="" description="" type="TXP" monitoring_state="no-monitor"></interface>
         <interface name="CHAN-2-14-3-1" abbr_name="CHAN-2-14-3-1" admin_state="up" spanning_tree_metric="" description="" type="TXP" monitoring_state="monitor"></interface>
+        <interface name="CHAN-2-14-4-1" abbr_name="CHAN-2-14-4-1" admin_state="down" spanning_tree_metric="" description="" type="TXP" monitoring_state="no-monitor"></interface>
         <interface name="VFAC-2-14-1-1" abbr_name="VFAC-2-14-1-1" admin_state="up" spanning_tree_metric="" description="" type="VFAC" monitoring_state="monitor"></interface>
+        <interface name="VFAC-2-14-2-1" abbr_name="VFAC-2-14-2-1" admin_state="down" spanning_tree_metric="" description="" type="VFAC" monitoring_state="no-monitor"></interface>
         <interface name="VFAC-2-14-3-1" abbr_name="VFAC-2-14-3-1" admin_state="up" spanning_tree_metric="" description="" type="VFAC" monitoring_state="monitor"></interface>
+        <interface name="VFAC-2-14-4-1" abbr_name="VFAC-2-14-4-1" admin_state="down" spanning_tree_metric="" description="" type="VFAC" monitoring_state="no-monitor"></interface>
       </part>
       <part name="SLOT-2-17" description="15454-OTU2-XP=" hw_version="A0" part_id="15454-OTU2-XP=" part_num="800-29414-02" serial_number="CA61533B029" slot="SLOT-2-17" vendor_id="Cisco" temp_channel="1533.47">
         <part name="PPM-2-17-1" description="ONS-XC-10G-SR-MM" hw_version="06" part_id="ONS-XC-10G-SR-MM" part_num="10-2420-01" serial_number="ONT1944018R" slot="PPM-2-17-1" vendor_id="Cisco"></part>
Index: configs/swi1-swink-admin.client.onenet.net
===================================================================
--- configs/swi1-swink-admin.client.onenet.net	(revision 156152)
+++ configs/swi1-swink-admin.client.onenet.net	(working copy)
@@ -194,8 +194,8 @@
 #ge-0/0/3.0 up down
 #ge-0/0/4 up down
 #ge-0/0/4.0 up down
-#ge-0/0/5 up down
-#ge-0/0/5.0 up down
+#ge-0/0/5 up up
+#ge-0/0/5.0 up up
 #ge-0/0/6 up down
 #ge-0/0/6.0 up down
 #ge-0/0/7 up up
Index: configs/dps-troop-h-clinton.nid.onenet.net
===================================================================
--- configs/dps-troop-h-clinton.nid.onenet.net	(revision 155928)
+++ configs/dps-troop-h-clinton.nid.onenet.net	(working copy)
@@ -1094,7 +1094,7 @@
 #
 #CLI:ACCESS CLB-1-1-1-4-5  Edit
 #
-home
+hd es
 network-element ne-1
   configure nte nte112pro-1-1-1
     configure access-port access-1-1-1-4

