[Nocrancid] autopop-onenet.net router config diffs

Mon Aug 28 17:04:54 CDT 2017

Index: configs/university-of-tulsa.nid.onenet.net
===================================================================

--- configs/university-of-tulsa.nid.onenet.net	(revision 156156)
+++ configs/university-of-tulsa.nid.onenet.net	(working copy)
@@ -2547,7 +2547,7 @@
 network-element ne-1
   configure xg_1s_cc xg_1s_cc-1-1-3 
       configure access-port access-1-1-3-1
-        add flow flow-1-1-3-1-1 "" regular-evc disabled disabled disabled disabled disabled push 501-0 none "135-*,2-*,3-*" 7990000000 2000000000 access-interface access-1-1-3-1 network-interface network-1-1-1-1
+        add flow flow-1-1-3-1-1 "" regular-evc disabled disabled disabled disabled disabled push 501-0 none "135-*,2-*,3-*,1110-*" 7990000000 2000000000 access-interface access-1-1-3-1 network-interface network-1-1-1-1
         back
       back
     back
Index: configs/blackwell-ps.client.onenet.net
===================================================================
--- configs/blackwell-ps.client.onenet.net	(revision 156161)
+++ configs/blackwell-ps.client.onenet.net	(working copy)
@@ -1,12 +1,12 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show system commit 
+#   2017-08-28 16:19:08 CDT by sean via cli
+#   2017-08-28 16:13:07 CDT by admin via cli
+#   2017-08-28 16:09:45 CDT by sean via cli commit confirmed, rollback in 5mins
 #   2017-08-28 14:52:57 CDT by sean via cli
 #   2017-08-05 20:57:47 CDT by root via other
 #   2017-08-02 23:11:37 CDT by root via other
-#   2016-12-06 11:32:23 CST by sean via cli commit confirmed, rollback in 3mins
-#   2016-04-30 11:42:19 CDT by andrew via cli
-#   2015-10-08 14:14:14 CDT by sky via cli
 # grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show chassis environment 
 # Class Item                           Status     Measurement
 # Temp  Routing Engine                 OK        
@@ -129,12 +129,11 @@
 # grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show system uptime 
 # System booted: 2017-08-05 20:54 CDT 
 # Protocols started: 2017-08-05 21:00 CDT 
-# Last configured: 2017-08-28 14:52 CDT  by sean
+# Last configured: 2017-08-28 16:19 CDT  by sean
 # 
 # grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show interface terse 
 #Interface Admin Link
 #ge-0/0/0 up up
-#ge-0/0/0.0 up up
 #gr-0/0/0 up up
 #ip-0/0/0 up up
 #lsq-0/0/0 up up
@@ -146,6 +145,7 @@
 #ge-0/0/1 up down
 #ge-0/0/1.0 up down
 #ge-0/0/2 up up
+#ge-0/0/2.0 up up
 #ge-0/0/3 down down
 #ge-0/0/4 down down
 #ge-0/0/5 down down
@@ -184,7 +184,7 @@
 #vlan.4 up up
 #vlan.999 up down
 # grnoc-mon at BLACKWELL-PS-SRX240-LR-004896> show configuration 
-## Last commit: 2017-08-28 14:52:57 CDT by sean
+## Last commit: 2017-08-28 16:19:08 CDT by sean
 version 12.3X48-D40.5;
 system {
     host-name BLACKWELL-PS-SRX240-LR-004896;
@@ -637,22 +637,22 @@
     }
 }
 interfaces {
-    ge-0/0/0 {
-        description "UNTRUST WAN Interface";
+    ge-0/0/1 {
         unit 0 {
+            description TEST-INTERFACE;
             family ethernet-switching {
                 vlan {
-                    members UNTRUST-VLAN;
+                    members TEST-VLAN;
                 }
             }
         }
     }
-    ge-0/0/1 {
+    ge-0/0/2 {
+        description "UNTRUST WAN Interface";
         unit 0 {
-            description TEST-INTERFACE;
             family ethernet-switching {
                 vlan {
-                    members TEST-VLAN;
+                    members UNTRUST-VLAN;
                 }
             }
         }
Index: configs/core5.okc.onenet.net
===================================================================
--- configs/core5.okc.onenet.net	(revision 156162)
+++ configs/core5.okc.onenet.net	(working copy)
@@ -1,12 +1,12 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at OKC-CORE5-MX480-RE0> show system commit 
+#   2017-08-28 16:27:06 CDT by sean via cli commit synchronize
+#   2017-08-28 16:19:24 CDT by sean via cli commit synchronize
+#   2017-08-28 16:11:52 CDT by sean via cli commit synchronize
+#   2017-08-28 16:09:45 CDT by sean via cli commit synchronize
 #   2017-08-28 11:25:38 CDT by sean via cli commit synchronize
 #   2017-08-28 11:20:00 CDT by sean via cli commit synchronize
-#   2017-08-28 11:18:46 CDT by sean via cli commit synchronize
-#   2017-08-28 11:10:11 CDT by sean via cli commit synchronize
-#   2017-08-26 10:09:14 CDT by andrew via cli commit synchronize
-#   2017-08-25 10:27:00 CDT by andrew via cli commit synchronize
 # grnoc-mon at OKC-CORE5-MX480-RE0> show chassis environment 
 # Class Item                           Status     Measurement
 # Temp  PEM 0                          OK        
@@ -562,7 +562,7 @@
 # grnoc-mon at OKC-CORE5-MX480-RE0> show system uptime 
 # System booted: 2016-10-12 08:16 CDT 
 # Protocols started: 2016-10-12 08:18 CDT 
-# Last configured: 2017-08-28 11:25 CDT  by sean
+# Last configured: 2017-08-28 16:27 CDT  by sean
 # 
 # {master}
 # grnoc-mon at OKC-CORE5-MX480-RE0> show interface terse 
@@ -1082,7 +1082,6 @@
 #xe-2/0/1.32767 up up
 #xe-2/1/0 up up
 #xe-2/1/0.121 up up
-#xe-2/1/0.310 up up
 #xe-2/1/0.500 up up
 #xe-2/1/0.501 up up
 #xe-2/1/0.543 up up
@@ -1380,7 +1379,7 @@
 #pp0 up up
 #tap up up
 # grnoc-mon at OKC-CORE5-MX480-RE0> show configuration 
-## Last commit: 2017-08-28 11:25:38 CDT by sean
+## Last commit: 2017-08-28 16:27:06 CDT by sean
 version 13.3R9.13;
 groups {
     re0 {
@@ -3032,10 +3031,13 @@
             }
         }
         unit 766 {
-            description "BLACKWELL-PS-CIR0020401 [ORDERED]";
+            description "BLACKWELL-PS-CIR0020401 ";
             vlan-id 766;
             family inet {
                 rpf-check;
+                filter {
+                    input BLACKWELL;
+                }
                 policer {
                     input 500M-POL;
                     output 500M-POL;
@@ -3043,6 +3045,7 @@
                 sampling {
                     input;
                 }
+                address 164.58.45.33/30;
             }
         }
         unit 767 {
@@ -8316,26 +8319,6 @@
                 address 164.58.3.245/30;
             }
         }
-        unit 310 {
-            description BLACKWELL-PS-150M-CIR0006271-LR;
-            bandwidth 150m;
-            vlan-id 310;
-            family inet {
-                rpf-check;
-                mtu 1500;
-                filter {
-                    input BLACKWELL;
-                }
-                policer {
-                    input 150M-POL;
-                    output 150M-POL;
-                }
-                sampling {
-                    input;
-                }
-                address 164.58.45.33/30;
-            }
-        }
         unit 500 {
             description BISHOP-PS-100M-CIR0019089;
             bandwidth 100m;
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net	(revision 156162)
+++ configs/city-of-lawton.client.onenet.net	(working copy)
@@ -1,12 +1,12 @@
 # RANCID-CONTENT-TYPE: juniper
 #
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show system commit 
+#   2017-08-28 16:59:57 CDT by joel via cli commit confirmed, rollback in 5mins
+#   2017-08-28 16:45:26 CDT by joel via cli
+#   2017-08-28 16:40:44 CDT by joel via cli commit confirmed, rollback in 5mins
+#   2017-08-28 16:33:09 CDT by joel via cli
+#   2017-08-28 16:20:02 CDT by joel via cli commit confirmed, rollback in 5mins
 #   2017-08-28 15:39:13 CDT by joel via cli
-#   2017-08-28 15:17:38 CDT by joel via cli
-#   2017-08-28 15:15:42 CDT by joel via cli
-#   2017-08-28 15:07:51 CDT by joel via cli
-#   2017-08-28 14:34:42 CDT by root via other
-#   2017-08-28 14:31:37 CDT by joel via cli commit confirmed, rollback in 2mins
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show chassis environment 
 # Class Item                           Status     Measurement
 # Temp  Routing Engine                 OK        
@@ -134,7 +134,7 @@
 # Time Source:  NTP CLOCK 
 # System booted: 2017-08-25 14:03 CDT 
 # Protocols started: 2017-08-25 14:03 CDT 
-# Last configured: 2017-08-28 15:39 CDT  by joel
+# Last configured: 2017-08-28 16:59 CDT  by joel
 # 
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show interface terse 
 #Interface Admin Link
@@ -209,18 +209,18 @@
 #vlan up down
 #vtep up up
 # grnoc-mon at CITY-OF-LAWTON-TAG-005231> show configuration 
-## Last commit: 2017-08-28 15:39:13 CDT by joel
+## Last commit: 2017-08-28 16:59:57 CDT by joel
 version 15.1X49-D90.7;
 groups {
-    COMMON-APPLICATIONS {
+    SERVICES-TO-SERVERS {
         security {
             policies {
-                from-zone <*> to-zone <*> {
-                    policy COMMON-APPLICATIONS {
+                from-zone <*> to-zone TRUST {
+                    policy SERVICES-TO-SERVERS {
                         match {
                             source-address <*>;
-                            destination-address <*>;
-                            application [ junos-icmp-all junos-http junos-https ];
+                            destination-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
+                            application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
                         }
                         then {
                             permit;
@@ -231,18 +231,34 @@
                         }
                     }
                 }
+                from-zone <*> to-zone TR-2000-SERVERS {
+                    policy SERVICES-TO-SERVERS {
+                        match {
+                            source-address <*>;
+                            destination-address [ SERVER-DC1-10.16.0.3 SERVER-DC2-10.16.0.4 ];
+                            application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
+                        }
+                        then {
+                            permit;
+                            log {
+                                session-init;
+                                session-close;
+                            }
+                        }
+                    }
+                }
             }
         }
     }
-    SERVER-SERVICES {
+    SERVICES-FROM-SERVERS {
         security {
             policies {
-                from-zone <*> to-zone TRUST {
-                    policy SERVER-SERVICES {
+                from-zone TRUST to-zone <*> {
+                    policy SERVICES-FROM-SERVERS {
                         match {
-                            source-address <*>;
-                            destination-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
-                            application [ junos-dns-udp junos-dhcp-relay ];
+                            source-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
+                            destination-address <*>;
+                            application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
                         }
                         then {
                             permit;
@@ -253,12 +269,12 @@
                         }
                     }
                 }
-                from-zone <*> to-zone TR-2000-SERVERS {
-                    policy SERVER-SERVICES {
+                from-zone TR-2000-SERVERS to-zone <*> {
+                    policy SERVICES-FROM-SERVERS {
                         match {
-                            source-address <*>;
-                            destination-address [ SERVER-DC1-10.16.0.3 SERVER-DC2-10.16.0.4 ];
-                            application [ junos-dns-udp junos-dhcp-relay ];
+                            source-address [ SERVER-DC1-10.16.0.3 SERVER-DC2-10.16.0.4 ];
+                            destination-address <*>;
+                            application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
                         }
                         then {
                             permit;
@@ -280,7 +296,7 @@
                         match {
                             source-address <*>;
                             destination-address TR-0300-PRINTERS_SCANNERS-10.3.0.0/16;
-                            application any;
+                            application PRINTERS;
                         }
                         then {
                             permit;
@@ -315,6 +331,28 @@
             }
         }
     }
+    COMMON-APPLICATIONS {
+        security {
+            policies {
+                from-zone <*> to-zone UNTRUST {
+                    policy COMMON-APPLICATIONS {
+                        match {
+                            source-address <*>;
+                            destination-address any;
+                            application [ junos-icmp-all junos-http junos-https ];
+                        }
+                        then {
+                            permit;
+                            log {
+                                session-init;
+                                session-close;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
     DENY-ALL-ELSE {
         security {
             policies {
@@ -352,6 +390,44 @@
             }
         }
     }
+    INSIDE-COMMON-APPLICATIONS {
+        security {
+            policies {
+                from-zone <*> to-zone TRUST {
+                    policy INSIDE-COMMON-APPLICATIONS {
+                        match {
+                            source-address <*>;
+                            destination-address TRUST-172.16.0.0/12;
+                            application [ junos-icmp-all junos-http junos-https ];
+                        }
+                        then {
+                            permit;
+                            log {
+                                session-init;
+                                session-close;
+                            }
+                        }
+                    }
+                }
+                from-zone <*> to-zone TR-2000-SERVERS {
+                    policy INSIDE-COMMON-APPLICATIONS {
+                        match {
+                            source-address <*>;
+                            destination-address TR-2000-SERVERS-10.16.0.0/16;
+                            application [ junos-icmp-all junos-http junos-https ];
+                        }
+                        then {
+                            permit;
+                            log {
+                                session-init;
+                                session-close;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
 }
 apply-groups LOG-TRAFFIC;
 system {
@@ -1978,19 +2054,17 @@
             policy COMMON-APPLICATIONS {
                 match {
                     source-address TR-0100-USERS-10.1.0.0/16;
-                    destination-address any;
                 }
             }
         }
         from-zone TR-0100-USERS to-zone TRUST {
-            apply-groups [ COMMON-APPLICATIONS SERVER-SERVICES ];
-            policy COMMON-APPLICATIONS {
+            apply-groups [ SERVICES-TO-SERVERS INSIDE-COMMON-APPLICATIONS ];
+            policy SERVICES-TO-SERVERS {
                 match {
                     source-address TR-0100-USERS-10.1.0.0/16;
-                    destination-address TRUST-172.16.0.0/12;
                 }
             }
-            policy SERVER-SERVICES {
+            policy INSIDE-COMMON-APPLICATIONS {
                 match {
                     source-address TR-0100-USERS-10.1.0.0/16;
                 }
@@ -2029,19 +2103,11 @@
             }
         }
         from-zone TRUST to-zone TR-0100-USERS {
-            policy SERVERS-SERVICES {
+            apply-groups SERVICES-FROM-SERVERS;
+            policy SERVICES-FROM-SERVERS {
                 match {
-                    source-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
-                    destination-address any;
-                    application junos-dhcp-relay;
+                    destination-address TR-0100-USERS-10.1.0.0/16;
                 }
-                then {
-                    permit;
-                    log {
-                        session-init;
-                        session-close;
-                    }
-                }
             }
         }
         global {
@@ -2500,6 +2566,7 @@
 }
 forwarding-options {
     dhcp-relay {
+        forward-snooped-clients configured-interfaces;
         server-group {
             DHCP-SERVERS {
                 172.16.1.3;
@@ -2638,6 +2705,12 @@
         term tcp-5060-5061 protocol tcp destination-port 5060-5061;
         term udp-5060-5061 protocol udp destination-port 5060-5061;
     }
+    application PRINTERS {
+        term tcp-9100 protocol tcp destination-port 9100;
+        term tcp-9102 protocol tcp destination-port 9102;
+        term tcp-80 protocol tcp destination-port 80;
+        term tcp-443 protocol tcp destination-port 443;
+    }
 }
 vlans {
     DMZ-0400-HVAC {
Index: configs/opt.occ.onenet.net
===================================================================
--- configs/opt.occ.onenet.net	(revision 156161)
+++ configs/opt.occ.onenet.net	(working copy)
@@ -220,7 +220,9 @@
       </part>
       <part name="SLOT-2-14" description="15454-OTU2-XP=" hw_version="A0" part_id="15454-OTU2-XP=" part_num="800-29414-02" serial_number="CA61524B0AV" slot="SLOT-2-14" vendor_id="Cisco" temp_channel="1535.82">
         <part name="PPM-2-14-1" description="ONS-XC-10G-SR-MM" hw_version="C" part_id="ONS-XC-10G-SR-MM" part_num="10-2420-01" serial_number="FNS152000Y1" slot="PPM-2-14-1" vendor_id="Cisco"></part>
+        <part name="PPM-2-14-2" description="ONS-XC-10G-S1" hw_version="B" part_id="ONS-XC-10G-S1" part_num="10-2012-03" serial_number="FNS152002C1" slot="PPM-2-14-2" vendor_id="Cisco"></part>
         <part name="PPM-2-14-3" description="ONS-XC-10G-C" hw_version="00" part_id="ONS-XC-10G-C" part_num="10-2480-01" serial_number="JFX1520200K" slot="PPM-2-14-3" vendor_id="Cisco"></part>
+        <part name="PPM-2-14-4" description="ONS-XC-10G-C" hw_version="00" part_id="ONS-XC-10G-C" part_num="10-2480-01" serial_number="JFX1521200Y" slot="PPM-2-14-4" vendor_id="Cisco"></part>
         <interface name="CHAN-2-14-2-1" abbr_name="CHAN-2-14-2-1" admin_state="down" spanning_tree_metric="" description="" type="TXP" monitoring_state="no-monitor"></interface>
         <interface name="CHAN-2-14-3-1" abbr_name="CHAN-2-14-3-1" admin_state="up" spanning_tree_metric="" description="" type="TXP" monitoring_state="monitor"></interface>
         <interface name="CHAN-2-14-4-1" abbr_name="CHAN-2-14-4-1" admin_state="down" spanning_tree_metric="" description="" type="TXP" monitoring_state="no-monitor"></interface>
Index: configs/swi1-swink-admin.client.onenet.net
===================================================================
--- configs/swi1-swink-admin.client.onenet.net	(revision 156161)
+++ configs/swi1-swink-admin.client.onenet.net	(working copy)
@@ -194,8 +194,8 @@
 #ge-0/0/3.0 up down
 #ge-0/0/4 up down
 #ge-0/0/4.0 up down
-#ge-0/0/5 up up
-#ge-0/0/5.0 up up
+#ge-0/0/5 up down
+#ge-0/0/5.0 up down
 #ge-0/0/6 up down
 #ge-0/0/6.0 up down
 #ge-0/0/7 up up
Index: configs/rpswi1.okc.onenet.net
===================================================================
--- configs/rpswi1.okc.onenet.net	(revision 156150)
+++ configs/rpswi1.okc.onenet.net	(working copy)
@@ -247,8 +247,8 @@
 #ge-0/0/18.0 up up
 #ge-0/0/19 up up
 #ge-0/0/19.0 up up
-#ge-0/0/20 up up
-#ge-0/0/20.0 up up
+#ge-0/0/20 up down
+#ge-0/0/20.0 up down
 #ge-0/0/21 up up
 #ge-0/0/21.0 up up
 #ge-0/0/22 up up

