[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Mon Aug 28 18:04:54 CDT 2017
Index: configs/allen-public-library.client.onenet.net
===================================================================
--- configs/allen-public-library.client.onenet.net (revision 156162)
+++ configs/allen-public-library.client.onenet.net (working copy)
@@ -150,8 +150,8 @@
#ge-0/0/1.0 up down
#ge-0/0/2 up up
#ge-0/0/2.0 up up
-#ge-0/0/3 up up
-#ge-0/0/3.0 up up
+#ge-0/0/3 up down
+#ge-0/0/3.0 up down
#ge-0/0/4 up up
#ge-0/0/4.0 up up
#ge-0/0/5 up up
Index: configs/core4.okc.onenet.net
===================================================================
--- configs/core4.okc.onenet.net (revision 156134)
+++ configs/core4.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE4-MX480-RE0> show system commit
+# 2017-08-28 17:04:08 CDT by andrew via cli commit synchronize
# 2017-08-26 14:23:40 CDT by andrew via cli commit synchronize
# 2017-08-26 14:02:28 CDT by andrew via cli commit synchronize
# 2017-08-26 12:36:53 CDT by andrew via cli commit synchronize
# 2017-08-25 15:11:19 CDT by sky via cli commit synchronize
# 2017-08-24 13:53:09 CDT by andrew via cli commit synchronize
-# 2017-08-24 13:42:26 CDT by andrew via cli commit synchronize
# grnoc-mon at OKC-CORE4-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -549,7 +549,7 @@
# grnoc-mon at OKC-CORE4-MX480-RE0> show system uptime
# System booted: 2016-10-12 18:12 CDT
# Protocols started: 2016-10-12 18:14 CDT
-# Last configured: 2017-08-26 14:23 CDT by andrew
+# Last configured: 2017-08-28 17:04 CDT by andrew
#
# {master}
# grnoc-mon at OKC-CORE4-MX480-RE0> show interface terse
@@ -1485,7 +1485,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE4-MX480-RE0> show configuration
-## Last commit: 2017-08-26 14:23:40 CDT by andrew
+## Last commit: 2017-08-28 17:04:08 CDT by andrew
version 13.3R9.13;
groups {
re0 {
@@ -7966,6 +7966,12 @@
family mpls;
}
}
+ xe-3/1/1 {
+ description "ATT NNI # 7 - [ORDERED]";
+ }
+ xe-3/1/2 {
+ description "TRIBE AT BANK [ORDERED]";
+ }
xe-3/3/2 {
description "PIONEER-NNI-OKC [ORDERED]";
flexible-vlan-tagging;
Index: configs/odmhsas-camhc-ada.client.onenet.net
===================================================================
--- configs/odmhsas-camhc-ada.client.onenet.net (revision 155807)
+++ configs/odmhsas-camhc-ada.client.onenet.net (working copy)
@@ -947,4 +947,5 @@
1 sessions, 1 clients
Cumulative transmit rate 0.5 pps, cumulative receive rate 0.5 pps
+quit
Index: configs/odot-stillwater-residence.client.onenet.net
===================================================================
--- configs/odot-stillwater-residence.client.onenet.net (revision 156159)
+++ configs/odot-stillwater-residence.client.onenet.net (working copy)
@@ -136,8 +136,8 @@
#ge-0/0/2.0 up down
#ge-0/0/3 up up
#ge-0/0/3.0 up up
-#ge-0/0/4 up down
-#ge-0/0/4.0 up down
+#ge-0/0/4 up up
+#ge-0/0/4.0 up up
#ge-0/0/5 up down
#ge-0/0/5.0 up down
#ge-0/0/6 up up
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net (revision 156163)
+++ configs/city-of-lawton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show system commit
+# 2017-08-28 17:54:03 CDT by joel via cli
+# 2017-08-28 17:45:17 CDT by joel via cli commit confirmed, rollback in 5mins
+# 2017-08-28 17:35:38 CDT by joel via cli
+# 2017-08-28 17:10:10 CDT by joel via cli
+# 2017-08-28 17:03:24 CDT by joel via cli
# 2017-08-28 16:59:57 CDT by joel via cli commit confirmed, rollback in 5mins
-# 2017-08-28 16:45:26 CDT by joel via cli
-# 2017-08-28 16:40:44 CDT by joel via cli commit confirmed, rollback in 5mins
-# 2017-08-28 16:33:09 CDT by joel via cli
-# 2017-08-28 16:20:02 CDT by joel via cli commit confirmed, rollback in 5mins
-# 2017-08-28 15:39:13 CDT by joel via cli
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -134,7 +134,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-08-25 14:03 CDT
# Protocols started: 2017-08-25 14:03 CDT
-# Last configured: 2017-08-28 16:59 CDT by joel
+# Last configured: 2017-08-28 17:54 CDT by joel
#
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show interface terse
#Interface Admin Link
@@ -209,7 +209,7 @@
#vlan up down
#vtep up up
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show configuration
-## Last commit: 2017-08-28 16:59:57 CDT by joel
+## Last commit: 2017-08-28 17:54:03 CDT by joel
version 15.1X49-D90.7;
groups {
SERVICES-TO-SERVERS {
@@ -219,7 +219,7 @@
policy SERVICES-TO-SERVERS {
match {
source-address <*>;
- destination-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
+ destination-address any;
application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
}
then {
@@ -235,7 +235,7 @@
policy SERVICES-TO-SERVERS {
match {
source-address <*>;
- destination-address [ SERVER-DC1-10.16.0.3 SERVER-DC2-10.16.0.4 ];
+ destination-address any;
application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
}
then {
@@ -256,7 +256,7 @@
from-zone TRUST to-zone <*> {
policy SERVICES-FROM-SERVERS {
match {
- source-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
+ source-address any;
destination-address <*>;
application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
}
@@ -272,7 +272,7 @@
from-zone TR-2000-SERVERS to-zone <*> {
policy SERVICES-FROM-SERVERS {
match {
- source-address [ SERVER-DC1-10.16.0.3 SERVER-DC2-10.16.0.4 ];
+ source-address any;
destination-address <*>;
application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
}
@@ -339,7 +339,7 @@
match {
source-address <*>;
destination-address any;
- application [ junos-icmp-all junos-http junos-https ];
+ application [ junos-icmp-all junos-http junos-https junos-dns-udp ];
}
then {
permit;
@@ -353,33 +353,34 @@
}
}
}
- DENY-ALL-ELSE {
+ INSIDE-COMMON-APPLICATIONS {
security {
policies {
- from-zone <*> to-zone <*> {
- policy DENY-ALL-ELSE {
+ from-zone <*> to-zone TRUST {
+ policy INSIDE-COMMON-APPLICATIONS {
match {
- source-address any;
- destination-address any;
+ source-address <*>;
+ destination-address TRUST-172.16.0.0/12;
application any;
}
then {
- deny;
+ permit;
log {
session-init;
+ session-close;
}
}
}
}
- }
- }
- }
- LOG-TRAFFIC {
- security {
- policies {
- from-zone <*> to-zone <*> {
- policy <*> {
+ from-zone <*> to-zone TR-2000-SERVERS {
+ policy INSIDE-COMMON-APPLICATIONS {
+ match {
+ source-address <*>;
+ destination-address TR-2000-SERVERS-10.16.0.0/16;
+ application [ junos-icmp-all junos-http junos-https ];
+ }
then {
+ permit;
log {
session-init;
session-close;
@@ -390,34 +391,33 @@
}
}
}
- INSIDE-COMMON-APPLICATIONS {
+ DENY-ALL-ELSE {
security {
policies {
- from-zone <*> to-zone TRUST {
- policy INSIDE-COMMON-APPLICATIONS {
+ from-zone <*> to-zone <*> {
+ policy DENY-ALL-ELSE {
match {
- source-address <*>;
- destination-address TRUST-172.16.0.0/12;
- application [ junos-icmp-all junos-http junos-https ];
+ source-address any;
+ destination-address any;
+ application any;
}
then {
- permit;
+ deny;
log {
session-init;
- session-close;
}
}
}
}
- from-zone <*> to-zone TR-2000-SERVERS {
- policy INSIDE-COMMON-APPLICATIONS {
- match {
- source-address <*>;
- destination-address TR-2000-SERVERS-10.16.0.0/16;
- application [ junos-icmp-all junos-http junos-https ];
- }
+ }
+ }
+ }
+ LOG-TRAFFIC {
+ security {
+ policies {
+ from-zone <*> to-zone <*> {
+ policy <*> {
then {
- permit;
log {
session-init;
session-close;
@@ -2041,14 +2041,6 @@
}
}
}
- from-zone TR-0100-USERS to-zone TR-0300-PRINTERS_SCANNERS {
- apply-groups ALLOW-PRINTING;
- policy ALLOW-PRINTING {
- match {
- source-address TR-0100-USERS-10.1.0.0/16;
- }
- }
- }
from-zone TR-0100-USERS to-zone UNTRUST {
apply-groups COMMON-APPLICATIONS;
policy COMMON-APPLICATIONS {
@@ -2070,19 +2062,27 @@
}
}
}
- from-zone TRUST to-zone TR-0300-PRINTERS_SCANNERS {
+ from-zone TR-0100-USERS to-zone QUASAR {
+ policy TR-0100-USERS-TO-QUASAR {
+ apply-groups QUASAR-ACCESS;
+ match {
+ source-address TR-0100-USERS-10.1.0.0/16;
+ }
+ }
+ }
+ from-zone TR-0100-USERS to-zone TR-0300-PRINTERS_SCANNERS {
apply-groups ALLOW-PRINTING;
policy ALLOW-PRINTING {
match {
- source-address TRUST-172.16.0.0/12;
+ source-address TR-0100-USERS-10.1.0.0/16;
}
}
}
- from-zone TR-0100-USERS to-zone QUASAR {
- policy TR-0100-USERS-TO-QUASAR {
- apply-groups QUASAR-ACCESS;
+ from-zone TRUST to-zone TR-0100-USERS {
+ apply-groups SERVICES-FROM-SERVERS;
+ policy SERVICES-FROM-SERVERS {
match {
- source-address TR-0100-USERS-10.1.0.0/16;
+ destination-address TR-0100-USERS-10.1.0.0/16;
}
}
}
@@ -2094,6 +2094,14 @@
}
}
}
+ from-zone TRUST to-zone TR-0300-PRINTERS_SCANNERS {
+ apply-groups ALLOW-PRINTING;
+ policy ALLOW-PRINTING {
+ match {
+ source-address TRUST-172.16.0.0/12;
+ }
+ }
+ }
from-zone TR-2000-SERVERS to-zone QUASAR {
policy TR-2000-SERVERS-TO-QUASAR {
apply-groups QUASAR-ACCESS;
@@ -2102,15 +2110,7 @@
}
}
}
- from-zone TRUST to-zone TR-0100-USERS {
- apply-groups SERVICES-FROM-SERVERS;
- policy SERVICES-FROM-SERVERS {
- match {
- destination-address TR-0100-USERS-10.1.0.0/16;
- }
- }
- }
- global {
+ inactive: global {
policy ALLOW-QUASAR-PING {
match {
source-address [ QUASAR-VCENTER-ENV-LINK QUASAR-VCENTER-ENV-192.168.11.0 ];
@@ -2463,9 +2463,9 @@
}
}
unit 5 {
- description "L3 INTERFACE - TRUST-LAN - 172.16.1.2/12";
+ description "L3 INTERFACE - TRUST-LAN - 172.16.1.1/12";
family inet {
- address 172.16.1.2/12;
+ address 172.16.1.1/12;
}
}
unit 100 {
More information about the Nocrancid
mailing list