[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Mon Aug 28 21:05:00 CDT 2017
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net (revision 156162)
+++ configs/lavern-public-schools.client.onenet.net (working copy)
@@ -110,7 +110,7 @@
#
# grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse
#Interface Admin Link
-#ge-0/0/0 down down
+#ge-0/0/0 down up
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net (revision 156165)
+++ configs/city-of-lawton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show system commit
+# 2017-08-28 20:54:01 CDT by joel via cli
+# 2017-08-28 20:49:49 CDT by joel via cli
+# 2017-08-28 20:36:55 CDT by joel via cli commit confirmed, rollback in 5mins
# 2017-08-28 18:42:15 CDT by joel via cli
# 2017-08-28 18:40:46 CDT by joel via cli
# 2017-08-28 18:36:29 CDT by joel via cli commit confirmed, rollback in 5mins
-# 2017-08-28 18:22:39 CDT by joel via cli commit confirmed, rollback in 5mins
-# 2017-08-28 17:54:03 CDT by joel via cli
-# 2017-08-28 17:45:17 CDT by joel via cli commit confirmed, rollback in 5mins
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -134,7 +134,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-08-25 14:03 CDT
# Protocols started: 2017-08-25 14:03 CDT
-# Last configured: 2017-08-28 18:42 CDT by joel
+# Last configured: 2017-08-28 20:54 CDT by joel
#
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show interface terse
#Interface Admin Link
@@ -209,188 +209,9 @@
#vlan up down
#vtep up up
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show configuration
-## Last commit: 2017-08-28 18:42:15 CDT by joel
+## Last commit: 2017-08-28 20:54:01 CDT by joel
version 15.1X49-D90.7;
groups {
- SERVICES-TO-SERVERS {
- security {
- policies {
- from-zone <*> to-zone TRUST {
- policy SERVICES-TO-SERVERS {
- match {
- source-address <*>;
- destination-address any;
- application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
- }
- then {
- permit;
- log {
- session-init;
- session-close;
- }
- }
- }
- }
- from-zone <*> to-zone TR-2000-SERVERS {
- policy SERVICES-TO-SERVERS {
- match {
- source-address <*>;
- destination-address any;
- application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
- }
- then {
- permit;
- log {
- session-init;
- session-close;
- }
- }
- }
- }
- }
- }
- }
- SERVICES-FROM-SERVERS {
- security {
- policies {
- from-zone TRUST to-zone <*> {
- policy SERVICES-FROM-SERVERS {
- match {
- source-address any;
- destination-address <*>;
- application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
- }
- then {
- permit;
- log {
- session-init;
- session-close;
- }
- }
- }
- }
- from-zone TR-2000-SERVERS to-zone <*> {
- policy SERVICES-FROM-SERVERS {
- match {
- source-address any;
- destination-address <*>;
- application [ junos-dns-udp junos-dhcp-relay junos-dhcp-client ];
- }
- then {
- permit;
- log {
- session-init;
- session-close;
- }
- }
- }
- }
- }
- }
- }
- ALLOW-PRINTING {
- security {
- policies {
- from-zone <*> to-zone TR-0300-PRINTERS_SCANNERS {
- policy ALLOW-PRINTING {
- match {
- source-address <*>;
- destination-address TR-0300-PRINTERS_SCANNERS-10.3.0.0/16;
- application PRINTERS;
- }
- then {
- permit;
- log {
- session-init;
- session-close;
- }
- }
- }
- }
- }
- }
- }
- QUASAR-ACCESS {
- security {
- policies {
- from-zone <*> to-zone QUASAR {
- policy <*> {
- match {
- source-address <*>;
- destination-address [ QUASAR-VCENTER-ENV-192.168.11.0 QUASAR-VCENTER-ENV-LINK ];
- application [ junos-https junos-ping junos-icmp-all junos-http ];
- }
- then {
- permit;
- log {
- session-init;
- }
- }
- }
- }
- }
- }
- }
- COMMON-APPLICATIONS {
- security {
- policies {
- from-zone <*> to-zone UNTRUST {
- policy COMMON-APPLICATIONS {
- match {
- source-address <*>;
- destination-address any;
- application [ junos-icmp-all junos-http junos-https junos-dns-udp ];
- }
- then {
- permit;
- log {
- session-init;
- session-close;
- }
- }
- }
- }
- }
- }
- }
- INSIDE-COMMON-APPLICATIONS {
- security {
- policies {
- from-zone <*> to-zone TRUST {
- policy INSIDE-COMMON-APPLICATIONS {
- match {
- source-address <*>;
- destination-address TRUST-172.16.0.0/12;
- application any;
- }
- then {
- permit;
- log {
- session-init;
- session-close;
- }
- }
- }
- }
- from-zone <*> to-zone TR-2000-SERVERS {
- policy INSIDE-COMMON-APPLICATIONS {
- match {
- source-address <*>;
- destination-address TR-2000-SERVERS-10.16.0.0/16;
- application [ junos-icmp-all junos-http junos-https ];
- }
- then {
- permit;
- log {
- session-init;
- session-close;
- }
- }
- }
- }
- }
- }
- }
DENY-ALL-ELSE {
security {
policies {
@@ -429,7 +250,7 @@
}
}
}
-apply-groups LOG-TRAFFIC;
+apply-groups [ DENY-ALL-ELSE LOG-TRAFFIC ];
system {
host-name CITY-OF-LAWTON-TAG-005231;
auto-snapshot;
@@ -2025,7 +1846,7 @@
}
}
}
- inactive: from-zone TRUST to-zone TRUST {
+ from-zone TRUST to-zone TRUST {
policy TRUST-TO-TRUST {
match {
source-address any;
@@ -2041,117 +1862,116 @@
}
}
}
- from-zone TR-0100-USERS to-zone UNTRUST {
- apply-groups COMMON-APPLICATIONS;
- policy COMMON-APPLICATIONS {
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-LAWTON-DC {
match {
- source-address TR-0100-USERS-10.1.0.0/16;
+ source-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
+ destination-address NAT-EXEMPT-ACTIVE-DIRECTORY-164.58.2.192/28;
+ application any;
}
- }
- }
- from-zone TR-0100-USERS to-zone TRUST {
- apply-groups [ SERVICES-TO-SERVERS INSIDE-COMMON-APPLICATIONS ];
- policy SERVICES-TO-SERVERS {
- match {
- source-address TR-0100-USERS-10.1.0.0/16;
+ then {
+ permit;
+ log {
+ session-init;
+ session-close;
+ }
}
}
- policy INSIDE-COMMON-APPLICATIONS {
+ policy TRUST-TO-UNTRUST {
match {
- source-address TR-0100-USERS-10.1.0.0/16;
+ source-address any;
+ destination-address any;
+ application any;
}
- }
- }
- from-zone TR-0100-USERS to-zone QUASAR {
- policy TR-0100-USERS-TO-QUASAR {
- apply-groups QUASAR-ACCESS;
- match {
- source-address TR-0100-USERS-10.1.0.0/16;
+ then {
+ permit;
+ log {
+ session-init;
+ }
}
}
}
- from-zone TR-0100-USERS to-zone TR-0300-PRINTERS_SCANNERS {
- apply-groups ALLOW-PRINTING;
- policy ALLOW-PRINTING {
+ from-zone TR-0100-USERS to-zone UNTRUST {
+ policy USERS-TO-UNTRUST {
match {
- source-address TR-0100-USERS-10.1.0.0/16;
+ source-address any;
+ destination-address any;
+ application any;
}
- }
- }
- from-zone TRUST to-zone TR-0100-USERS {
- apply-groups SERVICES-FROM-SERVERS;
- policy SERVICES-FROM-SERVERS {
- match {
- destination-address TR-0100-USERS-10.1.0.0/16;
+ then {
+ permit;
}
}
}
- from-zone TRUST to-zone QUASAR {
- policy TRUST-TO-QUASAR {
- apply-groups QUASAR-ACCESS;
+ from-zone TR-0100-USERS to-zone TRUST {
+ policy USERS-TO-TRUST {
match {
- source-address TRUST-172.16.0.0/12;
+ source-address any;
+ destination-address any;
+ application any;
}
+ then {
+ permit;
+ }
}
}
- from-zone TRUST to-zone TR-0300-PRINTERS_SCANNERS {
- apply-groups ALLOW-PRINTING;
- policy ALLOW-PRINTING {
+ from-zone TR-0100-USERS to-zone QUASAR {
+ policy USERS-TO-QUASAR {
match {
- source-address TRUST-172.16.0.0/12;
+ source-address any;
+ destination-address any;
+ application any;
}
+ then {
+ permit;
+ }
}
}
- from-zone TR-2000-SERVERS to-zone QUASAR {
- policy TR-2000-SERVERS-TO-QUASAR {
- apply-groups QUASAR-ACCESS;
+ from-zone TR-0100-USERS to-zone TR-0300-PRINTERS_SCANNERS {
+ policy USERS-TO-PRINTERS_SCANNERS {
match {
- source-address TR-2000-SERVERS-10.16.0.0/16;
+ source-address any;
+ destination-address any;
+ application any;
}
+ then {
+ permit;
+ }
}
}
- from-zone TRUST to-zone UNTRUST {
- policy TRUST-TO-UNTRUST-DNS {
+ from-zone TRUST to-zone TR-0100-USERS {
+ policy TRUST-TO-USERS {
match {
- source-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
+ source-address any;
destination-address any;
- application junos-dns-udp;
+ application any;
}
then {
permit;
- log {
- session-init;
- session-close;
- }
}
}
- policy TRUST-TO-LAWTON-DC {
+ }
+ from-zone TRUST to-zone QUASAR {
+ policy TRUST-TO-QUASAR {
match {
- source-address [ SERVER-DC1-172.16.1.3 SERVER-DC2-172.16.1.4 ];
- destination-address NAT-EXEMPT-ACTIVE-DIRECTORY-164.58.2.192/28;
+ source-address any;
+ destination-address any;
application any;
}
then {
permit;
- log {
- session-init;
- session-close;
- }
}
}
}
- inactive: global {
- policy ALLOW-QUASAR-PING {
+ from-zone TRUST to-zone TR-0300-PRINTERS_SCANNERS {
+ policy TRUST-TO-PRINTERS_SCANNERS {
match {
- source-address [ QUASAR-VCENTER-ENV-LINK QUASAR-VCENTER-ENV-192.168.11.0 ];
+ source-address any;
destination-address any;
- application [ junos-icmp-all junos-ping ];
+ application any;
}
then {
permit;
- log {
- session-init;
- }
}
}
}
@@ -2601,14 +2421,11 @@
DHCP-SERVERS {
172.16.1.3;
172.16.1.4;
- 10.16.0.3;
- 10.16.0.4;
}
}
active-server-group DHCP-SERVERS;
group CLIENTS {
interface ge-0/0/7.0;
- interface ae0.0;
interface irb.5;
interface irb.100;
interface irb.200;
Index: configs/rpswi1.okc.onenet.net
===================================================================
--- configs/rpswi1.okc.onenet.net (revision 156166)
+++ configs/rpswi1.okc.onenet.net (working copy)
@@ -295,8 +295,8 @@
#ge-0/0/42.0 up down
#ge-0/0/43 up up
#ge-0/0/43.0 up up
-#ge-0/0/44 up up
-#ge-0/0/44.0 up up
+#ge-0/0/44 up down
+#ge-0/0/44.0 up down
#ge-0/0/45 up down
#ge-0/0/45.0 up down
#ge-0/0/46 up down
More information about the Nocrancid
mailing list