[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sun Jan 29 23:04:09 CST 2017
Index: configs/swi.cai.sei.onenet.net
===================================================================
--- configs/swi.cai.sei.onenet.net (revision 147818)
+++ configs/swi.cai.sei.onenet.net (working copy)
@@ -1,13 +1,13 @@
# RANCID-CONTENT-TYPE: juniper
#
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show system commit
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show system commit
+# 2017-01-29 21:24:40 CST by admin via cli
+# 2017-01-29 16:23:47 CST by andrew via cli commit confirmed, rollback in 3mins
# 2016-09-13 22:44:07 CDT by andrew via cli
# 2016-03-22 00:14:45 CDT by root via other
# 2012-06-28 07:03:48 CDT by root via button
# 2012-06-28 06:49:23 CDT by root via button
-# 2012-06-28 06:48:20 CDT by root via other
-# 2011-08-30 13:40:30 CDT by root via button
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show chassis environment
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show chassis environment
# Class Item Status Measurement
# Power FPC 0 Power Supply 0 OK
# Temp FPC 0 CPU OK
@@ -20,19 +20,19 @@
# FPC 0 Fan 2 OK
#
# {master:0}
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show chassis firmware
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show chassis firmware
# Part Type Version
# FPC 0 uboot U-Boot 1.1.6 (Aug 21 2011 - 01:45:26) 1.0
# loader FreeBSD/arm U-Boot loader 1.1
#
# {master:0}
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show chassis fpc detail
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show chassis fpc detail
# Slot 0 information:
# State Online
# Total CPU DRAM 1024 MB
#
# {master:0}
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show chassis hardware
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show chassis hardware
# Hardware inventory:
# Item Version Part number Serial number Description
# Chassis GD0211402252 EX3300-24T
@@ -46,7 +46,7 @@
# Fan Tray Fan Tray
#
# {master:0}
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show chassis hardware models
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show chassis hardware models
# Hardware inventory:
# Item Version Part number Serial number FRU model number
# Routing Engine 0 REV 08 750-034299 GD0211402252 EX3300-24T
@@ -55,24 +55,24 @@
# PIC 1 REV 08 750-034299 GD0211402252 EX3300-24T
#
# {master:0}
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show chassis routing-engine
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show chassis routing-engine
# Routing Engine status:
# Slot 0:
# Current state Master
# DRAM 1024
# Serial ID GD0211402252
#
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show chassis scb
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show chassis sfm detail
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show chassis ssb
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show system boot-messages
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show chassis scb
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show chassis sfm detail
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show chassis ssb
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show system boot-messages
# fpc0:
# --------------------------------------------------------------------------
# /instrootmnt: update error: blocks 0 files 1
#
# {master:0}
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show version
-# fpc0: # -------------------------------------------------------------------------- # Hostname: SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300 # Model: ex3300-24t # JUNOS Base OS boot [12.3R9.4] # JUNOS Base OS Software Suite [12.3R9.4] # JUNOS Kernel Software Suite [12.3R9.4] # JUNOS Crypto Software Suite [12.3R9.4] # JUNOS Online Documentation [12.3R9.4] # JUNOS Enterprise Software Suite [12.3R9.4] # JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R9.4] # JUNOS Routing Software Suite [12.3R9.4] # JUNOS Web Management [12.3R9.4] # JUNOS FIPS mode utilities [12.3R9.4] # # {master:0} # grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> file list /var/tmp detail #
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show version
+# fpc0: # -------------------------------------------------------------------------- # Hostname: SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300 # Model: ex3300-24t # JUNOS Base OS boot [12.3R9.4] # JUNOS Base OS Software Suite [12.3R9.4] # JUNOS Kernel Software Suite [12.3R9.4] # JUNOS Crypto Software Suite [12.3R9.4] # JUNOS Online Documentation [12.3R9.4] # JUNOS Enterprise Software Suite [12.3R9.4] # JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R9.4] # JUNOS Routing Software Suite [12.3R9.4] # JUNOS Web Management [12.3R9.4] # JUNOS FIPS mode utilities [12.3R9.4] # # {master:0} # grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> file list /var/tmp detail #
# /var/tmp:
# total blocks: 32
# drwxrwxr-x 2 root wheel 512 Dec 31 2004 .snap/
@@ -84,19 +84,19 @@
# total files: 0
#
# {master:0}
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show system uptime
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show system uptime
# fpc0:
# --------------------------------------------------------------------------
# System booted: 2016-03-22 00:10 CDT
# Protocols started: 2016-03-22 00:15 CDT
-# Last configured: 2016-09-13 22:44 CDT by andrew
+# Last configured: 2017-01-29 21:24 CST by admin
#
# {master:0}
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show interface terse
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show interface terse
#Interface Admin Link
#ge-0/0/0 down down
#ge-0/0/1 down down
-#ge-0/0/2 up down
+#ge-0/0/2 down down
#ge-0/0/3 down down
#ge-0/0/4 down down
#ge-0/0/5 down down
@@ -130,49 +130,67 @@
#lo0.0 up up
#lo0.16384 up up
#lsi up up
-#me0 up down
+#me0 down down
#me0.0 up down
#mtun up up
#pimd up up
#pime up up
#tap up up
#vlan up up
-#vlan.70 up up
+#vlan.80 up up
#vme up down
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show configuration
-## Last commit: 2016-09-13 22:44:07 CDT by andrew
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show configuration
+## Last commit: 2017-01-29 21:24:40 CST by admin
version 12.3R9.4;
system {
- host-name SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300;
+ host-name SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300;
domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
root-authentication {
# encrypted-password <removed>;
}
name-server {
164.58.253.10;
- 164.58.253.4;
+ 164.58.198.10;
}
radius-server {
156.110.31.11 {
port 1812;
accounting-port 1813;
# secret "<removed>"; ## SECRET-DATA
- source-address 164.58.198.20;
+ source-address 10.199.208.19;
}
}
radius-options {
attributes {
- nas-ip-address 164.58.198.20;
+ nas-ip-address 10.199.208.19;
}
}
login {
- message "\n\n************************************ WARNING ****************************************\n\n* To protect the system from unauthorized use, *\n\n* activities on this system are monitored,recorded and subject to audit. *\n\n* Use of this system is expressed consent to such monitoring and recording. *\n\n* Any unauthorized access or use of this system is prohibited and *\n\n* is subject to criminal and civil penalties and/or administrative action. *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n;";
+ message "\n\n************************************ WARNING ****************************************\n\n* To protect the system from unauthorized use, *\n\n* activities on this system are monitored,recorded and subject to audit. *\n\n* Use of this system is expressed consent to such monitoring and recording. *\n\n* Any unauthorized access or use of this system is prohibited and *\n\n* is subject to criminal and civil penalties and/or administrative action. *\n\n******************** UNAUTHORIZED USE IS STRICTLY PROHIBITED ************************\n\n";
class admin {
- idle-timeout 1044;
+ idle-timeout 30;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 2000;
class super-user;
@@ -184,6 +202,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -194,31 +220,43 @@
netconf {
ssh;
}
- web-management {
- http;
- }
}
syslog {
archive size 10m files 5;
user * {
any emergency;
}
+ host 164.58.253.92 {
+ any any;
+ }
+ host 164.58.253.38 {
+ any any;
+ }
file messages {
any notice;
authorization info;
+ match "!(.*LI Packet length.*|.* grnoc-mon.*|.*Connection closed by 164.58.253.113.*|.* exited, status 255.*)";
}
file interactive-commands {
interactive-commands any;
}
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
file default-log-messages {
any any;
match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)";
structured-data;
}
- source-address 164.58.198.4;
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
+ source-address 10.199.208.19;
}
ntp {
- server 164.58.253.82 prefer;
+ server 164.58.3.98 prefer;
}
}
chassis {
@@ -228,23 +266,6 @@
}
}
}
-security {
- ipsec {
- security-association OneNet-OSPF3-AUTH {
- mode transport;
- manual {
- direction bidirectional {
- protocol ah;
- spi 256;
- authentication {
- algorithm hmac-md5-96;
-# key <removed>;
- }
- }
- }
- }
- }
-}
interfaces {
ge-0/0/0 {
disable;
@@ -252,6 +273,9 @@
ge-0/0/1 {
disable;
}
+ ge-0/0/2 {
+ disable;
+ }
ge-0/0/3 {
disable;
}
@@ -329,28 +353,36 @@
family ethernet-switching {
port-mode trunk;
vlan {
- members [ 70 500 ];
+ members [ 80 500 ];
}
}
}
}
+ ge-0/1/1 {
+ disable;
+ }
+ ge-0/1/2 {
+ disable;
+ }
+ ge-0/1/3 {
+ disable;
+ }
lo0 {
unit 0 {
family inet {
filter {
input PROTECT-RE;
}
- address 127.0.0.1/32;
- address 164.58.198.20/32;
}
}
}
+ me0 {
+ disable;
+ }
vlan {
- mtu 9192;
- unit 70 {
+ unit 80 {
family inet {
- mtu 9000;
- address 164.58.247.222/30;
+ address 10.199.208.19/31;
}
}
}
@@ -373,94 +405,53 @@
authorization read-write;
}
trap-group "<removed>" {
+ version v2;
targets {
+ 164.58.253.34;
164.58.253.35;
}
}
}
-protocols {
- ##
- ## Warning: requires 'ospf2' license
- ##
- ospf {
- export [ REDISTRIBUTE-STATICS REDISTRIBUTE-DIRECTS ];
- reference-bandwidth 100g;
- area 0.0.0.0 {
- interface vlan.70 {
- link-protection;
- metric 65535;
- authentication {
- md5 7# key <removed>;
- }
- ##
- ## Warning: requires 'bfd-liveness-detection' license
- ##
- bfd-liveness-detection {
- minimum-interval 400;
- multiplier 3;
- }
- }
- interface lo0.0 {
- passive;
- }
- }
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 10.199.208.18;
}
- inactive: ospf3 {
- reference-bandwidth 100g;
- area 0.0.0.0 {
- interface ge-0/1/0.0 {
- link-protection;
- metric 65535;
- ipsec-sa OneNet-OSPF3-AUTH;
- bfd-liveness-detection {
- minimum-interval 100;
- multiplier 3;
- }
- }
- }
- }
+}
+protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
- interface ge-0/1/0.0;
}
- lldp-med {
- interface all;
- }
}
policy-options {
- prefix-list MGMT {
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-MGMT-SOURCES {
156.110.31.0/27;
156.110.31.32/28;
- 164.58.10.0/24;
- 164.58.15.0/24;
- 164.58.244.0/22;
- 164.58.247.221/32;
164.58.253.0/24;
}
- policy-statement REDISTRIBUTE-DIRECTS {
- term 1 {
- from protocol direct;
- then accept;
- }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
}
- policy-statement REDISTRIBUTE-STATICS {
- term 1 {
- from protocol static;
- then accept;
- }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
}
}
firewall {
family inet {
filter PROTECT-RE {
- term 1 {
+ term MGMT {
from {
source-prefix-list {
- MGMT;
+ PRE-MGMT-SOURCES;
+ PRE-DNS-SOURCES;
+ PRE-NTP-SOURCES;
+ PRE-LOCALIPv4-SOURCES;
}
}
then accept;
@@ -480,39 +471,23 @@
}
}
}
-ethernet-switching-options {
- voip;
- storm-control {
- interface all {
- level 50;
- }
- }
-}
vlans {
VLAN-500 {
vlan-id 500;
}
- default;
- vlan-3914 {
- vlan-id 3914;
+ VLAN-80 {
+ vlan-id 80;
+ l3-interface vlan.80;
}
- vlan-70 {
- vlan-id 70;
- l3-interface vlan.70;
- }
}
{master:0}
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show ospf neighbor
-# Address Interface State ID Pri Dead
-# 164.58.247.221 vlan.70 Full 164.58.199.156
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show ospf neighbor
+# OSPF instance is not running
#
# {master:0}
-# grnoc-mon at SWI-SEI-MUNICIPAL-HOSPITAL-EX-3300> show bfd session
- Detect Transmit
-Address State Interface Time Interval Multiplier
-164.58.247.221 Up vlan.70 1.200 0.400 3
+# grnoc-mon at SWI1-SEILING-MUNICIPAL-HOSPITAL-EX3300> show bfd session
-1 sessions, 1 clients
-Cumulative transmit rate 2.5 pps, cumulative receive rate 2.5 pps
+0 sessions, 0 clients
+Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
{master:0}
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net (revision 150213)
+++ configs/lavern-public-schools.client.onenet.net (working copy)
@@ -102,7 +102,7 @@
#
# grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse
#Interface Admin Link
-#ge-0/0/0 down up
+#ge-0/0/0 down down
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
More information about the Nocrancid
mailing list