[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Tue Jul 4 23:04:20 CDT 2017
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 154653)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -898,8 +898,8 @@
#t1-2/3/0:8:26 down down
#t1-2/3/0:8:27 up down
#t1-2/3/0:8:27.0 up down
-#t1-2/3/0:8:28 up up
-#t1-2/3/0:8:28.0 up up
+#t1-2/3/0:8:28 up down
+#t1-2/3/0:8:28.0 up down
#coc1-2/3/0:9 up up
#ct3-2/3/0:9 up up
#t1-2/3/0:9:1 up up
@@ -1764,7 +1764,7 @@
#gr-5/1/0 up up
#ip-5/1/0 up up
#lsq-5/1/0 up up
-#lsq-5/1/0.30 up up
+#lsq-5/1/0.30 up down
#lsq-5/1/0.31 up up
#lsq-5/1/0.54 up up
#lsq-5/1/0.71 up up
Index: configs/odmhsas.central-office.okc.client.onenet.net
===================================================================
--- configs/odmhsas.central-office.okc.client.onenet.net (revision 154649)
+++ configs/odmhsas.central-office.okc.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system commit
+# 2017-07-04 22:44:33 CDT by andrew via cli
+# 2017-07-04 22:43:06 CDT by andrew via cli
+# 2017-07-04 22:27:49 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2017-03-20 11:30:49 CDT by andrew via cli
# 2017-03-20 11:04:31 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2017-03-02 09:30:44 CST by andrew via cli
-# 2017-01-20 16:29:57 CST by andrew via cli
-# 2017-01-20 16:23:56 CST by andrew via cli
-# 2016-10-10 15:13:10 CDT by sean via cli
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -140,7 +140,7 @@
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show system uptime
# System booted: 2015-05-23 14:42 CDT
# Protocols started: 2015-05-23 14:43 CDT
-# Last configured: 2017-03-20 11:30 CDT by andrew
+# Last configured: 2017-07-04 22:44 CDT by andrew
#
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show interface terse
#Interface Admin Link
@@ -185,6 +185,7 @@
#ppe0 up up
#st0 up up
#st0.0 up up
+#st0.1 up up
#st0.12 up up
#st0.13 up up
#st0.14 up up
@@ -223,7 +224,7 @@
#vlan.50 up down
#vlan.90 up up
# grnoc-mon at ODMHSAS-CENTRAL-OFFICE-OKC-SRX550> show configuration
-## Last commit: 2017-03-20 11:30:49 CDT by andrew
+## Last commit: 2017-07-04 22:44:33 CDT by andrew
version 12.1X46-D20.5;
system {
host-name ODMHSAS-CENTRAL-OFFICE-OKC-SRX550;
@@ -423,6 +424,10 @@
description "HP-VPN [NO-MONITOR]";
family inet;
}
+ unit 1 {
+ description "DPS-VPN [NO-MONITOR]";
+ family inet;
+ }
unit 12 {
description "Backup-VPN-to-ODMHSAS-CAMHC-Ada [Ack to Ticket 13591:134]";
family inet {
@@ -637,6 +642,7 @@
route 0.0.0.0/0 next-hop 156.110.27.61;
route 164.58.58.128/26 discard;
route 164.58.29.64/28 next-hop 10.119.20.100;
+ route 172.22.79.244/32 next-hop st0.1;
}
autonomous-system 64576;
}
@@ -1078,6 +1084,11 @@
proposals PRE-G2-AES128-SHA;
# pre-shared-#key <removed>;
}
+ policy IKE-POLICY-OKDPS {
+ mode main;
+ proposals PRE-G2-AES128-SHA;
+# pre-shared-#key <removed>;
+ }
gateway IKE-GATE-ODMHSAS-TEST {
ike-policy IKE-ODMHSAS-TEST;
address 166.130.131.48;
@@ -1223,6 +1234,11 @@
address 166.130.29.134;
external-interface vlan.3;
}
+ gateway IKE-GATE-OKDPS {
+ ike-policy IKE-POLICY-OKDPS;
+ address 204.61.10.195;
+ external-interface vlan.3;
+ }
}
ipsec {
vpn-monitor-options {
@@ -1326,6 +1342,9 @@
policy VPN-POLICY-GRIFFIN-NORMAN {
proposals G2-ESP-AES128-SHA;
}
+ policy VPN-POLICY-OKDPS {
+ proposals G2-ESP-AES128-SHA;
+ }
inactive: vpn IPSEC-VPN-ODMHSAS-TEST {
bind-interface st0.63;
vpn-monitor {
@@ -1697,6 +1716,17 @@
}
establish-tunnels immediately;
}
+ vpn IPSEC-VPN-OKDPS {
+ bind-interface st0.1;
+ vpn-monitor {
+ optimized;
+ }
+ ike {
+ gateway IKE-GATE-OKDPS;
+ ipsec-policy VPN-POLICY-OKDPS;
+ }
+ establish-tunnels immediately;
+ }
}
address-book {
global {
@@ -2484,6 +2514,36 @@
}
}
}
+ from-zone DPS-VPN to-zone TRUST {
+ policy DPS-VPN-TO-TRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ }
+ from-zone TRUST to-zone DPS-VPN {
+ policy TRUST-TO-DPS-VPN {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ log {
+ session-close;
+ }
+ }
+ }
+ }
}
zones {
security-zone TRUST {
@@ -2566,6 +2626,17 @@
st0.0;
}
}
+ security-zone DPS-VPN {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ interfaces {
+ st0.1;
+ }
+ }
}
}
firewall {
Index: configs/oja-sw-youth-academy-manitou.client.onenet.net
===================================================================
--- configs/oja-sw-youth-academy-manitou.client.onenet.net (revision 154616)
+++ configs/oja-sw-youth-academy-manitou.client.onenet.net (working copy)
@@ -149,7 +149,7 @@
#ppd0 up up
#ppe0 up up
#st0 up up
-#st0.1 up up
+#st0.1 up down
#tap up up
#vlan up up
#vlan.3 up up
Index: configs/core.hut.gra.onenet.net
===================================================================
--- configs/core.hut.gra.onenet.net (revision 154653)
+++ configs/core.hut.gra.onenet.net (working copy)
@@ -26,6 +26,16 @@
# TFEB 0 TBB PFE Chip OK
# TFEB 0 TFEB PCIE TSen OK
# TFEB 0 TFEB PCIE Chip OK
+# TFEB 0 QX 0 TSen OK
+# TFEB 0 QX 0 Chip OK
+# TFEB 0 LU 0 TSen OK
+# TFEB 0 LU 0 Chip OK
+# TFEB 0 MQ 0 TSen OK
+# TFEB 0 MQ 0 Chip OK
+# TFEB 0 TBB PFE TSen OK
+# TFEB 0 TBB PFE Chip OK
+# TFEB 0 TFEB PCIE TSen OK
+# TFEB 0 TFEB PCIE Chip OK
# Fans Fan 1 OK
# Fan 2 OK
# Fan 3 OK
Index: configs/opt.sti.onenet.net
===================================================================
--- configs/opt.sti.onenet.net (revision 154653)
+++ configs/opt.sti.onenet.net (working copy)
@@ -17,6 +17,7 @@
<part name="SLOT-1-7" description="TCC2" hw_version="A0" part_id="TCC2" part_num="800-20761-02" serial_number="SAG07447JWW" slot="SLOT-1-7" vendor_id="Cisco"></part>
<part name="SLOT-1-8" description="OSCM" hw_version="C0" part_id="OSCM" part_num="800-22341-01" serial_number="CNH074800RP" slot="SLOT-1-8" vendor_id="Cisco">
<interface name="LINE-1-8-1" abbr_name="LINE-1-8-1" admin_state="up" spanning_tree_metric="" description="Unknown" type="OSC" monitoring_state="monitor"></interface>
+ <interface name="FAC-1-8-1" abbr_name="FAC-1-8-1" admin_state="up" spanning_tree_metric="" description="" type="FAC" monitoring_state="monitor"></interface>
</part>
<part name="SLOT-1-11" description="TCC2" hw_version="A0" part_id="TCC2" part_num="800-20761-02" serial_number="SAG07340Q2F" slot="SLOT-1-11" vendor_id="Cisco"></part>
<part name="SLOT-1-12" description="10E-L1-38.1 1538.19" hw_version="B0" part_id="10E-L1-38.1 1538.19" part_num="800-24268-02" serial_number="CAT100712QT" slot="SLOT-1-12" vendor_id="Cisco" temp_channel="1538.19">
More information about the Nocrancid
mailing list