[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Tue Jul 11 12:04:38 CDT 2017
Index: configs/core.goo.onenet.net
===================================================================
--- configs/core.goo.onenet.net (revision 154827)
+++ configs/core.goo.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at GOODWELL-MX104-RE0> show system commit
+# 2017-07-11 11:46:38 CDT by aberrios via cli commit synchronize
# 2017-07-11 09:28:53 CDT by aberrios via cli commit synchronize
# 2017-07-08 22:17:55 CDT by andrew via cli commit synchronize
# 2017-07-06 11:57:14 CDT by aberrios via cli commit synchronize
# 2017-07-03 11:16:33 CDT by sky via cli commit synchronize
# 2017-06-29 11:46:59 CDT by sky via cli commit synchronize
-# 2017-06-29 11:33:38 CDT by sky via cli commit synchronize
# grnoc-mon at GOODWELL-MX104-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -309,7 +309,7 @@
# grnoc-mon at GOODWELL-MX104-RE0> show system uptime
# System booted: 2016-03-16 01:01 CDT
# Protocols started: 2016-03-30 17:20 CDT
-# Last configured: 2017-07-11 09:28 CDT by aberrios
+# Last configured: 2017-07-11 11:46 CDT by aberrios
#
# {master}
# grnoc-mon at GOODWELL-MX104-RE0> show interface terse
@@ -324,7 +324,6 @@
#ge-0/0/1 up up
#ge-0/0/1.0 up up
#ge-0/0/2 up up
-#ge-0/0/2.351 up up
#ge-0/0/2.378 up up
#ge-0/0/2.379 up up
#ge-0/0/2.380 up up
@@ -424,7 +423,7 @@
#pp0 up up
#tap up up
# grnoc-mon at GOODWELL-MX104-RE0> show configuration
-## Last commit: 2017-07-11 09:28:53 CDT by aberrios
+## Last commit: 2017-07-11 11:46:38 CDT by aberrios
version 13.3R8.7;
groups {
re0 {
@@ -675,10 +674,6 @@
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
- unit 351 {
- description "KEYES-PS-20M-CIR0005337 [DECOM]";
- vlan-id 351;
- }
unit 378 {
description OETA-BOISE-CITY-TOWER-SITE-201-50M-CIR0019159;
encapsulation vlan-ccc;
Index: configs/wellston-hs.client.onenet.net
===================================================================
--- configs/wellston-hs.client.onenet.net (revision 154827)
+++ configs/wellston-hs.client.onenet.net (working copy)
@@ -124,8 +124,8 @@
# total files: 1
#
# grnoc-mon at WELLSTON-HIGH-LR-004899> show system uptime
-# System booted: 2017-07-11 09:15 CDT
-# Protocols started: 2017-07-11 09:18 CDT
+# System booted: 2017-07-11 11:05 CDT
+# Protocols started: 2017-07-11 11:07 CDT
# Last configured: 2017-02-23 17:10 CST by admin
#
# grnoc-mon at WELLSTON-HIGH-LR-004899> show interface terse
Index: configs/core8.tul.onenet.net
===================================================================
--- configs/core8.tul.onenet.net (revision 154829)
+++ configs/core8.tul.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE8-MX480-RE0> show system commit
+# 2017-07-11 11:46:09 CDT by andrew via cli commit synchronize
+# 2017-07-11 11:41:47 CDT by andrew via cli commit synchronize
# 2017-07-11 10:46:15 CDT by andrew via cli commit synchronize
# 2017-07-11 10:35:43 CDT by andrew via cli commit synchronize
# 2017-07-11 10:17:40 CDT by andrew via cli commit synchronize
# 2017-07-10 21:14:20 CDT by andrew via cli commit synchronize
-# 2017-07-10 21:13:13 CDT by andrew via cli commit synchronize
-# 2017-07-10 21:02:48 CDT by andrew via cli commit synchronize
# grnoc-mon at TULSA-CORE8-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -424,7 +424,7 @@
# grnoc-mon at TULSA-CORE8-MX480-RE0> show system uptime
# System booted: 2016-03-20 01:06 CDT
# Protocols started: 2016-03-20 01:08 CDT
-# Last configured: 2017-07-11 10:46 CDT by andrew
+# Last configured: 2017-07-11 11:46 CDT by andrew
#
# {master}
# grnoc-mon at TULSA-CORE8-MX480-RE0> show interface terse
@@ -526,7 +526,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE8-MX480-RE0> show configuration
-## Last commit: 2017-07-11 10:46:15 CDT by andrew
+## Last commit: 2017-07-11 11:46:09 CDT by andrew
version 13.3R8.7;
groups {
re0 {
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 154824)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -795,8 +795,8 @@
#t1-2/3/0:6:23 down down
#t1-2/3/0:6:24 up up
#t1-2/3/0:6:24.0 up up
-#t1-2/3/0:6:25 up up
-#t1-2/3/0:6:25.0 up up
+#t1-2/3/0:6:25 up down
+#t1-2/3/0:6:25.0 up down
#t1-2/3/0:6:26 down down
#t1-2/3/0:6:27 down down
#t1-2/3/0:6:28 up up
Index: configs/core6.okc.onenet.net
===================================================================
--- configs/core6.okc.onenet.net (revision 154813)
+++ configs/core6.okc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-ROUTE-REFLECTOR> show system commit
+# 2017-07-11 11:45:59 CDT by andrew via cli
+# 2017-07-11 11:21:35 CDT by andrew via cli
# 2017-07-10 21:13:42 CDT by andrew via cli
# 2017-07-10 21:08:32 CDT by andrew via cli
# 2017-07-10 21:07:42 CDT by andrew via cli
# 2017-07-10 21:02:50 CDT by andrew via cli
-# 2017-07-10 20:58:50 CDT by andrew via cli
-# 2017-07-10 20:57:31 CDT by andrew via cli commit confirmed, rollback in 3mins
# grnoc-mon at OKC-ROUTE-REFLECTOR> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -383,7 +383,7 @@
# Time Source: NTP CLOCK
# System booted: 2016-10-12 08:17 CDT
# Protocols started: 2016-10-12 08:18 CDT
-# Last configured: 2017-07-10 21:13 CDT by andrew
+# Last configured: 2017-07-11 11:45 CDT by andrew
#
# grnoc-mon at OKC-ROUTE-REFLECTOR> show interface terse
#Interface Admin Link
@@ -447,7 +447,7 @@
#tap up up
#vtep up up
# grnoc-mon at OKC-ROUTE-REFLECTOR> show configuration
-## Last commit: 2017-07-10 21:13:42 CDT by andrew
+## Last commit: 2017-07-11 11:45:59 CDT by andrew
version 15.1F6.9;
groups {
ISIS-L2-INTERFACE {
Index: configs/hub.bar.onenet.net
===================================================================
--- configs/hub.bar.onenet.net (revision 154762)
+++ configs/hub.bar.onenet.net (working copy)
@@ -422,8 +422,8 @@
#t1-2/0/2:2.16 up up
#t1-2/0/2:2.17 up up
#t1-2/0/2:3 down down
-#t1-2/0/2:4 up up
-#t1-2/0/2:4.0 up up
+#t1-2/0/2:4 up down
+#t1-2/0/2:4.0 up down
#t1-2/0/2:5 down down
#t1-2/0/2:6 up up
#t1-2/0/2:6.0 up up
Index: configs/odmhsas-camhc-idabel.client.onenet.net
===================================================================
--- configs/odmhsas-camhc-idabel.client.onenet.net (revision 154829)
+++ configs/odmhsas-camhc-idabel.client.onenet.net (working copy)
@@ -158,7 +158,7 @@
#ppe0 up up
#st0 up up
#st0.1 up up
-#st0.2 up down
+#st0.2 up up
#tap up up
#vlan up up
#vlan.4 up up
Index: configs/lukfata-ps.client.onenet.net
===================================================================
--- configs/lukfata-ps.client.onenet.net (revision 154500)
+++ configs/lukfata-ps.client.onenet.net (working copy)
@@ -1,115 +1,137 @@
# RANCID-CONTENT-TYPE: juniper
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show system commit
-# 2017-04-22 16:13:38 CDT by admin via cli
-# 2016-12-03 13:17:56 CST by andrew via cli
-# 2016-05-04 08:19:25 CDT by sean via cli
-# 2016-05-03 15:51:06 CDT by sky via cli
-# 2016-05-03 15:32:48 CDT by sean via cli
-# 2016-05-03 11:52:52 CDT by sean via cli
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show chassis environment
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show system commit
+# 2017-07-11 11:53:32 CDT by admin via cli
+# 2017-07-10 16:26:44 CDT by root via cli
+# 2017-05-19 19:55:21 CDT by root via other
+# rescue 2017-07-10 16:28:48 CDT by root via cli
+#
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
-# Routing Engine CPU Absent
-# Fans SRX220 Chassis fan 0 OK
-# SRX220 Chassis fan 1 OK
+# Routing Engine CPU OK
+# Fans SRX340 Chassis fan 0 OK
+# SRX340 Chassis fan 1 OK
+# SRX340 Chassis fan 2 OK
+# SRX340 Chassis fan 3 OK
# Power Power Supply 0 OK
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show chassis firmware
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X44-D15.5 by builder on 2013-06
-# FWDD O/S Version 12.1X44-D15.5 by builder on 2013-06
+# FPC 0 O/S Version 15.1X49-D45 by builder on 2016-04-25 07:17:11 UTC
+# FWDD O/S Version 15.1X49-D45 by builder on 2016-04-25 07:17:11 UTC
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show chassis fpc detail
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis fpc detail
# Slot 0 information:
# State Online
# Total CPU DRAM ---- CPU less FPC ----
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show chassis hardware
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis hardware
# Hardware inventory:
# Item Version Part number Serial number Description
-# Chassis CF3813AK0697 SRX220H2
-# Routing Engine REV 04 750-048778 ACKL0411 RE-SRX220H2
+# Chassis CY2017AF0101 SRX340
+# Routing Engine REV 0x08 650-065043 CY2017AF0101 RE-SRX340
# FPC 0 FPC
-# PIC 0 8x GE Base PIC
+# PIC 0 8xGE,8xGE SFP Base PIC
# Power Supply 0
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show chassis hardware models
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show chassis routing-engine
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis hardware models
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis routing-engine
# Routing Engine status:
-# Serial ID ACKL0411
+# Serial ID CY2017AF0101
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show chassis scb
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show chassis sfm detail
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show chassis ssb
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show system boot-messages
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis scb
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis sfm detail
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis ssb
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2013, Juniper Networks, Inc.
+# Running in PARTITIONED TLB MODE
+# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
-# Copyright (c) 1992-2006 The FreeBSD Project.
+# Copyright (c) 1992-2007 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
-# FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
-# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# FreeBSD is a registered trademark of The FreeBSD Foundation.
+# can't re-use a leaf (debug)!
+# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
-# netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
+# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
+# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
-# : CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented
-# L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.
-# L2 Cache: Size 128kb, 8 way
+# : CAVIUM's OCTEON 70XX/71XX CPU Rev. 0.2 with no FPU implemented
+# L1 Cache: I size 78kb(128 line), D size 32kb(128 line), thirty two way.
+# L2 Cache: Size 512kb, 4 way
# obio0 on motherboard
# uart0: <Octeon-16550 channel 0> on obio0
# uart0: console (9600,n,8,1)
# twsi0 on obio0
-# dwc0: <Synopsis DWC OTG Controller Driver> on obio0
-# usb0: <USB Bus for DWC OTG Controller> on dwc0
-# usb0: USB revision 2.0
-# uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1
-# uhub0: 1 port with 1 removable, self powered
-# uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2
-# uhub1: single transaction translator
-# uhub1: 3 ports with 2 removable, self powered
+# set clock 0x58
+# xhci0: <Cavium Octeon 7xxx xHCI Host Driver> on obio0
+# usb0: <USB bus for xHCI Controller> on xhci0
+# usb0: USB revision 3.0
+# uhub0: vendor 0x0000 XHCI root hub, class 9/0, rev 3.00/1.00, addr 1
+# uhub0: 2 ports with 2 removable, self powered
+# xhci1: <Cavium Octeon 7xxx xHCI Host Driver> on obio0
+# usb1: <USB bus for xHCI Controller> on xhci1
+# usb1: USB revision 3.0
+# uhub1: vendor 0x0000 XHCI root hub, class 9/0, rev 3.00/1.00, addr 1
+# uhub1: 2 ports with 2 removable, self powered
# cpld0 on obio0
-# pcib0: <Cavium on-chip PCI bridge> on obio0
+# pcib0: <Cavium on-chip PCIe HOST bridge> on obio0
# Disabling Octeon big bar support
-# PCI Status: PCI 32-bit: 0xc041b
# pcib0: Initialized controller
# pci0: <PCI bus> on pcib0
-# pci0: <simple comms> at device 1.0 (no driver attached)
-# atapci0: <SiI 0680 UDMA133 controller> port 0x8-0xb,0x10-0x17,0x18-0x1b,0x20-0x2f mem 0x8020000-0x80200ff irq 0 at device 2.0 on pci0
-# ata2: <ATA channel 0> on atapci0
-# ata3: <ATA channel 1> on atapci0
+# pci0: <network, ethernet> at device 0.0 (no driver attached)
+# pci0: <network, ethernet> at device 0.1 (no driver attached)
# gblmem0 on obio0
# octpkt0: <Octeon RGMII> on obio0
-# cfi0: <AMD/Fujitsu - 8MB> on obio0
-# Timecounter "mips" frequency 700000000 Hz quality 0
+# cfi0: <Macronix MX25L64 - 8MB> on obio0
+# cfi1: <Macronix MX25L64 - 8MB> on obio0
+# octagl0: <Octeon AGL> on obio0
+# umass0: ATP Electronics ATP CG eUSB, rev 2.00/11.00, addr 2
+# miibus0: <MII bus> on octagl0
+# brgphy0: <BCM54616S 10/100/1000baseTX PHY> on miibus0
+# brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
+# Timecounter "mips" frequency 1200000000 Hz quality 0
+# Registered AMT tunnel Encap with UDP Tunnel!
+# Loading Redundant LT driver
# ###PCB Group initialized for udppcbgroup
# ###PCB Group initialized for tcppcbgroup
-# ad0: Device does not support APM
-# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# da0 at umass-sim0 bus 0 target 0 lun 0
+# da0: <ATP ATP CG eUSB 1100> Fixed Direct Access SCSI-4 device
+# da0: 40.000MB/s transfers
+# da0: 7672MB (15712256 512 byte sectors: 255H 63S/T 978C)
+# Trying to mount root from ufs:/dev/da0s1a
# WARNING: / was not properly dismounted
+# WARNING: / was not properly dismounted
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show version
-# Hostname: LUKFATA-PS-SRX220-LR-004353
-# Model: srx220h2
-# JUNOS Software Release [12.1X44-D15.5]
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show version
+# Hostname: LUKFATA-PS-SRX340-LR-005435
+# Model: srx340
+# Junos: 15.1X49-D45
+# JUNOS Software Release [15.1X49-D45]
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show version invoke-on all-routing-engines
-# Hostname: LUKFATA-PS-SRX220-LR-004353
-# Model: srx220h2
-# JUNOS Software Release [12.1X44-D15.5]
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show version invoke-on all-routing-engines
+# Hostname: LUKFATA-PS-SRX340-LR-005435
+# Model: srx340
+# Junos: 15.1X49-D45
+# JUNOS Software Release [15.1X49-D45]
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Jun 6 2013 /var/tmp@ -> /cf/var/tmp
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> file list /var/tmp detail
+# lrw-r--r-- 1 root wheel 11 Apr 25 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show system uptime
-# System booted: 2017-03-07 04:23 CST
-# Protocols started: 2017-03-07 04:25 CST
-# Last configured: 2017-04-22 16:13 CDT by admin
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show system uptime
+# Time Source: NTP CLOCK
+# System booted: 2017-07-11 11:30 CDT
+# Protocols started: 2017-07-11 11:30 CDT
+# Last configured: 2017-07-11 11:53 CDT by admin
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show interface terse
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show interface terse
#Interface Admin Link
#ge-0/0/0 up up
#ge-0/0/0.0 up up
@@ -130,11 +152,21 @@
#ge-0/0/6 down down
#ge-0/0/7 up up
#ge-0/0/7.0 up up
+#ge-0/0/8 down down
+#ge-0/0/9 down down
+#ge-0/0/10 down down
+#ge-0/0/11 down down
+#ge-0/0/12 down down
+#ge-0/0/13 down down
+#ge-0/0/14 down down
+#ge-0/0/15 down down
+#fxp0 down down
#fxp2 up up
#fxp2.0 up up
#gre up up
#ipip up up
#irb up up
+#irb.999 up down
#lo0 up up
#lo0.0 up up
#lo0.16384 up up
@@ -149,15 +181,14 @@
#ppe0 up up
#st0 up up
#tap up up
-#vlan up up
-#vlan.3 up up
-#vlan.4 up up
-#vlan.999 up down
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show configuration
-## Last commit: 2017-04-22 16:13:38 CDT by admin
-version 12.1X44.5;
+#vlan up down
+#vtep up up
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show configuration
+## Last commit: 2017-07-11 11:53:32 CDT by admin
+version 15.1X49-D45;
system {
- host-name LUKFATA-PS-SRX220-LR-004353;
+ host-name LUKFATA-PS-SRX340-LR-005435;
+ auto-snapshot;
domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
@@ -188,6 +219,12 @@
idle-timeout 30;
permissions all;
}
+ class customer-admin {
+ idle-timeout 30;
+ permissions all;
+ deny-commands "load|shell";
+ deny-configuration "(system login)|(system root-authentication)";
+ }
class lockdown {
idle-timeout 2;
permissions view;
@@ -212,7 +249,7 @@
}
user client {
uid 2000;
- class admin;
+ class customer-admin;
authentication {
# encrypted-password <removed>;
}
@@ -242,34 +279,13 @@
root-login deny;
protocol-version v2;
}
- web-management {
- https {
- system-generated-certificate;
+ dhcp-local-server {
+ group TEST-DHCP {
+ interface irb.999;
}
- }
- dhcp {
- pool 10.7.0.0/24 {
- address-range low 10.7.0.11 high 10.7.0.254;
- domain-name onenet.net;
- name-server {
- 164.58.200.200;
- 156.110.200.200;
- }
- router {
- 10.7.0.1;
- }
+ group TRUST-DHCP {
+ interface ge-0/0/7.0;
}
- pool 10.1.0.0/24 {
- address-range low 10.1.0.2 high 10.1.0.254;
- domain-name test.local;
- name-server {
- 164.58.200.200;
- 156.110.200.200;
- }
- router {
- 10.1.0.1;
- }
- }
}
}
syslog {
@@ -303,175 +319,10 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "UNTRUST WAN Interface";
- speed 100m;
- link-mode full-duplex;
- gigether-options {
- no-auto-negotiation;
- }
- unit 0 {
- family ethernet-switching {
- vlan {
- members UNTRUST-VLAN;
- }
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- description TEST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- description "TRUST LAN Interface";
- unit 0 {
- family ethernet-switching {
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description "L3 INTERFACE - UNTRUST-VLAN - 156.110.24.194/30";
- family inet {
- address 156.110.24.194/30;
- }
- }
- unit 4 {
- description "L3 INTERFACE - TRUST-VLAN - 172.16.1.3/16";
- family inet {
- address 172.16.1.3/16;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
+chassis {
+ config-button no-rescue no-clear;
}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 156.110.24.193;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
- ike {
- policy ike-dyn-vpn-policy {
- mode aggressive;
- proposal-set standard;
-# pre-shared-#key <removed>;
- }
- gateway dyn-vpn-local-gw {
- ike-policy ike-dyn-vpn-policy;
- dynamic {
- hostname dynvpn;
- connections-limit 2;
- ike-user-type group-ike-id;
- }
- external-interface vlan.3;
- xauth access-profile dyn-vpn-access-profile;
- }
- }
- ipsec {
- policy ipsec-dyn-vpn-policy {
- proposal-set standard;
- }
- vpn dyn-vpn {
- ike {
- gateway dyn-vpn-local-gw;
- ipsec-policy ipsec-dyn-vpn-policy;
- }
- }
- }
- address-book {
- global {
- address host-172.16.3.19 172.16.3.19/32;
- address host-172.16.3.20 172.16.3.20/32;
- }
- }
- dynamic-vpn {
- access-profile dyn-vpn-access-profile;
- clients {
- all {
- remote-protected-resources {
- 172.16.0.0/16;
- }
- remote-exceptions {
- 0.0.0.0/0;
- }
- ipsec-vpn dyn-vpn;
- user {
- FARELY;
- sfarley;
- test;
- }
- }
- }
- }
screen {
ids-option UNTRUST-SCREEN {
icmp {
@@ -524,42 +375,6 @@
}
}
}
- static {
- rule-set UNTRUST {
- from zone UNTRUST;
- rule R164-58-80-105 {
- match {
- destination-address 164.58.80.105/32;
- }
- then {
- static-nat {
- prefix {
- 172.16.3.19/32;
- }
- }
- }
- }
- rule R164-58-80-106 {
- match {
- destination-address 164.58.80.106/32;
- }
- then {
- static-nat {
- prefix {
- 172.16.3.20/32;
- }
- }
- }
- }
- }
- }
- proxy-arp {
- interface vlan.3 {
- address {
- 164.58.80.105/32;
- }
- }
- }
}
policies {
from-zone TRUST to-zone UNTRUST {
@@ -573,16 +388,6 @@
permit;
}
}
- policy permit-all {
- match {
- source-address [ host-172.16.3.19 host-172.16.3.20 ];
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
}
from-zone TEST to-zone UNTRUST {
policy ALLOW-ALL-OUT {
@@ -596,40 +401,14 @@
}
}
}
- from-zone UNTRUST to-zone TRUST {
- policy server-access {
- match {
- source-address any;
- destination-address [ host-172.16.3.19 host-172.16.3.20 ];
- application any;
- }
- then {
- permit;
- }
- }
- policy dyn-vpn-policy {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit {
- tunnel {
- ipsec-vpn dyn-vpn;
- }
- }
- }
- }
- }
}
zones {
security-zone TRUST {
interfaces {
- vlan.4 {
+ ge-0/0/7.0 {
host-inbound-traffic {
system-services {
- dns;
+ dhcp;
ping;
traceroute;
}
@@ -639,11 +418,10 @@
}
security-zone TEST {
interfaces {
- vlan.999 {
+ irb.999 {
host-inbound-traffic {
system-services {
dhcp;
- dns;
ping;
traceroute;
}
@@ -654,15 +432,13 @@
security-zone UNTRUST {
screen UNTRUST-SCREEN;
interfaces {
- vlan.3 {
+ ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ping;
snmp;
ssh;
traceroute;
- https;
- ike;
}
}
}
@@ -670,9 +446,135 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "L3 INTERFACE - UNTRUST-WAN - 156.110.24.194/30";
+ speed 100m;
+ link-mode full-duplex;
+ gigether-options {
+ no-auto-negotiation;
+ }
+ unit 0 {
+ family inet {
+ address 156.110.24.194/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ interface-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.1.3/16";
+ unit 0 {
+ family inet {
+ address 172.16.1.3/16;
+ }
+ }
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ disable;
+ }
+ fxp0 {
+ disable;
+ }
+ irb {
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+ protect: lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+}
+snmp {
+ description OneNet-SRX300-Template-3.0.0;
+ contact "Net Group - (888)566-3638";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.24.193;
+ }
+}
+protocols {
+ l2-learning {
+ global-mode switching;
+ }
+}
+policy-options {
+ protect: prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ protect: prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
- filter PROTECT-RE {
+ protect: filter PROTECT-RE {
term SSH-ALLOW {
from {
source-prefix-list {
@@ -720,74 +622,50 @@
}
}
access {
- profile dyn-vpn-access-profile {
- client FARELY {
- firewall-user {
- password "$9$A4nqt1heK87dsWL"; ## SECRET-DATA
- }
- }
- client sfarley {
- firewall-user {
- password "$9$hW.rKMWLx7dsOBclMW-dk.P5QnApB"; ## SECRET-DATA
- }
- }
- client test {
- firewall-user {
- password "$9$RLPElvM8Xx-wP5nCu0hcbs24aUTQF"; ## SECRET-DATA
- }
- }
- address-assignment {
- pool dyn-vpn-address-pool;
- }
- }
address-assignment {
- pool dyn-vpn-address-pool {
+ pool TEST-POOL {
family inet {
- network 192.168.255.0/24;
- range dvpn-range {
- low 192.168.255.1;
- high 192.168.255.254;
+ network 10.1.0.0/24;
+ range TEST-RANGE {
+ low 10.1.0.10;
+ high 10.1.0.250;
}
+ dhcp-attributes {
+ domain-name test.local;
+ name-server {
+ 164.58.200.200;
+ 156.110.200.200;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
}
}
}
- firewall-authentication {
- web-authentication {
- default-profile dyn-vpn-access-profile;
- }
- }
}
-ethernet-switching-options {
- secure-access-port {
- interface ge-0/0/1.0 {
- mac-limit 3 action shutdown;
+switch-options {
+ interface ge-0/0/1.0 {
+ ##
+ ## Warning: configuration block ignored: unsupported platform (srx340)
+ ##
+ interface-mac-limit {
+ 3;
+ packet-action drop;
}
}
- bpdu-block {
- interface ge-0/0/1.0;
- }
}
vlans {
TEST-VLAN {
description "Test VLAN 999 for TESTING ONLY";
vlan-id 999;
- l3-interface vlan.999;
+ l3-interface irb.999;
}
- TRUST-VLAN {
- description TRUST-VLAN;
- vlan-id 4;
- l3-interface vlan.4;
- }
- UNTRUST-VLAN {
- description UNTRUST-VLAN;
- vlan-id 3;
- l3-interface vlan.3;
- }
}
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show ospf neighbor
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show ospf neighbor
# OSPF instance is not running
#
-# grnoc-mon at LUKFATA-PS-SRX220-LR-004353> show bfd session
+# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show bfd session
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/core.ida.onenet.net
===================================================================
--- configs/core.ida.onenet.net (revision 154649)
+++ configs/core.ida.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at IDABEL-MX480-RE0> show system commit
+# 2017-07-11 11:32:39 CDT by sean via cli commit synchronize
# 2017-03-28 12:36:17 CDT by aberrios via cli commit synchronize
# 2017-03-28 12:33:10 CDT by aberrios via cli commit synchronize
# 2017-03-28 12:13:49 CDT by aberrios via cli commit synchronize
# 2017-03-28 11:53:38 CDT by aberrios via cli commit synchronize
# 2017-03-27 16:28:40 CDT by aberrios via cli commit synchronize
-# 2017-03-20 14:30:43 CDT by joel via cli commit synchronize
# grnoc-mon at IDABEL-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -362,14 +362,14 @@
# drwxr-xr-x 2 root field 512 Mar 16 2016 rtsdb/
# -rw-r----- 1 root field 356 Mar 16 2016 sampled.pkts
# drwxr-xr-x 3 root field 512 Oct 28 2014 sec-download/
-# drwxrwxrwt 2 root wheel 512 Oct 28 2014 vi.recover/
+# drwxrwxrwt 2 root wheel 512 Jul 11 11:57 vi.recover/
# total files: 5
#
# {master}
# grnoc-mon at IDABEL-MX480-RE0> show system uptime
# System booted: 2016-03-16 00:54 CDT
# Protocols started: 2016-03-16 01:01 CDT
-# Last configured: 2017-03-28 12:36 CDT by aberrios
+# Last configured: 2017-07-11 11:32 CDT by sean
#
# {master}
# grnoc-mon at IDABEL-MX480-RE0> show interface terse
@@ -495,7 +495,7 @@
#pp0 up up
#tap up up
# grnoc-mon at IDABEL-MX480-RE0> show configuration
-## Last commit: 2017-03-28 12:36:17 CDT by aberrios
+## Last commit: 2017-07-11 11:32:39 CDT by sean
version 13.3R8.7;
groups {
re0 {
@@ -824,8 +824,8 @@
family inet {
mtu 1500;
policer {
- input 100M-POL;
- output 100M-POL;
+ input 500M-POL;
+ output 500M-POL;
}
sampling {
input;
@@ -2115,6 +2115,14 @@
}
then discard;
}
+ policer 500M-POL {
+ logical-interface-policer;
+ if-exceeding {
+ bandwidth-limit 500m;
+ burst-size-limit 100m;
+ }
+ then discard;
+ }
}
routing-instances {
OMES-AGENCY-DATA-L3VPN {
Index: configs/core.owtccla.onenet.net
===================================================================
--- configs/core.owtccla.onenet.net (revision 154810)
+++ configs/core.owtccla.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OWTCCLA-MX40> show system commit
+# 2017-07-11 11:30:48 CDT by sky via cli
+# 2017-07-11 11:30:42 CDT by sky via cli
# 2017-07-03 11:26:13 CDT by andrew via cli
# 2017-06-23 11:18:47 CDT by aberrios via cli
# 2017-06-20 14:31:23 CDT by andrew via cli
# 2017-06-20 14:22:15 CDT by andrew via cli
-# 2017-06-20 13:35:49 CDT by andrew via cli
-# 2017-06-19 16:47:24 CDT by andrew via cli
# grnoc-mon at OWTCCLA-MX40> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -265,7 +265,7 @@
# grnoc-mon at OWTCCLA-MX40> show system uptime
# System booted: 2017-06-19 01:45 CDT
# Protocols started: 2017-06-19 01:48 CDT
-# Last configured: 2017-07-03 11:26 CDT by andrew
+# Last configured: 2017-07-11 11:30 CDT by sky
#
# grnoc-mon at OWTCCLA-MX40> show interface terse
#Interface Admin Link
@@ -363,7 +363,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OWTCCLA-MX40> show configuration
-## Last commit: 2017-07-03 11:26:13 CDT by andrew
+## Last commit: 2017-07-11 11:30:48 CDT by sky
version 13.3R9.13;
groups {
ISIS-L2-INTERFACE {
@@ -722,6 +722,7 @@
output 100M-POL;
}
address 164.58.0.70/31;
+ address 164.58.69.253/30;
}
}
unit 504 {
More information about the Nocrancid
mailing list