[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sun Jul 23 12:04:55 CDT 2017
Index: configs/maysville-es.client.onenet.net
===================================================================
--- configs/maysville-es.client.onenet.net (revision 155143)
+++ configs/maysville-es.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show system commit
+# 2017-07-23 11:45:57 CDT by root via other
# 2016-03-25 14:17:43 CDT by joel via cli
# 2015-10-26 13:12:04 CDT by admin via cli
# 2015-10-26 13:08:26 CDT by admin via cli
# 2015-10-26 12:58:03 CDT by admin via cli
# 2015-10-26 19:28:56 CDT by root via cli
-# 2015-10-26 19:15:53 CDT by root via cli
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -21,8 +21,8 @@
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
-# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis fpc detail
# Slot 0 information:
@@ -48,14 +48,17 @@
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show chassis ssb
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2006 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -106,27 +109,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
-# Trying to mount root from ufs:/dev/da0s1a
-# WARNING: / was not properly dismounted
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s2a
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show version
# Hostname: MAYSVILLE-ES-LEASED-ASSET-TAG-004945
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show version invoke-on all-routing-engines
# Hostname: MAYSVILLE-ES-LEASED-ASSET-TAG-004945
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show system uptime
-# System booted: 2017-07-03 00:05 CDT
-# Protocols started: 2017-07-03 00:08 CDT
-# Last configured: 2016-03-25 14:17 CDT by joel
+# System booted: 2017-07-23 11:42 CDT
+# Protocols started: 2017-07-23 11:47 CDT
+# Last configured: 2017-07-23 11:45 CDT by root
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show interface terse
#Interface Admin Link
@@ -179,8 +182,8 @@
#vlan up up
#vlan.999 up down
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show configuration
-## Last commit: 2016-03-25 14:17:43 CDT by joel
-version 12.1X44-D35.5;
+## Last commit: 2017-07-23 11:45:57 CDT by root
+version 12.3X48-D40.5;
system {
host-name MAYSVILLE-ES-LEASED-ASSET-TAG-004945;
domain-name onenet.net;
@@ -312,125 +315,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "L3 INTERFACE - UNTRUST-WAN - 164.58.58.86/30";
- unit 0 {
- family inet {
- address 164.58.58.86/30;
- }
- }
- }
- ge-0/0/1 {
- description "L2 INTERFACE - TEST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- disable;
- }
- ge-0/0/8 {
- disable;
- }
- ge-0/0/9 {
- disable;
- }
- ge-0/0/10 {
- disable;
- }
- ge-0/0/11 {
- disable;
- }
- ge-0/0/12 {
- disable;
- }
- ge-0/0/13 {
- disable;
- }
- ge-0/0/14 {
- disable;
- }
- ge-0/0/15 {
- description "L3 INTERFACE - TRUST-LAN - 192.168.1.1/30";
- unit 0 {
- family inet {
- address 192.168.1.1/30;
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 164.58.58.85;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
screen {
ids-option UNTRUST-SCREEN {
@@ -554,6 +438,125 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "L3 INTERFACE - UNTRUST-WAN - 164.58.58.86/30";
+ unit 0 {
+ family inet {
+ address 164.58.58.86/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "L3 INTERFACE - TRUST-LAN - 192.168.1.1/30";
+ unit 0 {
+ family inet {
+ address 192.168.1.1/30;
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.58.85;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/lowery-ps.client.onenet.net
===================================================================
--- configs/lowery-ps.client.onenet.net (revision 154500)
+++ configs/lowery-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LOWREY-PS-LR-004944> show system commit
+# 2017-07-23 11:37:46 CDT by root via other
# 2017-02-23 16:26:28 CST by aberrios via cli
# 2017-02-23 16:15:53 CST by admin via cli
# 2017-02-23 13:13:25 CST by admin via cli
# 2017-02-23 11:30:25 CST by admin via cli
# 2016-12-14 10:29:52 CST by aberrios via cli
-# 2016-10-10 16:00:36 CDT by andrew via cli
# grnoc-mon at LOWREY-PS-LR-004944> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -21,8 +21,8 @@
#
# grnoc-mon at LOWREY-PS-LR-004944> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
-# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at LOWREY-PS-LR-004944> show chassis fpc detail
# Slot 0 information:
@@ -48,14 +48,17 @@
# grnoc-mon at LOWREY-PS-LR-004944> show chassis ssb
# grnoc-mon at LOWREY-PS-LR-004944> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2006 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -106,27 +109,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
-# Trying to mount root from ufs:/dev/da0s1a
-# WARNING: / was not properly dismounted
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s2a
#
# grnoc-mon at LOWREY-PS-LR-004944> show version
# Hostname: LOWREY-PS-LR-004944
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at LOWREY-PS-LR-004944> show version invoke-on all-routing-engines
# Hostname: LOWREY-PS-LR-004944
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at LOWREY-PS-LR-004944> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at LOWREY-PS-LR-004944> show system uptime
-# System booted: 2017-01-30 08:28 CST
-# Protocols started: 2017-01-30 08:31 CST
-# Last configured: 2017-02-23 16:26 CST by aberrios
+# System booted: 2017-07-23 11:34 CDT
+# Protocols started: 2017-07-23 11:40 CDT
+# Last configured: 2017-07-23 11:37 CDT by root
#
# grnoc-mon at LOWREY-PS-LR-004944> show interface terse
#Interface Admin Link
@@ -181,8 +184,8 @@
#vlan.4 up up
#vlan.999 up down
# grnoc-mon at LOWREY-PS-LR-004944> show configuration
-## Last commit: 2017-02-23 16:26:28 CST by aberrios
-version 12.1X44-D35.5;
+## Last commit: 2017-07-23 11:37:46 CDT by root
+version 12.3X48-D40.5;
system {
host-name LOWREY-PS-LR-004944;
domain-name onenet.net;
@@ -316,126 +319,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "UNTRUST WAN Interface";
- speed 100m;
- link-mode full-duplex;
- gigether-options {
- no-auto-negotiation;
- }
- unit 0 {
- family ethernet-switching {
- vlan {
- members UNTRUST-VLAN;
- }
- }
- }
- }
- ge-0/0/1 {
- unit 0 {
- description TEST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- disable;
- }
- ge-0/0/15 {
- description "TRUST LAN Interface";
- unit 0 {
- family ethernet-switching {
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description "L3 INTERFACE - UNTRUST-VLAN - 156.110.34.58/30";
- family inet {
- address 156.110.34.58/30;
- }
- }
- unit 4 {
- description "L3 INTERFACE - TRUST-VLAN - 192.168.1.1/16";
- family inet {
- address 192.168.1.1/16;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 156.110.34.57;
- route 10.1.1.0/24 next-hop 192.168.1.180;
- route 10.1.10.0/24 next-hop 192.168.1.180;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
address-book {
global {
@@ -775,6 +658,126 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "UNTRUST WAN Interface";
+ speed 100m;
+ link-mode full-duplex;
+ gigether-options {
+ no-auto-negotiation;
+ }
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members UNTRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/1 {
+ unit 0 {
+ description TEST-INTERFACE;
+ family ethernet-switching {
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/15 {
+ description "TRUST LAN Interface";
+ unit 0 {
+ family ethernet-switching {
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - UNTRUST-VLAN - 156.110.34.58/30";
+ family inet {
+ address 156.110.34.58/30;
+ }
+ }
+ unit 4 {
+ description "L3 INTERFACE - TRUST-VLAN - 192.168.1.1/16";
+ family inet {
+ address 192.168.1.1/16;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.34.57;
+ route 10.1.1.0/24 next-hop 192.168.1.180;
+ route 10.1.10.0/24 next-hop 192.168.1.180;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/meeker-ps.client.onenet.net
===================================================================
--- configs/meeker-ps.client.onenet.net (revision 154500)
+++ configs/meeker-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show system commit
+# 2017-07-23 11:56:11 CDT by root via other
# 2015-12-14 15:34:07 CST by sean via cli
# 2015-11-20 10:50:09 CST by joel via cli
# 2015-11-20 10:48:21 CST by joel via cli
# 2015-10-28 12:35:21 CDT by root via other
# 2015-10-28 12:24:40 CDT by joel via cli commit confirmed, rollback in 10mins
-# 2015-10-28 20:20:23 CDT by root via cli commit confirmed, rollback in 5mins
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -21,8 +21,8 @@
#
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
-# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show chassis fpc detail
# Slot 0 information:
@@ -48,14 +48,17 @@
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show chassis ssb
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2006 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -106,27 +109,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
-# Trying to mount root from ufs:/dev/da0s1a
-# WARNING: / was not properly dismounted
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s2a
#
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show version
# Hostname: MEEKER-PS-LEASED-ASSET-TAG-004947
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show version invoke-on all-routing-engines
# Hostname: MEEKER-PS-LEASED-ASSET-TAG-004947
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show system uptime
-# System booted: 2017-01-22 18:58 CST
-# Protocols started: 2017-01-22 19:01 CST
-# Last configured: 2015-12-14 15:34 CST by sean
+# System booted: 2017-07-23 11:52 CDT
+# Protocols started: 2017-07-23 11:57 CDT
+# Last configured: 2017-07-23 11:56 CDT by root
#
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show interface terse
#Interface Admin Link
@@ -181,8 +184,8 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at MEEKER-PS-LEASED-ASSET-TAG-004947> show configuration
-## Last commit: 2015-12-14 15:34:07 CST by sean
-version 12.1X44-D35.5;
+## Last commit: 2017-07-23 11:56:11 CDT by root
+version 12.3X48-D40.5;
system {
host-name MEEKER-PS-LEASED-ASSET-TAG-004947;
domain-name onenet.net;
@@ -314,139 +317,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "L3 INTERFACE - UNTRUST-WAN - 164.58.28.38/30";
- unit 0 {
- family inet {
- address 164.58.28.38/30;
- }
- }
- }
- ge-0/0/1 {
- description "L2 INTERFACE - TEST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- disable;
- }
- ge-0/0/8 {
- disable;
- }
- ge-0/0/9 {
- disable;
- }
- ge-0/0/10 {
- disable;
- }
- ge-0/0/11 {
- disable;
- }
- ge-0/0/12 {
- disable;
- }
- ge-0/0/13 {
- disable;
- }
- ge-0/0/14 {
- description "L3 INTERFACE - UNTRUST-WAN - 156.110.42.33/30 [ROSE STATE VIDEO]";
- unit 0 {
- family inet {
- address 156.110.42.33/30;
- }
- }
- }
- ge-0/0/15 {
- description "L2 INTERFACE - UNTRUST-LAN-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members UNTRUST-LAN-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description "L3 INTERFACE - UNTRUST-LAN-VLAN - 156.110.42.37/30";
- family inet {
- address 156.110.42.37/30;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 164.58.28.37;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
screen {
ids-option UNTRUST-SCREEN {
@@ -587,6 +457,139 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "L3 INTERFACE - UNTRUST-WAN - 164.58.28.38/30";
+ unit 0 {
+ family inet {
+ address 164.58.28.38/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ description "L3 INTERFACE - UNTRUST-WAN - 156.110.42.33/30 [ROSE STATE VIDEO]";
+ unit 0 {
+ family inet {
+ address 156.110.42.33/30;
+ }
+ }
+ }
+ ge-0/0/15 {
+ description "L2 INTERFACE - UNTRUST-LAN-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members UNTRUST-LAN-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - UNTRUST-LAN-VLAN - 156.110.42.37/30";
+ family inet {
+ address 156.110.42.37/30;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 164.58.28.37;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/antlers-pl.client.onenet.net
===================================================================
--- configs/antlers-pl.client.onenet.net (revision 155037)
+++ configs/antlers-pl.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show system commit
+# 2017-07-23 11:31:40 CDT by root via other
# 2016-03-16 14:37:33 CDT by joel via cli
# 2016-03-16 14:32:34 CDT by joel via cli commit confirmed, rollback in 3mins
# 2016-03-04 10:53:05 CST by andrew via cli
# 2016-03-02 12:16:08 CST by sean via cli commit confirmed, rollback in 5mins
# 2015-12-04 14:47:16 CST by joel via cli commit confirmed, rollback in 5mins
-# 2015-12-04 14:39:55 CST by joel via cli
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X44-D20.3 by builder on 2013-07
-# FWDD O/S Version 12.1X44-D20.3 by builder on 2013-07
+# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show chassis fpc detail
# Slot 0 information:
@@ -44,7 +44,7 @@
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show chassis ssb
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2013, Juniper Networks, Inc.
+# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2006 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
@@ -87,27 +87,26 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
-# WARNING: / was not properly dismounted
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show version
# Hostname: ANTLERS-PUBLIC-LIBRARY-TAG-004632
# Model: srx220h2
-# JUNOS Software Release [12.1X44-D20.3]
+# JUNOS Software Release [12.1X46-D65.4]
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show version invoke-on all-routing-engines
# Hostname: ANTLERS-PUBLIC-LIBRARY-TAG-004632
# Model: srx220h2
-# JUNOS Software Release [12.1X44-D20.3]
+# JUNOS Software Release [12.1X46-D65.4]
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Jul 19 2013 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show system uptime
-# System booted: 2017-07-12 10:06 CDT
-# Protocols started: 2017-07-12 10:08 CDT
-# Last configured: 2016-03-16 14:37 CDT by joel
+# System booted: 2017-07-23 11:30 CDT
+# Protocols started: 2017-07-23 11:32 CDT
+# Last configured: 2017-07-23 11:31 CDT by root
#
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show interface terse
#Interface Admin Link
@@ -154,8 +153,8 @@
#vlan.4 up up
#vlan.999 up down
# grnoc-mon at ANTLERS-PUBLIC-LIBRARY-TAG-004632> show configuration
-## Last commit: 2016-03-16 14:37:33 CDT by joel
-version 12.1X44.3;
+## Last commit: 2017-07-23 11:31:40 CDT by root
+version 12.1X46-D65.4;
system {
host-name ANTLERS-PUBLIC-LIBRARY-TAG-004632;
domain-name onenet.net;
Index: configs/mannford-public-library.client.onenet.net
===================================================================
--- configs/mannford-public-library.client.onenet.net (revision 154500)
+++ configs/mannford-public-library.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show system commit
+# 2017-07-23 11:29:10 CDT by root via other
# 2017-02-01 18:00:55 CST by andrew via cli
# 2016-01-19 09:38:21 CST by andrew via cli commit confirmed, rollback in 3mins
# 2016-01-19 09:33:46 CST by andrew via cli
# 2016-01-19 09:31:10 CST by andrew via cli
# 2016-01-19 09:28:21 CST by andrew via cli commit confirmed, rollback in 3mins
-# 2016-01-15 17:48:32 CST by onenet via cli commit confirmed, rollback in 3mins
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -17,8 +17,8 @@
#
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X44-D15.5 by builder on 2013-06
-# FWDD O/S Version 12.1X44-D15.5 by builder on 2013-06
+# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
#
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show chassis fpc detail
# Slot 0 information:
@@ -44,7 +44,7 @@
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show chassis ssb
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2013, Juniper Networks, Inc.
+# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2006 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
@@ -87,27 +87,26 @@
# ###PCB Group initialized for tcppcbgroup
# ad0: Device does not support APM
# ad0: 2000MB <CF 2GB 20100924> at ata2-master WDMA2
-# Trying to mount root from ufs:/dev/ad0s1a
-# WARNING: / was not properly dismounted
+# Trying to mount root from ufs:/dev/ad0s2a
#
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show version
# Hostname: MANNFORD-PUBLIC-LIBRARY-004346
# Model: srx220h2
-# JUNOS Software Release [12.1X44-D15.5]
+# JUNOS Software Release [12.1X46-D65.4]
#
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show version invoke-on all-routing-engines
# Hostname: MANNFORD-PUBLIC-LIBRARY-004346
# Model: srx220h2
-# JUNOS Software Release [12.1X44-D15.5]
+# JUNOS Software Release [12.1X46-D65.4]
#
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Jun 6 2013 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show system uptime
-# System booted: 2017-04-04 21:20 CDT
-# Protocols started: 2017-04-04 21:22 CDT
-# Last configured: 2017-02-01 18:00 CST by andrew
+# System booted: 2017-07-23 11:27 CDT
+# Protocols started: 2017-07-23 11:30 CDT
+# Last configured: 2017-07-23 11:29 CDT by root
#
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show interface terse
#Interface Admin Link
@@ -158,8 +157,8 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at MANNFORD-PUBLIC-LIBRARY-004346> show configuration
-## Last commit: 2017-02-01 18:00:55 CST by andrew
-version 12.1X44.5;
+## Last commit: 2017-07-23 11:29:10 CDT by root
+version 12.1X46-D65.4;
system {
host-name MANNFORD-PUBLIC-LIBRARY-004346;
auto-snapshot;
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net (revision 155145)
+++ configs/hub.dur.onenet.net (working copy)
@@ -433,7 +433,7 @@
#fe-2/1/1 up up
#fe-2/1/1.0 up up
#fe-2/1/2 up down
-#fe-2/1/3 down down
+#fe-2/1/3 down up
#ge-2/2/0 up up
#ge-2/2/0.0 up up
#pc-2/2/0 up up
Index: configs/geronimo-ps.client.onenet.net
===================================================================
--- configs/geronimo-ps.client.onenet.net (revision 154500)
+++ configs/geronimo-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show system commit
+# 2017-07-23 11:34:14 CDT by root via other
# 2017-02-23 11:16:34 CST by admin via cli
# 2015-12-14 13:37:34 CST by admin via cli
# 2015-09-25 09:47:16 CDT by admin via cli
# 2015-08-10 22:17:49 CDT by joel via cli commit confirmed, rollback in 3mins
# 2015-08-10 22:08:28 CDT by admin via cli
-# 2015-08-10 22:07:43 CDT by admin via cli commit confirmed, rollback in 4mins
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -21,8 +21,8 @@
#
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
-# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show chassis fpc detail
# Slot 0 information:
@@ -48,14 +48,17 @@
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show chassis ssb
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2006 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -106,27 +109,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
-# Trying to mount root from ufs:/dev/da0s1a
-# WARNING: / was not properly dismounted
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s2a
#
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show version
# Hostname: GERONIMO-PS-SRX240-LR-004897
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show version invoke-on all-routing-engines
# Hostname: GERONIMO-PS-SRX240-LR-004897
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show system uptime
-# System booted: 2017-05-18 22:54 CDT
-# Protocols started: 2017-05-18 22:57 CDT
-# Last configured: 2017-02-23 11:16 CST by admin
+# System booted: 2017-07-23 11:30 CDT
+# Protocols started: 2017-07-23 11:35 CDT
+# Last configured: 2017-07-23 11:34 CDT by root
#
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show interface terse
#Interface Admin Link
@@ -180,8 +183,8 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at GERONIMO-PS-SRX240-LR-004897> show configuration
-## Last commit: 2017-02-23 11:16:34 CST by admin
-version 12.1X44-D35.5;
+## Last commit: 2017-07-23 11:34:14 CDT by root
+version 12.3X48-D40.5;
system {
host-name GERONIMO-PS-SRX240-LR-004897;
domain-name onenet.net;
@@ -310,6 +313,111 @@
server 164.58.3.98 prefer;
}
}
+security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
+ nat {
+ source {
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
+ to zone UNTRUST;
+ rule NAT-TEST-TO-UNTRUST {
+ match {
+ source-address 0.0.0.0/0;
+ }
+ then {
+ source-nat {
+ interface;
+ }
+ }
+ }
+ }
+ }
+ }
+ policies {
+ from-zone UNTRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ from-zone TEST to-zone UNTRUST {
+ policy ALLOW-ALL-OUT {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
+ }
+ zones {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
+ interfaces {
+ vlan.3 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
+ ge-0/0/0.0 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ snmp;
+ ssh;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
+ host-inbound-traffic {
+ system-services {
+ dhcp;
+ ping;
+ traceroute;
+ }
+ }
+ }
+ }
+ }
+ }
+}
interfaces {
ge-0/0/0 {
description "L3 INTERFACE - UNTRUST-WAN - 164.58.28.150/30";
@@ -438,111 +546,6 @@
apply-path "interfaces <*> unit <*> family inet address <*>";
}
}
-security {
- screen {
- ids-option UNTRUST-SCREEN {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- rule-set TEST-TO-UNTRUST-NAT {
- from zone TEST;
- to zone UNTRUST;
- rule NAT-TEST-TO-UNTRUST {
- match {
- source-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- }
- policies {
- from-zone UNTRUST to-zone UNTRUST {
- policy TRUST-TO-UNTRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone TEST to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone UNTRUST {
- screen UNTRUST-SCREEN;
- interfaces {
- vlan.3 {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- }
- }
- }
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- ping;
- snmp;
- ssh;
- traceroute;
- }
- }
- }
- }
- }
- security-zone TEST {
- interfaces {
- vlan.999 {
- host-inbound-traffic {
- system-services {
- dhcp;
- ping;
- traceroute;
- }
- }
- }
- }
- }
- }
-}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/billings-ps.client.onenet.net
===================================================================
--- configs/billings-ps.client.onenet.net (revision 154500)
+++ configs/billings-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at BILLINGS-PS-004885> show system commit
+# 2017-07-23 11:39:45 CDT by root via other
# 2016-07-22 13:59:52 CDT by sean via cli
# 2016-07-15 14:56:02 CDT by admin via cli
# 2016-07-15 12:12:52 CDT by admin via cli
# 2016-07-15 12:06:20 CDT by admin via cli commit confirmed, rollback in 2mins
# 2016-07-15 12:02:44 CDT by admin via cli
-# 2016-07-15 11:57:23 CDT by admin via cli
# grnoc-mon at BILLINGS-PS-004885> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -21,8 +21,8 @@
#
# grnoc-mon at BILLINGS-PS-004885> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X44-D35.5 by builder on 2014-05
-# FWDD O/S Version 12.1X44-D35.5 by builder on 2014-05
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at BILLINGS-PS-004885> show chassis fpc detail
# Slot 0 information:
@@ -48,14 +48,17 @@
# grnoc-mon at BILLINGS-PS-004885> show chassis ssb
# grnoc-mon at BILLINGS-PS-004885> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
-# Copyright (c) 1996-2014, Juniper Networks, Inc.
+# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
# Copyright (c) 1992-2006 The FreeBSD Project.
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -106,26 +109,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
-# Trying to mount root from ufs:/dev/da0s1a
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
+# Trying to mount root from ufs:/dev/da0s2a
#
# grnoc-mon at BILLINGS-PS-004885> show version
# Hostname: BILLINGS-PS-004885
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BILLINGS-PS-004885> show version invoke-on all-routing-engines
# Hostname: BILLINGS-PS-004885
# Model: srx240h2
-# JUNOS Software Release [12.1X44-D35.5]
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at BILLINGS-PS-004885> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 May 19 2014 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at BILLINGS-PS-004885> show system uptime
-# System booted: 2016-10-12 08:11 CDT
-# Protocols started: 2016-10-12 08:14 CDT
-# Last configured: 2016-07-22 13:59 CDT by sean
+# System booted: 2017-07-23 11:36 CDT
+# Protocols started: 2017-07-23 11:41 CDT
+# Last configured: 2017-07-23 11:39 CDT by root
#
# grnoc-mon at BILLINGS-PS-004885> show interface terse
#Interface Admin Link
@@ -180,8 +184,8 @@
#vlan.3 up up
#vlan.999 up down
# grnoc-mon at BILLINGS-PS-004885> show configuration
-## Last commit: 2016-07-22 13:59:52 CDT by sean
-version 12.1X44-D35.5;
+## Last commit: 2017-07-23 11:39:45 CDT by root
+version 12.3X48-D40.5;
system {
host-name BILLINGS-PS-004885;
domain-name onenet.net;
@@ -313,147 +317,6 @@
server 164.58.3.98 prefer;
}
}
-interfaces {
- ge-0/0/0 {
- description "L3 INTERFACE - UNTRUST-WAN - 156.110.34.50/30";
- speed 100m;
- link-mode full-duplex;
- gigether-options {
- no-auto-negotiation;
- }
- unit 0 {
- family inet {
- address 156.110.34.50/30;
- }
- }
- }
- ge-0/0/1 {
- description "L2 INTERFACE - TEST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TEST-VLAN;
- }
- }
- }
- }
- ge-0/0/2 {
- disable;
- }
- ge-0/0/3 {
- disable;
- }
- ge-0/0/4 {
- disable;
- }
- ge-0/0/5 {
- disable;
- }
- ge-0/0/6 {
- disable;
- }
- ge-0/0/7 {
- disable;
- }
- ge-0/0/8 {
- disable;
- }
- ge-0/0/9 {
- disable;
- }
- ge-0/0/10 {
- disable;
- }
- ge-0/0/11 {
- disable;
- }
- ge-0/0/12 {
- disable;
- }
- ge-0/0/13 {
- disable;
- }
- ge-0/0/14 {
- description "L2 INTERFACE - TRUST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- ge-0/0/15 {
- description "L2 INTERFACE - TRUST-VLAN";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members TRUST-VLAN;
- }
- }
- }
- }
- lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 3 {
- description "L3 INTERFACE - TRUST-VLAN - 172.16.0.1/16";
- family inet {
- address 172.16.0.1/16;
- }
- }
- unit 999 {
- description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
- family inet {
- address 10.1.0.1/24;
- }
- }
- }
-}
-snmp {
- description OneNet;
- contact "Net Group";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 156.110.34.49;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
address-book {
global {
@@ -651,6 +514,147 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "L3 INTERFACE - UNTRUST-WAN - 156.110.34.50/30";
+ speed 100m;
+ link-mode full-duplex;
+ gigether-options {
+ no-auto-negotiation;
+ }
+ unit 0 {
+ family inet {
+ address 156.110.34.50/30;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ disable;
+ }
+ ge-0/0/3 {
+ disable;
+ }
+ ge-0/0/4 {
+ disable;
+ }
+ ge-0/0/5 {
+ disable;
+ }
+ ge-0/0/6 {
+ disable;
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ disable;
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ ge-0/0/15 {
+ description "L2 INTERFACE - TRUST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TRUST-VLAN;
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 3 {
+ description "L3 INTERFACE - TRUST-VLAN - 172.16.0.1/16";
+ family inet {
+ address 172.16.0.1/16;
+ }
+ }
+ unit 999 {
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ family inet {
+ address 10.1.0.1/24;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet;
+ contact "Net Group";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.34.49;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
filter PROTECT-RE {
Index: configs/opt.tul.onenet.net
===================================================================
--- configs/opt.tul.onenet.net (revision 155147)
+++ configs/opt.tul.onenet.net (working copy)
@@ -41,6 +41,7 @@
<interface name="CHAN-1-14-3-1" abbr_name="CHAN-1-14-3-1" admin_state="up" spanning_tree_metric="" description="" type="TXP" monitoring_state="monitor"></interface>
<interface name="CHAN-1-14-4-1" abbr_name="CHAN-1-14-4-1" admin_state="up" spanning_tree_metric="" description="" type="TXP" monitoring_state="monitor"></interface>
<interface name="VFAC-1-14-1-1" abbr_name="VFAC-1-14-1-1" admin_state="up" spanning_tree_metric="" description="" type="VFAC" monitoring_state="monitor"></interface>
+ <interface name="VFAC-1-14-2-1" abbr_name="VFAC-1-14-2-1" admin_state="up" spanning_tree_metric="" description="" type="VFAC" monitoring_state="monitor"></interface>
<interface name="VFAC-1-14-3-1" abbr_name="VFAC-1-14-3-1" admin_state="up" spanning_tree_metric="" description="" type="VFAC" monitoring_state="monitor"></interface>
<interface name="VFAC-1-14-4-1" abbr_name="VFAC-1-14-4-1" admin_state="up" spanning_tree_metric="" description="" type="VFAC" monitoring_state="monitor"></interface>
</part>
More information about the Nocrancid
mailing list