[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Fri May 19 22:05:35 CDT 2017
Index: configs/hub.sem.onenet.net
===================================================================
--- configs/hub.sem.onenet.net (revision 153383)
+++ configs/hub.sem.onenet.net (working copy)
@@ -311,8 +311,8 @@
#t1-2/0/2:4 down down
#t1-2/0/2:5 up up
#t1-2/0/2:5.0 up up
-#t1-2/0/2:6 up down
-#t1-2/0/2:6.0 up down
+#t1-2/0/2:6 up up
+#t1-2/0/2:6.0 up up
#t1-2/0/2:7 up up
#t1-2/0/2:7.16 up up
#t1-2/0/2:7.17 up up
Index: configs/maysville-es.client.onenet.net
===================================================================
--- configs/maysville-es.client.onenet.net (revision 153383)
+++ configs/maysville-es.client.onenet.net (working copy)
@@ -614,7 +614,6 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/mannsville-ps.client.onenet.net
===================================================================
--- configs/mannsville-ps.client.onenet.net (revision 153348)
+++ configs/mannsville-ps.client.onenet.net (working copy)
@@ -96,8 +96,8 @@
# total files: 1
#
# grnoc-mon at MANNSVILLE-PS-LR-3946> show system uptime
-# System booted: 2017-05-18 22:38 CDT
-# Protocols started: 2017-05-18 22:41 CDT
+# System booted: 2017-05-19 21:45 CDT
+# Protocols started: 2017-05-19 21:48 CDT
# Last configured: 2016-11-09 11:43 CST by sky
#
# grnoc-mon at MANNSVILLE-PS-LR-3946> show interface terse
Index: configs/kiamichi-fmc-battiest.client.onenet.net
===================================================================
--- configs/kiamichi-fmc-battiest.client.onenet.net (revision 153375)
+++ configs/kiamichi-fmc-battiest.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at KIAMICHI-FMC-BATTIEST-LR-5230> show system commit
+# 2017-05-19 21:35:04 CDT by andrew via cli
+# 2017-05-19 21:28:10 CDT by andrew via cli commit confirmed, rollback in 3mins
+# 2017-05-19 21:19:26 CDT by andrew via cli commit confirmed, rollback in 3mins
# 2017-05-19 14:22:20 CDT by sean via cli
# 2017-05-19 14:21:20 CDT by sean via cli
# 2017-05-19 14:17:14 CDT by sean via cli
-# 2017-05-19 14:15:33 CDT by sean via cli
-# 2017-05-19 14:14:33 CDT by sean via cli
-# 2017-05-19 14:10:58 CDT by sean via cli
# grnoc-mon at KIAMICHI-FMC-BATTIEST-LR-5230> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -119,7 +119,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-04-27 15:39 CDT
# Protocols started: 2017-04-27 15:39 CDT
-# Last configured: 2017-05-19 14:22 CDT by sean
+# Last configured: 2017-05-19 21:35 CDT by andrew
#
# grnoc-mon at KIAMICHI-FMC-BATTIEST-LR-5230> show interface terse
#Interface Admin Link
@@ -171,14 +171,13 @@
#ppd0 up up
#ppe0 up up
#st0 up up
-#st0.0 up down
#st0.1 up up
#st0.2 up up
#tap up up
#vlan up down
#vtep up up
# grnoc-mon at KIAMICHI-FMC-BATTIEST-LR-5230> show configuration
-## Last commit: 2017-05-19 14:22:20 CDT by sean
+## Last commit: 2017-05-19 21:35:04 CDT by andrew
version 15.1X49-D50.3;
system {
host-name KIAMICHI-FMC-BATTIEST-LR-5230;
@@ -267,28 +266,12 @@
root-login deny;
protocol-version v2;
}
- dhcp {
- pool 10.1.0.0/24 {
- address-range low 10.1.0.2 high 10.1.0.254;
- domain-name test.local;
- name-server {
- 164.58.200.200;
- 156.110.200.200;
- }
- router {
- 10.1.0.1;
- }
+ dhcp-local-server {
+ group TEST-DHCP {
+ interface ge-0/0/1.0;
}
- pool 192.168.0.0/24 {
- address-range low 192.168.0.100 high 192.168.0.200;
- domain-name onenet.net;
- name-server {
- 164.58.200.200;
- 156.110.200.200;
- }
- router {
- 192.168.0.1;
- }
+ group TRUST-DHCP {
+ interface ge-0/0/7.0;
}
}
}
@@ -339,34 +322,17 @@
encryption-algorithm aes-256-cbc;
lifetime-seconds 86400;
}
- policy IKE-HUGO-KFMC {
- mode aggressive;
- proposals PRE-G2-AES128-SHA;
-# pre-shared-#key <removed>;
- }
policy IKE-POLICY-KFMC-TO-MCCURTAIN {
mode main;
description "1q2w3e4r5t6y!";
proposal-set standard;
# pre-shared-#key <removed>;
}
- policy IKE-DYN-VPN-POLICY {
- mode aggressive;
- description KFMC-Dynamic-VPN-Key;
- proposal-set standard;
-# pre-shared-#key <removed>;
- }
policy IKE-POLICY-KFMC-TO-MYHEALTH {
mode main;
proposals PRE-G2-AES256-SHA;
# pre-shared-#key <removed>;
}
- gateway IKE-GATE-HUGO-KFMC {
- ike-policy IKE-HUGO-KFMC;
- dynamic user-at-hostname "hugo at kfmc.org";
- external-interface ge-0/0/0.500;
- local-address 164.58.22.151;
- }
gateway IKE-GATE-KFMC-TO-MCCURTAIN {
ike-policy IKE-POLICY-KFMC-TO-MCCURTAIN;
address 164.58.29.203;
@@ -377,16 +343,6 @@
}
external-interface ge-0/0/0.500;
}
- gateway DYN-VPN-LOCAL-GATEWAY {
- ike-policy IKE-DYN-VPN-POLICY;
- dynamic {
- hostname kiamichi.local;
- connections-limit 5;
- ike-user-type group-ike-id;
- }
- external-interface ge-0/0/0.500;
- xauth access-profile DYN-VPN-ACCESS-PROFILE;
- }
gateway IKE-GATE-KFMC-TO-MYHEALTH {
ike-policy IKE-POLICY-KFMC-TO-MYHEALTH;
address 70.246.162.130;
@@ -394,13 +350,6 @@
}
}
ipsec {
- proposal G2-ESP-AES128-SHA {
- description group2;
- protocol esp;
- authentication-algorithm hmac-sha1-96;
- encryption-algorithm aes-128-cbc;
- lifetime-seconds 3600;
- }
proposal IPSEC-PROP-KFMC-TO-MCCURTAIN {
description group2;
protocol esp;
@@ -415,26 +364,12 @@
encryption-algorithm aes-256-cbc;
lifetime-seconds 28800;
}
- policy VPN-POLICY-HUGO-KFMC {
- proposals G2-ESP-AES128-SHA;
- }
policy IPSEC-POLICY-KFMC-TO-MCCURTAIN {
proposals IPSEC-PROP-KFMC-TO-MCCURTAIN;
}
- policy IPSEC-DYN-VPN-POLICY {
- proposal-set standard;
- }
policy IPSEC-POLICY-KFMC-TO-MYHEALTH {
proposals IPSEC-PROP-KFMC-TO-MYHEALTH;
}
- vpn IPSEC-VPN-HUGO-KFMC {
- bind-interface st0.0;
- ike {
- gateway IKE-GATE-HUGO-KFMC;
- ipsec-policy VPN-POLICY-HUGO-KFMC;
- }
- establish-tunnels immediately;
- }
vpn IPSEC-VPN-KFMC-TO-MCCURTAIN {
bind-interface st0.1;
ike {
@@ -447,12 +382,6 @@
}
establish-tunnels immediately;
}
- vpn DYN-VPN {
- ike {
- gateway DYN-VPN-LOCAL-GATEWAY;
- ipsec-policy IPSEC-DYN-VPN-POLICY;
- }
- }
vpn IPSEC-VPN-KFMC-TO-MYHEALTH {
bind-interface st0.2;
ike {
@@ -472,30 +401,8 @@
address-book {
global {
address MITEL-PHONES 192.168.0.230/32;
- address net-192.168.0.2 192.168.0.2/32;
- address net-10.3.87.86 10.3.87.86/32;
- address DYN-VPN-192.168.0.248/29 {
- wildcard-address 192.168.0.248/29;
- }
}
}
- dynamic-vpn {
- access-profile DYN-VPN-ACCESS-PROFILE;
- clients {
- DYN-VPN-USERS {
- remote-protected-resources {
- 0.0.0.0/0;
- }
- remote-exceptions {
- 0.0.0.0/0;
- }
- ipsec-vpn DYN-VPN;
- user-groups {
- DYN-VPN-CLIENT-GROUP;
- }
- }
- }
- }
forwarding-options {
family {
inet6 {
@@ -561,20 +468,6 @@
}
}
}
- rule-set DYN-VPN-INTERFACE-NAT {
- from zone UNTRUST;
- to zone UNTRUST;
- rule DYN-VPN-NAT {
- match {
- source-address 192.168.0.248/29;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
}
static {
rule-set MITEL-NAT {
@@ -596,7 +489,7 @@
}
policies {
from-zone UNTRUST to-zone TRUST {
- policy UNTRUST-TO-TRUST {
+ policy MITEL-PHONES-UNTRUST-TO-TRUST {
match {
source-address any;
destination-address MITEL-PHONES;
@@ -606,47 +499,7 @@
permit;
}
}
- policy ALLOW-DYN-VPN-DNS {
- match {
- source-address DYN-VPN-192.168.0.248/29;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- policy ALLOW-DYN-VPN {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit {
- tunnel {
- ipsec-vpn DYN-VPN;
- }
- }
- }
- }
}
- from-zone UNTRUST to-zone UNTRUST {
- policy ALLOW-DYN-VPN {
- match {
- source-address DYN-VPN-192.168.0.248/29;
- destination-address any;
- application any;
- }
- then {
- permit {
- tunnel {
- ipsec-vpn DYN-VPN;
- }
- }
- }
- }
- }
from-zone TRUST to-zone UNTRUST {
policy TRUST-TO-UNTRUST {
match {
@@ -695,18 +548,6 @@
}
}
}
- from-zone TRUST to-zone TRUST {
- policy TRUST-TO-TRUST {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
from-zone VPN to-zone TRUST {
policy VPN-TO-TRUST {
match {
@@ -744,22 +585,6 @@
}
}
}
- st0.0 {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- }
- }
- }
- st0.1 {
- host-inbound-traffic {
- system-services {
- ping;
- traceroute;
- }
- }
- }
}
}
security-zone TEST {
@@ -816,13 +641,21 @@
}
}
}
+ st0.1 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ traceroute;
+ }
+ }
+ }
}
}
}
}
interfaces {
ge-0/0/0 {
- description "TO ONENET";
+ description OneNet;
vlan-tagging;
unit 500 {
description "UNTRUST-WAN - 164.58.22.151/31";
@@ -863,8 +696,8 @@
disable;
}
ge-0/0/7 {
+ description "TRUST - 192.168.0.1/24";
unit 0 {
- description "TRUST - 192.168.0.1/24";
family inet {
address 192.168.0.1/24;
}
@@ -907,13 +740,6 @@
}
}
st0 {
- unit 0 {
- description VPN-TO-HUGO;
- family inet {
- mtu 1440;
- address 164.58.58.64/31;
- }
- }
unit 1 {
description "IPSEC VPN TO KFMC-TO-MCCURTAIN";
family inet;
@@ -1007,60 +833,47 @@
}
}
access {
- profile DYN-VPN-ACCESS-PROFILE {
- client joelmoore {
- client-group DYN-VPN-CLIENT-GROUP;
- firewall-user {
- password "$9$B91EhyN-wY2a7-kPf5F3SrlvX-oaU.PQbsk."; ## SECRET-DATA
+ address-assignment {
+ pool TEST-POOL {
+ family inet {
+ network 10.1.0.0/24;
+ range TEST-RANGE {
+ low 10.1.0.10;
+ high 10.1.0.250;
+ }
+ dhcp-attributes {
+ domain-name test.local;
+ name-server {
+ 164.58.200.200;
+ 156.110.200.200;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
}
}
- client kiamichi-user {
- client-group DYN-VPN-CLIENT-GROUP;
- firewall-user {
- password "$9$Hkfz3nCuBE/CLNb2GU/Ctp0IEhSM8X"; ## SECRET-DATA
- }
- }
- address-assignment {
- pool DYN-VPN-ADDRESS-POOL;
- }
- }
- address-assignment {
- pool DYN-VPN-ADDRESS-POOL {
+ pool TRUST-POOL {
family inet {
network 192.168.0.0/24;
- range dvpn-range {
- low 192.168.0.249;
- high 192.168.0.254;
+ range TRUST-RANGE {
+ low 192.168.0.100;
+ high 192.168.0.200;
}
dhcp-attributes {
- maximum-lease-time 300;
- domain-name kiamichi.local;
+ domain-name onenet.net;
name-server {
164.58.200.200;
+ 156.110.200.200;
}
+ router {
+ 192.168.0.1;
+ }
}
- xauth-attributes {
- primary-dns 164.58.200.200/32;
- }
}
}
}
- firewall-authentication {
- web-authentication {
- default-profile DYN-VPN-ACCESS-PROFILE;
- }
- }
}
-applications {
- application custom-443 {
- protocol udp;
- destination-port 443;
- }
- application custom-44000 {
- protocol udp;
- destination-port 44000;
- }
-}
# grnoc-mon at KIAMICHI-FMC-BATTIEST-LR-5230> show ospf neighbor
# OSPF instance is not running
#
Index: configs/waurika-hs.client.onenet.net
===================================================================
--- configs/waurika-hs.client.onenet.net (revision 153378)
+++ configs/waurika-hs.client.onenet.net (working copy)
@@ -96,8 +96,8 @@
# total files: 1
#
# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show system uptime
-# System booted: 2017-05-19 17:05 CDT
-# Protocols started: 2017-05-19 17:07 CDT
+# System booted: 2017-05-19 21:51 CDT
+# Protocols started: 2017-05-19 21:53 CDT
# Last configured: 2015-07-20 16:00 CDT by sky
#
# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show interface terse
Index: configs/hub.ada.onenet.net
===================================================================
--- configs/hub.ada.onenet.net (revision 153076)
+++ configs/hub.ada.onenet.net (working copy)
@@ -291,10 +291,10 @@
#t1-2/0/2:8.17 up up
#t1-2/0/2:9 up up
#t1-2/0/2:9.0 up up
-#t1-2/0/2:10 up up
-#t1-2/0/2:10.16 up up
-#t1-2/0/2:10.17 up up
-#t1-2/0/2:10.18 up up
+#t1-2/0/2:10 up down
+#t1-2/0/2:10.16 up down
+#t1-2/0/2:10.17 up down
+#t1-2/0/2:10.18 up down
#t1-2/0/2:11 up up
#t1-2/0/2:11.16 up up
#t1-2/0/2:11.17 up up
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 153383)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -1377,8 +1377,8 @@
#t1-3/3/0:10:21 down down
#t1-3/3/0:10:22 down down
#t1-3/3/0:10:23 down down
-#t1-3/3/0:10:24 up up
-#t1-3/3/0:10:24.0 up up
+#t1-3/3/0:10:24 up down
+#t1-3/3/0:10:24.0 up down
#t1-3/3/0:10:25 down down
#t1-3/3/0:10:26 down down
#t1-3/3/0:10:27 down down
Index: configs/hub.tah.onenet.net
===================================================================
--- configs/hub.tah.onenet.net (revision 152814)
+++ configs/hub.tah.onenet.net (working copy)
@@ -301,9 +301,9 @@
#t1-2/0/3:1.0 up up
#t1-2/0/3:2 up up
#t1-2/0/3:2.0 up up
-#t1-2/0/3:3 up up
-#t1-2/0/3:3.16 up up
-#t1-2/0/3:3.17 up up
+#t1-2/0/3:3 up down
+#t1-2/0/3:3.16 up down
+#t1-2/0/3:3.17 up down
#t1-2/0/3:4 down down
#t1-2/0/3:5 up up
#t1-2/0/3:5.0 up up
Index: configs/wainwright-isd.client.onenet.net
===================================================================
--- configs/wainwright-isd.client.onenet.net (revision 153348)
+++ configs/wainwright-isd.client.onenet.net (working copy)
@@ -96,8 +96,8 @@
# total files: 1
#
# grnoc-mon at WAINWRIGHT-ISD-SRX220-LEASED-4659-005783> show system uptime
-# System booted: 2017-05-18 22:35 CDT
-# Protocols started: 2017-05-18 22:37 CDT
+# System booted: 2017-05-19 21:26 CDT
+# Protocols started: 2017-05-19 21:28 CDT
# Last configured: 2016-05-09 16:39 CDT by andrew
#
# grnoc-mon at WAINWRIGHT-ISD-SRX220-LEASED-4659-005783> show interface terse
Index: configs/waurika-es.client.onenet.net
===================================================================
--- configs/waurika-es.client.onenet.net (revision 153378)
+++ configs/waurika-es.client.onenet.net (working copy)
@@ -96,8 +96,8 @@
# total files: 1
#
# grnoc-mon at WAURIKA-ELE-LR-ASSET-004356> show system uptime
-# System booted: 2017-05-19 17:05 CDT
-# Protocols started: 2017-05-19 17:08 CDT
+# System booted: 2017-05-19 21:51 CDT
+# Protocols started: 2017-05-19 21:53 CDT
# Last configured: 2015-12-03 17:02 CST by joel
#
# grnoc-mon at WAURIKA-ELE-LR-ASSET-004356> show interface terse
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net (revision 153377)
+++ configs/lavern-public-schools.client.onenet.net (working copy)
@@ -102,7 +102,7 @@
#
# grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse
#Interface Admin Link
-#ge-0/0/0 down down
+#ge-0/0/0 down up
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
More information about the Nocrancid
mailing list