[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Mon Oct 30 13:04:48 CDT 2017
Index: configs/waurika-hs.client.onenet.net
===================================================================
--- configs/waurika-hs.client.onenet.net (revision 158443)
+++ configs/waurika-hs.client.onenet.net (working copy)
@@ -1,13 +1,13 @@
# RANCID-CONTENT-TYPE: juniper
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show system commit
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show system commit
+# 2017-10-30 13:02:39 CDT by aberrios via cli
+# 2017-10-30 12:59:03 CDT by aberrios via cli
+# 2017-10-30 12:13:20 CDT by aberrios via cli commit confirmed, rollback in 4mins
# 2017-07-23 16:38:09 CDT by root via other
# 2015-07-20 16:00:02 CDT by sky via cli
# 2015-07-20 15:59:27 CDT by sky via cli commit confirmed, rollback in 3mins
-# 2015-03-31 11:00:49 CDT by admin via cli commit confirmed, rollback in 5mins
-# 2015-03-24 10:02:08 CDT by admin via cli commit confirmed, rollback in 2mins
-# 2015-02-27 09:44:16 CST by admin via cli commit confirmed, rollback in 2mins
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show chassis environment
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
# Routing Engine CPU Absent
@@ -15,17 +15,17 @@
# SRX220 Chassis fan 1 OK
# Power Power Supply 0 OK
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show chassis firmware
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show chassis firmware
# Part Type Version
# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show chassis fpc detail
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show chassis fpc detail
# Slot 0 information:
# State Online
# Total CPU DRAM ---- CPU less FPC ----
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show chassis hardware
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show chassis hardware
# Hardware inventory:
# Item Version Part number Serial number Description
# Chassis CF0814AK0191 SRX220H2
@@ -34,15 +34,15 @@
# PIC 0 8x GE Base PIC
# Power Supply 0
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show chassis hardware models
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show chassis routing-engine
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show chassis hardware models
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show chassis routing-engine
# Routing Engine status:
# Serial ID ACKS2856
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show chassis scb
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show chassis sfm detail
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show chassis ssb
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show system boot-messages
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show chassis scb
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show chassis sfm detail
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show chassis ssb
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show system boot-messages
# kld_map_v: 0x8ff80000, kld_map_p: 0x0
# Copyright (c) 1996-2016, Juniper Networks, Inc.
# All rights reserved.
@@ -92,26 +92,26 @@
# WARNING: / was not properly dismounted
# WARNING: R/W mount of /cf/var denied. Filesystem is not clean - run fsck
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show version
-# Hostname: WAURIKA-HIGH-SRX220-LEASED-004637
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show version
+# Hostname: WAURIKA-HIGH-SRX220-LR-004637
# Model: srx220h2
# JUNOS Software Release [12.1X46-D65.4]
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show version invoke-on all-routing-engines
-# Hostname: WAURIKA-HIGH-SRX220-LEASED-004637
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show version invoke-on all-routing-engines
+# Hostname: WAURIKA-HIGH-SRX220-LR-004637
# Model: srx220h2
# JUNOS Software Release [12.1X46-D65.4]
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> file list /var/tmp detail
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> file list /var/tmp detail
# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show system uptime
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show system uptime
# System booted: 2017-10-28 14:23 CDT
# Protocols started: 2017-10-28 14:26 CDT
-# Last configured: 2017-07-23 16:38 CDT by root
+# Last configured: 2017-10-30 13:02 CDT by aberrios
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show interface terse
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show interface terse
#Interface Admin Link
#ge-0/0/0 up up
#ge-0/0/0.0 up up
@@ -123,12 +123,12 @@
#sp-0/0/0 up up
#sp-0/0/0.0 up up
#sp-0/0/0.16383 up up
-#ge-0/0/1 down down
+#ge-0/0/1 up up
+#ge-0/0/1.0 up up
#ge-0/0/2 down down
#ge-0/0/3 down down
#ge-0/0/4 down down
-#ge-0/0/5 up down
-#ge-0/0/5.0 up down
+#ge-0/0/5 down down
#ge-0/0/6 down down
#ge-0/0/7 up up
#ge-0/0/7.0 up up
@@ -152,27 +152,28 @@
#st0 up up
#tap up up
#vlan up up
-#vlan.999 up down
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show configuration
-## Last commit: 2017-07-23 16:38:09 CDT by root
+#vlan.999 up up
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show configuration
+## Last commit: 2017-10-30 13:02:39 CDT by aberrios
version 12.1X46-D65.4;
system {
- host-name WAURIKA-HIGH-SRX220-LEASED-004637;
+ host-name WAURIKA-HIGH-SRX220-LR-004637;
+ auto-snapshot;
+ domain-name onenet.net;
time-zone America/Chicago;
authentication-order [ radius password ];
+ ports {
+ console log-out-on-disconnect;
+ }
root-authentication {
# encrypted-password <removed>;
}
name-server {
- 164.58.253.10;
- 156.110.198.10;
- 164.58.233.202;
- 164.58.253.4;
+ 164.58.200.200;
+ 156.110.200.200;
}
radius-server {
156.110.31.11 {
- port 1812;
- accounting-port 1813;
# secret "<removed>"; ## SECRET-DATA
source-address 164.58.28.238;
}
@@ -185,9 +186,15 @@
login {
message "\n+----------------------------------------------------------------------------+\n| |\n| Managed by Oklahoma State Regents for Higher Education |\n| Oklahoma Network for Education Enrichment (ONENET) |\n| |\n| *** Unauthorized Use or Access Prohibited *** |\n| |\n| For more information, contact: |\n| |\n| Oklahoma State Regents for Higher Education |\n| Educational Telecommunications Network -- ONENET |\n| (888) 566-3638 |\n| !
info at onenet.net |\n| |\n+----------------------------------------------------------------------------+\n";
class admin {
- idle-timeout 1044;
+ idle-timeout 30;
permissions all;
}
+ class customer-admin {
+ idle-timeout 30;
+ permissions all;
+ deny-commands "load|shell";
+ deny-configuration "(system login)|(system root-authentication)";
+ }
class lockdown {
idle-timeout 2;
permissions view;
@@ -210,6 +217,10 @@
# encrypted-password <removed>;
}
}
+ user client {
+ uid 2000;
+ class customer-admin;
+ }
user eng {
uid 2018;
class admin;
@@ -235,18 +246,13 @@
root-login deny;
protocol-version v2;
}
- dhcp {
- pool 10.1.0.0/24 {
- address-range low 10.1.0.2 high 10.1.0.254;
- domain-name test.pool.onenet.net;
- name-server {
- 164.58.253.10;
- 164.58.253.4;
- }
- router {
- 10.1.0.1;
- }
+ dhcp-local-server {
+ group TEST-DHCP {
+ interface vlan.999;
}
+ group TRUST-DHCP {
+ interface ge-0/0/7.0;
+ }
}
}
syslog {
@@ -261,23 +267,31 @@
file interactive-commands {
interactive-commands any;
}
- file TRAFFIC {
+ file PROTECT-RE {
+ firewall any;
+ archive no-world-readable;
+ }
+ file traffic {
any any;
match RT_FLOW_SESSION;
}
+ file updown {
+ any any;
+ match "SNMP_TRAP_LINK_|(TRAP_LINK)|bgp_rt_maxprefixes_check|RPD_BGP_NEIGHBOR_STATE";
+ }
}
+ max-configurations-on-flash 20;
+ max-configuration-rollbacks 20;
ntp {
server 164.58.3.98 prefer;
}
}
+chassis {
+ config-button no-rescue no-clear;
+}
interfaces {
ge-0/0/0 {
- description "UNTRUST WAN Interface GE - 164.58.28.238/30";
- speed 1g;
- link-mode full-duplex;
- gigether-options {
- no-auto-negotiation;
- }
+ description "L3 INTERFACE - UNTRUST-WAN - 164.58.28.238/30";
unit 0 {
family inet {
address 164.58.28.238/30;
@@ -285,7 +299,15 @@
}
}
ge-0/0/1 {
- disable;
+ description "L2 INTERFACE - TEST-VLAN";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members TEST-VLAN;
+ }
+ }
+ }
}
ge-0/0/2 {
disable;
@@ -297,14 +319,7 @@
disable;
}
ge-0/0/5 {
- unit 0 {
- description TEST-TRUST-INTERFACE;
- family ethernet-switching {
- vlan {
- members TEST-VLAN;
- }
- }
- }
+ disable;
}
ge-0/0/6 {
disable;
@@ -318,19 +333,18 @@
}
}
}
- lo0 {
+ protect: lo0 {
unit 0 {
family inet {
filter {
input PROTECT-RE;
}
- address 127.0.0.1/32;
}
}
}
vlan {
unit 999 {
- description "TRUST - L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
+ description "L3 INTERFACE - TEST-VLAN - 10.1.0.1/24";
family inet {
address 10.1.0.1/24;
}
@@ -338,8 +352,8 @@
}
}
snmp {
- description OneNet;
- contact "Net Group";
+ description OneNet-SRX200-Template-3.0.0;
+ contact "Net Group - (888)566-3638";
community "<removed>" {
authorization read-only;
}
@@ -359,24 +373,46 @@
lldp {
interface all;
}
+ stp;
}
policy-options {
- prefix-list PRE-MGMT-SOURCES {
+ protect: prefix-list PRE-MGMT-SOURCES {
156.110.31.0/27;
156.110.31.32/28;
164.58.253.0/24;
}
- prefix-list PRE-LOCALIPv4-SOURCES {
+ protect: prefix-list PRE-LOCALIPv4-SOURCES {
apply-path "interfaces <*> unit <*> family inet address <*>";
}
}
security {
+ screen {
+ ids-option UNTRUST-SCREEN {
+ icmp {
+ ping-death;
+ }
+ ip {
+ source-route-option;
+ tear-drop;
+ }
+ tcp {
+ syn-flood {
+ alarm-threshold 1024;
+ attack-threshold 200;
+ source-threshold 1024;
+ destination-threshold 2048;
+ timeout 20;
+ }
+ land;
+ }
+ }
+ }
nat {
source {
- rule-set TEST-NAT {
- from zone TEST-ZONE;
+ rule-set TEST-TO-UNTRUST-NAT {
+ from zone TEST;
to zone UNTRUST;
- rule TEST-SOURCE-NAT {
+ rule NAT-TEST-TO-UNTRUST {
match {
source-address 0.0.0.0/0;
}
@@ -390,8 +426,8 @@
}
}
policies {
- from-zone TEST-ZONE to-zone UNTRUST {
- policy ALLOW-ALL-OUT {
+ from-zone TRUST to-zone UNTRUST {
+ policy TRUST-TO-UNTRUST {
match {
source-address any;
destination-address any;
@@ -402,7 +438,7 @@
}
}
}
- from-zone UNTRUST to-zone UNTRUST {
+ from-zone TEST to-zone UNTRUST {
policy ALLOW-ALL-OUT {
match {
source-address any;
@@ -416,38 +452,40 @@
}
}
zones {
- security-zone UNTRUST {
+ security-zone TRUST {
interfaces {
- ge-0/0/0.0 {
+ ge-0/0/7.0 {
host-inbound-traffic {
system-services {
ping;
- ssh;
- snmp;
traceroute;
}
}
}
- ge-0/0/7.0 {
+ }
+ }
+ security-zone TEST {
+ interfaces {
+ vlan.999 {
host-inbound-traffic {
system-services {
+ dhcp;
ping;
- ssh;
- snmp;
traceroute;
}
}
}
}
}
- security-zone TEST-ZONE {
+ security-zone UNTRUST {
+ screen UNTRUST-SCREEN;
interfaces {
- vlan.999 {
+ ge-0/0/0.0 {
host-inbound-traffic {
system-services {
- dhcp;
- dns;
ping;
+ snmp;
+ ssh;
traceroute;
}
}
@@ -458,7 +496,7 @@
}
firewall {
family inet {
- filter PROTECT-RE {
+ protect: filter PROTECT-RE {
term SSH-ALLOW {
from {
source-prefix-list {
@@ -505,17 +543,50 @@
}
}
}
+access {
+ address-assignment {
+ pool TEST-POOL {
+ family inet {
+ network 10.1.0.0/24;
+ range TEST-RANGE {
+ low 10.1.0.10;
+ high 10.1.0.250;
+ }
+ dhcp-attributes {
+ domain-name test.local;
+ name-server {
+ 164.58.200.200;
+ 156.110.200.200;
+ }
+ router {
+ 10.1.0.1;
+ }
+ }
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface ge-0/0/1.0 {
+ mac-limit 3 action shutdown;
+ }
+ }
+ bpdu-block {
+ interface ge-0/0/1.0;
+ }
+}
vlans {
TEST-VLAN {
- description "Test VLAN 999 for UNTRUST TESTING ONLY";
+ description "Test VLAN 999 for TESTING ONLY";
vlan-id 999;
l3-interface vlan.999;
}
}
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show ospf neighbor
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show ospf neighbor
# OSPF instance is not running
#
-# grnoc-mon at WAURIKA-HIGH-SRX220-LEASED-004637> show bfd session
+# grnoc-mon at WAURIKA-HIGH-SRX220-LR-004637> show bfd session
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/oja-cojc-tecumseh-srx240.client.onenet.net
===================================================================
--- configs/oja-cojc-tecumseh-srx240.client.onenet.net (revision 158501)
+++ configs/oja-cojc-tecumseh-srx240.client.onenet.net (working copy)
@@ -182,7 +182,7 @@
#ppd0 up up
#ppe0 up up
#st0 up up
-#st0.1 up up
+#st0.1 up down
#tap up up
#vlan up up
#vlan.999 up down
Index: configs/meeker-ps.client.onenet.net
===================================================================
--- configs/meeker-ps.client.onenet.net (revision 158541)
+++ configs/meeker-ps.client.onenet.net (working copy)
@@ -158,8 +158,8 @@
#ge-0/0/11 down down
#ge-0/0/12 down down
#ge-0/0/13 down down
-#ge-0/0/14 up down
-#ge-0/0/14.0 up down
+#ge-0/0/14 up up
+#ge-0/0/14.0 up up
#ge-0/0/15 up up
#ge-0/0/15.0 up up
#fxp2 up up
Index: configs/core.hut.gra.onenet.net
===================================================================
--- configs/core.hut.gra.onenet.net (revision 157732)
+++ configs/core.hut.gra.onenet.net (working copy)
@@ -26,16 +26,6 @@
# TFEB 0 TBB PFE Chip OK
# TFEB 0 TFEB PCIE TSen OK
# TFEB 0 TFEB PCIE Chip OK
-# TFEB 0 QX 0 TSen OK
-# TFEB 0 QX 0 Chip OK
-# TFEB 0 LU 0 TSen OK
-# TFEB 0 LU 0 Chip OK
-# TFEB 0 MQ 0 TSen OK
-# TFEB 0 MQ 0 Chip OK
-# TFEB 0 TBB PFE TSen OK
-# TFEB 0 TBB PFE Chip OK
-# TFEB 0 TFEB PCIE TSen OK
-# TFEB 0 TFEB PCIE Chip OK
# Fans Fan 1 OK
# Fan 2 OK
# Fan 3 OK
Index: configs/rpswi1.okc.onenet.net
===================================================================
--- configs/rpswi1.okc.onenet.net (revision 158546)
+++ configs/rpswi1.okc.onenet.net (working copy)
@@ -247,8 +247,8 @@
#ge-0/0/18.0 up up
#ge-0/0/19 up up
#ge-0/0/19.0 up up
-#ge-0/0/20 up up
-#ge-0/0/20.0 up up
+#ge-0/0/20 up down
+#ge-0/0/20.0 up down
#ge-0/0/21 up up
#ge-0/0/21.0 up up
#ge-0/0/22 up up
More information about the Nocrancid
mailing list