[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Tue Sep 5 18:04:56 CDT 2017
Index: configs/core4.tul.onenet.net
===================================================================
--- configs/core4.tul.onenet.net (revision 156376)
+++ configs/core4.tul.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE4-MX480-RE0> show system commit
+# 2017-09-05 17:06:32 CDT by sky via cli commit synchronize
# 2017-09-05 16:20:34 CDT by sky via cli commit synchronize
# 2017-09-05 16:19:16 CDT by sky via cli commit synchronize
# 2017-09-05 16:10:40 CDT by sky via cli commit synchronize
# 2017-09-05 16:03:45 CDT by sky via cli commit synchronize
# 2017-09-05 16:00:53 CDT by sky via cli commit synchronize
-# 2017-09-05 16:00:04 CDT by sky via cli commit synchronize
# grnoc-mon at TULSA-CORE4-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -507,7 +507,7 @@
# grnoc-mon at TULSA-CORE4-MX480-RE0> show system uptime
# System booted: 2016-08-15 04:31 CDT
# Protocols started: 2016-08-15 04:34 CDT
-# Last configured: 2017-09-05 16:20 CDT by sky
+# Last configured: 2017-09-05 17:06 CDT by sky
#
# {master}
# grnoc-mon at TULSA-CORE4-MX480-RE0> show interface terse
@@ -851,7 +851,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE4-MX480-RE0> show configuration
-## Last commit: 2017-09-05 16:20:34 CDT by sky
+## Last commit: 2017-09-05 17:06:32 CDT by sky
version 13.3R9.13;
groups {
re0 {
@@ -3894,6 +3894,9 @@
156.110.240.0/20;
164.58.0.0/16;
}
+ prefix-list PRE-BGP-RI-ALLOW {
+ apply-path "routing-instances <*> protocols bgp group <*> neighbor <*>";
+ }
policy-statement COMANCHE-PS-VRF-EXPORT {
term 1 {
from protocol static;
@@ -5175,6 +5178,7 @@
from {
prefix-list {
PRE-BGP-ALLOW;
+ PRE-BGP-RI-ALLOW;
}
protocol tcp;
port 179;
@@ -6067,11 +6071,12 @@
# grnoc-mon at TULSA-CORE4-MX480-RE0> show bfd session
Detect Transmit
Address State Interface Time Interval Multiplier
+10.119.20.147 Up xe-1/0/1.271 6.000 2.000 3
164.58.15.133 Up ae4.132 1.200 0.400 3
164.58.15.150 Up xe-0/1/1.148 1.200 0.400 3
164.58.245.233 Up ae0.112 1.200 0.400 3
-3 sessions, 3 clients
-Cumulative transmit rate 7.5 pps, cumulative receive rate 7.5 pps
+4 sessions, 4 clients
+Cumulative transmit rate 8.0 pps, cumulative receive rate 8.0 pps
{master}
Index: configs/core.hut.wea.onenet.net
===================================================================
--- configs/core.hut.wea.onenet.net (revision 156373)
+++ configs/core.hut.wea.onenet.net (working copy)
@@ -26,16 +26,6 @@
# TFEB 0 TBB PFE Chip OK
# TFEB 0 TFEB PCIE TSen OK
# TFEB 0 TFEB PCIE Chip OK
-# TFEB 0 QX 0 TSen OK
-# TFEB 0 QX 0 Chip OK
-# TFEB 0 LU 0 TSen OK
-# TFEB 0 LU 0 Chip OK
-# TFEB 0 MQ 0 TSen OK
-# TFEB 0 MQ 0 Chip OK
-# TFEB 0 TBB PFE TSen OK
-# TFEB 0 TBB PFE Chip OK
-# TFEB 0 TFEB PCIE TSen OK
-# TFEB 0 TFEB PCIE Chip OK
# Fans Fan 1 OK
# Fan 2 OK
# Fan 3 OK
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net (revision 156376)
+++ configs/hub.dur.onenet.net (working copy)
@@ -433,7 +433,7 @@
#fe-2/1/1 up up
#fe-2/1/1.0 up up
#fe-2/1/2 up down
-#fe-2/1/3 down up
+#fe-2/1/3 down down
#ge-2/2/0 up up
#ge-2/2/0.0 up up
#pc-2/2/0 up up
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net (revision 156376)
+++ configs/city-of-lawton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CITY-OF-LAWTON-005231> show system commit
+# 2017-09-05 17:02:53 CDT by joel via cli commit confirmed, rollback in 5mins
# 2017-09-05 16:52:20 CDT by joel via cli
# 2017-09-05 16:40:34 CDT by joel via cli
# 2017-09-05 16:32:12 CDT by joel via cli
# 2017-09-05 16:30:04 CDT by joel via cli
# 2017-09-05 16:27:26 CDT by joel via cli
-# 2017-09-05 15:12:32 CDT by joel via cli
# grnoc-mon at CITY-OF-LAWTON-005231> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -135,7 +135,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-08-25 14:03 CDT
# Protocols started: 2017-08-25 14:03 CDT
-# Last configured: 2017-09-05 16:52 CDT by joel
+# Last configured: 2017-09-05 17:02 CDT by joel
#
# grnoc-mon at CITY-OF-LAWTON-005231> show interface terse
#Interface Admin Link
@@ -218,9 +218,68 @@
#vlan up down
#vtep up up
# grnoc-mon at CITY-OF-LAWTON-005231> show configuration
-## Last commit: 2017-09-05 16:52:20 CDT by joel
+## Last commit: 2017-09-05 17:02:53 CDT by joel
version 15.1X49-D90.7;
groups {
+ BASTION-HOSTS {
+ security {
+ policies {
+ from-zone <*> to-zone TR-2000-SERVERS {
+ policy TRAFFIC-TO-BASTION-HOSTS {
+ match {
+ source-address <*>;
+ destination-address BASTION-HOSTS;
+ application [ RDP LDAP junos-ssh ];
+ }
+ then {
+ permit;
+ log {
+ session-init;
+ session-close;
+ }
+ }
+ }
+ }
+ from-zone TR-2000-SERVERS to-zone <*> {
+ policy TRAFFIC-FROM-BASTION-HOSTS {
+ match {
+ source-address BASTION-HOSTS;
+ destination-address <*>;
+ application [ RDP LDAP junos-ssh TELNET ];
+ }
+ then {
+ permit;
+ log {
+ session-init;
+ session-close;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ MAINFRAME-TRAFFIC {
+ security {
+ policies {
+ from-zone <*> to-zone TRUST {
+ policy MAINFRAME-TRAFFIC {
+ match {
+ source-address <*>;
+ destination-address MAINFRAME-ADDRESS-SET;
+ application [ MAINFRAME-EMULATION PRINTERS ];
+ }
+ then {
+ permit;
+ log {
+ session-init;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
SERVICES-TO-SERVERS {
security {
policies {
@@ -229,7 +288,7 @@
match {
source-address <*>;
destination-address any;
- application [ junos-dns-udp UNISYS-PORTS SQL-PORTS EOM-PORTS junos-smb GEMS-PORTS junos-netbios-session SMTP VIPRE-ANTIVIRUS NETBIOS MS-RPC-TCP SMB LDAP RCP-OVER-HTTP junos-ntp WSUS KERBEROS junos-http junos-https junos-icmp-all MAINFRAME-EMULATION junos-dhcp-server NON-STANDARD-WEB ];
+ application [ junos-dns-udp UNISYS-PORTS SQL-PORTS EOM-PORTS junos-smb GEMS-PORTS junos-netbios-session SMTP VIPRE-ANTIVIRUS NETBIOS MS-RPC-TCP SMB LDAP RCP-OVER-HTTP junos-ntp WSUS KERBEROS junos-http junos-https junos-icmp-all junos-dhcp-server NON-STANDARD-WEB ];
}
then {
permit;
@@ -245,7 +304,7 @@
match {
source-address <*>;
destination-address any;
- application [ junos-dns-udp UNISYS-PORTS SQL-PORTS EOM-PORTS junos-smb GEMS-PORTS junos-netbios-session SMTP VIPRE-ANTIVIRUS NETBIOS MS-RPC-TCP SMB LDAP RCP-OVER-HTTP junos-ntp WSUS KERBEROS junos-http junos-https junos-icmp-all MAINFRAME-EMULATION junos-dhcp-server NON-STANDARD-WEB ];
+ application [ junos-dns-udp UNISYS-PORTS SQL-PORTS EOM-PORTS junos-smb GEMS-PORTS junos-netbios-session SMTP VIPRE-ANTIVIRUS NETBIOS MS-RPC-TCP SMB LDAP RCP-OVER-HTTP junos-ntp WSUS KERBEROS junos-http junos-https junos-icmp-all junos-dhcp-server NON-STANDARD-WEB ];
}
then {
permit;
@@ -437,44 +496,6 @@
}
}
}
- BASTION-HOSTS {
- security {
- policies {
- from-zone <*> to-zone TR-2000-SERVERS {
- policy TRAFFIC-TO-BASTION-HOSTS {
- match {
- source-address <*>;
- destination-address BASTION-HOSTS;
- application [ RDP LDAP junos-ssh ];
- }
- then {
- permit;
- log {
- session-init;
- session-close;
- }
- }
- }
- }
- from-zone TR-2000-SERVERS to-zone <*> {
- policy TRAFFIC-FROM-BASTION-HOSTS {
- match {
- source-address BASTION-HOSTS;
- destination-address <*>;
- application [ RDP LDAP junos-ssh TELNET ];
- }
- then {
- permit;
- log {
- session-init;
- session-close;
- }
- }
- }
- }
- }
- }
- }
}
apply-groups [ DENY-ALL-ELSE LOG-TRAFFIC ];
system {
@@ -1033,6 +1054,13 @@
10.16.0.33/32;
}
address FTP.PEREGRINESOLUTIONS.COM 208.42.214.53/32;
+ address MAINFRAME-COMPUTER-172.16.1.6 172.16.1.6/32;
+ address MAINFRAME-PRINTER-172.16.1.72 172.16.1.72/32;
+ address MAINFRAME-PRINTER-172.16.1.34 172.16.1.34/32;
+ address MAINFRAME-PRINTER-172.16.1.22 172.16.1.22/32;
+ address MAINFRAME-PRINTER-172.16.1.12 172.16.1.12/32;
+ address MAINFRAME-PRINTER-172.16.1.38 172.16.1.38/32;
+ address MAINFRAME-PRINTER-172.16.1.13 172.16.1.13/32;
address-set VERIZON-STATIC-FT-SILL-1 {
description "Fort Sill MP Static IPs for CAD Access";
address VERIZON-STATIC-FT-SILL-1-166.148.145.240;
@@ -1249,6 +1277,15 @@
address-set FTP-DESTINATIONS {
address FTP.PEREGRINESOLUTIONS.COM;
}
+ address-set MAINFRAME-ADDRESS-SET {
+ address MAINFRAME-COMPUTER-172.16.1.6;
+ address MAINFRAME-PRINTER-172.16.1.72;
+ address MAINFRAME-PRINTER-172.16.1.34;
+ address MAINFRAME-PRINTER-172.16.1.22;
+ address MAINFRAME-PRINTER-172.16.1.12;
+ address MAINFRAME-PRINTER-172.16.1.38;
+ address MAINFRAME-PRINTER-172.16.1.13;
+ }
}
}
alg {
@@ -2164,7 +2201,7 @@
}
}
from-zone TR-0100-USERS to-zone TRUST {
- apply-groups SERVICES-TO-SERVERS;
+ apply-groups [ MAINFRAME-TRAFFIC SERVICES-TO-SERVERS ];
policy TR-0100-USERS-TO-SERVER-FINMGMT {
match {
source-address [ TR-0100-USERS-10.1.0.0/16 SERVER-LNDMGMT-P-172.16.1.206 SERVER-LNDMGMT-T-172.16.1.205 ];
@@ -2178,6 +2215,11 @@
}
}
}
+ policy MAINFRAME-TRAFFIC {
+ match {
+ source-address TR-0100-USERS-10.1.0.0/16;
+ }
+ }
policy SERVICES-TO-SERVERS {
match {
source-address TR-0100-USERS-10.1.0.0/16;
Index: configs/odmhsas-camhc-stigler.client.onenet.net
===================================================================
--- configs/odmhsas-camhc-stigler.client.onenet.net (revision 156374)
+++ configs/odmhsas-camhc-stigler.client.onenet.net (working copy)
@@ -945,7 +945,10 @@
# OSPF instance is not running
#
# grnoc-mon at ODMHSAS-CARL-ALBERT-MHC-STIGLER-SRX220> show bfd session
+ Detect Transmit
+Address State Interface Time Interval Multiplier
+10.119.20.146 Up ge-0/0/0.0 6.000 2.000 3
-0 sessions, 0 clients
-Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
+1 sessions, 1 clients
+Cumulative transmit rate 0.5 pps, cumulative receive rate 0.5 pps
Index: configs/rpswi1.okc.onenet.net
===================================================================
--- configs/rpswi1.okc.onenet.net (revision 156365)
+++ configs/rpswi1.okc.onenet.net (working copy)
@@ -247,8 +247,8 @@
#ge-0/0/18.0 up up
#ge-0/0/19 up up
#ge-0/0/19.0 up up
-#ge-0/0/20 up up
-#ge-0/0/20.0 up up
+#ge-0/0/20 up down
+#ge-0/0/20.0 up down
#ge-0/0/21 up up
#ge-0/0/21.0 up up
#ge-0/0/22 up up
More information about the Nocrancid
mailing list