[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Wed Sep 20 17:04:59 CDT 2017
Index: configs/hub.tis.onenet.net
===================================================================
--- configs/hub.tis.onenet.net (revision 156449)
+++ configs/hub.tis.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TISHOMINGO-M120-RE0> show system commit
+# 2017-09-20 16:12:35 CDT by joel via cli commit synchronize
# 2017-09-08 16:41:16 CDT by andrew via cli commit synchronize
# 2017-09-08 13:11:34 CDT by aberrios via cli commit synchronize
# 2017-09-08 09:18:40 CDT by aberrios via cli commit synchronize
# 2017-09-08 09:17:02 CDT by aberrios via cli commit synchronize
# 2017-08-31 14:42:51 CDT by aberrios via cli commit synchronize
-# 2017-07-29 21:10:26 CDT by andrew via cli commit synchronize
# grnoc-mon at TISHOMINGO-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -383,7 +383,7 @@
# grnoc-mon at TISHOMINGO-M120-RE0> show system uptime
# System booted: 2016-06-21 23:51 CDT
# Protocols started: 2016-06-21 23:54 CDT
-# Last configured: 2017-09-08 16:41 CDT by andrew
+# Last configured: 2017-09-20 16:12 CDT by joel
#
# {master}
# grnoc-mon at TISHOMINGO-M120-RE0> show interface terse
@@ -523,7 +523,6 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1 up up
#lsi.2 up up
#lsi.3 up up
#lsi.4 up up
@@ -535,7 +534,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TISHOMINGO-M120-RE0> show configuration
-## Last commit: 2017-09-08 16:41:16 CDT by andrew
+## Last commit: 2017-09-20 16:12:35 CDT by joel
version 13.3R8.7;
groups {
re0 {
@@ -1671,48 +1670,6 @@
}
}
}
- policy-statement SKYRIDER-MGMT-VRF-EXPORT {
- term 1 {
- from protocol static;
- then {
- community add SKYRIDER-MGMT-VPN;
- accept;
- }
- }
- term 2 {
- from protocol direct;
- then {
- community add SKYRIDER-MGMT-VPN;
- accept;
- }
- }
- term 3 {
- from protocol ospf;
- then {
- community add SKYRIDER-MGMT-VPN;
- accept;
- }
- }
- term 4 {
- from protocol bgp;
- then {
- community add SKYRIDER-MGMT-VPN;
- accept;
- }
- }
- }
- policy-statement SKYRIDER-MGMT-VRF-IMPORT {
- term 1 {
- from {
- protocol bgp;
- community SKYRIDER-MGMT-VPN;
- }
- then accept;
- }
- term 2 {
- then reject;
- }
- }
policy-statement TAGNET-VRF-EXPORT {
term 1 {
from protocol static;
@@ -1780,7 +1737,6 @@
community Okmulgee members 5078:110;
community Ponca-City members 5078:186;
community Poteau members 5078:146;
- community SKYRIDER-MGMT-VPN members target:5078:2547;
community Sallisaw members 5078:118;
community Sayre members 5078:30;
community Seminole members 5078:46;
@@ -2191,31 +2147,6 @@
}
}
}
- SKYRIDER-MGMT-L3VPN {
- description SKYRIDER-MGMT-L3VPN;
- instance-type vrf;
- interface ge-2/2/1.399; ## 'ge-2/2/1.399' is not defined
- route-distinguisher 164.58.199.86:2547;
- vrf-import SKYRIDER-MGMT-VRF-IMPORT;
- vrf-export SKYRIDER-MGMT-VRF-EXPORT;
- vrf-target target:5078:2547;
- vrf-table-label;
- protocols {
- bgp {
- group EBGP-SKYRIDER {
- type external;
- family inet {
- unicast;
- }
- peer-as 64574;
- as-override;
- neighbor 172.17.0.30 {
- description EBGP-SKYRIDER-MGMT-TIS-10M-CIR0019109;
- }
- }
- }
- }
- }
TAGNET-L3VPN {
description TAGNET-L3VPN;
instance-type vrf;
Index: configs/core3.okc-m120.onenet.net
===================================================================
--- configs/core3.okc-m120.onenet.net (revision 156758)
+++ configs/core3.okc-m120.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE3-M120-RE0> show system commit
+# 2017-09-20 16:08:13 CDT by joel via cli commit synchronize
# 2017-09-19 01:58:51 CDT by andrew via cli commit synchronize
# 2017-09-19 01:54:25 CDT by andrew via cli commit synchronize
# 2017-09-19 01:48:55 CDT by andrew via cli commit synchronize
# 2017-09-19 01:43:21 CDT by andrew via cli commit synchronize
# 2017-09-19 01:41:43 CDT by andrew via cli commit synchronize
-# 2017-09-15 13:33:08 CDT by sky via cli commit synchronize
# grnoc-mon at OKC-CORE3-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -480,7 +480,7 @@
# grnoc-mon at OKC-CORE3-M120-RE0> show system uptime
# System booted: 2016-10-12 08:15 CDT
# Protocols started: 2016-10-12 08:19 CDT
-# Last configured: 2017-09-19 01:58 CDT by andrew
+# Last configured: 2017-09-20 16:08 CDT by joel
#
# {master}
# grnoc-mon at OKC-CORE3-M120-RE0> show interface terse
@@ -1694,7 +1694,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE3-M120-RE0> show configuration
-## Last commit: 2017-09-19 01:58:51 CDT by andrew
+## Last commit: 2017-09-20 16:08:13 CDT by joel
version 13.3R9.13;
groups {
re0 {
@@ -4292,7 +4292,7 @@
}
}
t1-2/3/0:12:12 {
- description TAGNET-5736-HOMINY-T1-CIR0005820;
+ description "TAGNET-5736-HOMINY-T1-CIR0005820 [NO-MONITOR]";
encapsulation cisco-hdlc;
unit 0 {
family inet {
Index: configs/odot-heavener-residence.client.onenet.net
===================================================================
--- configs/odot-heavener-residence.client.onenet.net (revision 156693)
+++ configs/odot-heavener-residence.client.onenet.net (working copy)
@@ -137,8 +137,8 @@
#lsq-0/0/0:0 up up
#lsq-0/0/0:0.16 up up
#lsq-0/0/0:0.17 up up
-#ge-0/0/1 up up
-#ge-0/0/1.0 up up
+#ge-0/0/1 up down
+#ge-0/0/1.0 up down
#ge-0/0/2 up up
#ge-0/0/2.0 up up
#ge-0/0/3 up up
Index: configs/lukfata-ps.client.onenet.net
===================================================================
--- configs/lukfata-ps.client.onenet.net (revision 156758)
+++ configs/lukfata-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show system commit
-# 2017-09-20 15:39:03 CDT by sky via cli
-# 2017-09-20 15:31:36 CDT by sky via cli
-# 2017-09-07 15:40:39 CDT by andrew via cli
-# 2017-09-07 15:39:52 CDT by andrew via cli
-# 2017-09-07 15:33:39 CDT by andrew via cli
-# 2017-09-06 15:25:35 CDT by sean via cli
+# 2017-09-20 16:17:30 CDT by sky via cli
+# 2017-09-20 16:14:41 CDT by sky via cli
+# 2017-09-20 16:13:34 CDT by sky via cli
+# 2017-09-20 16:10:42 CDT by sky via cli
+# 2017-09-20 16:07:35 CDT by sky via cli commit confirmed, rollback in 3mins
+# 2017-09-20 16:03:52 CDT by sky via cli commit confirmed, rollback in 3mins
# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -136,7 +136,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-08-01 09:18 CDT
# Protocols started: 2017-08-01 09:18 CDT
-# Last configured: 2017-09-20 15:39 CDT by sky
+# Last configured: 2017-09-20 16:17 CDT by sky
#
# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show interface terse
#Interface Admin Link
@@ -193,7 +193,7 @@
#vlan up down
#vtep up up
# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show configuration
-## Last commit: 2017-09-20 15:39:03 CDT by sky
+## Last commit: 2017-09-20 16:17:30 CDT by sky
version 15.1X49-D90.7;
system {
host-name LUKFATA-PS-SRX340-LR-005435;
@@ -332,6 +332,36 @@
config-button no-rescue no-clear;
}
security {
+ ike {
+ policy ike-dyn-vpn-policy {
+ mode aggressive;
+ proposal-set standard;
+# pre-shared-#key <removed>;
+ }
+ gateway dyn-vpn-local-gw {
+ ike-policy ike-dyn-vpn-policy;
+ dynamic {
+ hostname dynvpn;
+ connections-limit 10;
+ ike-user-type group-ike-id;
+ }
+ external-interface ge-0/0/0.0;
+ aaa {
+ access-profile dyn-vpn-access-profile;
+ }
+ }
+ }
+ ipsec {
+ policy ipsec-dyn-vpn-policy {
+ proposal-set standard;
+ }
+ vpn dyn-vpn {
+ ike {
+ gateway dyn-vpn-local-gw;
+ ipsec-policy ipsec-dyn-vpn-policy;
+ }
+ }
+ }
address-book {
global {
address host-172.16.3.107 172.16.3.107/32;
@@ -341,6 +371,24 @@
address host-164.58.2.2 164.58.2.2/32;
}
}
+ dynamic-vpn {
+ access-profile dyn-vpn-access-profile;
+ clients {
+ all {
+ remote-protected-resources {
+ 172.16.0.0/16;
+ }
+ remote-exceptions {
+ 0.0.0.0/0;
+ }
+ ipsec-vpn dyn-vpn;
+ user {
+ TEST;
+ sfarley;
+ }
+ }
+ }
+ }
screen {
ids-option UNTRUST-SCREEN {
icmp {
@@ -447,6 +495,20 @@
permit;
}
}
+ policy dyn-vpn-policy {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit {
+ tunnel {
+ ipsec-vpn dyn-vpn;
+ }
+ }
+ }
+ }
}
}
zones {
@@ -486,6 +548,8 @@
snmp;
ssh;
traceroute;
+ ike;
+ https;
}
}
}
@@ -669,6 +733,21 @@
}
}
access {
+ profile dyn-vpn-access-profile {
+ client TEST {
+ firewall-user {
+ password "$9$yl5rWxbwgJUH24"; ## SECRET-DATA
+ }
+ }
+ client sfarley {
+ firewall-user {
+ password "$9$CQqaA01SrvLxduO1hcy8LxNdV2aDjH"; ## SECRET-DATA
+ }
+ }
+ address-assignment {
+ pool dyn-vpn-address-pool;
+ }
+ }
address-assignment {
pool TEST-POOL {
family inet {
@@ -689,7 +768,20 @@
}
}
}
+ pool dyn-vpn-address-pool {
+ family inet {
+ network 172.16.0.0/16;
+ xauth-attributes {
+ primary-dns 156.110.200.200/32;
+ }
+ }
+ }
}
+ firewall-authentication {
+ web-authentication {
+ default-profile dyn-vpn-access-profile;
+ }
+ }
}
switch-options {
interface ge-0/0/1.0 {
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net (revision 156745)
+++ configs/hub.dur.onenet.net (working copy)
@@ -433,7 +433,7 @@
#fe-2/1/1 up up
#fe-2/1/1.0 up up
#fe-2/1/2 up down
-#fe-2/1/3 down down
+#fe-2/1/3 down up
#ge-2/2/0 up up
#ge-2/2/0.0 up up
#pc-2/2/0 up up
Index: configs/sayre-public-library-ex.client.onenet.net
===================================================================
--- configs/sayre-public-library-ex.client.onenet.net (revision 156751)
+++ configs/sayre-public-library-ex.client.onenet.net (working copy)
@@ -220,10 +220,10 @@
#ge-0/0/10.0 up down
#ge-0/0/11 up down
#ge-0/0/11.0 up down
-#ge-0/0/12 up up
-#ge-0/0/12.0 up up
-#ge-0/0/13 up up
-#ge-0/0/13.0 up up
+#ge-0/0/12 up down
+#ge-0/0/12.0 up down
+#ge-0/0/13 up down
+#ge-0/0/13.0 up down
#ge-0/0/14 up up
#ge-0/0/14.0 up up
#ge-0/0/15 up down
@@ -232,8 +232,8 @@
#ge-0/0/16.0 up down
#ge-0/0/17 up down
#ge-0/0/17.0 up down
-#ge-0/0/18 up up
-#ge-0/0/18.0 up up
+#ge-0/0/18 up down
+#ge-0/0/18.0 up down
#ge-0/0/19 up down
#ge-0/0/19.0 up down
#ge-0/0/20 up down
Index: configs/opt.dps.onenet.net
===================================================================
--- configs/opt.dps.onenet.net (revision 151959)
+++ configs/opt.dps.onenet.net (working copy)
@@ -5,7 +5,7 @@
<interface name="FAC-1-1" abbr_name="FAC-1-1" admin_state="up" spanning_tree_metric="" description="OETA" type="FAC" monitoring_state="monitor"></interface>
</part>
<part name="SLOT-2" description="DS1-14" hw_version="A0" part_id="DS1-14" part_num="800-18582-02" serial_number="SAG07477U1G" slot="SLOT-2" vendor_id="Cisco">
- <interface name="FAC-2-1" abbr_name="FAC-2-1" admin_state="up" spanning_tree_metric="" description="DPS comm room" type="FAC" monitoring_state="monitor"></interface>
+ <interface name="FAC-2-1" abbr_name="FAC-2-1" admin_state="down" spanning_tree_metric="" description="DPS comm room" type="FAC" monitoring_state="no-monitor"></interface>
</part>
<part name="SLOT-5" description="15454-CE-MR-10" hw_version="C0" part_id="15454-CE-MR-10" part_num="800-27171-01" serial_number="CAT1402B0K7" slot="SLOT-5" vendor_id="Cisco">
<interface name="FAC-5-1" abbr_name="FAC-5-1" admin_state="up" spanning_tree_metric="" description="DPS 95 meg- Core5" type="FAC" monitoring_state="monitor"></interface>
Index: configs/rpswi1.okc.onenet.net
===================================================================
--- configs/rpswi1.okc.onenet.net (revision 156751)
+++ configs/rpswi1.okc.onenet.net (working copy)
@@ -247,8 +247,8 @@
#ge-0/0/18.0 up up
#ge-0/0/19 up up
#ge-0/0/19.0 up up
-#ge-0/0/20 up up
-#ge-0/0/20.0 up up
+#ge-0/0/20 up down
+#ge-0/0/20.0 up down
#ge-0/0/21 up up
#ge-0/0/21.0 up up
#ge-0/0/22 up up
More information about the Nocrancid
mailing list