[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Sep 21 17:04:57 CDT 2017
Index: configs/core.goo.onenet.net
===================================================================
--- configs/core.goo.onenet.net (revision 156726)
+++ configs/core.goo.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at GOODWELL-MX104-RE0> show system commit
+# 2017-09-21 16:45:02 CDT by aberrios via cli commit synchronize
+# 2017-09-21 16:42:20 CDT by aberrios via cli commit synchronize
# 2017-08-09 11:59:10 CDT by andrew via cli commit synchronize
# 2017-08-09 11:49:37 CDT by andrew via cli commit synchronize
# 2017-08-09 11:48:18 CDT by andrew via cli commit synchronize
# 2017-08-02 14:04:52 CDT by admin via cli commit synchronize
-# 2017-08-02 14:02:54 CDT by admin via cli commit synchronize
-# 2017-07-29 21:08:15 CDT by andrew via cli commit synchronize
# grnoc-mon at GOODWELL-MX104-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -309,7 +309,7 @@
# grnoc-mon at GOODWELL-MX104-RE0> show system uptime
# System booted: 2016-03-16 01:01 CDT
# Protocols started: 2016-03-30 17:20 CDT
-# Last configured: 2017-08-09 11:59 CDT by andrew
+# Last configured: 2017-09-21 16:45 CDT by aberrios
#
# {master}
# grnoc-mon at GOODWELL-MX104-RE0> show interface terse
@@ -424,7 +424,7 @@
#pp0 up up
#tap up up
# grnoc-mon at GOODWELL-MX104-RE0> show configuration
-## Last commit: 2017-08-09 11:59:10 CDT by andrew
+## Last commit: 2017-09-21 16:45:02 CDT by aberrios
version 13.3R8.7;
groups {
re0 {
@@ -998,7 +998,7 @@
}
}
unit 390 {
- description BOISE-CITY-PS-100M-CIR0019494;
+ description BOISE-CITY-PS-200M-CIR0019494;
bandwidth 200m;
vlan-id 390;
family inet {
@@ -1011,7 +1011,6 @@
input;
}
address 164.58.72.9/29;
- address 164.58.72.97/29;
}
}
unit 391 {
Index: configs/maysville-es.client.onenet.net
===================================================================
--- configs/maysville-es.client.onenet.net (revision 156783)
+++ configs/maysville-es.client.onenet.net (working copy)
@@ -630,7 +630,6 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-ES-LEASED-ASSET-TAG-004945> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/lukfata-ps.client.onenet.net
===================================================================
--- configs/lukfata-ps.client.onenet.net (revision 156785)
+++ configs/lukfata-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show system commit
+# 2017-09-21 17:01:08 CDT by sky via cli
+# 2017-09-21 16:46:20 CDT by sky via cli commit confirmed, rollback in 3mins
+# 2017-09-21 16:40:32 CDT by sky via cli
# 2017-09-21 15:25:02 CDT by aberrios via cli commit confirmed, rollback in 2mins
# 2017-09-21 14:36:25 CDT by aberrios via cli
# 2017-09-20 16:17:30 CDT by sky via cli
-# 2017-09-20 16:14:41 CDT by sky via cli
-# 2017-09-20 16:13:34 CDT by sky via cli
-# 2017-09-20 16:10:42 CDT by sky via cli
# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -136,7 +136,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-08-01 09:18 CDT
# Protocols started: 2017-08-01 09:18 CDT
-# Last configured: 2017-09-21 15:25 CDT by aberrios
+# Last configured: 2017-09-21 17:01 CDT by sky
#
# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show interface terse
#Interface Admin Link
@@ -193,7 +193,7 @@
#vlan up down
#vtep up up
# grnoc-mon at LUKFATA-PS-SRX340-LR-005435> show configuration
-## Last commit: 2017-09-21 15:25:02 CDT by aberrios
+## Last commit: 2017-09-21 17:01:08 CDT by sky
version 15.1X49-D90.7;
system {
host-name LUKFATA-PS-SRX340-LR-005435;
@@ -381,6 +381,7 @@
ipsec-vpn dyn-vpn;
user {
TEST;
+ onenet;
sfarley;
}
}
@@ -507,6 +508,18 @@
}
}
}
+ from-zone TRUST to-zone TRUST {
+ policy TRUST-TO-TRUST {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit;
+ }
+ }
+ }
}
zones {
security-zone TRUST {
@@ -730,6 +743,11 @@
password "$9$yl5rWxbwgJUH24"; ## SECRET-DATA
}
}
+ client onenet {
+ firewall-user {
+ password "$9$h52ylM8X7bs4evaZDjf5"; ## SECRET-DATA
+ }
+ }
client sfarley {
firewall-user {
password "$9$CQqaA01SrvLxduO1hcy8LxNdV2aDjH"; ## SECRET-DATA
@@ -761,7 +779,11 @@
}
pool dyn-vpn-address-pool {
family inet {
- network 172.16.0.0/16;
+ network 192.168.255.0/24;
+ range dvpn-range {
+ low 192.168.255.1;
+ high 192.168.255.254;
+ }
xauth-attributes {
primary-dns 156.110.200.200/32;
}
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net (revision 156772)
+++ configs/hub.dur.onenet.net (working copy)
@@ -433,7 +433,7 @@
#fe-2/1/1 up up
#fe-2/1/1.0 up up
#fe-2/1/2 up down
-#fe-2/1/3 down down
+#fe-2/1/3 down up
#ge-2/2/0 up up
#ge-2/2/0.0 up up
#pc-2/2/0 up up
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net (revision 156785)
+++ configs/lavern-public-schools.client.onenet.net (working copy)
@@ -110,7 +110,7 @@
#
# grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse
#Interface Admin Link
-#ge-0/0/0 down up
+#ge-0/0/0 down down
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
Index: configs/mhsso-ada.client.onenet.net
===================================================================
--- configs/mhsso-ada.client.onenet.net (revision 156785)
+++ configs/mhsso-ada.client.onenet.net (working copy)
@@ -1,10 +1,11 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MHSSO-ADA-MR-CLIENT-OWNED> show system commit
+# 2017-09-21 16:36:50 CDT by root via other
# 2017-09-21 13:35:54 CDT by root via other
# 2017-09-21 13:27:43 CDT by sean via cli commit confirmed, rollback in 3mins
# 2017-09-11 20:23:47 CDT by admin via cli
-# rescue 2017-09-21 15:16:36 CDT by admin via cli
+# rescue 2017-09-21 16:41:19 CDT by sean via cli
#
# grnoc-mon at MHSSO-ADA-MR-CLIENT-OWNED> show chassis environment
# Class Item Status Measurement
@@ -20,8 +21,8 @@
#
# grnoc-mon at MHSSO-ADA-MR-CLIENT-OWNED> show chassis firmware
# Part Type Version
-# FPC 0 O/S Version 12.1X46-D65.4 by builder on 2016-12
-# FWDD O/S Version 12.1X46-D65.4 by builder on 2016-12
+# FPC 0 O/S Version 12.3X48-D40.5 by builder on 2016-10
+# FWDD O/S Version 12.3X48-D40.5 by builder on 2016-10
#
# grnoc-mon at MHSSO-ADA-MR-CLIENT-OWNED> show chassis fpc detail
# Slot 0 information:
@@ -53,8 +54,11 @@
# Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
# The Regents of the University of California. All rights reserved.
# FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
+# Security policy loaded: Junos MAC/veriexec (mac_veriexec)
# Security policy loaded: JUNOS MAC/pcap (mac_pcap)
# Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)
+# MAC/veriexec fingerprint module loaded: SHA256
+# MAC/veriexec fingerprint module loaded: SHA1
# netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1
# cpu0 on motherboard
# : CAVIUM's OCTEON 52XX CPU Rev. 0.8 with no FPU implemented
@@ -105,25 +109,27 @@
# da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device
# da0: 40.000MB/s transfers
# da0: 2000MB (4096000 512 byte sectors: 255H 63S/T 254C)
+# Kernel thread "wkupdaemon" (pid 48) exited prematurely.
# Trying to mount root from ufs:/dev/da0s2a
-# WARNING: R/W mount of /cf/var denied. Filesystem is not clean - run fsck
#
# grnoc-mon at MHSSO-ADA-MR-CLIENT-OWNED> show version
# Hostname: MHSSO-ADA-MR-CLIENT-OWNED
# Model: srx240h2
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at MHSSO-ADA-MR-CLIENT-OWNED> show version invoke-on all-routing-engines
# Hostname: MHSSO-ADA-MR-CLIENT-OWNED
# Model: srx240h2
+# JUNOS Software Release [12.3X48-D40.5]
#
# grnoc-mon at MHSSO-ADA-MR-CLIENT-OWNED> file list /var/tmp detail
-# lrw-r--r-- 1 root wheel 11 Dec 29 2016 /var/tmp@ -> /cf/var/tmp
+# lrw-r--r-- 1 root wheel 11 Oct 27 2016 /var/tmp@ -> /cf/var/tmp
# total files: 1
#
# grnoc-mon at MHSSO-ADA-MR-CLIENT-OWNED> show system uptime
-# System booted: 2017-09-21 15:48 CDT
-# Protocols started: 2017-09-21 15:51 CDT
-# Last configured: 2017-09-21 13:35 CDT by root
+# System booted: 2017-09-21 16:34 CDT
+# Protocols started: 2017-09-21 16:38 CDT
+# Last configured: 2017-09-21 16:36 CDT by root
#
# grnoc-mon at MHSSO-ADA-MR-CLIENT-OWNED> show interface terse
#Interface Admin Link
@@ -187,8 +193,8 @@
#vlan up up
#vlan.100 up up
# grnoc-mon at MHSSO-ADA-MR-CLIENT-OWNED> show configuration
-## Last commit: 2017-09-21 13:35:54 CDT by root
-version 12.1X46-D65.4;
+## Last commit: 2017-09-21 16:36:50 CDT by root
+version 12.3X48-D40.5;
system {
host-name MHSSO-ADA-MR-CLIENT-OWNED;
auto-snapshot;
@@ -324,198 +330,6 @@
chassis {
config-button no-rescue no-clear;
}
-interfaces {
- ge-0/0/0 {
- description "Link to OneNet";
- vlan-tagging;
- unit 500 {
- description "L3 INTERFACE - UNTRUST-WAN - 156.110.34.17/31";
- vlan-id 500;
- family inet {
- address 156.110.34.17/31;
- }
- }
- unit 501 {
- description "L3 INTERFACE - MPLS-WAN - 10.199.28.71/31";
- vlan-id 501;
- family inet {
- address 10.199.28.71/31;
- }
- }
- }
- ge-0/0/1 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/2 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/3 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/4 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/5 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/6 {
- description "L2 INTERFACE - DMZ";
- unit 0 {
- family ethernet-switching {
- port-mode access;
- vlan {
- members 100;
- }
- }
- }
- }
- ge-0/0/7 {
- disable;
- }
- ge-0/0/8 {
- disable;
- }
- ge-0/0/9 {
- disable;
- }
- ge-0/0/10 {
- description "L3 INTERFACE - PHONE SYSTEM - 192.168.250.1/24";
- unit 0 {
- family inet {
- address 192.168.250.1/24;
- }
- }
- }
- ge-0/0/11 {
- disable;
- }
- ge-0/0/12 {
- disable;
- }
- ge-0/0/13 {
- disable;
- }
- ge-0/0/14 {
- description "Link to OneNet";
- vlan-tagging;
- unit 500 {
- description "L3 INTERFACE - UNTRUST-WAN - 156.110.34.17/31";
- vlan-id 500;
- family inet {
- address 156.110.34.17/31;
- }
- }
- unit 501 {
- description "L3 INTERFACE - MPLS-WAN - 10.199.28.71/31";
- vlan-id 501;
- family inet {
- address 10.199.28.71/31;
- }
- }
- }
- ge-0/0/15 {
- description "L3 INTERFACE - TRUST - 192.168.10.240/24";
- unit 0 {
- family inet {
- address 192.168.10.240/24;
- }
- }
- }
- protect: lo0 {
- unit 0 {
- family inet {
- filter {
- input PROTECT-RE;
- }
- }
- }
- }
- vlan {
- unit 100 {
- description "L3 INTERFACE - DMZ - 164.58.2.17/28";
- family inet {
- address 164.58.2.17/28;
- }
- }
- }
-}
-snmp {
- description OneNet-SRX200-Template-3.0.0;
- contact "Net Group - (888)566-3638";
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-only;
- }
- community "<removed>" {
- authorization read-write;
- }
-}
-routing-options {
- static {
- route 0.0.0.0/0 next-hop 156.110.34.16;
- route 10.0.0.0/8 next-hop 10.199.28.70;
- route 172.16.0.0/12 next-hop 10.199.28.70;
- route 192.168.0.0/16 next-hop 10.199.28.70;
- }
-}
-protocols {
- lldp {
- interface all;
- }
- stp;
-}
-policy-options {
- protect: prefix-list PRE-MGMT-SOURCES {
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.253.0/24;
- }
- protect: prefix-list PRE-LOCALIPv4-SOURCES {
- apply-path "interfaces <*> unit <*> family inet address <*>";
- }
-}
security {
alg {
sip disable;
@@ -737,6 +551,198 @@
}
}
}
+interfaces {
+ ge-0/0/0 {
+ description "Link to OneNet";
+ vlan-tagging;
+ unit 500 {
+ description "L3 INTERFACE - UNTRUST-WAN - 156.110.34.17/31";
+ vlan-id 500;
+ family inet {
+ address 156.110.34.17/31;
+ }
+ }
+ unit 501 {
+ description "L3 INTERFACE - MPLS-WAN - 10.199.28.71/31";
+ vlan-id 501;
+ family inet {
+ address 10.199.28.71/31;
+ }
+ }
+ }
+ ge-0/0/1 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/3 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/4 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/5 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/6 {
+ description "L2 INTERFACE - DMZ";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members 100;
+ }
+ }
+ }
+ }
+ ge-0/0/7 {
+ disable;
+ }
+ ge-0/0/8 {
+ disable;
+ }
+ ge-0/0/9 {
+ disable;
+ }
+ ge-0/0/10 {
+ description "L3 INTERFACE - PHONE SYSTEM - 192.168.250.1/24";
+ unit 0 {
+ family inet {
+ address 192.168.250.1/24;
+ }
+ }
+ }
+ ge-0/0/11 {
+ disable;
+ }
+ ge-0/0/12 {
+ disable;
+ }
+ ge-0/0/13 {
+ disable;
+ }
+ ge-0/0/14 {
+ description "Link to OneNet";
+ vlan-tagging;
+ unit 500 {
+ description "L3 INTERFACE - UNTRUST-WAN - 156.110.34.17/31";
+ vlan-id 500;
+ family inet {
+ address 156.110.34.17/31;
+ }
+ }
+ unit 501 {
+ description "L3 INTERFACE - MPLS-WAN - 10.199.28.71/31";
+ vlan-id 501;
+ family inet {
+ address 10.199.28.71/31;
+ }
+ }
+ }
+ ge-0/0/15 {
+ description "L3 INTERFACE - TRUST - 192.168.10.240/24";
+ unit 0 {
+ family inet {
+ address 192.168.10.240/24;
+ }
+ }
+ }
+ protect: lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input PROTECT-RE;
+ }
+ }
+ }
+ }
+ vlan {
+ unit 100 {
+ description "L3 INTERFACE - DMZ - 164.58.2.17/28";
+ family inet {
+ address 164.58.2.17/28;
+ }
+ }
+ }
+}
+snmp {
+ description OneNet-SRX200-Template-3.0.0;
+ contact "Net Group - (888)566-3638";
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-only;
+ }
+ community "<removed>" {
+ authorization read-write;
+ }
+}
+routing-options {
+ static {
+ route 0.0.0.0/0 next-hop 156.110.34.16;
+ route 10.0.0.0/8 next-hop 10.199.28.70;
+ route 172.16.0.0/12 next-hop 10.199.28.70;
+ route 192.168.0.0/16 next-hop 10.199.28.70;
+ }
+}
+protocols {
+ lldp {
+ interface all;
+ }
+ stp;
+}
+policy-options {
+ protect: prefix-list PRE-MGMT-SOURCES {
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.253.0/24;
+ }
+ protect: prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+}
firewall {
family inet {
protect: filter PROTECT-RE {
Index: configs/rpswi1.okc.onenet.net
===================================================================
--- configs/rpswi1.okc.onenet.net (revision 156778)
+++ configs/rpswi1.okc.onenet.net (working copy)
@@ -247,8 +247,8 @@
#ge-0/0/18.0 up up
#ge-0/0/19 up up
#ge-0/0/19.0 up up
-#ge-0/0/20 up up
-#ge-0/0/20.0 up up
+#ge-0/0/20 up down
+#ge-0/0/20.0 up down
#ge-0/0/21 up up
#ge-0/0/21.0 up up
#ge-0/0/22 up up
More information about the Nocrancid
mailing list