diff --git a/examples/tg16/netconf/README.md b/examples/tg16/netconf/README.md new file mode 100644 index 00000000..2da43f77 --- /dev/null +++ b/examples/tg16/netconf/README.md @@ -0,0 +1,16 @@ +# TG16 Network Configuration + +We've included some of the configs used in the network for TG16. Some of the configuration files contains `set` commands in addition to normal `show configuration` commands. + +Comments for some of the files; +- **distro3_clean_generated.conf**: Contains set-commands for distro 3. This was untouched configwise for TG16 (except for removing BFD, which the config reflects). +- **distro5_after_l3_was_moved_to_edge.conf**: Contains set-commands, whith a list of new set-commands at the bottom used to reconfigure from L3 directly terminated to L3 being statically routed towards the edge switches. +- **ex2200.conf**: The template used to generate the configuration at the edge switches towards the participants. The variables inside would be substituted with real values when FAP made the config available for download for the specific config. Please note that this config is without first-hop-security, as that feature came later than Junos 12.3, as some of the EX2200-es ran that version. +- **ex2200_secure.conf**: Template identical to "ex2200.conf", except that first-hop-security has been added. +- **ex2200_secure_with_l3.conf**: Identical to "ex2200_secure.conf" file. The difference is that it contains the necessary set commands to terminate L3 directly at the edge switch, and not at the distro switch. + +The rest of the files contains only "show configuration" output. + +Best regards, +Jonas H. Lindstad +on behalf of The Gathering 2016 Tech:Net-crew. \ No newline at end of file diff --git a/examples/tg16/netconf/backstagesw1.conf b/examples/tg16/netconf/backstagesw1.conf new file mode 100644 index 00000000..ce331df1 --- /dev/null +++ b/examples/tg16/netconf/backstagesw1.conf @@ -0,0 +1,349 @@ +## Last changed: 2016-03-23 17:45:17 CET +version 14.1X53-D15.2; +system { + host-name backstagesw1; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 88.92.57.114; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + /* Save changes to central site */ + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } +} +interfaces { + interface-range core-ports { + member-range ge-0/0/46 to ge-0/0/47; + description "uplink to stagegw"; + ether-options { + 802.3ad ae0; + } + } + interface-range LYD_NETT { + member-range ge-0/0/0 to ge-0/0/9; + description LYD_NETT; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members LYD_NETT; + } + } + } + } + interface-range AV_NETT { + member-range ge-0/0/10 to ge-0/0/11; + description AV_NETT; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members AV_NETT; + } + } + } + } + interface-range edge-ports { + member-range ge-0/0/12 to ge-0/0/45; + description edge-ports; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members clients; + } + } + } + } + ae0 { + description "uplink to stagegw"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ clients mgmt AV_NETT LYD_NETT ]; + } + } + } + } + vlan { + unit 123 { + description LYD_NETT; + } + unit 321 { + description AV_NETT; + } + unit 1227 { + description "MGMT L3 interface"; + family inet { + filter { + input mgmt-v4; + } + address 88.92.57.114/28; + } + family inet6 { + filter { + input mgmt-v6; + } + address 2a06:5840:575::114/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 next-hop 88.92.57.113; + } + } + rib inet6.0 { + static { + route ::/0 next-hop 2a06:5840:575::113; + } + } +} +protocols { + sflow { + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 88.92.57.114; + collector ; + collector ; + interfaces core-ports; + interfaces edge-ports; + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface edge-ports { + edge; + no-root-port; + } + } + lldp { + management-address 88.92.57.114; + interface ae0.0; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + /* sammenslått av separate v4- og v6-lister */ + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } +} +firewall { + family inet { + filter mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term accept-all { + then accept; + } + } + } +} +ethernet-switching-options { + secure-access-port { + interface edge-ports { + no-dhcp-trusted; + } + vlan clients { + arp-inspection; + examine-dhcp; + examine-dhcpv6; + neighbor-discovery-inspection; + ip-source-guard; + ipv6-source-guard; + dhcp-option82; + dhcpv6-option18 { + use-option-82; + } + } + ipv6-source-guard-sessions { + max-number 128; + } + } + storm-control { + interface all; + } +} +vlans { + AV_NETT { + vlan-id 321; + } + LYD_NETT { + vlan-id 123; + } + clients { + vlan-id 241; + } + mgmt { + vlan-id 1227; + l3-interface vlan.1227; + } +} diff --git a/examples/tg16/netconf/coregw.conf b/examples/tg16/netconf/coregw.conf new file mode 100644 index 00000000..61b609a1 --- /dev/null +++ b/examples/tg16/netconf/coregw.conf @@ -0,0 +1,1613 @@ +## Last changed: 2016-03-24 06:38:20 CET +version 14.1X53-D35.3; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name coregw; + auto-snapshot; + time-zone Europe/Oslo; + arp { + aging-timer 5; + } + authentication-order [ tacplus password ]; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.66; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 10; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + processes { + app-engine-virtual-machine-management-service { + traceoptions { + level notice; + flag all; + } + } + } + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range all-ports { + member-range xe-0/0/0 to xe-0/0/47; + member-range xe-1/0/0 to xe-1/0/47; + member-range et-0/0/48 to et-0/0/53; + member-range et-1/0/48 to et-1/0/53; + } + ge-0/0/0 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/0 { + description "ae0 - link mot distro0"; + ether-options { + 802.3ad ae0; + } + } + ge-0/0/1 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/1 { + description "Link mot distro1"; + ether-options { + 802.3ad ae1; + } + } + ge-0/0/2 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/2 { + description "Link mot distro2"; + ether-options { + 802.3ad ae2; + } + } + ge-0/0/3 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/3 { + description "Link mot distro3"; + ether-options { + 802.3ad ae3; + } + } + ge-0/0/4 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/4 { + description "Link mot distro4"; + ether-options { + 802.3ad ae4; + } + } + ge-0/0/5 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/5 { + description "Link mot distro5"; + ether-options { + 802.3ad ae5; + } + } + ge-0/0/6 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/6 { + description "Link mot distro6"; + ether-options { + 802.3ad ae6; + } + } + ge-0/0/7 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/7 { + description "Link mot distro7"; + ether-options { + 802.3ad ae7; + } + } + ge-0/0/8 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/8 { + description "Link mot creativiagw"; + ether-options { + 802.3ad ae8; + } + } + ge-0/0/9 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/9 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/10 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/10 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/11 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/11 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/12 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/12 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/13 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/13 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/14 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/14 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/15 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/15 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/16 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/16 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/17 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/17 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/18 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/18 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/19 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/19 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/20 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/20 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/21 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/21 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/22 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/22 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/23 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/23 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/24 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/24 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/25 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/25 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/26 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/26 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/27 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/27 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/28 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/28 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/29 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/29 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/30 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/30 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/31 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/31 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/32 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/32 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/33 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/33 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/34 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/34 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/35 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/35 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/36 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/36 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/37 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/37 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/38 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/38 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/39 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/39 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/40 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/40 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/41 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/41 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/42 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/42 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/43 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/43 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/44 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/44 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/45 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/45 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/46 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/46 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + ge-0/0/47 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/47 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + et-0/0/48 { + description "ae11 - link mot nocgw"; + ether-options { + 802.3ad ae11; + } + } + xe-0/0/48:0 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/48:1 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/48:2 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/48:3 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + et-0/0/49 { + description "ae10 - link mot telegw"; + ether-options { + 802.3ad ae10; + } + } + xe-0/0/49:0 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/49:1 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/49:2 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/49:3 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + et-0/0/50 { + description "ae12 - link mot standgw"; + ether-options { + 802.3ad ae12; + } + } + xe-0/0/50:0 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/50:1 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/50:2 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/50:3 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + et-0/0/51 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/51:0 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/51:1 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/51:2 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/51:3 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + et-0/0/52 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/52:0 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/52:1 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/52:2 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/52:3 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + et-0/0/53 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/53:0 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/53:1 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/53:2 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-0/0/53:3 { + unit 0 { + family ethernet-switching { + storm-control default; + } + } + } + xe-1/0/0 { + description "ae0 - link mot distro0"; + ether-options { + 802.3ad ae0; + } + } + xe-1/0/1 { + description "Link mot distro1"; + ether-options { + 802.3ad ae1; + } + } + xe-1/0/2 { + description "Link mot distro2"; + ether-options { + 802.3ad ae2; + } + } + xe-1/0/3 { + description "Link mot distro3"; + ether-options { + 802.3ad ae3; + } + } + xe-1/0/4 { + description "Link mot distro4"; + ether-options { + 802.3ad ae4; + } + } + xe-1/0/5 { + description "Link mot distro5"; + ether-options { + 802.3ad ae5; + } + } + xe-1/0/6 { + description "Link mot distro6"; + ether-options { + 802.3ad ae6; + } + } + xe-1/0/7 { + description "Link mot distro7"; + ether-options { + 802.3ad ae7; + } + } + xe-1/0/8 { + description "Link mot creativiagw"; + ether-options { + 802.3ad ae8; + } + } + et-1/0/48 { + description "ae11 - link mot nocgw"; + ether-options { + 802.3ad ae11; + } + } + et-1/0/49 { + description "ae10 - link mot telegw"; + ether-options { + 802.3ad ae10; + } + } + et-1/0/50 { + description "ae12 - link mot standgw"; + ether-options { + 802.3ad ae12; + } + } + ae0 { + description "mot distro0"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.152/31; + } + family inet6; + } + } + ae1 { + description "mot distro1"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.154/31; + } + family inet6; + } + } + ae2 { + description "mot distro2"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.156/31; + } + family inet6; + } + } + ae3 { + description "mot distro3"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.158/31; + } + family inet6; + } + } + ae4 { + description "mot distro4"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.160/31; + } + family inet6; + } + } + ae5 { + description "mot distro5"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.162/31; + } + family inet6; + } + } + ae6 { + description "mot distro6"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.164/31; + } + family inet6; + } + } + ae7 { + description "mot distro7"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.166/31; + } + family inet6; + } + } + ae8 { + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.151/31; + } + family inet6; + } + } + ae10 { + description "80G mot telegw"; + unit 0 { + family inet { + address 185.110.148.129/31; + } + family inet6; + } + } + ae11 { + description "80G mot nocgw"; + unit 0 { + family inet { + address 185.110.148.137/31; + } + family inet6; + } + } + ae12 { + description "80G mot standgw"; + unit 0 { + family inet { + address 185.110.148.135/31; + } + family inet6; + } + } + em1 { + unit 0 { + family inet; + } + } + irb { + unit 0 { + family inet; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.66/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::66/128; + } + } + } + vme { + unit 0 { + family inet; + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + storm-control-profiles default { + all; + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + ospf { + export [ redistribute-direct redistribute-static ]; + area 0.0.0.0 { + interface all; + interface ae0.0; + interface ae1.0; + interface ae2.0; + interface ae8.0 { + metric 200; + } + } + } + ospf3 { + export [ redistribute-direct redistribute-static ]; + area 0.0.0.0 { + interface all; + interface ae2.0; + interface ae1.0; + interface ae0.0; + interface ae8.0 { + metric 200; + } + } + } + lldp { + management-address 185.110.148.66; + interface all; + } + lldp-med { + interface all; + } + igmp-snooping { + vlan default; + } + sflow { + agent-id 185.110.148.66; + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 185.110.148.66; + collector ; + interfaces all-ports; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + /* sammenslått av separate v4- og v6-lister */ + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement redistribute-direct { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement redistribute-static { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then { + count snmp-nms; + accept; + } + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then { + policer policer-1Mbit; + count snmp-throttle; + accept; + } + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then { + count icmp-trusted; + accept; + } + } + term icmp-throttled { + from { + protocol icmp; + } + then { + policer policer-1Mbit; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter v4-security { + term accept-security { + from { + source-address { + 10.30.0.0/16; + } + destination-address { + 10.30.0.0/16; + } + } + then accept; + } + term discard-all { + then { + discard; + } + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + inactive: mgmt-v6; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then { + count snmp-nms; + accept; + } + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then { + policer policer-1Mbit; + count snmp-throttle; + accept; + } + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then { + count icmp-trusted; + accept; + } + } + term icmp-throttled { + from { + next-header icmp6; + } + then { + policer policer-1Mbit; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + } + policer policer-1Mbit { + if-exceeding { + bandwidth-limit 1m; + burst-size-limit 500k; + } + then discard; + } + policer policer-slowest { + if-exceeding { + bandwidth-limit 32k; + burst-size-limit 32k; + } + then discard; + } +} +virtual-chassis { + preprovisioned; + /* NLogic - Orange */ + member 0 { + role routing-engine; + serial-number ; + } + /* Juniper - Blue */ + member 1 { + role routing-engine; + serial-number ; + } +} +vlans { + default { + vlan-id 1; + l3-interface irb.0; + } +} diff --git a/examples/tg16/netconf/creativiagw.conf b/examples/tg16/netconf/creativiagw.conf new file mode 100644 index 00000000..5add79d6 --- /dev/null +++ b/examples/tg16/netconf/creativiagw.conf @@ -0,0 +1,1238 @@ +## Last changed: 2016-03-27 04:09:03 CEST +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name creativiagw; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.74; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range aps { + member-range ge-0/0/36 to ge-0/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-2/0/36 to ge-2/0/47; + description "Management/klientnett AP-er"; + unit 0 { + family ethernet-switching { + vlan { + members aps_mgmt; + } + } + } + } + ge-0/0/0 { + description "creativia1 access / ae0"; + ether-options { + 802.3ad ae0; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/1 { + description "creativia2 access / ae1"; + ether-options { + 802.3ad ae1; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/2 { + description "creativia3 access / ae2"; + ether-options { + 802.3ad ae2; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/3 { + description "creativia4 access / ae3"; + ether-options { + 802.3ad ae3; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/4 { + description "creativia5 access / ae4"; + ether-options { + 802.3ad ae4; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/5 { + description "creativia6 access / ae5"; + ether-options { + 802.3ad ae5; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/6 { + description "creativia7 access / ae6"; + ether-options { + 802.3ad ae6; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/7 { + description "creativia-village access / ae7"; + ether-options { + 802.3ad ae7; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + xe-0/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + xe-0/1/1 { + description "uplink mot tele"; + ether-options { + 802.3ad ae30; + } + } + ge-1/0/0 { + description "creativia1 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-1/0/1 { + description "creativia2 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-1/0/2 { + description "creativia3 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-1/0/3 { + description "creativia4 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-1/0/4 { + description "creativia5 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-1/0/5 { + description "creativia6 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/6 { + description "creativia7 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-1/0/7 { + description "creativia-village ae7"; + ether-options { + 802.3ad ae7; + } + } + xe-1/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-2/0/0 { + description "creativia1 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-2/0/1 { + description "creativia2 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-2/0/2 { + description "creativia3 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-2/0/3 { + description "creativia4 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-2/0/4 { + description "creativia5 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-2/0/5 { + description "creativia6 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-2/0/6 { + description "creativia7 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-2/0/7 { + description "creativia-village ae7"; + ether-options { + 802.3ad ae7; + } + } + ae0 { + description "creativia1 ae0"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt creativia1 ]; + } + } + } + } + ae1 { + description "creativia2 ae1"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt creativia2 ]; + } + } + } + } + ae2 { + description "creativia3 ae2"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt creativia3 ]; + } + } + } + } + ae3 { + description "creativia4 ae3"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt creativia4 ]; + } + } + } + } + ae4 { + description "creativia5 ae4"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt creativia5 ]; + } + } + } + } + ae5 { + description "creativia6 ae5"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt creativia6 ]; + } + } + } + } + ae6 { + description "creativia7 ae6"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt creativia7 ]; + } + } + } + } + ae7 { + description "creativia-village ae7"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt creativia-village ]; + } + } + } + } + ae30 { + description "uplink mot tele"; + unit 0 { + family inet { + address 185.110.148.149/31; + } + family inet6; + } + } + ae31 { + description "Uplink mot coregw"; + unit 0 { + family inet { + address 185.110.148.150/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.74/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::74/128; + } + } + } + vlan { + unit 666 { + description "mgmt til aksesswitcher/fapfapfap"; + family inet { + address 88.92.56.1/26; + } + } + unit 777 { + description "mgmt til AP-ene"; + family inet { + address 88.92.53.65/26; + } + } + unit 2001 { + family inet { + address 88.92.40.1/26; + } + family inet6 { + address 2a06:5840:40a::1/64; + } + } + unit 2002 { + family inet { + address 88.92.40.65/26; + } + family inet6 { + address 2a06:5840:40b::1/64; + } + } + unit 2003 { + family inet { + address 88.92.40.129/26; + } + family inet6 { + address 2a06:5840:40c::1/64; + } + } + unit 2004 { + family inet { + address 88.92.40.193/26; + } + family inet6 { + address 2a06:5840:40d::1/64; + } + } + unit 2005 { + family inet { + address 88.92.41.1/26; + } + family inet6 { + address 2a06:5840:41a::1/64; + } + } + unit 2010 { + family inet { + address 88.92.42.65/26; + } + family inet6 { + address 2a06:5840:42b::1/64; + } + } + unit 2011 { + family inet { + address 88.92.42.129/26; + } + family inet6 { + address 2a06:5840:42c::1/64; + } + } + unit 2012 { + family inet { + address 88.92.42.193/26; + } + family inet6 { + address 2a06:5840:42d::1/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + inactive: helpers { + bootp { + dhcp-option82 { + circuit-id { + prefix hostname; + } + } + server 185.110.148.22; + interface { + vlan.666; + } + } + } + dhcp-relay { + inactive: dhcpv6 { + inactive: group edge-switches { + active-server-group v6-edge-switches; + overrides; + interface vlan.777; + interface vlan.2001; + interface vlan.2002; + interface vlan.2003; + interface vlan.2004; + interface vlan.2005; + interface vlan.2010; + interface vlan.2011; + interface vlan.2012; + } + server-group { + v6-edge-switches { + 2a06:5841:149a::2; + } + } + } + server-group { + v4-edge-switches { + 185.110.149.2; + 185.110.148.2; + } + fapfapfap-group { + 185.110.148.22; + } + } + group edge-switches { + active-server-group v4-edge-switches; + overrides { + trust-option-82; + } + interface vlan.777; + interface vlan.2001; + interface vlan.2002; + interface vlan.2003; + interface vlan.2004; + interface vlan.2005; + interface vlan.2010; + interface vlan.2011; + interface vlan.2012; + } + group fapfapfap { + active-server-group fapfapfap-group; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +event-options { + policy ae0down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/0 unit 0"; + "deactivate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle"; + } + } + } + } + policy ae0up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/0 unit 0"; + "activate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle"; + } + } + } + } + policy ae1down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/1 unit 0"; + "deactivate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle"; + } + } + } + } + policy ae1up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/1 unit 0"; + "activate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle"; + } + } + } + } + policy ae2down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/2 unit 0"; + "deactivate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle"; + } + } + } + } + policy ae2up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/2 unit 0"; + "activate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle"; + } + } + } + } + policy ae3down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/3 unit 0"; + "deactivate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle"; + } + } + } + } + policy ae3up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/3 unit 0"; + "activate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle"; + } + } + } + } + policy ae4down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/4 unit 0"; + "deactivate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle"; + } + } + } + } + policy ae4up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/4 unit 0"; + "activate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle"; + } + } + } + } + policy ae5down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/5 unit 0"; + "deactivate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle"; + } + } + } + } + policy ae5up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/5 unit 0"; + "activate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle"; + } + } + } + } + policy ae6down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/6 unit 0"; + "deactivate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle"; + } + } + } + } + policy ae6up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/6 unit 0"; + "activate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle"; + } + } + } + } + policy ae7down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/7 unit 0"; + "deactivate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle"; + } + } + } + } + policy ae7up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/7 unit 0"; + "activate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle"; + } + } + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + inactive: router-advertisement { + interface vlan.2001; + interface vlan.2002; + interface vlan.2003; + interface vlan.2004; + interface vlan.2005; + interface vlan.2010; + interface vlan.2011; + interface vlan.2012; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0 { + metric 200; + } + interface ae30.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0 { + metric 200; + } + interface ae30.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + igmp-snooping { + vlan all; + } + rstp; + lldp { + management-address 185.110.148.74; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +ethernet-switching-options { + storm-control { + interface all; + } +} +vlans { + aps_mgmt { + vlan-id 777; + l3-interface vlan.777; + } + creativia-village { + vlan-id 2012; + l3-interface vlan.2012; + } + creativia1 { + vlan-id 2001; + l3-interface vlan.2001; + } + creativia2 { + vlan-id 2002; + l3-interface vlan.2002; + } + creativia3 { + vlan-id 2003; + l3-interface vlan.2003; + } + creativia4 { + vlan-id 2004; + l3-interface vlan.2004; + } + creativia5 { + vlan-id 2005; + l3-interface vlan.2005; + } + creativia6 { + vlan-id 2010; + l3-interface vlan.2010; + } + creativia7 { + vlan-id 2011; + l3-interface vlan.2011; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/distro0.conf b/examples/tg16/netconf/distro0.conf new file mode 100644 index 00000000..c674c01c --- /dev/null +++ b/examples/tg16/netconf/distro0.conf @@ -0,0 +1,1610 @@ +## Last changed: 2016-03-27 09:01:50 CEST +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name distro0; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.100; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range aps { + member-range ge-0/0/36 to ge-0/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-2/0/36 to ge-2/0/47; + description "Management/klientnett AP-er"; + unit 0 { + family ethernet-switching { + vlan { + members aps_mgmt; + } + } + } + } + interface-range all-ports { + member-range ge-0/0/0 to ge-0/0/47; + member-range ge-1/0/0 to ge-1/0/47; + member-range ge-2/0/0 to ge-2/0/47; + member-range xe-0/1/0 to xe-0/1/3; + member-range xe-1/1/0 to xe-1/1/3; + member-range xe-2/1/0 to xe-2/1/3; + } + ge-0/0/0 { + description "e1-3 access / ae0"; + ether-options { + 802.3ad ae0; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/1 { + description "e1-4 access / ae1"; + ether-options { + 802.3ad ae1; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/2 { + description "e3-3 access / ae2"; + ether-options { + 802.3ad ae2; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/3 { + description "e3-4 access / ae3"; + inactive: ether-options { + 802.3ad ae3; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/4 { + description "e5-3 access / ae4"; + ether-options { + 802.3ad ae4; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/5 { + description "e5-4 access / ae5"; + ether-options { + 802.3ad ae5; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/6 { + description "e7-3 access / ae6"; + ether-options { + 802.3ad ae6; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/7 { + description "e7-4 access / ae7"; + inactive: ether-options { + 802.3ad ae7; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/8 { + description "e9-3 access / ae8"; + inactive: ether-options { + 802.3ad ae8; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/9 { + description "e9-4 access / ae9"; + ether-options { + 802.3ad ae9; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/10 { + description "e11-3 access / ae10"; + ether-options { + 802.3ad ae10; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/11 { + description "e11-4 access / ae11"; + ether-options { + 802.3ad ae11; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + xe-0/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-1/0/0 { + description "e1-3 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-1/0/1 { + description "e1-4 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-1/0/2 { + description "e3-3 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-1/0/3 { + description "e3-4 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-1/0/4 { + description "e5-3 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-1/0/5 { + description "e5-4 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/6 { + description "e7-3 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-1/0/7 { + description "e7-4 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-1/0/8 { + description "e9-3 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-1/0/9 { + description "e9-4 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-1/0/10 { + description "e11-3 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-1/0/11 { + description "e11-4 ae11"; + ether-options { + 802.3ad ae11; + } + } + xe-1/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-2/0/0 { + description "e1-3 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-2/0/1 { + description "e1-4 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-2/0/2 { + description "e3-3 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-2/0/3 { + description "e3-4 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-2/0/4 { + description "e5-3 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-2/0/5 { + description "e5-4 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-2/0/6 { + description "e7-3 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-2/0/7 { + description "e7-4 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-2/0/8 { + description "e9-3 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-2/0/9 { + description "e9-4 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-2/0/10 { + description "e11-3 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-2/0/11 { + description "e11-4 ae11"; + ether-options { + 802.3ad ae11; + } + } + ae0 { + description "e1-3 ae0"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e1-3 ]; + } + } + } + } + ae1 { + description "e1-4 ae1"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e1-4 ]; + } + } + } + } + ae2 { + description "e3-3 ae2"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e3-3 ]; + } + } + } + } + ae3 { + description "e3-4 ae3"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e3-4 ]; + } + } + } + } + ae4 { + description "e5-3 ae4"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e5-3 ]; + } + } + } + } + ae5 { + description "e5-4 ae5"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e5-4 ]; + } + } + } + } + ae6 { + description "e7-3 ae6"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e7-3 ]; + } + } + } + } + ae7 { + description "e7-4 ae7"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e7-4 ]; + } + } + } + } + ae8 { + description "e9-3 ae8"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e9-3 ]; + } + } + } + } + ae9 { + description "e9-4 ae9"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e9-4 ]; + } + } + } + } + ae10 { + description "e11-3 ae10"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e11-3 ]; + } + } + } + } + ae11 { + description "e11-4 ae11"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e11-4 ]; + } + } + } + } + ae31 { + description "Uplink mot coregw"; + unit 0 { + family inet { + address 185.110.148.153/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.100/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::100/128; + } + } + } + vlan { + unit 666 { + description "mgmt til aksesswitcher/fapfapfap"; + family inet { + address 88.92.54.1/26; + } + } + unit 777 { + description "mgmt til AP-ene"; + family inet { + address 88.92.51.1/26; + } + } + unit 1013 { + family inet { + address 88.92.0.1/26; + } + family inet6 { + address 2a06:5840:0a::1/64; + } + } + unit 1014 { + family inet { + address 88.92.0.65/26; + } + family inet6 { + address 2a06:5840:0b::1/64; + } + } + unit 1033 { + family inet { + address 88.92.0.129/26; + } + family inet6 { + address 2a06:5840:0c::1/64; + } + } + unit 1034 { + family inet { + address 88.92.0.193/26; + } + family inet6 { + address 2a06:5840:0d::1/64; + } + } + unit 1053 { + family inet { + address 88.92.1.65/26; + } + family inet6 { + address 2a06:5840:1b::1/64; + } + } + unit 1054 { + family inet { + address 88.92.1.129/26; + } + family inet6 { + address 2a06:5840:1c::1/64; + } + } + unit 1073 { + family inet { + address 88.92.2.65/26; + } + family inet6 { + address 2a06:5840:2b::1/64; + } + } + unit 1074 { + family inet { + address 88.92.2.129/26; + } + family inet6 { + address 2a06:5840:2c::1/64; + } + } + unit 1093 { + family inet { + address 88.92.3.65/26; + } + family inet6 { + address 2a06:5840:3b::1/64; + } + } + unit 1094 { + family inet { + address 88.92.3.129/26; + } + family inet6 { + address 2a06:5840:3c::1/64; + } + } + unit 1113 { + family inet { + address 88.92.4.65/26; + } + family inet6 { + address 2a06:5840:4b::1/64; + } + } + unit 1114 { + family inet { + address 88.92.4.129/26; + } + family inet6 { + address 2a06:5840:4c::1/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + inactive: helpers { + bootp { + dhcp-option82 { + circuit-id { + prefix hostname; + } + } + server 185.110.148.22; + interface { + vlan.666; + } + } + } + dhcp-relay { + inactive: dhcpv6 { + group edge-switches { + active-server-group v6-edge-switches; + overrides; + interface vlan.777; + interface vlan.1013; + interface vlan.1014; + interface vlan.1033; + interface vlan.1034; + interface vlan.1053; + interface vlan.1054; + interface vlan.1073; + interface vlan.1074; + interface vlan.1093; + interface vlan.1094; + interface vlan.1113; + interface vlan.1114; + } + server-group { + v6-edge-switches { + 2a06:5841:149a::2; + } + } + } + server-group { + v4-edge-switches { + 185.110.149.2; + 185.110.148.2; + } + fapfapfap-group { + 185.110.148.22; + } + } + group edge-switches { + active-server-group v4-edge-switches; + overrides { + trust-option-82; + } + interface vlan.777; + interface vlan.1013; + interface vlan.1014; + interface vlan.1033; + interface vlan.1034; + interface vlan.1053; + interface vlan.1054; + interface vlan.1073; + interface vlan.1074; + interface vlan.1093; + interface vlan.1094; + interface vlan.1113; + interface vlan.1114; + } + group fapfapfap { + active-server-group fapfapfap-group; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +event-options { + policy ae0down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/0 unit 0"; + "deactivate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle"; + } + } + } + } + policy ae0up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/0 unit 0"; + "activate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle"; + } + } + } + } + policy ae1down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/1 unit 0"; + "deactivate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle"; + } + } + } + } + policy ae1up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/1 unit 0"; + "activate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle"; + } + } + } + } + policy ae2down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/2 unit 0"; + "deactivate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle"; + } + } + } + } + policy ae2up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/2 unit 0"; + "activate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle"; + } + } + } + } + policy ae3down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/3 unit 0"; + "deactivate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle"; + } + } + } + } + policy ae3up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/3 unit 0"; + "activate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle"; + } + } + } + } + policy ae4down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/4 unit 0"; + "deactivate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle"; + } + } + } + } + policy ae4up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/4 unit 0"; + "activate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle"; + } + } + } + } + policy ae5down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/5 unit 0"; + "deactivate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle"; + } + } + } + } + policy ae5up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/5 unit 0"; + "activate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle"; + } + } + } + } + policy ae6down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/6 unit 0"; + "deactivate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle"; + } + } + } + } + policy ae6up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/6 unit 0"; + "activate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle"; + } + } + } + } + policy ae7down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/7 unit 0"; + "deactivate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle"; + } + } + } + } + policy ae7up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/7 unit 0"; + "activate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle"; + } + } + } + } + policy ae8down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/8 unit 0"; + "deactivate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae8 went down so removed ge-0/0/8 from bundle"; + } + } + } + } + policy ae8up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/8 unit 0"; + "activate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/8 to bundle"; + } + } + } + } + policy ae9down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/9 unit 0"; + "deactivate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae9 went down so removed ge-0/0/9 from bundle"; + } + } + } + } + policy ae9up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/9 unit 0"; + "activate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/9 to bundle"; + } + } + } + } + policy ae10down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/10 unit 0"; + "deactivate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae10 went down so removed ge-0/0/10 from bundle"; + } + } + } + } + policy ae10up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/10 unit 0"; + "activate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/10 to bundle"; + } + } + } + } + policy ae11down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/11 unit 0"; + "deactivate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae11 went down so removed ge-0/0/11 from bundle"; + } + } + } + } + policy ae11up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/11 unit 0"; + "activate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/11 to bundle"; + } + } + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + inactive: router-advertisement { + interface vlan.1013; + interface vlan.1014; + interface vlan.1033; + interface vlan.1034; + interface vlan.1053; + interface vlan.1054; + interface vlan.1073; + interface vlan.1074; + interface vlan.1093; + interface vlan.1094; + interface vlan.1113; + interface vlan.1114; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + sflow { + agent-id 185.110.148.100; + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 185.110.148.100; + collector ; + interfaces all-ports; + } + igmp-snooping { + vlan all; + } + rstp; + lldp { + management-address 185.110.148.100; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } + member 2 { + role line-card; + serial-number ; + } +} +ethernet-switching-options { + storm-control { + interface all; + } +} +vlans { + aps_mgmt { + vlan-id 777; + l3-interface vlan.777; + } + e1-3 { + vlan-id 1013; + l3-interface vlan.1013; + } + e1-4 { + vlan-id 1014; + l3-interface vlan.1014; + } + e11-3 { + vlan-id 1113; + l3-interface vlan.1113; + } + e11-4 { + vlan-id 1114; + l3-interface vlan.1114; + } + e3-3 { + vlan-id 1033; + l3-interface vlan.1033; + } + e3-4 { + vlan-id 1034; + l3-interface vlan.1034; + } + e5-3 { + vlan-id 1053; + l3-interface vlan.1053; + } + e5-4 { + vlan-id 1054; + l3-interface vlan.1054; + } + e7-3 { + vlan-id 1073; + l3-interface vlan.1073; + } + e7-4 { + vlan-id 1074; + l3-interface vlan.1074; + } + e9-3 { + vlan-id 1093; + l3-interface vlan.1093; + } + e9-4 { + vlan-id 1094; + l3-interface vlan.1094; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/distro1.conf b/examples/tg16/netconf/distro1.conf new file mode 100644 index 00000000..4cfe946d --- /dev/null +++ b/examples/tg16/netconf/distro1.conf @@ -0,0 +1,2240 @@ +## Last changed: 2016-03-24 13:39:24 CET +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name distro1; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.101; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range aps { + member-range ge-0/0/36 to ge-0/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-2/0/36 to ge-2/0/47; + description "Management/klientnett AP-er"; + unit 0 { + family ethernet-switching { + vlan { + members aps_mgmt; + } + } + } + } + interface-range all-ports { + member-range ge-0/0/0 to ge-0/0/47; + member-range ge-1/0/0 to ge-1/0/47; + member-range ge-2/0/0 to ge-2/0/47; + member-range xe-0/1/0 to xe-0/1/3; + member-range xe-1/1/0 to xe-1/1/3; + member-range xe-2/1/0 to xe-2/1/3; + } + ge-0/0/0 { + description "e5-2 access / ae0"; + ether-options { + 802.3ad ae0; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/1 { + description "e7-1 access / ae1"; + ether-options { + 802.3ad ae1; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/2 { + description "e7-2 access / ae2"; + ether-options { + 802.3ad ae2; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/3 { + description "e9-1 access / ae3"; + ether-options { + 802.3ad ae3; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/4 { + description "e9-2 access / ae4"; + ether-options { + 802.3ad ae4; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/5 { + description "e11-1 access / ae5"; + ether-options { + 802.3ad ae5; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/6 { + description "e11-2 access / ae6"; + ether-options { + 802.3ad ae6; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/7 { + description "e13-1 access / ae7"; + ether-options { + 802.3ad ae7; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/8 { + description "e13-2 access / ae8"; + ether-options { + 802.3ad ae8; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/9 { + description "e15-1 access / ae9"; + ether-options { + 802.3ad ae9; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/10 { + description "e15-2 access / ae10"; + ether-options { + 802.3ad ae10; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/11 { + description "e17-1 access / ae11"; + ether-options { + 802.3ad ae11; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/12 { + description "e17-2 access / ae12"; + ether-options { + 802.3ad ae12; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/13 { + description "e19-1 access / ae13"; + ether-options { + 802.3ad ae13; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/14 { + description "e19-2 access / ae14"; + ether-options { + 802.3ad ae14; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/15 { + description "e21-1 access / ae15"; + ether-options { + 802.3ad ae15; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/16 { + description "e21-2 access / ae16"; + ether-options { + 802.3ad ae16; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/17 { + description "e23-1 access / ae17"; + ether-options { + 802.3ad ae17; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/18 { + description "e23-2 access / ae18"; + ether-options { + 802.3ad ae18; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + xe-0/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-1/0/0 { + description "e5-2 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-1/0/1 { + description "e7-1 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-1/0/2 { + description "e7-2 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-1/0/3 { + description "e9-1 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-1/0/4 { + description "e9-2 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-1/0/5 { + description "e11-1 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/6 { + description "e11-2 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-1/0/7 { + description "e13-1 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-1/0/8 { + description "e13-2 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-1/0/9 { + description "e15-1 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-1/0/10 { + description "e15-2 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-1/0/11 { + description "e17-1 ae11"; + ether-options { + 802.3ad ae11; + } + } + ge-1/0/12 { + description "e17-2 ae12"; + ether-options { + 802.3ad ae12; + } + } + ge-1/0/13 { + description "e19-1 ae13"; + ether-options { + 802.3ad ae13; + } + } + ge-1/0/14 { + description "e19-2 ae14"; + ether-options { + 802.3ad ae14; + } + } + ge-1/0/15 { + description "e21-1 ae15"; + ether-options { + 802.3ad ae15; + } + } + ge-1/0/16 { + description "e21-2 ae16"; + ether-options { + 802.3ad ae16; + } + } + ge-1/0/17 { + description "e23-1 ae17"; + ether-options { + 802.3ad ae17; + } + } + ge-1/0/18 { + description "e23-2 ae18"; + ether-options { + 802.3ad ae18; + } + } + xe-1/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-2/0/0 { + description "e5-2 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-2/0/1 { + description "e7-1 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-2/0/2 { + description "e7-2 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-2/0/3 { + description "e9-1 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-2/0/4 { + description "e9-2 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-2/0/5 { + description "e11-1 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-2/0/6 { + description "e11-2 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-2/0/7 { + description "e13-1 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-2/0/8 { + description "e13-2 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-2/0/9 { + description "e15-1 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-2/0/10 { + description "e15-2 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-2/0/11 { + description "e17-1 ae11"; + ether-options { + 802.3ad ae11; + } + } + ge-2/0/12 { + description "e17-2 ae12"; + ether-options { + 802.3ad ae12; + } + } + ge-2/0/13 { + description "e19-1 ae13"; + ether-options { + 802.3ad ae13; + } + } + ge-2/0/14 { + description "e19-2 ae14"; + ether-options { + 802.3ad ae14; + } + } + ge-2/0/15 { + description "e21-1 ae15"; + ether-options { + 802.3ad ae15; + } + } + ge-2/0/16 { + description "e21-2 ae16"; + ether-options { + 802.3ad ae16; + } + } + ge-2/0/17 { + description "e23-1 ae17"; + ether-options { + 802.3ad ae17; + } + } + ge-2/0/18 { + description "e23-2 ae18"; + ether-options { + 802.3ad ae18; + } + } + ae0 { + description "e5-2 ae0"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e5-2 ]; + } + } + } + } + ae1 { + description "e7-1 ae1"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e7-1 ]; + } + } + } + } + ae2 { + description "e7-2 ae2"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e7-2 ]; + } + } + } + } + ae3 { + description "e9-1 ae3"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e9-1 ]; + } + } + } + } + ae4 { + description "e9-2 ae4"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e9-2 ]; + } + } + } + } + ae5 { + description "e11-1 ae5"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e11-1 ]; + } + } + } + } + ae6 { + description "e11-2 ae6"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e11-2 ]; + } + } + } + } + ae7 { + description "e13-1 ae7"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e13-1 ]; + } + } + } + } + ae8 { + description "e13-2 ae8"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e13-2 ]; + } + } + } + } + ae9 { + description "e15-1 ae9"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e15-1 ]; + } + } + } + } + ae10 { + description "e15-2 ae10"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e15-2 ]; + } + } + } + } + ae11 { + description "e17-1 ae11"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e17-1 ]; + } + } + } + } + ae12 { + description "e17-2 ae12"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e17-2 ]; + } + } + } + } + ae13 { + description "e19-1 ae13"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e19-1 ]; + } + } + } + } + ae14 { + description "e19-2 ae14"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e19-2 ]; + } + } + } + } + ae15 { + description "e21-1 ae15"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e21-1 ]; + } + } + } + } + ae16 { + description "e21-2 ae16"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e21-2 ]; + } + } + } + } + ae17 { + description "e23-1 ae17"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e23-1 ]; + } + } + } + } + ae18 { + description "e23-2 ae18"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e23-2 ]; + } + } + } + } + ae31 { + description "Uplink mot coregw"; + unit 0 { + family inet { + address 185.110.148.155/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.101/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::101/128; + } + } + } + vlan { + unit 666 { + description "mgmt til aksesswitcher/fapfapfap"; + family inet { + address 88.92.54.65/26; + } + } + unit 777 { + description "mgmt til AP-ene"; + family inet { + address 88.92.51.65/26; + } + } + unit 1052 { + family inet { + address 88.92.1.1/26; + } + family inet6 { + address 2a06:5840:1a::1/64; + } + } + unit 1071 { + family inet { + address 88.92.1.193/26; + } + family inet6 { + address 2a06:5840:1d::1/64; + } + } + unit 1072 { + family inet { + address 88.92.2.1/26; + } + family inet6 { + address 2a06:5840:2a::1/64; + } + } + unit 1091 { + family inet { + address 88.92.2.193/26; + } + family inet6 { + address 2a06:5840:2d::1/64; + } + } + unit 1092 { + family inet { + address 88.92.3.1/26; + } + family inet6 { + address 2a06:5840:3a::1/64; + } + } + unit 1111 { + family inet { + address 88.92.3.193/26; + } + family inet6 { + address 2a06:5840:3d::1/64; + } + } + unit 1112 { + family inet { + address 88.92.4.1/26; + } + family inet6 { + address 2a06:5840:4a::1/64; + } + } + unit 1131 { + family inet { + address 88.92.4.193/26; + } + family inet6 { + address 2a06:5840:4d::1/64; + } + } + unit 1132 { + family inet { + address 88.92.5.1/26; + } + family inet6 { + address 2a06:5840:5a::1/64; + } + } + unit 1151 { + family inet { + address 88.92.5.193/26; + } + family inet6 { + address 2a06:5840:5d::1/64; + } + } + unit 1152 { + family inet { + address 88.92.6.1/26; + } + family inet6 { + address 2a06:5840:6a::1/64; + } + } + unit 1171 { + family inet { + address 88.92.6.193/26; + } + family inet6 { + address 2a06:5840:6d::1/64; + } + } + unit 1172 { + family inet { + address 88.92.7.1/26; + } + family inet6 { + address 2a06:5840:7a::1/64; + } + } + unit 1191 { + family inet { + address 88.92.7.193/26; + } + family inet6 { + address 2a06:5840:7d::1/64; + } + } + unit 1192 { + family inet { + address 88.92.8.1/26; + } + family inet6 { + address 2a06:5840:8a::1/64; + } + } + unit 1211 { + family inet { + address 88.92.8.193/26; + } + family inet6 { + address 2a06:5840:8d::1/64; + } + } + unit 1212 { + family inet { + address 88.92.9.1/26; + } + family inet6 { + address 2a06:5840:9a::1/64; + } + } + unit 1231 { + family inet { + address 88.92.9.193/26; + } + family inet6 { + address 2a06:5840:9d::1/64; + } + } + unit 1232 { + family inet { + address 88.92.10.1/26; + } + family inet6 { + address 2a06:5840:10a::1/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + inactive: helpers { + bootp { + dhcp-option82 { + circuit-id { + prefix hostname; + } + } + server 185.110.148.22; + interface { + vlan.666; + } + } + } + dhcp-relay { + inactive: dhcpv6 { + group edge-switches { + active-server-group v6-edge-switches; + overrides; + interface vlan.777; + interface vlan.1052; + interface vlan.1071; + interface vlan.1072; + interface vlan.1091; + interface vlan.1092; + interface vlan.1111; + interface vlan.1112; + interface vlan.1131; + interface vlan.1132; + interface vlan.1151; + interface vlan.1152; + interface vlan.1171; + interface vlan.1172; + interface vlan.1191; + interface vlan.1192; + interface vlan.1211; + interface vlan.1212; + interface vlan.1231; + interface vlan.1232; + } + server-group { + v6-edge-switches { + 2a06:5841:149a::2; + } + } + } + server-group { + v4-edge-switches { + 185.110.149.2; + 185.110.148.2; + } + fapfapfap-group { + 185.110.148.22; + } + } + group edge-switches { + active-server-group v4-edge-switches; + overrides { + trust-option-82; + } + interface vlan.777; + interface vlan.1052; + interface vlan.1071; + interface vlan.1072; + interface vlan.1091; + interface vlan.1092; + interface vlan.1111; + interface vlan.1112; + interface vlan.1131; + interface vlan.1132; + interface vlan.1151; + interface vlan.1152; + interface vlan.1171; + interface vlan.1172; + interface vlan.1191; + interface vlan.1192; + interface vlan.1211; + interface vlan.1212; + interface vlan.1231; + interface vlan.1232; + } + group fapfapfap { + active-server-group fapfapfap-group; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +event-options { + policy ae0down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/0 unit 0"; + "deactivate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle"; + } + } + } + } + policy ae0up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/0 unit 0"; + "activate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle"; + } + } + } + } + policy ae1down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/1 unit 0"; + "deactivate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle"; + } + } + } + } + policy ae1up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/1 unit 0"; + "activate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle"; + } + } + } + } + policy ae2down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/2 unit 0"; + "deactivate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle"; + } + } + } + } + policy ae2up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/2 unit 0"; + "activate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle"; + } + } + } + } + policy ae3down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/3 unit 0"; + "deactivate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle"; + } + } + } + } + policy ae3up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/3 unit 0"; + "activate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle"; + } + } + } + } + policy ae4down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/4 unit 0"; + "deactivate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle"; + } + } + } + } + policy ae4up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/4 unit 0"; + "activate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle"; + } + } + } + } + policy ae5down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/5 unit 0"; + "deactivate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle"; + } + } + } + } + policy ae5up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/5 unit 0"; + "activate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle"; + } + } + } + } + policy ae6down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/6 unit 0"; + "deactivate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle"; + } + } + } + } + policy ae6up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/6 unit 0"; + "activate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle"; + } + } + } + } + policy ae7down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/7 unit 0"; + "deactivate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle"; + } + } + } + } + policy ae7up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/7 unit 0"; + "activate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle"; + } + } + } + } + policy ae8down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/8 unit 0"; + "deactivate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae8 went down so removed ge-0/0/8 from bundle"; + } + } + } + } + policy ae8up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/8 unit 0"; + "activate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/8 to bundle"; + } + } + } + } + policy ae9down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/9 unit 0"; + "deactivate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae9 went down so removed ge-0/0/9 from bundle"; + } + } + } + } + policy ae9up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/9 unit 0"; + "activate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/9 to bundle"; + } + } + } + } + policy ae10down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/10 unit 0"; + "deactivate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae10 went down so removed ge-0/0/10 from bundle"; + } + } + } + } + policy ae10up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/10 unit 0"; + "activate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/10 to bundle"; + } + } + } + } + policy ae11down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/11 unit 0"; + "deactivate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae11 went down so removed ge-0/0/11 from bundle"; + } + } + } + } + policy ae11up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/11 unit 0"; + "activate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/11 to bundle"; + } + } + } + } + policy ae12down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae12$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/12 unit 0"; + "deactivate interfaces ge-0/0/12 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae12 went down so removed ge-0/0/12 from bundle"; + } + } + } + } + policy ae12up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae12$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/12 unit 0"; + "activate interfaces ge-0/0/12 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/12 to bundle"; + } + } + } + } + policy ae13down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae13$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/13 unit 0"; + "deactivate interfaces ge-0/0/13 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae13 went down so removed ge-0/0/13 from bundle"; + } + } + } + } + policy ae13up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae13$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/13 unit 0"; + "activate interfaces ge-0/0/13 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/13 to bundle"; + } + } + } + } + policy ae14down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae14$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/14 unit 0"; + "deactivate interfaces ge-0/0/14 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae14 went down so removed ge-0/0/14 from bundle"; + } + } + } + } + policy ae14up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae14$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/14 unit 0"; + "activate interfaces ge-0/0/14 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/14 to bundle"; + } + } + } + } + policy ae15down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae15$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/15 unit 0"; + "deactivate interfaces ge-0/0/15 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae15 went down so removed ge-0/0/15 from bundle"; + } + } + } + } + policy ae15up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae15$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/15 unit 0"; + "activate interfaces ge-0/0/15 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/15 to bundle"; + } + } + } + } + policy ae16down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae16$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/16 unit 0"; + "deactivate interfaces ge-0/0/16 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae16 went down so removed ge-0/0/16 from bundle"; + } + } + } + } + policy ae16up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae16$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/16 unit 0"; + "activate interfaces ge-0/0/16 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/16 to bundle"; + } + } + } + } + policy ae17down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae17$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/17 unit 0"; + "deactivate interfaces ge-0/0/17 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae17 went down so removed ge-0/0/17 from bundle"; + } + } + } + } + policy ae17up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae17$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/17 unit 0"; + "activate interfaces ge-0/0/17 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/17 to bundle"; + } + } + } + } + policy ae18down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae18$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/18 unit 0"; + "deactivate interfaces ge-0/0/18 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae18 went down so removed ge-0/0/18 from bundle"; + } + } + } + } + policy ae18up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae18$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/18 unit 0"; + "activate interfaces ge-0/0/18 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/18 to bundle"; + } + } + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + inactive: router-advertisement { + interface vlan.1052; + interface vlan.1071; + interface vlan.1072; + interface vlan.1091; + interface vlan.1092; + interface vlan.1111; + interface vlan.1112; + interface vlan.1131; + interface vlan.1132; + interface vlan.1151; + interface vlan.1152; + interface vlan.1171; + interface vlan.1172; + interface vlan.1191; + interface vlan.1192; + interface vlan.1211; + interface vlan.1212; + interface vlan.1231; + interface vlan.1232; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + sflow { + agent-id 185.110.148.101; + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 185.110.148.101; + collector ; + interfaces all-ports; + } + igmp-snooping { + vlan all; + } + rstp; + lldp { + management-address 185.110.148.101; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } + member 2 { + role line-card; + serial-number ; + } +} +ethernet-switching-options { + storm-control { + interface all; + } +} +vlans { + aps_mgmt { + vlan-id 777; + l3-interface vlan.777; + } + e11-1 { + vlan-id 1111; + l3-interface vlan.1111; + } + e11-2 { + vlan-id 1112; + l3-interface vlan.1112; + } + e13-1 { + vlan-id 1131; + l3-interface vlan.1131; + } + e13-2 { + vlan-id 1132; + l3-interface vlan.1132; + } + e15-1 { + vlan-id 1151; + l3-interface vlan.1151; + } + e15-2 { + vlan-id 1152; + l3-interface vlan.1152; + } + e17-1 { + vlan-id 1171; + l3-interface vlan.1171; + } + e17-2 { + vlan-id 1172; + l3-interface vlan.1172; + } + e19-1 { + vlan-id 1191; + l3-interface vlan.1191; + } + e19-2 { + vlan-id 1192; + l3-interface vlan.1192; + } + e21-1 { + vlan-id 1211; + l3-interface vlan.1211; + } + e21-2 { + vlan-id 1212; + l3-interface vlan.1212; + } + e23-1 { + vlan-id 1231; + l3-interface vlan.1231; + } + e23-2 { + vlan-id 1232; + l3-interface vlan.1232; + } + e5-2 { + vlan-id 1052; + l3-interface vlan.1052; + } + e7-1 { + vlan-id 1071; + l3-interface vlan.1071; + } + e7-2 { + vlan-id 1072; + l3-interface vlan.1072; + } + e9-1 { + vlan-id 1091; + l3-interface vlan.1091; + } + e9-2 { + vlan-id 1092; + l3-interface vlan.1092; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/distro2.conf b/examples/tg16/netconf/distro2.conf new file mode 100644 index 00000000..15239778 --- /dev/null +++ b/examples/tg16/netconf/distro2.conf @@ -0,0 +1,1610 @@ +## Last changed: 2016-03-24 13:39:24 CET +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name distro2; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.102; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range aps { + member-range ge-0/0/36 to ge-0/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-2/0/36 to ge-2/0/47; + description "Management/klientnett AP-er"; + unit 0 { + family ethernet-switching { + vlan { + members aps_mgmt; + } + } + } + } + interface-range all-ports { + member-range ge-0/0/0 to ge-0/0/47; + member-range ge-1/0/0 to ge-1/0/47; + member-range ge-2/0/0 to ge-2/0/47; + member-range xe-0/1/0 to xe-0/1/3; + member-range xe-1/1/0 to xe-1/1/3; + member-range xe-2/1/0 to xe-2/1/3; + } + ge-0/0/0 { + description "e13-3 access / ae0"; + ether-options { + 802.3ad ae0; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/1 { + description "e13-4 access / ae1"; + ether-options { + 802.3ad ae1; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/2 { + description "e15-3 access / ae2"; + ether-options { + 802.3ad ae2; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/3 { + description "e15-4 access / ae3"; + ether-options { + 802.3ad ae3; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/4 { + description "e17-3 access / ae4"; + ether-options { + 802.3ad ae4; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/5 { + description "e17-4 access / ae5"; + ether-options { + 802.3ad ae5; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/6 { + description "e19-3 access / ae6"; + ether-options { + 802.3ad ae6; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/7 { + description "e19-4 access / ae7"; + ether-options { + 802.3ad ae7; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/8 { + description "e21-3 access / ae8"; + ether-options { + 802.3ad ae8; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/9 { + description "e21-4 access / ae9"; + ether-options { + 802.3ad ae9; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/10 { + description "e23-3 access / ae10"; + ether-options { + 802.3ad ae10; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/11 { + description "e23-4 access / ae11"; + ether-options { + 802.3ad ae11; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + xe-0/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-1/0/0 { + description "e13-3 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-1/0/1 { + description "e13-4 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-1/0/2 { + description "e15-3 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-1/0/3 { + description "e15-4 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-1/0/4 { + description "e17-3 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-1/0/5 { + description "e17-4 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/6 { + description "e19-3 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-1/0/7 { + description "e19-4 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-1/0/8 { + description "e21-3 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-1/0/9 { + description "e21-4 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-1/0/10 { + description "e23-3 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-1/0/11 { + description "e23-4 ae11"; + ether-options { + 802.3ad ae11; + } + } + xe-1/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-2/0/0 { + description "e13-3 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-2/0/1 { + description "e13-4 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-2/0/2 { + description "e15-3 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-2/0/3 { + description "e15-4 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-2/0/4 { + description "e17-3 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-2/0/5 { + description "e17-4 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-2/0/6 { + description "e19-3 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-2/0/7 { + description "e19-4 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-2/0/8 { + description "e21-3 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-2/0/9 { + description "e21-4 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-2/0/10 { + description "e23-3 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-2/0/11 { + description "e23-4 ae11"; + ether-options { + 802.3ad ae11; + } + } + ae0 { + description "e13-3 ae0"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e13-3 ]; + } + } + } + } + ae1 { + description "e13-4 ae1"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e13-4 ]; + } + } + } + } + ae2 { + description "e15-3 ae2"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e15-3 ]; + } + } + } + } + ae3 { + description "e15-4 ae3"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e15-4 ]; + } + } + } + } + ae4 { + description "e17-3 ae4"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e17-3 ]; + } + } + } + } + ae5 { + description "e17-4 ae5"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e17-4 ]; + } + } + } + } + ae6 { + description "e19-3 ae6"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e19-3 ]; + } + } + } + } + ae7 { + description "e19-4 ae7"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e19-4 ]; + } + } + } + } + ae8 { + description "e21-3 ae8"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e21-3 ]; + } + } + } + } + ae9 { + description "e21-4 ae9"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e21-4 ]; + } + } + } + } + ae10 { + description "e23-3 ae10"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e23-3 ]; + } + } + } + } + ae11 { + description "e23-4 ae11"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e23-4 ]; + } + } + } + } + ae31 { + description "Uplink mot coregw"; + unit 0 { + family inet { + address 185.110.148.157/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.102/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::102/128; + } + } + } + vlan { + unit 666 { + description "mgmt til aksesswitcher/fapfapfap"; + family inet { + address 88.92.54.129/26; + } + } + unit 777 { + description "mgmt til AP-ene"; + family inet { + address 88.92.51.129/26; + } + } + unit 1133 { + family inet { + address 88.92.5.65/26; + } + family inet6 { + address 2a06:5840:5b::1/64; + } + } + unit 1134 { + family inet { + address 88.92.5.129/26; + } + family inet6 { + address 2a06:5840:5c::1/64; + } + } + unit 1153 { + family inet { + address 88.92.6.65/26; + } + family inet6 { + address 2a06:5840:6b::1/64; + } + } + unit 1154 { + family inet { + address 88.92.6.129/26; + } + family inet6 { + address 2a06:5840:6c::1/64; + } + } + unit 1173 { + family inet { + address 88.92.7.65/26; + } + family inet6 { + address 2a06:5840:7b::1/64; + } + } + unit 1174 { + family inet { + address 88.92.7.129/26; + } + family inet6 { + address 2a06:5840:7c::1/64; + } + } + unit 1193 { + family inet { + address 88.92.8.65/26; + } + family inet6 { + address 2a06:5840:8b::1/64; + } + } + unit 1194 { + family inet { + address 88.92.8.129/26; + } + family inet6 { + address 2a06:5840:8c::1/64; + } + } + unit 1213 { + family inet { + address 88.92.9.65/26; + } + family inet6 { + address 2a06:5840:9b::1/64; + } + } + unit 1214 { + family inet { + address 88.92.9.129/26; + } + family inet6 { + address 2a06:5840:9c::1/64; + } + } + unit 1233 { + family inet { + address 88.92.10.65/26; + } + family inet6 { + address 2a06:5840:10b::1/64; + } + } + unit 1234 { + family inet { + address 88.92.10.129/26; + } + family inet6 { + address 2a06:5840:10c::1/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + inactive: helpers { + bootp { + dhcp-option82 { + circuit-id { + prefix hostname; + } + } + server 185.110.148.22; + interface { + vlan.666; + } + } + } + dhcp-relay { + inactive: dhcpv6 { + group edge-switches { + active-server-group v6-edge-switches; + overrides; + interface vlan.777; + interface vlan.1133; + interface vlan.1134; + interface vlan.1153; + interface vlan.1154; + interface vlan.1173; + interface vlan.1174; + interface vlan.1193; + interface vlan.1194; + interface vlan.1213; + interface vlan.1214; + interface vlan.1233; + interface vlan.1234; + } + server-group { + v6-edge-switches { + 2a06:5841:149a::2; + } + } + } + server-group { + v4-edge-switches { + 185.110.149.2; + 185.110.148.2; + } + fapfapfap-group { + 185.110.148.22; + } + } + group edge-switches { + active-server-group v4-edge-switches; + overrides { + trust-option-82; + } + interface vlan.777; + interface vlan.1133; + interface vlan.1134; + interface vlan.1153; + interface vlan.1154; + interface vlan.1173; + interface vlan.1174; + interface vlan.1193; + interface vlan.1194; + interface vlan.1213; + interface vlan.1214; + interface vlan.1233; + interface vlan.1234; + } + group fapfapfap { + active-server-group fapfapfap-group; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +event-options { + policy ae0down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/0 unit 0"; + "deactivate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle"; + } + } + } + } + policy ae0up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/0 unit 0"; + "activate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle"; + } + } + } + } + policy ae1down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/1 unit 0"; + "deactivate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle"; + } + } + } + } + policy ae1up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/1 unit 0"; + "activate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle"; + } + } + } + } + policy ae2down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/2 unit 0"; + "deactivate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle"; + } + } + } + } + policy ae2up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/2 unit 0"; + "activate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle"; + } + } + } + } + policy ae3down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/3 unit 0"; + "deactivate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle"; + } + } + } + } + policy ae3up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/3 unit 0"; + "activate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle"; + } + } + } + } + policy ae4down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/4 unit 0"; + "deactivate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle"; + } + } + } + } + policy ae4up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/4 unit 0"; + "activate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle"; + } + } + } + } + policy ae5down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/5 unit 0"; + "deactivate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle"; + } + } + } + } + policy ae5up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/5 unit 0"; + "activate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle"; + } + } + } + } + policy ae6down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/6 unit 0"; + "deactivate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle"; + } + } + } + } + policy ae6up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/6 unit 0"; + "activate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle"; + } + } + } + } + policy ae7down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/7 unit 0"; + "deactivate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle"; + } + } + } + } + policy ae7up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/7 unit 0"; + "activate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle"; + } + } + } + } + policy ae8down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/8 unit 0"; + "deactivate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae8 went down so removed ge-0/0/8 from bundle"; + } + } + } + } + policy ae8up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/8 unit 0"; + "activate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/8 to bundle"; + } + } + } + } + policy ae9down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/9 unit 0"; + "deactivate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae9 went down so removed ge-0/0/9 from bundle"; + } + } + } + } + policy ae9up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/9 unit 0"; + "activate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/9 to bundle"; + } + } + } + } + policy ae10down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/10 unit 0"; + "deactivate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae10 went down so removed ge-0/0/10 from bundle"; + } + } + } + } + policy ae10up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/10 unit 0"; + "activate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/10 to bundle"; + } + } + } + } + policy ae11down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/11 unit 0"; + "deactivate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae11 went down so removed ge-0/0/11 from bundle"; + } + } + } + } + policy ae11up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/11 unit 0"; + "activate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/11 to bundle"; + } + } + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + inactive: router-advertisement { + interface vlan.1133; + interface vlan.1134; + interface vlan.1153; + interface vlan.1154; + interface vlan.1173; + interface vlan.1174; + interface vlan.1193; + interface vlan.1194; + interface vlan.1213; + interface vlan.1214; + interface vlan.1233; + interface vlan.1234; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + sflow { + agent-id 185.110.148.102; + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 185.110.148.102; + collector ; + interfaces all-ports; + } + igmp-snooping { + vlan all; + } + rstp; + lldp { + management-address 185.110.148.102; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } + member 2 { + role line-card; + serial-number ; + } +} +ethernet-switching-options { + storm-control { + interface all; + } +} +vlans { + aps_mgmt { + vlan-id 777; + l3-interface vlan.777; + } + e13-3 { + vlan-id 1133; + l3-interface vlan.1133; + } + e13-4 { + vlan-id 1134; + l3-interface vlan.1134; + } + e15-3 { + vlan-id 1153; + l3-interface vlan.1153; + } + e15-4 { + vlan-id 1154; + l3-interface vlan.1154; + } + e17-3 { + vlan-id 1173; + l3-interface vlan.1173; + } + e17-4 { + vlan-id 1174; + l3-interface vlan.1174; + } + e19-3 { + vlan-id 1193; + l3-interface vlan.1193; + } + e19-4 { + vlan-id 1194; + l3-interface vlan.1194; + } + e21-3 { + vlan-id 1213; + l3-interface vlan.1213; + } + e21-4 { + vlan-id 1214; + l3-interface vlan.1214; + } + e23-3 { + vlan-id 1233; + l3-interface vlan.1233; + } + e23-4 { + vlan-id 1234; + l3-interface vlan.1234; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/distro3.conf b/examples/tg16/netconf/distro3.conf new file mode 100644 index 00000000..e780af35 --- /dev/null +++ b/examples/tg16/netconf/distro3.conf @@ -0,0 +1,1970 @@ +## Last changed: 2016-03-24 13:39:24 CET +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name distro3; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.103; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range aps { + member-range ge-0/0/36 to ge-0/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-2/0/36 to ge-2/0/47; + description "Management/klientnett AP-er"; + unit 0 { + family ethernet-switching { + vlan { + members aps_mgmt; + } + } + } + } + interface-range all-ports { + member-range ge-0/0/0 to ge-0/0/47; + member-range ge-1/0/0 to ge-1/0/47; + member-range ge-2/0/0 to ge-2/0/47; + member-range xe-0/1/0 to xe-0/1/3; + member-range xe-1/1/0 to xe-1/1/3; + member-range xe-2/1/0 to xe-2/1/3; + } + ge-0/0/0 { + description "e25-1 access / ae0"; + ether-options { + 802.3ad ae0; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/1 { + description "e25-2 access / ae1"; + ether-options { + 802.3ad ae1; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/2 { + description "e27-1 access / ae2"; + ether-options { + 802.3ad ae2; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/3 { + description "e27-2 access / ae3"; + ether-options { + 802.3ad ae3; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/4 { + description "e29-1 access / ae4"; + ether-options { + 802.3ad ae4; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/5 { + description "e29-2 access / ae5"; + ether-options { + 802.3ad ae5; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/6 { + description "e31-1 access / ae6"; + ether-options { + 802.3ad ae6; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/7 { + description "e31-2 access / ae7"; + ether-options { + 802.3ad ae7; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/8 { + description "e33-1 access / ae8"; + ether-options { + 802.3ad ae8; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/9 { + description "e33-2 access / ae9"; + ether-options { + 802.3ad ae9; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/10 { + description "e35-1 access / ae10"; + ether-options { + 802.3ad ae10; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/11 { + description "e35-2 access / ae11"; + ether-options { + 802.3ad ae11; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/12 { + description "e37-1 access / ae12"; + ether-options { + 802.3ad ae12; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/13 { + description "e37-2 access / ae13"; + ether-options { + 802.3ad ae13; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/14 { + description "e39-1 access / ae14"; + ether-options { + 802.3ad ae14; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/15 { + description "e39-2 access / ae15"; + ether-options { + 802.3ad ae15; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + xe-0/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-1/0/0 { + description "e25-1 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-1/0/1 { + description "e25-2 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-1/0/2 { + description "e27-1 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-1/0/3 { + description "e27-2 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-1/0/4 { + description "e29-1 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-1/0/5 { + description "e29-2 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/6 { + description "e31-1 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-1/0/7 { + description "e31-2 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-1/0/8 { + description "e33-1 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-1/0/9 { + description "e33-2 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-1/0/10 { + description "e35-1 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-1/0/11 { + description "e35-2 ae11"; + ether-options { + 802.3ad ae11; + } + } + ge-1/0/12 { + description "e37-1 ae12"; + ether-options { + 802.3ad ae12; + } + } + ge-1/0/13 { + description "e37-2 ae13"; + ether-options { + 802.3ad ae13; + } + } + ge-1/0/14 { + description "e39-1 ae14"; + ether-options { + 802.3ad ae14; + } + } + ge-1/0/15 { + description "e39-2 ae15"; + ether-options { + 802.3ad ae15; + } + } + xe-1/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-2/0/0 { + description "e25-1 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-2/0/1 { + description "e25-2 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-2/0/2 { + description "e27-1 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-2/0/3 { + description "e27-2 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-2/0/4 { + description "e29-1 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-2/0/5 { + description "e29-2 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-2/0/6 { + description "e31-1 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-2/0/7 { + description "e31-2 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-2/0/8 { + description "e33-1 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-2/0/9 { + description "e33-2 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-2/0/10 { + description "e35-1 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-2/0/11 { + description "e35-2 ae11"; + ether-options { + 802.3ad ae11; + } + } + ge-2/0/12 { + description "e37-1 ae12"; + ether-options { + 802.3ad ae12; + } + } + ge-2/0/13 { + description "e37-2 ae13"; + ether-options { + 802.3ad ae13; + } + } + ge-2/0/14 { + description "e39-1 ae14"; + ether-options { + 802.3ad ae14; + } + } + ge-2/0/15 { + description "e39-2 ae15"; + ether-options { + 802.3ad ae15; + } + } + ae0 { + description "e25-1 ae0"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e25-1 ]; + } + } + } + } + ae1 { + description "e25-2 ae1"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e25-2 ]; + } + } + } + } + ae2 { + description "e27-1 ae2"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e27-1 ]; + } + } + } + } + ae3 { + description "e27-2 ae3"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e27-2 ]; + } + } + } + } + ae4 { + description "e29-1 ae4"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e29-1 ]; + } + } + } + } + ae5 { + description "e29-2 ae5"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e29-2 ]; + } + } + } + } + ae6 { + description "e31-1 ae6"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e31-1 ]; + } + } + } + } + ae7 { + description "e31-2 ae7"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e31-2 ]; + } + } + } + } + ae8 { + description "e33-1 ae8"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e33-1 ]; + } + } + } + } + ae9 { + description "e33-2 ae9"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e33-2 ]; + } + } + } + } + ae10 { + description "e35-1 ae10"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e35-1 ]; + } + } + } + } + ae11 { + description "e35-2 ae11"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e35-2 ]; + } + } + } + } + ae12 { + description "e37-1 ae12"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e37-1 ]; + } + } + } + } + ae13 { + description "e37-2 ae13"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e37-2 ]; + } + } + } + } + ae14 { + description "e39-1 ae14"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e39-1 ]; + } + } + } + } + ae15 { + description "e39-2 ae15"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e39-2 ]; + } + } + } + } + ae31 { + description "Uplink mot coregw"; + unit 0 { + family inet { + address 185.110.148.159/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.103/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::103/128; + } + } + } + vlan { + unit 666 { + description "mgmt til aksesswitcher/fapfapfap"; + family inet { + address 88.92.54.193/26; + } + } + unit 777 { + description "mgmt til AP-ene"; + family inet { + address 88.92.51.193/26; + } + } + unit 1251 { + family inet { + address 88.92.10.193/26; + } + family inet6 { + address 2a06:5840:10d::1/64; + } + } + unit 1252 { + family inet { + address 88.92.11.1/26; + } + family inet6 { + address 2a06:5840:11a::1/64; + } + } + unit 1271 { + family inet { + address 88.92.11.65/26; + } + family inet6 { + address 2a06:5840:11b::1/64; + } + } + unit 1272 { + family inet { + address 88.92.11.129/26; + } + family inet6 { + address 2a06:5840:11c::1/64; + } + } + unit 1291 { + family inet { + address 88.92.11.193/26; + } + family inet6 { + address 2a06:5840:11d::1/64; + } + } + unit 1292 { + family inet { + address 88.92.12.1/26; + } + family inet6 { + address 2a06:5840:12a::1/64; + } + } + unit 1311 { + family inet { + address 88.92.12.65/26; + } + family inet6 { + address 2a06:5840:12b::1/64; + } + } + unit 1312 { + family inet { + address 88.92.12.129/26; + } + family inet6 { + address 2a06:5840:12c::1/64; + } + } + unit 1331 { + family inet { + address 88.92.12.193/26; + } + family inet6 { + address 2a06:5840:12d::1/64; + } + } + unit 1332 { + family inet { + address 88.92.13.1/26; + } + family inet6 { + address 2a06:5840:13a::1/64; + } + } + unit 1351 { + family inet { + address 88.92.13.65/26; + } + family inet6 { + address 2a06:5840:13b::1/64; + } + } + unit 1352 { + family inet { + address 88.92.13.129/26; + } + family inet6 { + address 2a06:5840:13c::1/64; + } + } + unit 1371 { + family inet { + address 88.92.13.193/26; + } + family inet6 { + address 2a06:5840:13d::1/64; + } + } + unit 1372 { + family inet { + address 88.92.14.1/26; + } + family inet6 { + address 2a06:5840:14a::1/64; + } + } + unit 1391 { + family inet { + address 88.92.14.65/26; + } + family inet6 { + address 2a06:5840:14b::1/64; + } + } + unit 1392 { + family inet { + address 88.92.14.129/26; + } + family inet6 { + address 2a06:5840:14c::1/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + inactive: helpers { + bootp { + dhcp-option82 { + circuit-id { + prefix hostname; + } + } + server 185.110.148.22; + interface { + vlan.666; + } + } + } + dhcp-relay { + inactive: dhcpv6 { + group edge-switches { + active-server-group v6-edge-switches; + overrides; + interface vlan.777; + interface vlan.1251; + interface vlan.1252; + interface vlan.1271; + interface vlan.1272; + interface vlan.1291; + interface vlan.1292; + interface vlan.1311; + interface vlan.1312; + interface vlan.1331; + interface vlan.1332; + interface vlan.1351; + interface vlan.1352; + interface vlan.1371; + interface vlan.1372; + interface vlan.1391; + interface vlan.1392; + } + server-group { + v6-edge-switches { + 2a06:5841:149a::2; + } + } + } + server-group { + v4-edge-switches { + 185.110.149.2; + 185.110.148.2; + } + fapfapfap-group { + 185.110.148.22; + } + } + group edge-switches { + active-server-group v4-edge-switches; + overrides { + trust-option-82; + } + interface vlan.777; + interface vlan.1251; + interface vlan.1252; + interface vlan.1271; + interface vlan.1272; + interface vlan.1291; + interface vlan.1292; + interface vlan.1311; + interface vlan.1312; + interface vlan.1331; + interface vlan.1332; + interface vlan.1351; + interface vlan.1352; + interface vlan.1371; + interface vlan.1372; + interface vlan.1391; + interface vlan.1392; + } + group fapfapfap { + active-server-group fapfapfap-group; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +event-options { + policy ae0down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/0 unit 0"; + "deactivate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle"; + } + } + } + } + policy ae0up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/0 unit 0"; + "activate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle"; + } + } + } + } + policy ae1down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/1 unit 0"; + "deactivate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle"; + } + } + } + } + policy ae1up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/1 unit 0"; + "activate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle"; + } + } + } + } + policy ae2down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/2 unit 0"; + "deactivate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle"; + } + } + } + } + policy ae2up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/2 unit 0"; + "activate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle"; + } + } + } + } + policy ae3down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/3 unit 0"; + "deactivate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle"; + } + } + } + } + policy ae3up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/3 unit 0"; + "activate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle"; + } + } + } + } + policy ae4down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/4 unit 0"; + "deactivate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle"; + } + } + } + } + policy ae4up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/4 unit 0"; + "activate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle"; + } + } + } + } + policy ae5down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/5 unit 0"; + "deactivate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle"; + } + } + } + } + policy ae5up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/5 unit 0"; + "activate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle"; + } + } + } + } + policy ae6down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/6 unit 0"; + "deactivate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle"; + } + } + } + } + policy ae6up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/6 unit 0"; + "activate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle"; + } + } + } + } + policy ae7down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/7 unit 0"; + "deactivate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle"; + } + } + } + } + policy ae7up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/7 unit 0"; + "activate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle"; + } + } + } + } + policy ae8down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/8 unit 0"; + "deactivate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae8 went down so removed ge-0/0/8 from bundle"; + } + } + } + } + policy ae8up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/8 unit 0"; + "activate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/8 to bundle"; + } + } + } + } + policy ae9down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/9 unit 0"; + "deactivate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae9 went down so removed ge-0/0/9 from bundle"; + } + } + } + } + policy ae9up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/9 unit 0"; + "activate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/9 to bundle"; + } + } + } + } + policy ae10down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/10 unit 0"; + "deactivate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae10 went down so removed ge-0/0/10 from bundle"; + } + } + } + } + policy ae10up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/10 unit 0"; + "activate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/10 to bundle"; + } + } + } + } + policy ae11down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/11 unit 0"; + "deactivate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae11 went down so removed ge-0/0/11 from bundle"; + } + } + } + } + policy ae11up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/11 unit 0"; + "activate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/11 to bundle"; + } + } + } + } + policy ae12down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae12$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/12 unit 0"; + "deactivate interfaces ge-0/0/12 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae12 went down so removed ge-0/0/12 from bundle"; + } + } + } + } + policy ae12up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae12$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/12 unit 0"; + "activate interfaces ge-0/0/12 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/12 to bundle"; + } + } + } + } + policy ae13down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae13$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/13 unit 0"; + "deactivate interfaces ge-0/0/13 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae13 went down so removed ge-0/0/13 from bundle"; + } + } + } + } + policy ae13up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae13$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/13 unit 0"; + "activate interfaces ge-0/0/13 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/13 to bundle"; + } + } + } + } + policy ae14down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae14$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/14 unit 0"; + "deactivate interfaces ge-0/0/14 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae14 went down so removed ge-0/0/14 from bundle"; + } + } + } + } + policy ae14up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae14$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/14 unit 0"; + "activate interfaces ge-0/0/14 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/14 to bundle"; + } + } + } + } + policy ae15down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae15$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/15 unit 0"; + "deactivate interfaces ge-0/0/15 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae15 went down so removed ge-0/0/15 from bundle"; + } + } + } + } + policy ae15up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae15$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/15 unit 0"; + "activate interfaces ge-0/0/15 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/15 to bundle"; + } + } + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + inactive: router-advertisement { + interface vlan.1251; + interface vlan.1252; + interface vlan.1271; + interface vlan.1272; + interface vlan.1291; + interface vlan.1292; + interface vlan.1311; + interface vlan.1312; + interface vlan.1331; + interface vlan.1332; + interface vlan.1351; + interface vlan.1352; + interface vlan.1371; + interface vlan.1372; + interface vlan.1391; + interface vlan.1392; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + sflow { + agent-id 185.110.148.103; + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 185.110.148.103; + collector ; + interfaces all-ports; + } + igmp-snooping { + vlan all; + } + rstp; + lldp { + management-address 185.110.148.103; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } + member 2 { + role line-card; + serial-number ; + } +} +ethernet-switching-options { + storm-control { + interface all; + } +} +vlans { + aps_mgmt { + vlan-id 777; + l3-interface vlan.777; + } + e25-1 { + vlan-id 1251; + l3-interface vlan.1251; + } + e25-2 { + vlan-id 1252; + l3-interface vlan.1252; + } + e27-1 { + vlan-id 1271; + l3-interface vlan.1271; + } + e27-2 { + vlan-id 1272; + l3-interface vlan.1272; + } + e29-1 { + vlan-id 1291; + l3-interface vlan.1291; + } + e29-2 { + vlan-id 1292; + l3-interface vlan.1292; + } + e31-1 { + vlan-id 1311; + l3-interface vlan.1311; + } + e31-2 { + vlan-id 1312; + l3-interface vlan.1312; + } + e33-1 { + vlan-id 1331; + l3-interface vlan.1331; + } + e33-2 { + vlan-id 1332; + l3-interface vlan.1332; + } + e35-1 { + vlan-id 1351; + l3-interface vlan.1351; + } + e35-2 { + vlan-id 1352; + l3-interface vlan.1352; + } + e37-1 { + vlan-id 1371; + l3-interface vlan.1371; + } + e37-2 { + vlan-id 1372; + l3-interface vlan.1372; + } + e39-1 { + vlan-id 1391; + l3-interface vlan.1391; + } + e39-2 { + vlan-id 1392; + l3-interface vlan.1392; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/distro3_clean_generated.conf b/examples/tg16/netconf/distro3_clean_generated.conf new file mode 100644 index 00000000..f82ed448 --- /dev/null +++ b/examples/tg16/netconf/distro3_clean_generated.conf @@ -0,0 +1,770 @@ +set groups SET_AE_DEFAULTS interfaces aggregated-ether-options lacp active +set groups SET_OSPF_DEFAULTS protocols ospf reference-bandwidth 1000g +set groups SET_OSPF_DEFAULTS protocols ospf3 reference-bandwidth 1000g +set groups SET_RA_DEFAULTS protocols router-advertisement interface max-advertisement-interval 15 +set groups SET_RA_DEFAULTS protocols router-advertisement interface managed-configuration +set system host-name distro3 +set system auto-snapshot +set system domain-name infra.gathering.org +set system time-zone Europe/Oslo +set system authentication-order tacplus +set system root-authentication encrypted-password "" +set system name-server 185.110.149.2 +set system name-server 185.110.148.2 +set system name-server 2a06:5841:149a::2 +set system name-server 2a06:5841:1337::2 +set system tacplus-server secret "" +set system tacplus-server source-address 185.110.148.103 +set system login user technet uid 2000 +set system login user technet class super-user +set system login user technet authentication encrypted-password "" +set system services ssh root-login deny +set system services ssh no-tcp-forwarding +set system services ssh client-alive-count-max 2 +set system services ssh client-alive-interval 300 +set system services ssh connection-limit 5 +set system services ssh rate-limit 5 +set system services netconf ssh connection-limit 3 +set system services netconf ssh rate-limit 3 +set system syslog user * any emergency +set system syslog host 185.110.148.17 any info +set system syslog host 185.110.148.17 authorization info +set system syslog host 185.110.148.17 port 515 +set system syslog file messages any notice +set system syslog file messages authorization info +set system syslog file interactive-commands interactive-commands any +set system archival configuration transfer-on-commit +set system archival configuration archive-sites "scp://@/home/tgconfig/configs/" password "" +set system commit synchronize +set system ntp server 2001:700:100:2::6 +set chassis aggregated-devices ethernet device-count 32 +set chassis alarm management-ethernet link-down ignore +set chassis auto-image-upgrade +set security ssh-known-hosts host ecdsa-sha2-nistp256-key +set interfaces apply-groups SET_AE_DEFAULTS +set interfaces interface-range aps member-range ge-0/0/36 to ge-0/0/47 +set interfaces interface-range aps member-range ge-1/0/36 to ge-1/0/47 +set interfaces interface-range aps member-range ge-2/0/36 to ge-2/0/47 +set interfaces interface-range aps description "Management/klientnett AP-er" +set interfaces interface-range aps unit 0 family ethernet-switching vlan members aps_mgmt +set interfaces xe-0/1/0 description "Uplink mot coregw" +set interfaces xe-0/1/0 ether-options 802.3ad ae31 +set interfaces xe-1/1/0 description "Uplink mot coregw" +set interfaces xe-1/1/0 ether-options 802.3ad ae31 +set interfaces ae31 description "Uplink mot coregw" +set interfaces ae31 unit 0 family inet address 185.110.148.159/31 +set interfaces ae31 unit 0 family inet6 +set interfaces vlan unit 666 description "mgmt til aksesswitcher/fapfapfap" +set interfaces vlan unit 666 family inet address 88.92.54.193/26 +set interfaces vlan unit 777 description "mgmt til AP-ene" +set interfaces vlan unit 777 family inet address 88.92.51.193/26 +set interfaces lo0 unit 0 family inet filter input protect-mgmt-v4 +set interfaces lo0 unit 0 family inet address 185.110.148.103/32 +set interfaces lo0 unit 0 family inet6 filter input protect-mgmt-v6 +set interfaces lo0 unit 0 family inet6 address 2a06:5841:148b::103/128 +set snmp community authorization read-only +set snmp community client-list-name mgmt +set snmp community authorization read-only +set snmp community client-list-name mgmt-nms +set forwarding-options dhcp-relay dhcpv6 group edge-switches active-server-group v6-edge-switches +set forwarding-options dhcp-relay dhcpv6 group edge-switches overrides +set forwarding-options dhcp-relay dhcpv6 server-group v6-edge-switches 2a06:5841:149a::2 +set forwarding-options dhcp-relay server-group v4-edge-switches 185.110.149.2 +set forwarding-options dhcp-relay server-group v4-edge-switches 185.110.148.2 +set forwarding-options dhcp-relay server-group fapfapfap-group 185.110.148.22 +set forwarding-options dhcp-relay group edge-switches active-server-group v4-edge-switches +set forwarding-options dhcp-relay group edge-switches overrides trust-option-82 +set forwarding-options dhcp-relay group edge-switches interface vlan.777 +set forwarding-options dhcp-relay group fapfapfap active-server-group fapfapfap-group +set forwarding-options dhcp-relay group fapfapfap relay-option-82 circuit-id prefix host-name +set forwarding-options dhcp-relay group fapfapfap relay-option-82 circuit-id include-irb-and-l2 +set forwarding-options dhcp-relay group fapfapfap interface vlan.666 +set protocols apply-groups SET_OSPF_DEFAULTS +set protocols apply-groups SET_RA_DEFAULTS +set protocols mld +set protocols ospf export static-to-ospf +set protocols ospf export direct-to-ospf +set protocols ospf area 0.0.0.0 interface ae31 +set protocols ospf3 export static-to-ospf +set protocols ospf3 export direct-to-ospf +set protocols ospf3 area 0.0.0.0 interface ae31 +set protocols pim rp static address 2a06:5841:148b::67 +set protocols pim rp static address 185.110.148.67 +set protocols igmp-snooping vlan all +set protocols rstp +set protocols lldp management-address 185.110.148.103 +set protocols lldp interface all +set protocols lldp-med interface all +set policy-options prefix-list mgmt-v4 31.220.7.113/32 +set policy-options prefix-list mgmt-v4 64.28.6.166/32 +set policy-options prefix-list mgmt-v4 80.91.36.76/32 +set policy-options prefix-list mgmt-v4 84.208.175.47/32 +set policy-options prefix-list mgmt-v4 134.90.150.160/27 +set policy-options prefix-list mgmt-v4 176.58.99.158/32 +set policy-options prefix-list mgmt-v4 185.110.148.0/22 +set policy-options prefix-list mgmt-v6 2a00:1a28:1157:6::73ed/128 +set policy-options prefix-list mgmt-v6 2a01:9900:0:f003::76/128 +set policy-options prefix-list mgmt-v6 2a02:20c8:1930::/64 +set policy-options prefix-list mgmt-v6 2a06:5841::/32 +set policy-options prefix-list mgmt 31.220.7.113/32 +set policy-options prefix-list mgmt 64.28.6.166/32 +set policy-options prefix-list mgmt 80.91.36.76/32 +set policy-options prefix-list mgmt 84.208.175.47/32 +set policy-options prefix-list mgmt 85.165.87.5/32 +set policy-options prefix-list mgmt 134.90.150.160/27 +set policy-options prefix-list mgmt 185.110.148.0/22 +set policy-options prefix-list mgmt 2a00:1a28:1157:6::73ed/128 +set policy-options prefix-list mgmt 2a01:9900:0:f003::76/128 +set policy-options prefix-list mgmt 2a02:20c8:1930::/64 +set policy-options prefix-list mgmt 2a06:5841::/32 +set policy-options prefix-list mgmt-v4-nms 185.110.148.11/32 +set policy-options prefix-list mgmt-v4-nms 185.110.148.12/32 +set policy-options prefix-list mgmt-v6-nms 2a06:5841:1337::11/128 +set policy-options prefix-list mgmt-v6-nms 2a06:5841:1337::12/128 +set policy-options prefix-list mgmt-nms 185.110.148.11/32 +set policy-options prefix-list mgmt-nms 185.110.148.12/32 +set policy-options prefix-list mgmt-nms 185.110.150.10/32 +set policy-options prefix-list mgmt-nms 2a06:5841:1337::11/128 +set policy-options prefix-list mgmt-nms 2a06:5841:1337::12/128 +set policy-options prefix-list icmp_unthrottled-v4 185.110.148.0/22 +set policy-options prefix-list icmp_unthrottled-v4 193.212.22.0/30 +set policy-options prefix-list icmp_unthrottled-v6 2001:4600:9:300::290/126 +set policy-options prefix-list icmp_unthrottled-v6 2a06:5841::/32 +set policy-options policy-statement direct-to-ospf from protocol direct +set policy-options policy-statement direct-to-ospf then external type 1 +set policy-options policy-statement direct-to-ospf then accept +set policy-options policy-statement static-to-ospf from protocol static +set policy-options policy-statement static-to-ospf then external type 1 +set policy-options policy-statement static-to-ospf then accept +set firewall family inet filter protect-mgmt-v4 term accept-ssh from source-prefix-list mgmt-v4 +set firewall family inet filter protect-mgmt-v4 term accept-ssh from destination-port 22 +set firewall family inet filter protect-mgmt-v4 term accept-ssh then accept +set firewall family inet filter protect-mgmt-v4 term discard-ssh from destination-port 22 +set firewall family inet filter protect-mgmt-v4 term discard-ssh then discard +set firewall family inet filter protect-mgmt-v4 term snmp-nms from source-prefix-list mgmt-v4-nms +set firewall family inet filter protect-mgmt-v4 term snmp-nms from destination-port snmp +set firewall family inet filter protect-mgmt-v4 term snmp-nms then accept +set firewall family inet filter protect-mgmt-v4 term snmp-throttle from source-prefix-list mgmt-v4 +set firewall family inet filter protect-mgmt-v4 term snmp-throttle from destination-port snmp +set firewall family inet filter protect-mgmt-v4 term snmp-throttle then accept +set firewall family inet filter protect-mgmt-v4 term icmp-trusted from source-prefix-list icmp_unthrottled-v4 +set firewall family inet filter protect-mgmt-v4 term icmp-trusted from protocol icmp +set firewall family inet filter protect-mgmt-v4 term icmp-trusted then accept +set firewall family inet filter protect-mgmt-v4 term icmp-throttled from protocol icmp +set firewall family inet filter protect-mgmt-v4 term icmp-throttled then accept +set firewall family inet filter protect-mgmt-v4 term accept-all then accept +set firewall family inet6 filter protect-mgmt-v6 term accept-ssh from source-prefix-list mgmt-v6 +set firewall family inet6 filter protect-mgmt-v6 term accept-ssh from destination-port 22 +set firewall family inet6 filter protect-mgmt-v6 term accept-ssh then accept +set firewall family inet6 filter protect-mgmt-v6 term discard-ssh from destination-port 22 +set firewall family inet6 filter protect-mgmt-v6 term discard-ssh then discard +set firewall family inet6 filter protect-mgmt-v6 term snmp-nms from source-prefix-list mgmt-v6-nms +set firewall family inet6 filter protect-mgmt-v6 term snmp-nms from destination-port snmp +set firewall family inet6 filter protect-mgmt-v6 term snmp-nms then accept +set firewall family inet6 filter protect-mgmt-v6 term snmp-throttle from source-prefix-list mgmt-v6 +set firewall family inet6 filter protect-mgmt-v6 term snmp-throttle from destination-port snmp +set firewall family inet6 filter protect-mgmt-v6 term snmp-throttle then accept +set firewall family inet6 filter protect-mgmt-v6 term icmp-trusted from source-prefix-list icmp_unthrottled-v6 +set firewall family inet6 filter protect-mgmt-v6 term icmp-trusted from next-header icmp6 +set firewall family inet6 filter protect-mgmt-v6 term icmp-trusted then accept +set firewall family inet6 filter protect-mgmt-v6 term icmp-throttled from next-header icmp6 +set firewall family inet6 filter protect-mgmt-v6 term icmp-throttled then accept +set firewall family inet6 filter protect-mgmt-v6 term accept-all then accept +set ethernet-switching-options storm-control interface all +set poe interface all +set vlans mgmt vlan-id 666 +set vlans mgmt l3-interface vlan.666 +set vlans aps_mgmt vlan-id 777 +set vlans aps_mgmt l3-interface vlan.777 + +set interfaces ge-0/0/0 description "e25-1 access / ae0" +set interfaces ge-0/0/0 ether-options 802.3ad ae0 +set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/0 ether-options +set interfaces ge-1/0/0 description "e25-1 ae0" +set interfaces ge-1/0/0 ether-options 802.3ad ae0 +set interfaces ge-2/0/0 description "e25-1 ae0" +set interfaces ge-2/0/0 ether-options 802.3ad ae0 +set interfaces ae0 description "e25-1 ae0" +set interfaces ae0 unit 0 family ethernet-switching port-mode trunk +set interfaces ae0 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae0 unit 0 family ethernet-switching vlan members e25-1 +set interfaces vlan unit 1251 family inet address 88.92.10.193/26 +set interfaces vlan unit 1251 family inet6 address 2a06:5840:10d::1/64 +set event-options policy ae0down events snmp_trap_link_down +set event-options policy ae0down attributes-match snmp_trap_link_down.interface-name matches "ae0$" +set event-options policy ae0down then change-configuration retry count 10 +set event-options policy ae0down then change-configuration retry interval 10 +set event-options policy ae0down then change-configuration commands "activate interfaces ge-0/0/0 unit 0" +set event-options policy ae0down then change-configuration commands "deactivate interfaces ge-0/0/0 ether-options" +set event-options policy ae0down then change-configuration user-name technet +set event-options policy ae0down then change-configuration commit-options log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle" +set event-options policy ae0up events snmp_trap_link_up +set event-options policy ae0up attributes-match snmp_trap_link_up.interface-name matches "ae0$" +set event-options policy ae0up then change-configuration retry count 10 +set event-options policy ae0up then change-configuration retry interval 10 +set event-options policy ae0up then change-configuration commands "deactivate interfaces ge-0/0/0 unit 0" +set event-options policy ae0up then change-configuration commands "activate interfaces ge-0/0/0 ether-options" +set event-options policy ae0up then change-configuration user-name technet +set event-options policy ae0up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle" +set vlans e25-1 vlan-id 1251 +set vlans e25-1 l3-interface vlan.1251 +set protocols router-advertisement interface vlan.1251 +set forwarding-options dhcp-relay group edge-switches interface vlan.1251 + + +set interfaces ge-0/0/1 description "e25-2 access / ae1" +set interfaces ge-0/0/1 ether-options 802.3ad ae1 +set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/1 ether-options +set interfaces ge-1/0/1 description "e25-2 ae1" +set interfaces ge-1/0/1 ether-options 802.3ad ae1 +set interfaces ge-2/0/1 description "e25-2 ae1" +set interfaces ge-2/0/1 ether-options 802.3ad ae1 +set interfaces ae1 description "e25-2 ae1" +set interfaces ae1 unit 0 family ethernet-switching port-mode trunk +set interfaces ae1 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae1 unit 0 family ethernet-switching vlan members e25-2 +set interfaces vlan unit 1252 family inet address 88.92.11.1/26 +set interfaces vlan unit 1252 family inet6 address 2a06:5840:11a::1/64 +set event-options policy ae1down events snmp_trap_link_down +set event-options policy ae1down attributes-match snmp_trap_link_down.interface-name matches "ae1$" +set event-options policy ae1down then change-configuration retry count 10 +set event-options policy ae1down then change-configuration retry interval 10 +set event-options policy ae1down then change-configuration commands "activate interfaces ge-0/0/1 unit 0" +set event-options policy ae1down then change-configuration commands "deactivate interfaces ge-0/0/1 ether-options" +set event-options policy ae1down then change-configuration user-name technet +set event-options policy ae1down then change-configuration commit-options log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle" +set event-options policy ae1up events snmp_trap_link_up +set event-options policy ae1up attributes-match snmp_trap_link_up.interface-name matches "ae1$" +set event-options policy ae1up then change-configuration retry count 10 +set event-options policy ae1up then change-configuration retry interval 10 +set event-options policy ae1up then change-configuration commands "deactivate interfaces ge-0/0/1 unit 0" +set event-options policy ae1up then change-configuration commands "activate interfaces ge-0/0/1 ether-options" +set event-options policy ae1up then change-configuration user-name technet +set event-options policy ae1up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle" +set vlans e25-2 vlan-id 1252 +set vlans e25-2 l3-interface vlan.1252 +set protocols router-advertisement interface vlan.1252 +set forwarding-options dhcp-relay group edge-switches interface vlan.1252 + + +set interfaces ge-0/0/2 description "e27-1 access / ae2" +set interfaces ge-0/0/2 ether-options 802.3ad ae2 +set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/2 ether-options +set interfaces ge-1/0/2 description "e27-1 ae2" +set interfaces ge-1/0/2 ether-options 802.3ad ae2 +set interfaces ge-2/0/2 description "e27-1 ae2" +set interfaces ge-2/0/2 ether-options 802.3ad ae2 +set interfaces ae2 description "e27-1 ae2" +set interfaces ae2 unit 0 family ethernet-switching port-mode trunk +set interfaces ae2 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae2 unit 0 family ethernet-switching vlan members e27-1 +set interfaces vlan unit 1271 family inet address 88.92.11.65/26 +set interfaces vlan unit 1271 family inet6 address 2a06:5840:11b::1/64 +set event-options policy ae2down events snmp_trap_link_down +set event-options policy ae2down attributes-match snmp_trap_link_down.interface-name matches "ae2$" +set event-options policy ae2down then change-configuration retry count 10 +set event-options policy ae2down then change-configuration retry interval 10 +set event-options policy ae2down then change-configuration commands "activate interfaces ge-0/0/2 unit 0" +set event-options policy ae2down then change-configuration commands "deactivate interfaces ge-0/0/2 ether-options" +set event-options policy ae2down then change-configuration user-name technet +set event-options policy ae2down then change-configuration commit-options log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle" +set event-options policy ae2up events snmp_trap_link_up +set event-options policy ae2up attributes-match snmp_trap_link_up.interface-name matches "ae2$" +set event-options policy ae2up then change-configuration retry count 10 +set event-options policy ae2up then change-configuration retry interval 10 +set event-options policy ae2up then change-configuration commands "deactivate interfaces ge-0/0/2 unit 0" +set event-options policy ae2up then change-configuration commands "activate interfaces ge-0/0/2 ether-options" +set event-options policy ae2up then change-configuration user-name technet +set event-options policy ae2up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle" +set vlans e27-1 vlan-id 1271 +set vlans e27-1 l3-interface vlan.1271 +set protocols router-advertisement interface vlan.1271 +set forwarding-options dhcp-relay group edge-switches interface vlan.1271 + + +set interfaces ge-0/0/3 description "e27-2 access / ae3" +set interfaces ge-0/0/3 ether-options 802.3ad ae3 +set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/3 ether-options +set interfaces ge-1/0/3 description "e27-2 ae3" +set interfaces ge-1/0/3 ether-options 802.3ad ae3 +set interfaces ge-2/0/3 description "e27-2 ae3" +set interfaces ge-2/0/3 ether-options 802.3ad ae3 +set interfaces ae3 description "e27-2 ae3" +set interfaces ae3 unit 0 family ethernet-switching port-mode trunk +set interfaces ae3 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae3 unit 0 family ethernet-switching vlan members e27-2 +set interfaces vlan unit 1272 family inet address 88.92.11.129/26 +set interfaces vlan unit 1272 family inet6 address 2a06:5840:11c::1/64 +set event-options policy ae3down events snmp_trap_link_down +set event-options policy ae3down attributes-match snmp_trap_link_down.interface-name matches "ae3$" +set event-options policy ae3down then change-configuration retry count 10 +set event-options policy ae3down then change-configuration retry interval 10 +set event-options policy ae3down then change-configuration commands "activate interfaces ge-0/0/3 unit 0" +set event-options policy ae3down then change-configuration commands "deactivate interfaces ge-0/0/3 ether-options" +set event-options policy ae3down then change-configuration user-name technet +set event-options policy ae3down then change-configuration commit-options log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle" +set event-options policy ae3up events snmp_trap_link_up +set event-options policy ae3up attributes-match snmp_trap_link_up.interface-name matches "ae3$" +set event-options policy ae3up then change-configuration retry count 10 +set event-options policy ae3up then change-configuration retry interval 10 +set event-options policy ae3up then change-configuration commands "deactivate interfaces ge-0/0/3 unit 0" +set event-options policy ae3up then change-configuration commands "activate interfaces ge-0/0/3 ether-options" +set event-options policy ae3up then change-configuration user-name technet +set event-options policy ae3up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle" +set vlans e27-2 vlan-id 1272 +set vlans e27-2 l3-interface vlan.1272 +set protocols router-advertisement interface vlan.1272 +set forwarding-options dhcp-relay group edge-switches interface vlan.1272 + + +set interfaces ge-0/0/4 description "e29-1 access / ae4" +set interfaces ge-0/0/4 ether-options 802.3ad ae4 +set interfaces ge-0/0/4 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/4 ether-options +set interfaces ge-1/0/4 description "e29-1 ae4" +set interfaces ge-1/0/4 ether-options 802.3ad ae4 +set interfaces ge-2/0/4 description "e29-1 ae4" +set interfaces ge-2/0/4 ether-options 802.3ad ae4 +set interfaces ae4 description "e29-1 ae4" +set interfaces ae4 unit 0 family ethernet-switching port-mode trunk +set interfaces ae4 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae4 unit 0 family ethernet-switching vlan members e29-1 +set interfaces vlan unit 1291 family inet address 88.92.11.193/26 +set interfaces vlan unit 1291 family inet6 address 2a06:5840:11d::1/64 +set event-options policy ae4down events snmp_trap_link_down +set event-options policy ae4down attributes-match snmp_trap_link_down.interface-name matches "ae4$" +set event-options policy ae4down then change-configuration retry count 10 +set event-options policy ae4down then change-configuration retry interval 10 +set event-options policy ae4down then change-configuration commands "activate interfaces ge-0/0/4 unit 0" +set event-options policy ae4down then change-configuration commands "deactivate interfaces ge-0/0/4 ether-options" +set event-options policy ae4down then change-configuration user-name technet +set event-options policy ae4down then change-configuration commit-options log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle" +set event-options policy ae4up events snmp_trap_link_up +set event-options policy ae4up attributes-match snmp_trap_link_up.interface-name matches "ae4$" +set event-options policy ae4up then change-configuration retry count 10 +set event-options policy ae4up then change-configuration retry interval 10 +set event-options policy ae4up then change-configuration commands "deactivate interfaces ge-0/0/4 unit 0" +set event-options policy ae4up then change-configuration commands "activate interfaces ge-0/0/4 ether-options" +set event-options policy ae4up then change-configuration user-name technet +set event-options policy ae4up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle" +set vlans e29-1 vlan-id 1291 +set vlans e29-1 l3-interface vlan.1291 +set protocols router-advertisement interface vlan.1291 +set forwarding-options dhcp-relay group edge-switches interface vlan.1291 + + +set interfaces ge-0/0/5 description "e29-2 access / ae5" +set interfaces ge-0/0/5 ether-options 802.3ad ae5 +set interfaces ge-0/0/5 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/5 ether-options +set interfaces ge-1/0/5 description "e29-2 ae5" +set interfaces ge-1/0/5 ether-options 802.3ad ae5 +set interfaces ge-2/0/5 description "e29-2 ae5" +set interfaces ge-2/0/5 ether-options 802.3ad ae5 +set interfaces ae5 description "e29-2 ae5" +set interfaces ae5 unit 0 family ethernet-switching port-mode trunk +set interfaces ae5 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae5 unit 0 family ethernet-switching vlan members e29-2 +set interfaces vlan unit 1292 family inet address 88.92.12.1/26 +set interfaces vlan unit 1292 family inet6 address 2a06:5840:12a::1/64 +set event-options policy ae5down events snmp_trap_link_down +set event-options policy ae5down attributes-match snmp_trap_link_down.interface-name matches "ae5$" +set event-options policy ae5down then change-configuration retry count 10 +set event-options policy ae5down then change-configuration retry interval 10 +set event-options policy ae5down then change-configuration commands "activate interfaces ge-0/0/5 unit 0" +set event-options policy ae5down then change-configuration commands "deactivate interfaces ge-0/0/5 ether-options" +set event-options policy ae5down then change-configuration user-name technet +set event-options policy ae5down then change-configuration commit-options log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle" +set event-options policy ae5up events snmp_trap_link_up +set event-options policy ae5up attributes-match snmp_trap_link_up.interface-name matches "ae5$" +set event-options policy ae5up then change-configuration retry count 10 +set event-options policy ae5up then change-configuration retry interval 10 +set event-options policy ae5up then change-configuration commands "deactivate interfaces ge-0/0/5 unit 0" +set event-options policy ae5up then change-configuration commands "activate interfaces ge-0/0/5 ether-options" +set event-options policy ae5up then change-configuration user-name technet +set event-options policy ae5up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle" +set vlans e29-2 vlan-id 1292 +set vlans e29-2 l3-interface vlan.1292 +set protocols router-advertisement interface vlan.1292 +set forwarding-options dhcp-relay group edge-switches interface vlan.1292 + + +set interfaces ge-0/0/6 description "e31-1 access / ae6" +set interfaces ge-0/0/6 ether-options 802.3ad ae6 +set interfaces ge-0/0/6 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/6 ether-options +set interfaces ge-1/0/6 description "e31-1 ae6" +set interfaces ge-1/0/6 ether-options 802.3ad ae6 +set interfaces ge-2/0/6 description "e31-1 ae6" +set interfaces ge-2/0/6 ether-options 802.3ad ae6 +set interfaces ae6 description "e31-1 ae6" +set interfaces ae6 unit 0 family ethernet-switching port-mode trunk +set interfaces ae6 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae6 unit 0 family ethernet-switching vlan members e31-1 +set interfaces vlan unit 1311 family inet address 88.92.12.65/26 +set interfaces vlan unit 1311 family inet6 address 2a06:5840:12b::1/64 +set event-options policy ae6down events snmp_trap_link_down +set event-options policy ae6down attributes-match snmp_trap_link_down.interface-name matches "ae6$" +set event-options policy ae6down then change-configuration retry count 10 +set event-options policy ae6down then change-configuration retry interval 10 +set event-options policy ae6down then change-configuration commands "activate interfaces ge-0/0/6 unit 0" +set event-options policy ae6down then change-configuration commands "deactivate interfaces ge-0/0/6 ether-options" +set event-options policy ae6down then change-configuration user-name technet +set event-options policy ae6down then change-configuration commit-options log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle" +set event-options policy ae6up events snmp_trap_link_up +set event-options policy ae6up attributes-match snmp_trap_link_up.interface-name matches "ae6$" +set event-options policy ae6up then change-configuration retry count 10 +set event-options policy ae6up then change-configuration retry interval 10 +set event-options policy ae6up then change-configuration commands "deactivate interfaces ge-0/0/6 unit 0" +set event-options policy ae6up then change-configuration commands "activate interfaces ge-0/0/6 ether-options" +set event-options policy ae6up then change-configuration user-name technet +set event-options policy ae6up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle" +set vlans e31-1 vlan-id 1311 +set vlans e31-1 l3-interface vlan.1311 +set protocols router-advertisement interface vlan.1311 +set forwarding-options dhcp-relay group edge-switches interface vlan.1311 + + +set interfaces ge-0/0/7 description "e31-2 access / ae7" +set interfaces ge-0/0/7 ether-options 802.3ad ae7 +set interfaces ge-0/0/7 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/7 ether-options +set interfaces ge-1/0/7 description "e31-2 ae7" +set interfaces ge-1/0/7 ether-options 802.3ad ae7 +set interfaces ge-2/0/7 description "e31-2 ae7" +set interfaces ge-2/0/7 ether-options 802.3ad ae7 +set interfaces ae7 description "e31-2 ae7" +set interfaces ae7 unit 0 family ethernet-switching port-mode trunk +set interfaces ae7 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae7 unit 0 family ethernet-switching vlan members e31-2 +set interfaces vlan unit 1312 family inet address 88.92.12.129/26 +set interfaces vlan unit 1312 family inet6 address 2a06:5840:12c::1/64 +set event-options policy ae7down events snmp_trap_link_down +set event-options policy ae7down attributes-match snmp_trap_link_down.interface-name matches "ae7$" +set event-options policy ae7down then change-configuration retry count 10 +set event-options policy ae7down then change-configuration retry interval 10 +set event-options policy ae7down then change-configuration commands "activate interfaces ge-0/0/7 unit 0" +set event-options policy ae7down then change-configuration commands "deactivate interfaces ge-0/0/7 ether-options" +set event-options policy ae7down then change-configuration user-name technet +set event-options policy ae7down then change-configuration commit-options log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle" +set event-options policy ae7up events snmp_trap_link_up +set event-options policy ae7up attributes-match snmp_trap_link_up.interface-name matches "ae7$" +set event-options policy ae7up then change-configuration retry count 10 +set event-options policy ae7up then change-configuration retry interval 10 +set event-options policy ae7up then change-configuration commands "deactivate interfaces ge-0/0/7 unit 0" +set event-options policy ae7up then change-configuration commands "activate interfaces ge-0/0/7 ether-options" +set event-options policy ae7up then change-configuration user-name technet +set event-options policy ae7up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle" +set vlans e31-2 vlan-id 1312 +set vlans e31-2 l3-interface vlan.1312 +set protocols router-advertisement interface vlan.1312 +set forwarding-options dhcp-relay group edge-switches interface vlan.1312 + + +set interfaces ge-0/0/8 description "e33-1 access / ae8" +set interfaces ge-0/0/8 ether-options 802.3ad ae8 +set interfaces ge-0/0/8 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/8 ether-options +set interfaces ge-1/0/8 description "e33-1 ae8" +set interfaces ge-1/0/8 ether-options 802.3ad ae8 +set interfaces ge-2/0/8 description "e33-1 ae8" +set interfaces ge-2/0/8 ether-options 802.3ad ae8 +set interfaces ae8 description "e33-1 ae8" +set interfaces ae8 unit 0 family ethernet-switching port-mode trunk +set interfaces ae8 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae8 unit 0 family ethernet-switching vlan members e33-1 +set interfaces vlan unit 1331 family inet address 88.92.12.193/26 +set interfaces vlan unit 1331 family inet6 address 2a06:5840:12d::1/64 +set event-options policy ae8down events snmp_trap_link_down +set event-options policy ae8down attributes-match snmp_trap_link_down.interface-name matches "ae8$" +set event-options policy ae8down then change-configuration retry count 10 +set event-options policy ae8down then change-configuration retry interval 10 +set event-options policy ae8down then change-configuration commands "activate interfaces ge-0/0/8 unit 0" +set event-options policy ae8down then change-configuration commands "deactivate interfaces ge-0/0/8 ether-options" +set event-options policy ae8down then change-configuration user-name technet +set event-options policy ae8down then change-configuration commit-options log "Autoconfig-script: ae8 went down so removed ge-0/0/8 from bundle" +set event-options policy ae8up events snmp_trap_link_up +set event-options policy ae8up attributes-match snmp_trap_link_up.interface-name matches "ae8$" +set event-options policy ae8up then change-configuration retry count 10 +set event-options policy ae8up then change-configuration retry interval 10 +set event-options policy ae8up then change-configuration commands "deactivate interfaces ge-0/0/8 unit 0" +set event-options policy ae8up then change-configuration commands "activate interfaces ge-0/0/8 ether-options" +set event-options policy ae8up then change-configuration user-name technet +set event-options policy ae8up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/8 to bundle" +set vlans e33-1 vlan-id 1331 +set vlans e33-1 l3-interface vlan.1331 +set protocols router-advertisement interface vlan.1331 +set forwarding-options dhcp-relay group edge-switches interface vlan.1331 + + +set interfaces ge-0/0/9 description "e33-2 access / ae9" +set interfaces ge-0/0/9 ether-options 802.3ad ae9 +set interfaces ge-0/0/9 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/9 ether-options +set interfaces ge-1/0/9 description "e33-2 ae9" +set interfaces ge-1/0/9 ether-options 802.3ad ae9 +set interfaces ge-2/0/9 description "e33-2 ae9" +set interfaces ge-2/0/9 ether-options 802.3ad ae9 +set interfaces ae9 description "e33-2 ae9" +set interfaces ae9 unit 0 family ethernet-switching port-mode trunk +set interfaces ae9 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae9 unit 0 family ethernet-switching vlan members e33-2 +set interfaces vlan unit 1332 family inet address 88.92.13.1/26 +set interfaces vlan unit 1332 family inet6 address 2a06:5840:13a::1/64 +set event-options policy ae9down events snmp_trap_link_down +set event-options policy ae9down attributes-match snmp_trap_link_down.interface-name matches "ae9$" +set event-options policy ae9down then change-configuration retry count 10 +set event-options policy ae9down then change-configuration retry interval 10 +set event-options policy ae9down then change-configuration commands "activate interfaces ge-0/0/9 unit 0" +set event-options policy ae9down then change-configuration commands "deactivate interfaces ge-0/0/9 ether-options" +set event-options policy ae9down then change-configuration user-name technet +set event-options policy ae9down then change-configuration commit-options log "Autoconfig-script: ae9 went down so removed ge-0/0/9 from bundle" +set event-options policy ae9up events snmp_trap_link_up +set event-options policy ae9up attributes-match snmp_trap_link_up.interface-name matches "ae9$" +set event-options policy ae9up then change-configuration retry count 10 +set event-options policy ae9up then change-configuration retry interval 10 +set event-options policy ae9up then change-configuration commands "deactivate interfaces ge-0/0/9 unit 0" +set event-options policy ae9up then change-configuration commands "activate interfaces ge-0/0/9 ether-options" +set event-options policy ae9up then change-configuration user-name technet +set event-options policy ae9up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/9 to bundle" +set vlans e33-2 vlan-id 1332 +set vlans e33-2 l3-interface vlan.1332 +set protocols router-advertisement interface vlan.1332 +set forwarding-options dhcp-relay group edge-switches interface vlan.1332 + + +set interfaces ge-0/0/10 description "e35-1 access / ae10" +set interfaces ge-0/0/10 ether-options 802.3ad ae10 +set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/10 ether-options +set interfaces ge-1/0/10 description "e35-1 ae10" +set interfaces ge-1/0/10 ether-options 802.3ad ae10 +set interfaces ge-2/0/10 description "e35-1 ae10" +set interfaces ge-2/0/10 ether-options 802.3ad ae10 +set interfaces ae10 description "e35-1 ae10" +set interfaces ae10 unit 0 family ethernet-switching port-mode trunk +set interfaces ae10 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae10 unit 0 family ethernet-switching vlan members e35-1 +set interfaces vlan unit 1351 family inet address 88.92.13.65/26 +set interfaces vlan unit 1351 family inet6 address 2a06:5840:13b::1/64 +set event-options policy ae10down events snmp_trap_link_down +set event-options policy ae10down attributes-match snmp_trap_link_down.interface-name matches "ae10$" +set event-options policy ae10down then change-configuration retry count 10 +set event-options policy ae10down then change-configuration retry interval 10 +set event-options policy ae10down then change-configuration commands "activate interfaces ge-0/0/10 unit 0" +set event-options policy ae10down then change-configuration commands "deactivate interfaces ge-0/0/10 ether-options" +set event-options policy ae10down then change-configuration user-name technet +set event-options policy ae10down then change-configuration commit-options log "Autoconfig-script: ae10 went down so removed ge-0/0/10 from bundle" +set event-options policy ae10up events snmp_trap_link_up +set event-options policy ae10up attributes-match snmp_trap_link_up.interface-name matches "ae10$" +set event-options policy ae10up then change-configuration retry count 10 +set event-options policy ae10up then change-configuration retry interval 10 +set event-options policy ae10up then change-configuration commands "deactivate interfaces ge-0/0/10 unit 0" +set event-options policy ae10up then change-configuration commands "activate interfaces ge-0/0/10 ether-options" +set event-options policy ae10up then change-configuration user-name technet +set event-options policy ae10up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/10 to bundle" +set vlans e35-1 vlan-id 1351 +set vlans e35-1 l3-interface vlan.1351 +set protocols router-advertisement interface vlan.1351 +set forwarding-options dhcp-relay group edge-switches interface vlan.1351 + + +set interfaces ge-0/0/11 description "e35-2 access / ae11" +set interfaces ge-0/0/11 ether-options 802.3ad ae11 +set interfaces ge-0/0/11 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/11 ether-options +set interfaces ge-1/0/11 description "e35-2 ae11" +set interfaces ge-1/0/11 ether-options 802.3ad ae11 +set interfaces ge-2/0/11 description "e35-2 ae11" +set interfaces ge-2/0/11 ether-options 802.3ad ae11 +set interfaces ae11 description "e35-2 ae11" +set interfaces ae11 unit 0 family ethernet-switching port-mode trunk +set interfaces ae11 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae11 unit 0 family ethernet-switching vlan members e35-2 +set interfaces vlan unit 1352 family inet address 88.92.13.129/26 +set interfaces vlan unit 1352 family inet6 address 2a06:5840:13c::1/64 +set event-options policy ae11down events snmp_trap_link_down +set event-options policy ae11down attributes-match snmp_trap_link_down.interface-name matches "ae11$" +set event-options policy ae11down then change-configuration retry count 10 +set event-options policy ae11down then change-configuration retry interval 10 +set event-options policy ae11down then change-configuration commands "activate interfaces ge-0/0/11 unit 0" +set event-options policy ae11down then change-configuration commands "deactivate interfaces ge-0/0/11 ether-options" +set event-options policy ae11down then change-configuration user-name technet +set event-options policy ae11down then change-configuration commit-options log "Autoconfig-script: ae11 went down so removed ge-0/0/11 from bundle" +set event-options policy ae11up events snmp_trap_link_up +set event-options policy ae11up attributes-match snmp_trap_link_up.interface-name matches "ae11$" +set event-options policy ae11up then change-configuration retry count 10 +set event-options policy ae11up then change-configuration retry interval 10 +set event-options policy ae11up then change-configuration commands "deactivate interfaces ge-0/0/11 unit 0" +set event-options policy ae11up then change-configuration commands "activate interfaces ge-0/0/11 ether-options" +set event-options policy ae11up then change-configuration user-name technet +set event-options policy ae11up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/11 to bundle" +set vlans e35-2 vlan-id 1352 +set vlans e35-2 l3-interface vlan.1352 +set protocols router-advertisement interface vlan.1352 +set forwarding-options dhcp-relay group edge-switches interface vlan.1352 + + +set interfaces ge-0/0/12 description "e37-1 access / ae12" +set interfaces ge-0/0/12 ether-options 802.3ad ae12 +set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/12 ether-options +set interfaces ge-1/0/12 description "e37-1 ae12" +set interfaces ge-1/0/12 ether-options 802.3ad ae12 +set interfaces ge-2/0/12 description "e37-1 ae12" +set interfaces ge-2/0/12 ether-options 802.3ad ae12 +set interfaces ae12 description "e37-1 ae12" +set interfaces ae12 unit 0 family ethernet-switching port-mode trunk +set interfaces ae12 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae12 unit 0 family ethernet-switching vlan members e37-1 +set interfaces vlan unit 1371 family inet address 88.92.13.193/26 +set interfaces vlan unit 1371 family inet6 address 2a06:5840:13d::1/64 +set event-options policy ae12down events snmp_trap_link_down +set event-options policy ae12down attributes-match snmp_trap_link_down.interface-name matches "ae12$" +set event-options policy ae12down then change-configuration retry count 10 +set event-options policy ae12down then change-configuration retry interval 10 +set event-options policy ae12down then change-configuration commands "activate interfaces ge-0/0/12 unit 0" +set event-options policy ae12down then change-configuration commands "deactivate interfaces ge-0/0/12 ether-options" +set event-options policy ae12down then change-configuration user-name technet +set event-options policy ae12down then change-configuration commit-options log "Autoconfig-script: ae12 went down so removed ge-0/0/12 from bundle" +set event-options policy ae12up events snmp_trap_link_up +set event-options policy ae12up attributes-match snmp_trap_link_up.interface-name matches "ae12$" +set event-options policy ae12up then change-configuration retry count 10 +set event-options policy ae12up then change-configuration retry interval 10 +set event-options policy ae12up then change-configuration commands "deactivate interfaces ge-0/0/12 unit 0" +set event-options policy ae12up then change-configuration commands "activate interfaces ge-0/0/12 ether-options" +set event-options policy ae12up then change-configuration user-name technet +set event-options policy ae12up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/12 to bundle" +set vlans e37-1 vlan-id 1371 +set vlans e37-1 l3-interface vlan.1371 +set protocols router-advertisement interface vlan.1371 +set forwarding-options dhcp-relay group edge-switches interface vlan.1371 + + +set interfaces ge-0/0/13 description "e37-2 access / ae13" +set interfaces ge-0/0/13 ether-options 802.3ad ae13 +set interfaces ge-0/0/13 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/13 ether-options +set interfaces ge-1/0/13 description "e37-2 ae13" +set interfaces ge-1/0/13 ether-options 802.3ad ae13 +set interfaces ge-2/0/13 description "e37-2 ae13" +set interfaces ge-2/0/13 ether-options 802.3ad ae13 +set interfaces ae13 description "e37-2 ae13" +set interfaces ae13 unit 0 family ethernet-switching port-mode trunk +set interfaces ae13 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae13 unit 0 family ethernet-switching vlan members e37-2 +set interfaces vlan unit 1372 family inet address 88.92.14.1/26 +set interfaces vlan unit 1372 family inet6 address 2a06:5840:14a::1/64 +set event-options policy ae13down events snmp_trap_link_down +set event-options policy ae13down attributes-match snmp_trap_link_down.interface-name matches "ae13$" +set event-options policy ae13down then change-configuration retry count 10 +set event-options policy ae13down then change-configuration retry interval 10 +set event-options policy ae13down then change-configuration commands "activate interfaces ge-0/0/13 unit 0" +set event-options policy ae13down then change-configuration commands "deactivate interfaces ge-0/0/13 ether-options" +set event-options policy ae13down then change-configuration user-name technet +set event-options policy ae13down then change-configuration commit-options log "Autoconfig-script: ae13 went down so removed ge-0/0/13 from bundle" +set event-options policy ae13up events snmp_trap_link_up +set event-options policy ae13up attributes-match snmp_trap_link_up.interface-name matches "ae13$" +set event-options policy ae13up then change-configuration retry count 10 +set event-options policy ae13up then change-configuration retry interval 10 +set event-options policy ae13up then change-configuration commands "deactivate interfaces ge-0/0/13 unit 0" +set event-options policy ae13up then change-configuration commands "activate interfaces ge-0/0/13 ether-options" +set event-options policy ae13up then change-configuration user-name technet +set event-options policy ae13up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/13 to bundle" +set vlans e37-2 vlan-id 1372 +set vlans e37-2 l3-interface vlan.1372 +set protocols router-advertisement interface vlan.1372 +set forwarding-options dhcp-relay group edge-switches interface vlan.1372 + + +set interfaces ge-0/0/14 description "e39-1 access / ae14" +set interfaces ge-0/0/14 ether-options 802.3ad ae14 +set interfaces ge-0/0/14 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/14 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/14 ether-options +set interfaces ge-1/0/14 description "e39-1 ae14" +set interfaces ge-1/0/14 ether-options 802.3ad ae14 +set interfaces ge-2/0/14 description "e39-1 ae14" +set interfaces ge-2/0/14 ether-options 802.3ad ae14 +set interfaces ae14 description "e39-1 ae14" +set interfaces ae14 unit 0 family ethernet-switching port-mode trunk +set interfaces ae14 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae14 unit 0 family ethernet-switching vlan members e39-1 +set interfaces vlan unit 1391 family inet address 88.92.14.65/26 +set interfaces vlan unit 1391 family inet6 address 2a06:5840:14b::1/64 +set event-options policy ae14down events snmp_trap_link_down +set event-options policy ae14down attributes-match snmp_trap_link_down.interface-name matches "ae14$" +set event-options policy ae14down then change-configuration retry count 10 +set event-options policy ae14down then change-configuration retry interval 10 +set event-options policy ae14down then change-configuration commands "activate interfaces ge-0/0/14 unit 0" +set event-options policy ae14down then change-configuration commands "deactivate interfaces ge-0/0/14 ether-options" +set event-options policy ae14down then change-configuration user-name technet +set event-options policy ae14down then change-configuration commit-options log "Autoconfig-script: ae14 went down so removed ge-0/0/14 from bundle" +set event-options policy ae14up events snmp_trap_link_up +set event-options policy ae14up attributes-match snmp_trap_link_up.interface-name matches "ae14$" +set event-options policy ae14up then change-configuration retry count 10 +set event-options policy ae14up then change-configuration retry interval 10 +set event-options policy ae14up then change-configuration commands "deactivate interfaces ge-0/0/14 unit 0" +set event-options policy ae14up then change-configuration commands "activate interfaces ge-0/0/14 ether-options" +set event-options policy ae14up then change-configuration user-name technet +set event-options policy ae14up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/14 to bundle" +set vlans e39-1 vlan-id 1391 +set vlans e39-1 l3-interface vlan.1391 +set protocols router-advertisement interface vlan.1391 +set forwarding-options dhcp-relay group edge-switches interface vlan.1391 + + +set interfaces ge-0/0/15 description "e39-2 access / ae15" +set interfaces ge-0/0/15 ether-options 802.3ad ae15 +set interfaces ge-0/0/15 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/15 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/15 ether-options +set interfaces ge-1/0/15 description "e39-2 ae15" +set interfaces ge-1/0/15 ether-options 802.3ad ae15 +set interfaces ge-2/0/15 description "e39-2 ae15" +set interfaces ge-2/0/15 ether-options 802.3ad ae15 +set interfaces ae15 description "e39-2 ae15" +set interfaces ae15 unit 0 family ethernet-switching port-mode trunk +set interfaces ae15 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae15 unit 0 family ethernet-switching vlan members e39-2 +set interfaces vlan unit 1392 family inet address 88.92.14.129/26 +set interfaces vlan unit 1392 family inet6 address 2a06:5840:14c::1/64 +set event-options policy ae15down events snmp_trap_link_down +set event-options policy ae15down attributes-match snmp_trap_link_down.interface-name matches "ae15$" +set event-options policy ae15down then change-configuration retry count 10 +set event-options policy ae15down then change-configuration retry interval 10 +set event-options policy ae15down then change-configuration commands "activate interfaces ge-0/0/15 unit 0" +set event-options policy ae15down then change-configuration commands "deactivate interfaces ge-0/0/15 ether-options" +set event-options policy ae15down then change-configuration user-name technet +set event-options policy ae15down then change-configuration commit-options log "Autoconfig-script: ae15 went down so removed ge-0/0/15 from bundle" +set event-options policy ae15up events snmp_trap_link_up +set event-options policy ae15up attributes-match snmp_trap_link_up.interface-name matches "ae15$" +set event-options policy ae15up then change-configuration retry count 10 +set event-options policy ae15up then change-configuration retry interval 10 +set event-options policy ae15up then change-configuration commands "deactivate interfaces ge-0/0/15 unit 0" +set event-options policy ae15up then change-configuration commands "activate interfaces ge-0/0/15 ether-options" +set event-options policy ae15up then change-configuration user-name technet +set event-options policy ae15up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/15 to bundle" +set vlans e39-2 vlan-id 1392 +set vlans e39-2 l3-interface vlan.1392 +set protocols router-advertisement interface vlan.1392 +set forwarding-options dhcp-relay group edge-switches interface vlan.1392 + diff --git a/examples/tg16/netconf/distro4.conf b/examples/tg16/netconf/distro4.conf new file mode 100644 index 00000000..c0feba3b --- /dev/null +++ b/examples/tg16/netconf/distro4.conf @@ -0,0 +1,2150 @@ +## Last changed: 2016-03-27 09:02:21 CEST +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name distro4; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.104; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range aps { + member-range ge-0/0/36 to ge-0/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-2/0/36 to ge-2/0/47; + description "Management/klientnett AP-er"; + unit 0 { + family ethernet-switching { + vlan { + members aps_mgmt; + } + } + } + } + interface-range all-ports { + member-range ge-0/0/0 to ge-0/0/47; + member-range ge-1/0/0 to ge-1/0/47; + member-range ge-2/0/0 to ge-2/0/47; + member-range xe-0/1/0 to xe-0/1/3; + member-range xe-1/1/0 to xe-1/1/3; + member-range xe-2/1/0 to xe-2/1/3; + } + ge-0/0/0 { + description "e41-1 access / ae0"; + ether-options { + 802.3ad ae0; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/1 { + description "e41-2 access / ae1"; + inactive: ether-options { + 802.3ad ae1; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/2 { + description "e43-1 access / ae2"; + ether-options { + 802.3ad ae2; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/3 { + description "e43-2 access / ae3"; + ether-options { + 802.3ad ae3; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/4 { + description "e45-1 access / ae4"; + ether-options { + 802.3ad ae4; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/5 { + description "e45-2 access / ae5"; + inactive: ether-options { + 802.3ad ae5; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/6 { + description "e47-1 access / ae6"; + ether-options { + 802.3ad ae6; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/7 { + description "e47-2 access / ae7"; + ether-options { + 802.3ad ae7; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/8 { + description "e49-1 access / ae8"; + inactive: ether-options { + 802.3ad ae8; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/9 { + description "e49-2 access / ae9"; + ether-options { + 802.3ad ae9; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/10 { + description "e51-1 access / ae10"; + ether-options { + 802.3ad ae10; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/11 { + description "e51-2 access / ae11"; + inactive: ether-options { + 802.3ad ae11; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/12 { + description "e53-1 access / ae12"; + inactive: ether-options { + 802.3ad ae12; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/13 { + description "e53-2 access / ae13"; + ether-options { + 802.3ad ae13; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/14 { + description "e55-1 access / ae14"; + ether-options { + 802.3ad ae14; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/15 { + description "e55-2 access / ae15"; + ether-options { + 802.3ad ae15; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/16 { + description "e57-1 access / ae16"; + ether-options { + 802.3ad ae16; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/17 { + description "e57-2 access / ae17"; + inactive: ether-options { + 802.3ad ae17; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + xe-0/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-1/0/0 { + description "e41-1 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-1/0/1 { + description "e41-2 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-1/0/2 { + description "e43-1 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-1/0/3 { + description "e43-2 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-1/0/4 { + description "e45-1 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-1/0/5 { + description "e45-2 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/6 { + description "e47-1 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-1/0/7 { + description "e47-2 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-1/0/8 { + description "e49-1 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-1/0/9 { + description "e49-2 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-1/0/10 { + description "e51-1 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-1/0/11 { + description "e51-2 ae11"; + ether-options { + 802.3ad ae11; + } + } + ge-1/0/12 { + description "e53-1 ae12"; + ether-options { + 802.3ad ae12; + } + } + ge-1/0/13 { + description "e53-2 ae13"; + ether-options { + 802.3ad ae13; + } + } + ge-1/0/14 { + description "e55-1 ae14"; + ether-options { + 802.3ad ae14; + } + } + ge-1/0/15 { + description "e55-2 ae15"; + ether-options { + 802.3ad ae15; + } + } + ge-1/0/16 { + description "e57-1 ae16"; + ether-options { + 802.3ad ae16; + } + } + ge-1/0/17 { + description "e57-2 ae17"; + ether-options { + 802.3ad ae17; + } + } + xe-1/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-2/0/0 { + description "e41-1 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-2/0/1 { + description "e41-2 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-2/0/2 { + description "e43-1 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-2/0/3 { + description "e43-2 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-2/0/4 { + description "e45-1 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-2/0/5 { + description "e45-2 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-2/0/6 { + description "e47-1 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-2/0/7 { + description "e47-2 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-2/0/8 { + description "e49-1 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-2/0/9 { + description "e49-2 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-2/0/10 { + description "e51-1 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-2/0/11 { + description "e51-2 ae11"; + ether-options { + 802.3ad ae11; + } + } + ge-2/0/12 { + description "e53-1 ae12"; + ether-options { + 802.3ad ae12; + } + } + ge-2/0/13 { + description "e53-2 ae13"; + ether-options { + 802.3ad ae13; + } + } + ge-2/0/14 { + description "e55-1 ae14"; + ether-options { + 802.3ad ae14; + } + } + ge-2/0/15 { + description "e55-2 ae15"; + ether-options { + 802.3ad ae15; + } + } + ge-2/0/16 { + description "e57-1 ae16"; + ether-options { + 802.3ad ae16; + } + } + ge-2/0/17 { + description "e57-2 ae17"; + ether-options { + 802.3ad ae17; + } + } + ae0 { + description "e41-1 ae0"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e41-1 ]; + } + } + } + } + ae1 { + description "e41-2 ae1"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e41-2 ]; + } + } + } + } + ae2 { + description "e43-1 ae2"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e43-1 ]; + } + } + } + } + ae3 { + description "e43-2 ae3"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e43-2 ]; + } + } + } + } + ae4 { + description "e45-1 ae4"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e45-1 ]; + } + } + } + } + ae5 { + description "e45-2 ae5"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e45-2 ]; + } + } + } + } + ae6 { + description "e47-1 ae6"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e47-1 ]; + } + } + } + } + ae7 { + description "e47-2 ae7"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e47-2 ]; + } + } + } + } + ae8 { + description "e49-1 ae8"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e49-1 ]; + } + } + } + } + ae9 { + description "e49-2 ae9"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e49-2 ]; + } + } + } + } + ae10 { + description "e51-1 ae10"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e51-1 ]; + } + } + } + } + ae11 { + description "e51-2 ae11"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e51-2 ]; + } + } + } + } + ae12 { + description "e53-1 ae12"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e53-1 ]; + } + } + } + } + ae13 { + description "e53-2 ae13"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e53-2 ]; + } + } + } + } + ae14 { + description "e55-1 ae14"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e55-1 ]; + } + } + } + } + ae15 { + description "e55-2 ae15"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e55-2 ]; + } + } + } + } + ae16 { + description "e57-1 ae16"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e57-1 ]; + } + } + } + } + ae17 { + description "e57-2 ae17"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e57-2 ]; + } + } + } + } + ae31 { + description "Uplink mot coregw"; + unit 0 { + family inet { + address 185.110.148.161/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.104/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::104/128; + } + } + } + vlan { + unit 666 { + description "mgmt til aksesswitcher/fapfapfap"; + family inet { + address 88.92.55.1/26; + } + } + unit 777 { + description "mgmt til AP-ene"; + family inet { + address 88.92.52.1/26; + } + } + unit 1411 { + family inet { + address 88.92.14.193/26; + } + family inet6 { + address 2a06:5840:14d::1/64; + } + } + unit 1412 { + family inet { + address 88.92.15.1/26; + } + family inet6 { + address 2a06:5840:15a::1/64; + } + } + unit 1431 { + family inet { + address 88.92.15.193/26; + } + family inet6 { + address 2a06:5840:15d::1/64; + } + } + unit 1432 { + family inet { + address 88.92.16.1/26; + } + family inet6 { + address 2a06:5840:16a::1/64; + } + } + unit 1451 { + family inet { + address 88.92.16.193/26; + } + family inet6 { + address 2a06:5840:16d::1/64; + } + } + unit 1452 { + family inet { + address 88.92.17.1/26; + } + family inet6 { + address 2a06:5840:17a::1/64; + } + } + unit 1471 { + family inet { + address 88.92.17.193/26; + } + family inet6 { + address 2a06:5840:17d::1/64; + } + } + unit 1472 { + family inet { + address 88.92.18.1/26; + } + family inet6 { + address 2a06:5840:18a::1/64; + } + } + unit 1491 { + family inet { + address 88.92.18.193/26; + } + family inet6 { + address 2a06:5840:18d::1/64; + } + } + unit 1492 { + family inet { + address 88.92.19.1/26; + } + family inet6 { + address 2a06:5840:19a::1/64; + } + } + unit 1511 { + family inet { + address 88.92.19.193/26; + } + family inet6 { + address 2a06:5840:19d::1/64; + } + } + unit 1512 { + family inet { + address 88.92.20.1/26; + } + family inet6 { + address 2a06:5840:20a::1/64; + } + } + unit 1531 { + family inet { + address 88.92.20.193/26; + } + family inet6 { + address 2a06:5840:20d::1/64; + } + } + unit 1532 { + family inet { + address 88.92.21.1/26; + } + family inet6 { + address 2a06:5840:21a::1/64; + } + } + unit 1551 { + family inet { + address 88.92.21.193/26; + } + family inet6 { + address 2a06:5840:21d::1/64; + } + } + unit 1552 { + family inet { + address 88.92.22.1/26; + } + family inet6 { + address 2a06:5840:22a::1/64; + } + } + unit 1571 { + family inet { + address 88.92.22.193/26; + } + family inet6 { + address 2a06:5840:22d::1/64; + } + } + unit 1572 { + family inet { + address 88.92.23.1/26; + } + family inet6 { + address 2a06:5840:23a::1/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + inactive: helpers { + bootp { + dhcp-option82 { + circuit-id { + prefix hostname; + } + } + server 185.110.148.22; + interface { + vlan.666; + } + } + } + dhcp-relay { + inactive: dhcpv6 { + group edge-switches { + active-server-group v6-edge-switches; + overrides; + interface vlan.777; + interface vlan.1411; + interface vlan.1412; + interface vlan.1431; + interface vlan.1432; + interface vlan.1451; + interface vlan.1452; + interface vlan.1471; + interface vlan.1472; + interface vlan.1491; + interface vlan.1492; + interface vlan.1511; + interface vlan.1512; + interface vlan.1531; + interface vlan.1532; + interface vlan.1551; + interface vlan.1552; + interface vlan.1571; + interface vlan.1572; + } + server-group { + v6-edge-switches { + 2a06:5841:149a::2; + } + } + } + server-group { + v4-edge-switches { + 185.110.149.2; + 185.110.148.2; + } + fapfapfap-group { + 185.110.148.22; + } + } + group edge-switches { + active-server-group v4-edge-switches; + overrides { + trust-option-82; + } + interface vlan.777; + interface vlan.1411; + interface vlan.1412; + interface vlan.1431; + interface vlan.1432; + interface vlan.1451; + interface vlan.1452; + interface vlan.1471; + interface vlan.1472; + interface vlan.1491; + interface vlan.1492; + interface vlan.1511; + interface vlan.1512; + interface vlan.1531; + interface vlan.1532; + interface vlan.1551; + interface vlan.1552; + interface vlan.1571; + interface vlan.1572; + } + group fapfapfap { + active-server-group fapfapfap-group; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +event-options { + policy ae0down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/0 unit 0"; + "deactivate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle"; + } + } + } + } + policy ae0up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/0 unit 0"; + "activate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle"; + } + } + } + } + policy ae1down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/1 unit 0"; + "deactivate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle"; + } + } + } + } + policy ae1up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/1 unit 0"; + "activate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle"; + } + } + } + } + policy ae2down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/2 unit 0"; + "deactivate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle"; + } + } + } + } + policy ae2up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/2 unit 0"; + "activate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle"; + } + } + } + } + policy ae3down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/3 unit 0"; + "deactivate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle"; + } + } + } + } + policy ae3up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/3 unit 0"; + "activate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle"; + } + } + } + } + policy ae4down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/4 unit 0"; + "deactivate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle"; + } + } + } + } + policy ae4up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/4 unit 0"; + "activate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle"; + } + } + } + } + policy ae5down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/5 unit 0"; + "deactivate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle"; + } + } + } + } + policy ae5up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/5 unit 0"; + "activate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle"; + } + } + } + } + policy ae6down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/6 unit 0"; + "deactivate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle"; + } + } + } + } + policy ae6up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/6 unit 0"; + "activate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle"; + } + } + } + } + policy ae7down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/7 unit 0"; + "deactivate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle"; + } + } + } + } + policy ae7up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/7 unit 0"; + "activate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle"; + } + } + } + } + policy ae8down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/8 unit 0"; + "deactivate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae8 went down so removed ge-0/0/8 from bundle"; + } + } + } + } + policy ae8up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/8 unit 0"; + "activate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/8 to bundle"; + } + } + } + } + policy ae9down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/9 unit 0"; + "deactivate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae9 went down so removed ge-0/0/9 from bundle"; + } + } + } + } + policy ae9up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/9 unit 0"; + "activate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/9 to bundle"; + } + } + } + } + policy ae10down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/10 unit 0"; + "deactivate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae10 went down so removed ge-0/0/10 from bundle"; + } + } + } + } + policy ae10up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/10 unit 0"; + "activate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/10 to bundle"; + } + } + } + } + policy ae11down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/11 unit 0"; + "deactivate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae11 went down so removed ge-0/0/11 from bundle"; + } + } + } + } + policy ae11up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/11 unit 0"; + "activate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/11 to bundle"; + } + } + } + } + policy ae12down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae12$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/12 unit 0"; + "deactivate interfaces ge-0/0/12 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae12 went down so removed ge-0/0/12 from bundle"; + } + } + } + } + policy ae12up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae12$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/12 unit 0"; + "activate interfaces ge-0/0/12 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/12 to bundle"; + } + } + } + } + policy ae13down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae13$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/13 unit 0"; + "deactivate interfaces ge-0/0/13 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae13 went down so removed ge-0/0/13 from bundle"; + } + } + } + } + policy ae13up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae13$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/13 unit 0"; + "activate interfaces ge-0/0/13 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/13 to bundle"; + } + } + } + } + policy ae14down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae14$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/14 unit 0"; + "deactivate interfaces ge-0/0/14 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae14 went down so removed ge-0/0/14 from bundle"; + } + } + } + } + policy ae14up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae14$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/14 unit 0"; + "activate interfaces ge-0/0/14 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/14 to bundle"; + } + } + } + } + policy ae15down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae15$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/15 unit 0"; + "deactivate interfaces ge-0/0/15 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae15 went down so removed ge-0/0/15 from bundle"; + } + } + } + } + policy ae15up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae15$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/15 unit 0"; + "activate interfaces ge-0/0/15 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/15 to bundle"; + } + } + } + } + policy ae16down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae16$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/16 unit 0"; + "deactivate interfaces ge-0/0/16 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae16 went down so removed ge-0/0/16 from bundle"; + } + } + } + } + policy ae16up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae16$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/16 unit 0"; + "activate interfaces ge-0/0/16 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/16 to bundle"; + } + } + } + } + policy ae17down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae17$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/17 unit 0"; + "deactivate interfaces ge-0/0/17 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae17 went down so removed ge-0/0/17 from bundle"; + } + } + } + } + policy ae17up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae17$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/17 unit 0"; + "activate interfaces ge-0/0/17 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/17 to bundle"; + } + } + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + inactive: router-advertisement { + interface vlan.1411; + interface vlan.1412; + interface vlan.1431; + interface vlan.1432; + interface vlan.1451; + interface vlan.1452; + interface vlan.1471; + interface vlan.1472; + interface vlan.1491; + interface vlan.1492; + interface vlan.1511; + interface vlan.1512; + interface vlan.1531; + interface vlan.1532; + interface vlan.1551; + interface vlan.1552; + interface vlan.1571; + interface vlan.1572; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + sflow { + agent-id 185.110.148.104; + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 185.110.148.104; + collector ; + interfaces all-ports; + } + igmp-snooping { + vlan all; + } + rstp; + lldp { + management-address 185.110.148.104; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } + member 2 { + role line-card; + serial-number ; + } +} +ethernet-switching-options { + storm-control { + interface all; + } +} +vlans { + aps_mgmt { + vlan-id 777; + l3-interface vlan.777; + } + e41-1 { + vlan-id 1411; + l3-interface vlan.1411; + } + e41-2 { + vlan-id 1412; + l3-interface vlan.1412; + } + e43-1 { + vlan-id 1431; + l3-interface vlan.1431; + } + e43-2 { + vlan-id 1432; + l3-interface vlan.1432; + } + e45-1 { + vlan-id 1451; + l3-interface vlan.1451; + } + e45-2 { + vlan-id 1452; + l3-interface vlan.1452; + } + e47-1 { + vlan-id 1471; + l3-interface vlan.1471; + } + e47-2 { + vlan-id 1472; + l3-interface vlan.1472; + } + e49-1 { + vlan-id 1491; + l3-interface vlan.1491; + } + e49-2 { + vlan-id 1492; + l3-interface vlan.1492; + } + e51-1 { + vlan-id 1511; + l3-interface vlan.1511; + } + e51-2 { + vlan-id 1512; + l3-interface vlan.1512; + } + e53-1 { + vlan-id 1531; + l3-interface vlan.1531; + } + e53-2 { + vlan-id 1532; + l3-interface vlan.1532; + } + e55-1 { + vlan-id 1551; + l3-interface vlan.1551; + } + e55-2 { + vlan-id 1552; + l3-interface vlan.1552; + } + e57-1 { + vlan-id 1571; + l3-interface vlan.1571; + } + e57-2 { + vlan-id 1572; + l3-interface vlan.1572; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/distro5.conf b/examples/tg16/netconf/distro5.conf new file mode 100644 index 00000000..bc1c10a0 --- /dev/null +++ b/examples/tg16/netconf/distro5.conf @@ -0,0 +1,2080 @@ +## Last changed: 2016-03-24 18:22:36 CET +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name distro5; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.105; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + inactive: user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range aps { + member-range ge-0/0/36 to ge-0/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-2/0/36 to ge-2/0/47; + description "Management/klientnett AP-er"; + unit 0 { + family ethernet-switching { + vlan { + members aps_mgmt; + } + } + } + } + interface-range all-ports { + member-range ge-0/0/0 to ge-0/0/47; + member-range ge-1/0/0 to ge-1/0/47; + member-range ge-2/0/0 to ge-2/0/47; + member-range xe-0/1/0 to xe-0/1/3; + member-range xe-1/1/0 to xe-1/1/3; + member-range xe-2/1/0 to xe-2/1/3; + } + ge-0/0/0 { + description "e41-3 access / ae0"; + ether-options { + 802.3ad ae0; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/1 { + description "e41-4 access / ae1"; + ether-options { + 802.3ad ae1; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/2 { + description "e43-3 access / ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-0/0/3 { + description "e43-4 access / ae3"; + ether-options { + 802.3ad ae3; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/4 { + description "e45-3 access / ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-0/0/5 { + description "e45-4 access / ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-0/0/6 { + description "e47-3 access / ae6"; + ether-options { + 802.3ad ae6; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/7 { + description "e47-4 access / ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-0/0/8 { + description "e49-3 access / ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-0/0/9 { + description "e49-4 access / ae9"; + ether-options { + 802.3ad ae9; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/10 { + description "e51-3 access / ae10"; + ether-options { + 802.3ad ae10; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/11 { + description "e51-4 access / ae11"; + ether-options { + 802.3ad ae11; + } + } + ge-0/0/12 { + description "e53-3 access / ae12"; + ether-options { + 802.3ad ae12; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/13 { + description "e53-4 access / ae13"; + ether-options { + 802.3ad ae13; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/14 { + description "e55-3 access / ae14"; + ether-options { + 802.3ad ae14; + } + } + ge-0/0/15 { + description "e55-4 access / ae15"; + ether-options { + 802.3ad ae15; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/16 { + description "e57-3 access / ae16"; + ether-options { + 802.3ad ae16; + } + } + ge-0/0/17 { + description "e57-4 access / ae17"; + ether-options { + 802.3ad ae17; + } + } + xe-0/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-1/0/0 { + description "e41-3 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-1/0/1 { + description "e41-4 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-1/0/2 { + description "e43-3 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-1/0/3 { + description "e43-4 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-1/0/4 { + description "e45-3 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-1/0/5 { + description "e45-4 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/6 { + description "e47-3 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-1/0/7 { + description "e47-4 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-1/0/8 { + description "e49-3 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-1/0/9 { + description "e49-4 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-1/0/10 { + description "e51-3 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-1/0/11 { + description "e51-4 ae11"; + ether-options { + 802.3ad ae11; + } + } + ge-1/0/12 { + description "e53-3 ae12"; + ether-options { + 802.3ad ae12; + } + } + ge-1/0/13 { + description "e53-4 ae13"; + ether-options { + 802.3ad ae13; + } + } + ge-1/0/14 { + description "e55-3 ae14"; + ether-options { + 802.3ad ae14; + } + } + ge-1/0/15 { + description "e55-4 ae15"; + ether-options { + 802.3ad ae15; + } + } + ge-1/0/16 { + description "e57-3 ae16"; + ether-options { + 802.3ad ae16; + } + } + ge-1/0/17 { + description "e57-4 ae17"; + ether-options { + 802.3ad ae17; + } + } + xe-1/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-2/0/0 { + description "e41-3 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-2/0/1 { + description "e41-4 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-2/0/2 { + description "e43-3 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-2/0/3 { + description "e43-4 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-2/0/4 { + description "e45-3 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-2/0/5 { + description "e45-4 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-2/0/6 { + description "e47-3 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-2/0/7 { + description "e47-4 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-2/0/8 { + description "e49-3 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-2/0/9 { + description "e49-4 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-2/0/10 { + description "e51-3 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-2/0/11 { + description "e51-4 ae11"; + ether-options { + 802.3ad ae11; + } + } + ge-2/0/12 { + description "e53-3 ae12"; + ether-options { + 802.3ad ae12; + } + } + ge-2/0/13 { + description "e53-4 ae13"; + ether-options { + 802.3ad ae13; + } + } + ge-2/0/14 { + description "e55-3 ae14"; + ether-options { + 802.3ad ae14; + } + } + ge-2/0/15 { + description "e55-4 ae15"; + ether-options { + 802.3ad ae15; + } + } + ge-2/0/16 { + description "e57-3 ae16"; + ether-options { + 802.3ad ae16; + } + } + ge-2/0/17 { + description "e57-4 ae17"; + ether-options { + 802.3ad ae17; + } + } + ae0 { + description "e41-3 ae0"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e41-3-static mgmt ]; + } + } + } + } + ae1 { + description "e41-4 ae1"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e41-4-static mgmt ]; + } + } + } + } + ae2 { + description "e43-3 ae2"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e43-3 ]; + } + } + } + } + ae3 { + description "e43-4 ae3"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e43-4-static mgmt ]; + } + } + } + } + ae4 { + description "e45-3 ae4"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e45-3-static mgmt ]; + } + } + } + } + ae5 { + description "e45-4 ae5"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e45-4-static mgmt ]; + } + } + } + } + ae6 { + description "e47-3 ae6"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e47-3-static mgmt ]; + } + } + } + } + ae7 { + description "e47-4 ae7"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e47-4-static mgmt ]; + } + } + } + } + ae8 { + description "e49-3 ae8"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e49-3-static mgmt ]; + } + } + } + } + ae9 { + description "e49-4 ae9"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e49-4-static mgmt ]; + } + } + } + } + ae10 { + description "e51-3 ae10"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e51-3-static mgmt ]; + } + } + } + } + ae11 { + description "e51-4 ae11"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e51-4-static mgmt ]; + } + } + } + } + ae12 { + description "e53-3 ae12"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e53-3-static mgmt ]; + } + } + } + } + ae13 { + description "e53-4 ae13"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e53-4-static mgmt ]; + } + } + } + } + ae14 { + description "e55-3 ae14"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e55-3-static mgmt ]; + } + } + } + } + ae15 { + description "e55-4 ae15"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e55-4-static mgmt ]; + } + } + } + } + ae16 { + description "e57-3 ae16"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e57-3-static mgmt ]; + } + } + } + } + ae17 { + description "e57-4 ae17"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ e57-4-static mgmt ]; + } + } + } + } + ae31 { + description "Uplink mot coregw"; + unit 0 { + family inet { + address 185.110.148.163/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.105/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::105/128; + } + } + } + vlan { + unit 666 { + description "mgmt til aksesswitcher/fapfapfap"; + family inet { + address 88.92.55.65/26; + } + } + unit 777 { + description "mgmt til AP-ene"; + family inet { + address 88.92.52.65/26; + } + } + unit 1433 { + family inet { + address 88.92.16.65/26; + } + family inet6 { + address 2a06:5840:16b::1/64; + } + } + unit 3000 { + description "e41-3 static routing linknet"; + family inet { + address 88.92.82.0/31; + } + } + unit 3001 { + description "e41-4 static routing linknet"; + family inet { + address 88.92.82.2/31; + } + } + unit 3002 { + description "e43-3 static routing linknet"; + family inet { + address 88.92.82.4/31; + } + } + unit 3003 { + description "e43-4 static routing linknet"; + family inet { + address 88.92.82.6/31; + } + } + unit 3004 { + description "e45-3 static routing linknet"; + family inet { + address 88.92.82.8/31; + } + } + unit 3005 { + description "e45-4 static routing linknet"; + family inet { + address 88.92.82.10/31; + } + } + unit 3006 { + description "e47-3 static routing linknet"; + family inet { + address 88.92.82.12/31; + } + } + unit 3007 { + description "e47-4 static routing linknet"; + family inet { + address 88.92.82.14/31; + } + } + unit 3008 { + description "e49-3 static routing linknet"; + family inet { + address 88.92.82.16/31; + } + } + unit 3009 { + description "e49-4 static routing linknet"; + family inet { + address 88.92.82.18/31; + } + } + unit 3010 { + description "e51-3 static routing linknet"; + family inet { + address 88.92.82.20/31; + } + } + unit 3011 { + description "e51-4 static routing linknet"; + family inet { + address 88.92.82.22/31; + } + } + unit 3012 { + description "e53-3 static routing linknet"; + family inet { + address 88.92.82.24/31; + } + } + unit 3013 { + description "e53-4 static routing linknet"; + family inet { + address 88.92.82.26/31; + } + } + unit 3014 { + description "e55-3 static routing linknet"; + family inet { + address 88.92.82.28/31; + } + } + unit 3015 { + description "e55-4 static routing linknet"; + family inet { + address 88.92.82.30/31; + } + } + unit 3016 { + description "e57-3 static routing linknet"; + family inet { + address 88.92.82.32/31; + } + } + unit 3017 { + description "e57-4 static routing linknet"; + family inet { + address 88.92.82.34/31; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + inactive: helpers { + bootp { + dhcp-option82 { + circuit-id { + prefix hostname; + } + } + server 185.110.148.22; + interface { + vlan.666; + } + } + } + dhcp-relay { + inactive: dhcpv6 { + group edge-switches { + active-server-group v6-edge-switches; + overrides; + interface vlan.777; + interface vlan.1413; + interface vlan.1414; + interface vlan.1433; + interface vlan.1434; + interface vlan.1453; + interface vlan.1454; + interface vlan.1473; + interface vlan.1474; + interface vlan.1493; + interface vlan.1494; + interface vlan.1513; + interface vlan.1514; + interface vlan.1533; + interface vlan.1534; + interface vlan.1553; + interface vlan.1554; + interface vlan.1573; + interface vlan.1574; + } + server-group { + v6-edge-switches { + 2a06:5841:149a::2; + } + } + } + server-group { + v4-edge-switches { + 185.110.149.2; + 185.110.148.2; + } + fapfapfap-group { + 185.110.148.22; + } + } + group edge-switches { + active-server-group v4-edge-switches; + overrides { + trust-option-82; + } + interface vlan.777; + interface vlan.1413; + interface vlan.1414; + interface vlan.1433; + interface vlan.1434; + interface vlan.1453; + interface vlan.1454; + interface vlan.1473; + interface vlan.1474; + interface vlan.1493; + interface vlan.1494; + interface vlan.1513; + interface vlan.1514; + interface vlan.1533; + interface vlan.1534; + interface vlan.1553; + interface vlan.1554; + interface vlan.1573; + interface vlan.1574; + } + group fapfapfap { + active-server-group fapfapfap-group; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +event-options { + policy ae0down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/0 unit 0"; + "deactivate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle"; + } + } + } + } + policy ae0up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/0 unit 0"; + "activate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle"; + } + } + } + } + policy ae1down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/1 unit 0"; + "deactivate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle"; + } + } + } + } + policy ae1up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/1 unit 0"; + "activate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle"; + } + } + } + } + policy ae2down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/2 unit 0"; + "deactivate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle"; + } + } + } + } + policy ae2up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/2 unit 0"; + "activate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle"; + } + } + } + } + policy ae3down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/3 unit 0"; + "deactivate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle"; + } + } + } + } + policy ae3up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/3 unit 0"; + "activate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle"; + } + } + } + } + policy ae4down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/4 unit 0"; + "deactivate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle"; + } + } + } + } + policy ae4up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/4 unit 0"; + "activate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle"; + } + } + } + } + policy ae5down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/5 unit 0"; + "deactivate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle"; + } + } + } + } + policy ae5up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/5 unit 0"; + "activate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle"; + } + } + } + } + policy ae6down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/6 unit 0"; + "deactivate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle"; + } + } + } + } + policy ae6up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/6 unit 0"; + "activate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle"; + } + } + } + } + policy ae7down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/7 unit 0"; + "deactivate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle"; + } + } + } + } + policy ae7up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/7 unit 0"; + "activate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle"; + } + } + } + } + policy ae8down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/8 unit 0"; + "deactivate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae8 went down so removed ge-0/0/8 from bundle"; + } + } + } + } + policy ae8up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/8 unit 0"; + "activate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/8 to bundle"; + } + } + } + } + policy ae9down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/9 unit 0"; + "deactivate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae9 went down so removed ge-0/0/9 from bundle"; + } + } + } + } + policy ae9up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/9 unit 0"; + "activate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/9 to bundle"; + } + } + } + } + policy ae10down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/10 unit 0"; + "deactivate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae10 went down so removed ge-0/0/10 from bundle"; + } + } + } + } + policy ae10up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae10$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/10 unit 0"; + "activate interfaces ge-0/0/10 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/10 to bundle"; + } + } + } + } + policy ae11down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/11 unit 0"; + "deactivate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae11 went down so removed ge-0/0/11 from bundle"; + } + } + } + } + policy ae11up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae11$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/11 unit 0"; + "activate interfaces ge-0/0/11 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/11 to bundle"; + } + } + } + } + policy ae12down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae12$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/12 unit 0"; + "deactivate interfaces ge-0/0/12 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae12 went down so removed ge-0/0/12 from bundle"; + } + } + } + } + policy ae12up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae12$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/12 unit 0"; + "activate interfaces ge-0/0/12 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/12 to bundle"; + } + } + } + } + policy ae13down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae13$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/13 unit 0"; + "deactivate interfaces ge-0/0/13 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae13 went down so removed ge-0/0/13 from bundle"; + } + } + } + } + policy ae13up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae13$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/13 unit 0"; + "activate interfaces ge-0/0/13 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/13 to bundle"; + } + } + } + } + policy ae14down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae14$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/14 unit 0"; + "deactivate interfaces ge-0/0/14 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae14 went down so removed ge-0/0/14 from bundle"; + } + } + } + } + policy ae14up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae14$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/14 unit 0"; + "activate interfaces ge-0/0/14 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/14 to bundle"; + } + } + } + } + policy ae15down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae15$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/15 unit 0"; + "deactivate interfaces ge-0/0/15 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae15 went down so removed ge-0/0/15 from bundle"; + } + } + } + } + policy ae15up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae15$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/15 unit 0"; + "activate interfaces ge-0/0/15 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/15 to bundle"; + } + } + } + } + policy ae16down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae16$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/16 unit 0"; + "deactivate interfaces ge-0/0/16 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae16 went down so removed ge-0/0/16 from bundle"; + } + } + } + } + policy ae16up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae16$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/16 unit 0"; + "activate interfaces ge-0/0/16 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/16 to bundle"; + } + } + } + } + policy ae17down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae17$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/17 unit 0"; + "deactivate interfaces ge-0/0/17 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae17 went down so removed ge-0/0/17 from bundle"; + } + } + } + } + policy ae17up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae17$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/17 unit 0"; + "activate interfaces ge-0/0/17 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/17 to bundle"; + } + } + } + } +} +routing-options { + rib inet.0 { + static { + route 88.92.15.64/26 next-hop 88.92.82.1; + route 88.92.15.128/26 next-hop 88.92.82.3; + route 88.92.16.64/26 next-hop 88.92.82.5; + route 88.92.16.128/26 next-hop 88.92.82.7; + route 88.92.16.0/26 next-hop 88.92.82.3; + route 88.92.17.64/26 next-hop 88.92.82.9; + route 88.92.17.128/26 next-hop 88.92.82.11; + route 88.92.18.64/26 next-hop 88.92.82.13; + route 88.92.18.128/26 next-hop 88.92.82.15; + route 88.92.19.64/26 next-hop 88.92.82.17; + route 88.92.19.128/26 next-hop 88.92.82.19; + route 88.92.20.64/26 next-hop 88.92.82.21; + route 88.92.20.128/26 next-hop 88.92.82.23; + route 88.92.21.64/26 next-hop 88.92.82.25; + route 88.92.21.128/26 next-hop 88.92.82.27; + route 88.92.22.64/26 next-hop 88.92.82.29; + route 88.92.22.128/26 next-hop 88.92.82.31; + route 88.92.23.64/26 next-hop 88.92.82.33; + route 88.92.23.128/26 next-hop 88.92.82.35; + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + inactive: router-advertisement { + interface vlan.1413; + interface vlan.1414; + interface vlan.1433; + interface vlan.1434; + interface vlan.1453; + interface vlan.1454; + interface vlan.1473; + interface vlan.1474; + interface vlan.1493; + interface vlan.1494; + interface vlan.1513; + interface vlan.1514; + interface vlan.1533; + interface vlan.1534; + interface vlan.1553; + interface vlan.1554; + interface vlan.1573; + interface vlan.1574; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + interface irb.3000; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + sflow { + agent-id 185.110.148.105; + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 185.110.148.105; + collector ; + interfaces all-ports; + } + igmp-snooping { + vlan all; + } + rstp; + lldp { + management-address 185.110.148.105; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } + member 2 { + role line-card; + serial-number ; + } +} +ethernet-switching-options { + storm-control { + interface all; + } +} +vlans { + aps_mgmt { + vlan-id 777; + l3-interface vlan.777; + } + e41-3-static { + vlan-id 3000; + l3-interface vlan.3000; + } + e41-4-static { + vlan-id 3001; + l3-interface vlan.3001; + } + e43-3 { + vlan-id 1433; + l3-interface vlan.1433; + } + e43-3-static { + vlan-id 3002; + l3-interface vlan.3002; + } + e43-4-static { + vlan-id 3003; + l3-interface vlan.3003; + } + e45-3-static { + vlan-id 3004; + l3-interface vlan.3004; + } + e45-4-static { + vlan-id 3005; + l3-interface vlan.3005; + } + e47-3-static { + vlan-id 3006; + l3-interface vlan.3006; + } + e47-4-static { + vlan-id 3007; + l3-interface vlan.3007; + } + e49-3-static { + vlan-id 3008; + l3-interface vlan.3008; + } + e49-4-static { + vlan-id 3009; + l3-interface vlan.3009; + } + e51-3-static { + vlan-id 3010; + l3-interface vlan.3010; + } + e51-4-static { + vlan-id 3011; + l3-interface vlan.3011; + } + e53-3-static { + vlan-id 3012; + l3-interface vlan.3012; + } + e53-4-static { + vlan-id 3013; + l3-interface vlan.3013; + } + e55-3-static { + vlan-id 3014; + l3-interface vlan.3014; + } + e55-4-static { + vlan-id 3015; + l3-interface vlan.3015; + } + e57-3-static { + vlan-id 3016; + l3-interface vlan.3016; + } + e57-4-static { + vlan-id 3017; + l3-interface vlan.3017; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/distro5_after_l3_was_moved_to_edge.conf b/examples/tg16/netconf/distro5_after_l3_was_moved_to_edge.conf new file mode 100644 index 00000000..a34c9869 --- /dev/null +++ b/examples/tg16/netconf/distro5_after_l3_was_moved_to_edge.conf @@ -0,0 +1,1058 @@ +set groups SET_AE_DEFAULTS interfaces aggregated-ether-options lacp active +set groups SET_OSPF_DEFAULTS protocols ospf reference-bandwidth 1000g +set groups SET_OSPF_DEFAULTS protocols ospf3 reference-bandwidth 1000g +set groups SET_RA_DEFAULTS protocols router-advertisement interface max-advertisement-interval 15 +set groups SET_RA_DEFAULTS protocols router-advertisement interface managed-configuration +set system host-name distro5 +set system auto-snapshot +set system domain-name infra.gathering.org +set system time-zone Europe/Oslo +set system authentication-order tacplus +set system root-authentication encrypted-password "" +set system name-server 185.110.149.2 +set system name-server 185.110.148.2 +set system name-server 2a06:5841:149a::2 +set system name-server 2a06:5841:1337::2 +set system tacplus-server secret "" +set system tacplus-server source-address 185.110.148.105 +set system login user technet uid 2000 +set system login user technet class super-user +set system login user technet authentication encrypted-password "" +set system services ssh root-login deny +set system services ssh no-tcp-forwarding +set system services ssh client-alive-count-max 2 +set system services ssh client-alive-interval 300 +set system services ssh connection-limit 5 +set system services ssh rate-limit 5 +set system services netconf ssh connection-limit 3 +set system services netconf ssh rate-limit 3 +set system syslog user * any emergency +set system syslog host 185.110.148.17 any info +set system syslog host 185.110.148.17 authorization info +set system syslog host 185.110.148.17 port 515 +set system syslog file messages any notice +set system syslog file messages authorization info +set system syslog file interactive-commands interactive-commands any +set system archival configuration transfer-on-commit +set system archival configuration archive-sites "scp://@/home/tgconfig/configs/" password "" +set system commit synchronize +set system ntp server 2001:700:100:2::6 +set chassis aggregated-devices ethernet device-count 32 +set chassis alarm management-ethernet link-down ignore +set chassis auto-image-upgrade +set security ssh-known-hosts host ecdsa-sha2-nistp256-key +set interfaces apply-groups SET_AE_DEFAULTS +set interfaces interface-range aps member-range ge-0/0/36 to ge-0/0/47 +set interfaces interface-range aps member-range ge-1/0/36 to ge-1/0/47 +set interfaces interface-range aps member-range ge-2/0/36 to ge-2/0/47 +set interfaces interface-range aps description "Management/klientnett AP-er" +set interfaces interface-range aps unit 0 family ethernet-switching vlan members aps_mgmt +set interfaces xe-0/1/0 description "Uplink mot coregw" +set interfaces xe-0/1/0 ether-options 802.3ad ae31 +set interfaces xe-1/1/0 description "Uplink mot coregw" +set interfaces xe-1/1/0 ether-options 802.3ad ae31 +set interfaces ae31 description "Uplink mot coregw" +set interfaces ae31 unit 0 family inet address 185.110.148.163/31 +set interfaces ae31 unit 0 family inet6 +set interfaces vlan unit 666 description "mgmt til aksesswitcher/fapfapfap" +set interfaces vlan unit 666 family inet address 88.92.55.65/26 +set interfaces vlan unit 777 description "mgmt til AP-ene" +set interfaces vlan unit 777 family inet address 88.92.52.65/26 +set interfaces lo0 unit 0 family inet filter input protect-mgmt-v4 +set interfaces lo0 unit 0 family inet address 185.110.148.105/32 +set interfaces lo0 unit 0 family inet6 filter input protect-mgmt-v6 +set interfaces lo0 unit 0 family inet6 address 2a06:5841:148b::105/128 +set snmp community authorization read-only +set snmp community client-list-name mgmt +set snmp community authorization read-only +set snmp community client-list-name mgmt-nms +set forwarding-options dhcp-relay dhcpv6 group edge-switches active-server-group v6-edge-switches +set forwarding-options dhcp-relay dhcpv6 group edge-switches overrides +set forwarding-options dhcp-relay dhcpv6 server-group v6-edge-switches 2a06:5841:149a::2 +set forwarding-options dhcp-relay server-group v4-edge-switches 185.110.149.2 +set forwarding-options dhcp-relay server-group v4-edge-switches 185.110.148.2 +set forwarding-options dhcp-relay server-group fapfapfap-group 185.110.148.22 +set forwarding-options dhcp-relay group edge-switches active-server-group v4-edge-switches +set forwarding-options dhcp-relay group edge-switches overrides trust-option-82 +set forwarding-options dhcp-relay group edge-switches interface vlan.777 +set forwarding-options dhcp-relay group fapfapfap active-server-group fapfapfap-group +set forwarding-options dhcp-relay group fapfapfap relay-option-82 circuit-id prefix host-name +set forwarding-options dhcp-relay group fapfapfap relay-option-82 circuit-id include-irb-and-l2 +set forwarding-options dhcp-relay group fapfapfap interface vlan.666 +set protocols apply-groups SET_OSPF_DEFAULTS +set protocols apply-groups SET_RA_DEFAULTS +set protocols mld +set protocols ospf export static-to-ospf +set protocols ospf export direct-to-ospf +set protocols ospf area 0.0.0.0 interface ae31 +set protocols ospf3 export static-to-ospf +set protocols ospf3 export direct-to-ospf +set protocols ospf3 area 0.0.0.0 interface ae31 +set protocols pim rp static address 2a06:5841:148b::67 +set protocols pim rp static address 185.110.148.67 +set protocols igmp-snooping vlan all +set protocols rstp +set protocols lldp management-address 185.110.148.105 +set protocols lldp interface all +set protocols lldp-med interface all +set policy-options prefix-list mgmt-v4 31.220.7.113/32 +set policy-options prefix-list mgmt-v4 64.28.6.166/32 +set policy-options prefix-list mgmt-v4 80.91.36.76/32 +set policy-options prefix-list mgmt-v4 84.208.175.47/32 +set policy-options prefix-list mgmt-v4 134.90.150.160/27 +set policy-options prefix-list mgmt-v4 176.58.99.158/32 +set policy-options prefix-list mgmt-v4 185.110.148.0/22 +set policy-options prefix-list mgmt-v6 2a00:1a28:1157:6::73ed/128 +set policy-options prefix-list mgmt-v6 2a01:9900:0:f003::76/128 +set policy-options prefix-list mgmt-v6 2a02:20c8:1930::/64 +set policy-options prefix-list mgmt-v6 2a06:5841::/32 +set policy-options prefix-list mgmt 31.220.7.113/32 +set policy-options prefix-list mgmt 64.28.6.166/32 +set policy-options prefix-list mgmt 80.91.36.76/32 +set policy-options prefix-list mgmt 84.208.175.47/32 +set policy-options prefix-list mgmt 85.165.87.5/32 +set policy-options prefix-list mgmt 134.90.150.160/27 +set policy-options prefix-list mgmt 185.110.148.0/22 +set policy-options prefix-list mgmt 2a00:1a28:1157:6::73ed/128 +set policy-options prefix-list mgmt 2a01:9900:0:f003::76/128 +set policy-options prefix-list mgmt 2a02:20c8:1930::/64 +set policy-options prefix-list mgmt 2a06:5841::/32 +set policy-options prefix-list mgmt-v4-nms 185.110.148.11/32 +set policy-options prefix-list mgmt-v4-nms 185.110.148.12/32 +set policy-options prefix-list mgmt-v6-nms 2a06:5841:1337::11/128 +set policy-options prefix-list mgmt-v6-nms 2a06:5841:1337::12/128 +set policy-options prefix-list mgmt-nms 185.110.148.11/32 +set policy-options prefix-list mgmt-nms 185.110.148.12/32 +set policy-options prefix-list mgmt-nms 185.110.150.10/32 +set policy-options prefix-list mgmt-nms 2a06:5841:1337::11/128 +set policy-options prefix-list mgmt-nms 2a06:5841:1337::12/128 +set policy-options prefix-list icmp_unthrottled-v4 185.110.148.0/22 +set policy-options prefix-list icmp_unthrottled-v4 193.212.22.0/30 +set policy-options prefix-list icmp_unthrottled-v6 2001:4600:9:300::290/126 +set policy-options prefix-list icmp_unthrottled-v6 2a06:5841::/32 +set policy-options policy-statement direct-to-ospf from protocol direct +set policy-options policy-statement direct-to-ospf then external type 1 +set policy-options policy-statement direct-to-ospf then accept +set policy-options policy-statement static-to-ospf from protocol static +set policy-options policy-statement static-to-ospf then external type 1 +set policy-options policy-statement static-to-ospf then accept +set firewall family inet filter protect-mgmt-v4 term accept-ssh from source-prefix-list mgmt-v4 +set firewall family inet filter protect-mgmt-v4 term accept-ssh from destination-port 22 +set firewall family inet filter protect-mgmt-v4 term accept-ssh then accept +set firewall family inet filter protect-mgmt-v4 term discard-ssh from destination-port 22 +set firewall family inet filter protect-mgmt-v4 term discard-ssh then discard +set firewall family inet filter protect-mgmt-v4 term snmp-nms from source-prefix-list mgmt-v4-nms +set firewall family inet filter protect-mgmt-v4 term snmp-nms from destination-port snmp +set firewall family inet filter protect-mgmt-v4 term snmp-nms then accept +set firewall family inet filter protect-mgmt-v4 term snmp-throttle from source-prefix-list mgmt-v4 +set firewall family inet filter protect-mgmt-v4 term snmp-throttle from destination-port snmp +set firewall family inet filter protect-mgmt-v4 term snmp-throttle then accept +set firewall family inet filter protect-mgmt-v4 term icmp-trusted from source-prefix-list icmp_unthrottled-v4 +set firewall family inet filter protect-mgmt-v4 term icmp-trusted from protocol icmp +set firewall family inet filter protect-mgmt-v4 term icmp-trusted then accept +set firewall family inet filter protect-mgmt-v4 term icmp-throttled from protocol icmp +set firewall family inet filter protect-mgmt-v4 term icmp-throttled then accept +set firewall family inet filter protect-mgmt-v4 term accept-all then accept +set firewall family inet6 filter protect-mgmt-v6 term accept-ssh from source-prefix-list mgmt-v6 +set firewall family inet6 filter protect-mgmt-v6 term accept-ssh from destination-port 22 +set firewall family inet6 filter protect-mgmt-v6 term accept-ssh then accept +set firewall family inet6 filter protect-mgmt-v6 term discard-ssh from destination-port 22 +set firewall family inet6 filter protect-mgmt-v6 term discard-ssh then discard +set firewall family inet6 filter protect-mgmt-v6 term snmp-nms from source-prefix-list mgmt-v6-nms +set firewall family inet6 filter protect-mgmt-v6 term snmp-nms from destination-port snmp +set firewall family inet6 filter protect-mgmt-v6 term snmp-nms then accept +set firewall family inet6 filter protect-mgmt-v6 term snmp-throttle from source-prefix-list mgmt-v6 +set firewall family inet6 filter protect-mgmt-v6 term snmp-throttle from destination-port snmp +set firewall family inet6 filter protect-mgmt-v6 term snmp-throttle then accept +set firewall family inet6 filter protect-mgmt-v6 term icmp-trusted from source-prefix-list icmp_unthrottled-v6 +set firewall family inet6 filter protect-mgmt-v6 term icmp-trusted from next-header icmp6 +set firewall family inet6 filter protect-mgmt-v6 term icmp-trusted then accept +set firewall family inet6 filter protect-mgmt-v6 term icmp-throttled from next-header icmp6 +set firewall family inet6 filter protect-mgmt-v6 term icmp-throttled then accept +set firewall family inet6 filter protect-mgmt-v6 term accept-all then accept +set ethernet-switching-options storm-control interface all +set poe interface all +set vlans mgmt vlan-id 666 +set vlans mgmt l3-interface vlan.666 +set vlans aps_mgmt vlan-id 777 +set vlans aps_mgmt l3-interface vlan.777 +set interfaces ge-0/0/0 description "e41-3 access / ae0" +set interfaces ge-0/0/0 ether-options 802.3ad ae0 +set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/0 ether-options +set interfaces ge-1/0/0 description "e41-3 ae0" +set interfaces ge-1/0/0 ether-options 802.3ad ae0 +set interfaces ge-2/0/0 description "e41-3 ae0" +set interfaces ge-2/0/0 ether-options 802.3ad ae0 +set interfaces ae0 description "e41-3 ae0" +set interfaces ae0 unit 0 family ethernet-switching port-mode trunk +set interfaces ae0 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae0 unit 0 family ethernet-switching vlan members e41-3 +set interfaces vlan unit 1413 family inet address 88.92.15.65/26 +set interfaces vlan unit 1413 family inet6 address 2a06:5840:15b::1/64 +set event-options policy ae0down events snmp_trap_link_down +set event-options policy ae0down attributes-match snmp_trap_link_down.interface-name matches "ae0$" +set event-options policy ae0down then change-configuration retry count 10 +set event-options policy ae0down then change-configuration retry interval 10 +set event-options policy ae0down then change-configuration commands "activate interfaces ge-0/0/0 unit 0" +set event-options policy ae0down then change-configuration commands "deactivate interfaces ge-0/0/0 ether-options" +set event-options policy ae0down then change-configuration user-name technet +set event-options policy ae0down then change-configuration commit-options log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle" +set event-options policy ae0up events snmp_trap_link_up +set event-options policy ae0up attributes-match snmp_trap_link_up.interface-name matches "ae0$" +set event-options policy ae0up then change-configuration retry count 10 +set event-options policy ae0up then change-configuration retry interval 10 +set event-options policy ae0up then change-configuration commands "deactivate interfaces ge-0/0/0 unit 0" +set event-options policy ae0up then change-configuration commands "activate interfaces ge-0/0/0 ether-options" +set event-options policy ae0up then change-configuration user-name technet +set event-options policy ae0up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle" +set vlans e41-3 vlan-id 1413 +set vlans e41-3 l3-interface vlan.1413 +set protocols router-advertisement interface vlan.1413 +set forwarding-options dhcp-relay group edge-switches interface vlan.1413 + + +set interfaces ge-0/0/1 description "e41-4 access / ae1" +set interfaces ge-0/0/1 ether-options 802.3ad ae1 +set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/1 ether-options +set interfaces ge-1/0/1 description "e41-4 ae1" +set interfaces ge-1/0/1 ether-options 802.3ad ae1 +set interfaces ge-2/0/1 description "e41-4 ae1" +set interfaces ge-2/0/1 ether-options 802.3ad ae1 +set interfaces ae1 description "e41-4 ae1" +set interfaces ae1 unit 0 family ethernet-switching port-mode trunk +set interfaces ae1 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae1 unit 0 family ethernet-switching vlan members e41-4 +set interfaces vlan unit 1414 family inet address 88.92.15.129/26 +set interfaces vlan unit 1414 family inet6 address 2a06:5840:15c::1/64 +set event-options policy ae1down events snmp_trap_link_down +set event-options policy ae1down attributes-match snmp_trap_link_down.interface-name matches "ae1$" +set event-options policy ae1down then change-configuration retry count 10 +set event-options policy ae1down then change-configuration retry interval 10 +set event-options policy ae1down then change-configuration commands "activate interfaces ge-0/0/1 unit 0" +set event-options policy ae1down then change-configuration commands "deactivate interfaces ge-0/0/1 ether-options" +set event-options policy ae1down then change-configuration user-name technet +set event-options policy ae1down then change-configuration commit-options log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle" +set event-options policy ae1up events snmp_trap_link_up +set event-options policy ae1up attributes-match snmp_trap_link_up.interface-name matches "ae1$" +set event-options policy ae1up then change-configuration retry count 10 +set event-options policy ae1up then change-configuration retry interval 10 +set event-options policy ae1up then change-configuration commands "deactivate interfaces ge-0/0/1 unit 0" +set event-options policy ae1up then change-configuration commands "activate interfaces ge-0/0/1 ether-options" +set event-options policy ae1up then change-configuration user-name technet +set event-options policy ae1up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle" +set vlans e41-4 vlan-id 1414 +set vlans e41-4 l3-interface vlan.1414 +set protocols router-advertisement interface vlan.1414 +set forwarding-options dhcp-relay group edge-switches interface vlan.1414 + + +set interfaces ge-0/0/2 description "e43-3 access / ae2" +set interfaces ge-0/0/2 ether-options 802.3ad ae2 +set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/2 ether-options +set interfaces ge-1/0/2 description "e43-3 ae2" +set interfaces ge-1/0/2 ether-options 802.3ad ae2 +set interfaces ge-2/0/2 description "e43-3 ae2" +set interfaces ge-2/0/2 ether-options 802.3ad ae2 +set interfaces ae2 description "e43-3 ae2" +set interfaces ae2 unit 0 family ethernet-switching port-mode trunk +set interfaces ae2 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae2 unit 0 family ethernet-switching vlan members e43-3 +set interfaces vlan unit 1433 family inet address 88.92.16.65/26 +set interfaces vlan unit 1433 family inet6 address 2a06:5840:16b::1/64 +set event-options policy ae2down events snmp_trap_link_down +set event-options policy ae2down attributes-match snmp_trap_link_down.interface-name matches "ae2$" +set event-options policy ae2down then change-configuration retry count 10 +set event-options policy ae2down then change-configuration retry interval 10 +set event-options policy ae2down then change-configuration commands "activate interfaces ge-0/0/2 unit 0" +set event-options policy ae2down then change-configuration commands "deactivate interfaces ge-0/0/2 ether-options" +set event-options policy ae2down then change-configuration user-name technet +set event-options policy ae2down then change-configuration commit-options log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle" +set event-options policy ae2up events snmp_trap_link_up +set event-options policy ae2up attributes-match snmp_trap_link_up.interface-name matches "ae2$" +set event-options policy ae2up then change-configuration retry count 10 +set event-options policy ae2up then change-configuration retry interval 10 +set event-options policy ae2up then change-configuration commands "deactivate interfaces ge-0/0/2 unit 0" +set event-options policy ae2up then change-configuration commands "activate interfaces ge-0/0/2 ether-options" +set event-options policy ae2up then change-configuration user-name technet +set event-options policy ae2up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle" +set vlans e43-3 vlan-id 1433 +set vlans e43-3 l3-interface vlan.1433 +set protocols router-advertisement interface vlan.1433 +set forwarding-options dhcp-relay group edge-switches interface vlan.1433 + + +set interfaces ge-0/0/3 description "e43-4 access / ae3" +set interfaces ge-0/0/3 ether-options 802.3ad ae3 +set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/3 ether-options +set interfaces ge-1/0/3 description "e43-4 ae3" +set interfaces ge-1/0/3 ether-options 802.3ad ae3 +set interfaces ge-2/0/3 description "e43-4 ae3" +set interfaces ge-2/0/3 ether-options 802.3ad ae3 +set interfaces ae3 description "e43-4 ae3" +set interfaces ae3 unit 0 family ethernet-switching port-mode trunk +set interfaces ae3 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae3 unit 0 family ethernet-switching vlan members e43-4 +set interfaces vlan unit 1434 family inet address 88.92.16.129/26 +set interfaces vlan unit 1434 family inet6 address 2a06:5840:16c::1/64 +set event-options policy ae3down events snmp_trap_link_down +set event-options policy ae3down attributes-match snmp_trap_link_down.interface-name matches "ae3$" +set event-options policy ae3down then change-configuration retry count 10 +set event-options policy ae3down then change-configuration retry interval 10 +set event-options policy ae3down then change-configuration commands "activate interfaces ge-0/0/3 unit 0" +set event-options policy ae3down then change-configuration commands "deactivate interfaces ge-0/0/3 ether-options" +set event-options policy ae3down then change-configuration user-name technet +set event-options policy ae3down then change-configuration commit-options log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle" +set event-options policy ae3up events snmp_trap_link_up +set event-options policy ae3up attributes-match snmp_trap_link_up.interface-name matches "ae3$" +set event-options policy ae3up then change-configuration retry count 10 +set event-options policy ae3up then change-configuration retry interval 10 +set event-options policy ae3up then change-configuration commands "deactivate interfaces ge-0/0/3 unit 0" +set event-options policy ae3up then change-configuration commands "activate interfaces ge-0/0/3 ether-options" +set event-options policy ae3up then change-configuration user-name technet +set event-options policy ae3up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle" +set vlans e43-4 vlan-id 1434 +set vlans e43-4 l3-interface vlan.1434 +set protocols router-advertisement interface vlan.1434 +set forwarding-options dhcp-relay group edge-switches interface vlan.1434 + + +set interfaces ge-0/0/4 description "e45-3 access / ae4" +set interfaces ge-0/0/4 ether-options 802.3ad ae4 +set interfaces ge-0/0/4 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/4 ether-options +set interfaces ge-1/0/4 description "e45-3 ae4" +set interfaces ge-1/0/4 ether-options 802.3ad ae4 +set interfaces ge-2/0/4 description "e45-3 ae4" +set interfaces ge-2/0/4 ether-options 802.3ad ae4 +set interfaces ae4 description "e45-3 ae4" +set interfaces ae4 unit 0 family ethernet-switching port-mode trunk +set interfaces ae4 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae4 unit 0 family ethernet-switching vlan members e45-3 +set interfaces vlan unit 1453 family inet address 88.92.17.65/26 +set interfaces vlan unit 1453 family inet6 address 2a06:5840:17b::1/64 +set event-options policy ae4down events snmp_trap_link_down +set event-options policy ae4down attributes-match snmp_trap_link_down.interface-name matches "ae4$" +set event-options policy ae4down then change-configuration retry count 10 +set event-options policy ae4down then change-configuration retry interval 10 +set event-options policy ae4down then change-configuration commands "activate interfaces ge-0/0/4 unit 0" +set event-options policy ae4down then change-configuration commands "deactivate interfaces ge-0/0/4 ether-options" +set event-options policy ae4down then change-configuration user-name technet +set event-options policy ae4down then change-configuration commit-options log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle" +set event-options policy ae4up events snmp_trap_link_up +set event-options policy ae4up attributes-match snmp_trap_link_up.interface-name matches "ae4$" +set event-options policy ae4up then change-configuration retry count 10 +set event-options policy ae4up then change-configuration retry interval 10 +set event-options policy ae4up then change-configuration commands "deactivate interfaces ge-0/0/4 unit 0" +set event-options policy ae4up then change-configuration commands "activate interfaces ge-0/0/4 ether-options" +set event-options policy ae4up then change-configuration user-name technet +set event-options policy ae4up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle" +set vlans e45-3 vlan-id 1453 +set vlans e45-3 l3-interface vlan.1453 +set protocols router-advertisement interface vlan.1453 +set forwarding-options dhcp-relay group edge-switches interface vlan.1453 + + +set interfaces ge-0/0/5 description "e45-4 access / ae5" +set interfaces ge-0/0/5 ether-options 802.3ad ae5 +set interfaces ge-0/0/5 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/5 ether-options +set interfaces ge-1/0/5 description "e45-4 ae5" +set interfaces ge-1/0/5 ether-options 802.3ad ae5 +set interfaces ge-2/0/5 description "e45-4 ae5" +set interfaces ge-2/0/5 ether-options 802.3ad ae5 +set interfaces ae5 description "e45-4 ae5" +set interfaces ae5 unit 0 family ethernet-switching port-mode trunk +set interfaces ae5 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae5 unit 0 family ethernet-switching vlan members e45-4 +set interfaces vlan unit 1454 family inet address 88.92.17.129/26 +set interfaces vlan unit 1454 family inet6 address 2a06:5840:17c::1/64 +set event-options policy ae5down events snmp_trap_link_down +set event-options policy ae5down attributes-match snmp_trap_link_down.interface-name matches "ae5$" +set event-options policy ae5down then change-configuration retry count 10 +set event-options policy ae5down then change-configuration retry interval 10 +set event-options policy ae5down then change-configuration commands "activate interfaces ge-0/0/5 unit 0" +set event-options policy ae5down then change-configuration commands "deactivate interfaces ge-0/0/5 ether-options" +set event-options policy ae5down then change-configuration user-name technet +set event-options policy ae5down then change-configuration commit-options log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle" +set event-options policy ae5up events snmp_trap_link_up +set event-options policy ae5up attributes-match snmp_trap_link_up.interface-name matches "ae5$" +set event-options policy ae5up then change-configuration retry count 10 +set event-options policy ae5up then change-configuration retry interval 10 +set event-options policy ae5up then change-configuration commands "deactivate interfaces ge-0/0/5 unit 0" +set event-options policy ae5up then change-configuration commands "activate interfaces ge-0/0/5 ether-options" +set event-options policy ae5up then change-configuration user-name technet +set event-options policy ae5up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle" +set vlans e45-4 vlan-id 1454 +set vlans e45-4 l3-interface vlan.1454 +set protocols router-advertisement interface vlan.1454 +set forwarding-options dhcp-relay group edge-switches interface vlan.1454 + + +set interfaces ge-0/0/6 description "e47-3 access / ae6" +set interfaces ge-0/0/6 ether-options 802.3ad ae6 +set interfaces ge-0/0/6 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/6 ether-options +set interfaces ge-1/0/6 description "e47-3 ae6" +set interfaces ge-1/0/6 ether-options 802.3ad ae6 +set interfaces ge-2/0/6 description "e47-3 ae6" +set interfaces ge-2/0/6 ether-options 802.3ad ae6 +set interfaces ae6 description "e47-3 ae6" +set interfaces ae6 unit 0 family ethernet-switching port-mode trunk +set interfaces ae6 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae6 unit 0 family ethernet-switching vlan members e47-3 +set interfaces vlan unit 1473 family inet address 88.92.18.65/26 +set interfaces vlan unit 1473 family inet6 address 2a06:5840:18b::1/64 +set event-options policy ae6down events snmp_trap_link_down +set event-options policy ae6down attributes-match snmp_trap_link_down.interface-name matches "ae6$" +set event-options policy ae6down then change-configuration retry count 10 +set event-options policy ae6down then change-configuration retry interval 10 +set event-options policy ae6down then change-configuration commands "activate interfaces ge-0/0/6 unit 0" +set event-options policy ae6down then change-configuration commands "deactivate interfaces ge-0/0/6 ether-options" +set event-options policy ae6down then change-configuration user-name technet +set event-options policy ae6down then change-configuration commit-options log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle" +set event-options policy ae6up events snmp_trap_link_up +set event-options policy ae6up attributes-match snmp_trap_link_up.interface-name matches "ae6$" +set event-options policy ae6up then change-configuration retry count 10 +set event-options policy ae6up then change-configuration retry interval 10 +set event-options policy ae6up then change-configuration commands "deactivate interfaces ge-0/0/6 unit 0" +set event-options policy ae6up then change-configuration commands "activate interfaces ge-0/0/6 ether-options" +set event-options policy ae6up then change-configuration user-name technet +set event-options policy ae6up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle" +set vlans e47-3 vlan-id 1473 +set vlans e47-3 l3-interface vlan.1473 +set protocols router-advertisement interface vlan.1473 +set forwarding-options dhcp-relay group edge-switches interface vlan.1473 + + +set interfaces ge-0/0/7 description "e47-4 access / ae7" +set interfaces ge-0/0/7 ether-options 802.3ad ae7 +set interfaces ge-0/0/7 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/7 ether-options +set interfaces ge-1/0/7 description "e47-4 ae7" +set interfaces ge-1/0/7 ether-options 802.3ad ae7 +set interfaces ge-2/0/7 description "e47-4 ae7" +set interfaces ge-2/0/7 ether-options 802.3ad ae7 +set interfaces ae7 description "e47-4 ae7" +set interfaces ae7 unit 0 family ethernet-switching port-mode trunk +set interfaces ae7 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae7 unit 0 family ethernet-switching vlan members e47-4 +set interfaces vlan unit 1474 family inet address 88.92.18.129/26 +set interfaces vlan unit 1474 family inet6 address 2a06:5840:18c::1/64 +set event-options policy ae7down events snmp_trap_link_down +set event-options policy ae7down attributes-match snmp_trap_link_down.interface-name matches "ae7$" +set event-options policy ae7down then change-configuration retry count 10 +set event-options policy ae7down then change-configuration retry interval 10 +set event-options policy ae7down then change-configuration commands "activate interfaces ge-0/0/7 unit 0" +set event-options policy ae7down then change-configuration commands "deactivate interfaces ge-0/0/7 ether-options" +set event-options policy ae7down then change-configuration user-name technet +set event-options policy ae7down then change-configuration commit-options log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle" +set event-options policy ae7up events snmp_trap_link_up +set event-options policy ae7up attributes-match snmp_trap_link_up.interface-name matches "ae7$" +set event-options policy ae7up then change-configuration retry count 10 +set event-options policy ae7up then change-configuration retry interval 10 +set event-options policy ae7up then change-configuration commands "deactivate interfaces ge-0/0/7 unit 0" +set event-options policy ae7up then change-configuration commands "activate interfaces ge-0/0/7 ether-options" +set event-options policy ae7up then change-configuration user-name technet +set event-options policy ae7up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle" +set vlans e47-4 vlan-id 1474 +set vlans e47-4 l3-interface vlan.1474 +set protocols router-advertisement interface vlan.1474 +set forwarding-options dhcp-relay group edge-switches interface vlan.1474 + + +set interfaces ge-0/0/8 description "e49-3 access / ae8" +set interfaces ge-0/0/8 ether-options 802.3ad ae8 +set interfaces ge-0/0/8 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/8 ether-options +set interfaces ge-1/0/8 description "e49-3 ae8" +set interfaces ge-1/0/8 ether-options 802.3ad ae8 +set interfaces ge-2/0/8 description "e49-3 ae8" +set interfaces ge-2/0/8 ether-options 802.3ad ae8 +set interfaces ae8 description "e49-3 ae8" +set interfaces ae8 unit 0 family ethernet-switching port-mode trunk +set interfaces ae8 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae8 unit 0 family ethernet-switching vlan members e49-3 +set interfaces vlan unit 1493 family inet address 88.92.19.65/26 +set interfaces vlan unit 1493 family inet6 address 2a06:5840:19b::1/64 +set event-options policy ae8down events snmp_trap_link_down +set event-options policy ae8down attributes-match snmp_trap_link_down.interface-name matches "ae8$" +set event-options policy ae8down then change-configuration retry count 10 +set event-options policy ae8down then change-configuration retry interval 10 +set event-options policy ae8down then change-configuration commands "activate interfaces ge-0/0/8 unit 0" +set event-options policy ae8down then change-configuration commands "deactivate interfaces ge-0/0/8 ether-options" +set event-options policy ae8down then change-configuration user-name technet +set event-options policy ae8down then change-configuration commit-options log "Autoconfig-script: ae8 went down so removed ge-0/0/8 from bundle" +set event-options policy ae8up events snmp_trap_link_up +set event-options policy ae8up attributes-match snmp_trap_link_up.interface-name matches "ae8$" +set event-options policy ae8up then change-configuration retry count 10 +set event-options policy ae8up then change-configuration retry interval 10 +set event-options policy ae8up then change-configuration commands "deactivate interfaces ge-0/0/8 unit 0" +set event-options policy ae8up then change-configuration commands "activate interfaces ge-0/0/8 ether-options" +set event-options policy ae8up then change-configuration user-name technet +set event-options policy ae8up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/8 to bundle" +set vlans e49-3 vlan-id 1493 +set vlans e49-3 l3-interface vlan.1493 +set protocols router-advertisement interface vlan.1493 +set forwarding-options dhcp-relay group edge-switches interface vlan.1493 + + +set interfaces ge-0/0/9 description "e49-4 access / ae9" +set interfaces ge-0/0/9 ether-options 802.3ad ae9 +set interfaces ge-0/0/9 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/9 ether-options +set interfaces ge-1/0/9 description "e49-4 ae9" +set interfaces ge-1/0/9 ether-options 802.3ad ae9 +set interfaces ge-2/0/9 description "e49-4 ae9" +set interfaces ge-2/0/9 ether-options 802.3ad ae9 +set interfaces ae9 description "e49-4 ae9" +set interfaces ae9 unit 0 family ethernet-switching port-mode trunk +set interfaces ae9 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae9 unit 0 family ethernet-switching vlan members e49-4 +set interfaces vlan unit 1494 family inet address 88.92.19.129/26 +set interfaces vlan unit 1494 family inet6 address 2a06:5840:19c::1/64 +set event-options policy ae9down events snmp_trap_link_down +set event-options policy ae9down attributes-match snmp_trap_link_down.interface-name matches "ae9$" +set event-options policy ae9down then change-configuration retry count 10 +set event-options policy ae9down then change-configuration retry interval 10 +set event-options policy ae9down then change-configuration commands "activate interfaces ge-0/0/9 unit 0" +set event-options policy ae9down then change-configuration commands "deactivate interfaces ge-0/0/9 ether-options" +set event-options policy ae9down then change-configuration user-name technet +set event-options policy ae9down then change-configuration commit-options log "Autoconfig-script: ae9 went down so removed ge-0/0/9 from bundle" +set event-options policy ae9up events snmp_trap_link_up +set event-options policy ae9up attributes-match snmp_trap_link_up.interface-name matches "ae9$" +set event-options policy ae9up then change-configuration retry count 10 +set event-options policy ae9up then change-configuration retry interval 10 +set event-options policy ae9up then change-configuration commands "deactivate interfaces ge-0/0/9 unit 0" +set event-options policy ae9up then change-configuration commands "activate interfaces ge-0/0/9 ether-options" +set event-options policy ae9up then change-configuration user-name technet +set event-options policy ae9up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/9 to bundle" +set vlans e49-4 vlan-id 1494 +set vlans e49-4 l3-interface vlan.1494 +set protocols router-advertisement interface vlan.1494 +set forwarding-options dhcp-relay group edge-switches interface vlan.1494 + + +set interfaces ge-0/0/10 description "e51-3 access / ae10" +set interfaces ge-0/0/10 ether-options 802.3ad ae10 +set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/10 ether-options +set interfaces ge-1/0/10 description "e51-3 ae10" +set interfaces ge-1/0/10 ether-options 802.3ad ae10 +set interfaces ge-2/0/10 description "e51-3 ae10" +set interfaces ge-2/0/10 ether-options 802.3ad ae10 +set interfaces ae10 description "e51-3 ae10" +set interfaces ae10 unit 0 family ethernet-switching port-mode trunk +set interfaces ae10 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae10 unit 0 family ethernet-switching vlan members e51-3 +set interfaces vlan unit 1513 family inet address 88.92.20.65/26 +set interfaces vlan unit 1513 family inet6 address 2a06:5840:20b::1/64 +set event-options policy ae10down events snmp_trap_link_down +set event-options policy ae10down attributes-match snmp_trap_link_down.interface-name matches "ae10$" +set event-options policy ae10down then change-configuration retry count 10 +set event-options policy ae10down then change-configuration retry interval 10 +set event-options policy ae10down then change-configuration commands "activate interfaces ge-0/0/10 unit 0" +set event-options policy ae10down then change-configuration commands "deactivate interfaces ge-0/0/10 ether-options" +set event-options policy ae10down then change-configuration user-name technet +set event-options policy ae10down then change-configuration commit-options log "Autoconfig-script: ae10 went down so removed ge-0/0/10 from bundle" +set event-options policy ae10up events snmp_trap_link_up +set event-options policy ae10up attributes-match snmp_trap_link_up.interface-name matches "ae10$" +set event-options policy ae10up then change-configuration retry count 10 +set event-options policy ae10up then change-configuration retry interval 10 +set event-options policy ae10up then change-configuration commands "deactivate interfaces ge-0/0/10 unit 0" +set event-options policy ae10up then change-configuration commands "activate interfaces ge-0/0/10 ether-options" +set event-options policy ae10up then change-configuration user-name technet +set event-options policy ae10up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/10 to bundle" +set vlans e51-3 vlan-id 1513 +set vlans e51-3 l3-interface vlan.1513 +set protocols router-advertisement interface vlan.1513 +set forwarding-options dhcp-relay group edge-switches interface vlan.1513 + + +set interfaces ge-0/0/11 description "e51-4 access / ae11" +set interfaces ge-0/0/11 ether-options 802.3ad ae11 +set interfaces ge-0/0/11 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/11 ether-options +set interfaces ge-1/0/11 description "e51-4 ae11" +set interfaces ge-1/0/11 ether-options 802.3ad ae11 +set interfaces ge-2/0/11 description "e51-4 ae11" +set interfaces ge-2/0/11 ether-options 802.3ad ae11 +set interfaces ae11 description "e51-4 ae11" +set interfaces ae11 unit 0 family ethernet-switching port-mode trunk +set interfaces ae11 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae11 unit 0 family ethernet-switching vlan members e51-4 +set interfaces vlan unit 1514 family inet address 88.92.20.129/26 +set interfaces vlan unit 1514 family inet6 address 2a06:5840:20c::1/64 +set event-options policy ae11down events snmp_trap_link_down +set event-options policy ae11down attributes-match snmp_trap_link_down.interface-name matches "ae11$" +set event-options policy ae11down then change-configuration retry count 10 +set event-options policy ae11down then change-configuration retry interval 10 +set event-options policy ae11down then change-configuration commands "activate interfaces ge-0/0/11 unit 0" +set event-options policy ae11down then change-configuration commands "deactivate interfaces ge-0/0/11 ether-options" +set event-options policy ae11down then change-configuration user-name technet +set event-options policy ae11down then change-configuration commit-options log "Autoconfig-script: ae11 went down so removed ge-0/0/11 from bundle" +set event-options policy ae11up events snmp_trap_link_up +set event-options policy ae11up attributes-match snmp_trap_link_up.interface-name matches "ae11$" +set event-options policy ae11up then change-configuration retry count 10 +set event-options policy ae11up then change-configuration retry interval 10 +set event-options policy ae11up then change-configuration commands "deactivate interfaces ge-0/0/11 unit 0" +set event-options policy ae11up then change-configuration commands "activate interfaces ge-0/0/11 ether-options" +set event-options policy ae11up then change-configuration user-name technet +set event-options policy ae11up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/11 to bundle" +set vlans e51-4 vlan-id 1514 +set vlans e51-4 l3-interface vlan.1514 +set protocols router-advertisement interface vlan.1514 +set forwarding-options dhcp-relay group edge-switches interface vlan.1514 + + +set interfaces ge-0/0/12 description "e53-3 access / ae12" +set interfaces ge-0/0/12 ether-options 802.3ad ae12 +set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/12 ether-options +set interfaces ge-1/0/12 description "e53-3 ae12" +set interfaces ge-1/0/12 ether-options 802.3ad ae12 +set interfaces ge-2/0/12 description "e53-3 ae12" +set interfaces ge-2/0/12 ether-options 802.3ad ae12 +set interfaces ae12 description "e53-3 ae12" +set interfaces ae12 unit 0 family ethernet-switching port-mode trunk +set interfaces ae12 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae12 unit 0 family ethernet-switching vlan members e53-3 +set interfaces vlan unit 1533 family inet address 88.92.21.65/26 +set interfaces vlan unit 1533 family inet6 address 2a06:5840:21b::1/64 +set event-options policy ae12down events snmp_trap_link_down +set event-options policy ae12down attributes-match snmp_trap_link_down.interface-name matches "ae12$" +set event-options policy ae12down then change-configuration retry count 10 +set event-options policy ae12down then change-configuration retry interval 10 +set event-options policy ae12down then change-configuration commands "activate interfaces ge-0/0/12 unit 0" +set event-options policy ae12down then change-configuration commands "deactivate interfaces ge-0/0/12 ether-options" +set event-options policy ae12down then change-configuration user-name technet +set event-options policy ae12down then change-configuration commit-options log "Autoconfig-script: ae12 went down so removed ge-0/0/12 from bundle" +set event-options policy ae12up events snmp_trap_link_up +set event-options policy ae12up attributes-match snmp_trap_link_up.interface-name matches "ae12$" +set event-options policy ae12up then change-configuration retry count 10 +set event-options policy ae12up then change-configuration retry interval 10 +set event-options policy ae12up then change-configuration commands "deactivate interfaces ge-0/0/12 unit 0" +set event-options policy ae12up then change-configuration commands "activate interfaces ge-0/0/12 ether-options" +set event-options policy ae12up then change-configuration user-name technet +set event-options policy ae12up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/12 to bundle" +set vlans e53-3 vlan-id 1533 +set vlans e53-3 l3-interface vlan.1533 +set protocols router-advertisement interface vlan.1533 +set forwarding-options dhcp-relay group edge-switches interface vlan.1533 + + +set interfaces ge-0/0/13 description "e53-4 access / ae13" +set interfaces ge-0/0/13 ether-options 802.3ad ae13 +set interfaces ge-0/0/13 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/13 ether-options +set interfaces ge-1/0/13 description "e53-4 ae13" +set interfaces ge-1/0/13 ether-options 802.3ad ae13 +set interfaces ge-2/0/13 description "e53-4 ae13" +set interfaces ge-2/0/13 ether-options 802.3ad ae13 +set interfaces ae13 description "e53-4 ae13" +set interfaces ae13 unit 0 family ethernet-switching port-mode trunk +set interfaces ae13 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae13 unit 0 family ethernet-switching vlan members e53-4 +set interfaces vlan unit 1534 family inet address 88.92.21.129/26 +set interfaces vlan unit 1534 family inet6 address 2a06:5840:21c::1/64 +set event-options policy ae13down events snmp_trap_link_down +set event-options policy ae13down attributes-match snmp_trap_link_down.interface-name matches "ae13$" +set event-options policy ae13down then change-configuration retry count 10 +set event-options policy ae13down then change-configuration retry interval 10 +set event-options policy ae13down then change-configuration commands "activate interfaces ge-0/0/13 unit 0" +set event-options policy ae13down then change-configuration commands "deactivate interfaces ge-0/0/13 ether-options" +set event-options policy ae13down then change-configuration user-name technet +set event-options policy ae13down then change-configuration commit-options log "Autoconfig-script: ae13 went down so removed ge-0/0/13 from bundle" +set event-options policy ae13up events snmp_trap_link_up +set event-options policy ae13up attributes-match snmp_trap_link_up.interface-name matches "ae13$" +set event-options policy ae13up then change-configuration retry count 10 +set event-options policy ae13up then change-configuration retry interval 10 +set event-options policy ae13up then change-configuration commands "deactivate interfaces ge-0/0/13 unit 0" +set event-options policy ae13up then change-configuration commands "activate interfaces ge-0/0/13 ether-options" +set event-options policy ae13up then change-configuration user-name technet +set event-options policy ae13up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/13 to bundle" +set vlans e53-4 vlan-id 1534 +set vlans e53-4 l3-interface vlan.1534 +set protocols router-advertisement interface vlan.1534 +set forwarding-options dhcp-relay group edge-switches interface vlan.1534 + + +set interfaces ge-0/0/14 description "e55-3 access / ae14" +set interfaces ge-0/0/14 ether-options 802.3ad ae14 +set interfaces ge-0/0/14 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/14 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/14 ether-options +set interfaces ge-1/0/14 description "e55-3 ae14" +set interfaces ge-1/0/14 ether-options 802.3ad ae14 +set interfaces ge-2/0/14 description "e55-3 ae14" +set interfaces ge-2/0/14 ether-options 802.3ad ae14 +set interfaces ae14 description "e55-3 ae14" +set interfaces ae14 unit 0 family ethernet-switching port-mode trunk +set interfaces ae14 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae14 unit 0 family ethernet-switching vlan members e55-3 +set interfaces vlan unit 1553 family inet address 88.92.22.65/26 +set interfaces vlan unit 1553 family inet6 address 2a06:5840:22b::1/64 +set event-options policy ae14down events snmp_trap_link_down +set event-options policy ae14down attributes-match snmp_trap_link_down.interface-name matches "ae14$" +set event-options policy ae14down then change-configuration retry count 10 +set event-options policy ae14down then change-configuration retry interval 10 +set event-options policy ae14down then change-configuration commands "activate interfaces ge-0/0/14 unit 0" +set event-options policy ae14down then change-configuration commands "deactivate interfaces ge-0/0/14 ether-options" +set event-options policy ae14down then change-configuration user-name technet +set event-options policy ae14down then change-configuration commit-options log "Autoconfig-script: ae14 went down so removed ge-0/0/14 from bundle" +set event-options policy ae14up events snmp_trap_link_up +set event-options policy ae14up attributes-match snmp_trap_link_up.interface-name matches "ae14$" +set event-options policy ae14up then change-configuration retry count 10 +set event-options policy ae14up then change-configuration retry interval 10 +set event-options policy ae14up then change-configuration commands "deactivate interfaces ge-0/0/14 unit 0" +set event-options policy ae14up then change-configuration commands "activate interfaces ge-0/0/14 ether-options" +set event-options policy ae14up then change-configuration user-name technet +set event-options policy ae14up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/14 to bundle" +set vlans e55-3 vlan-id 1553 +set vlans e55-3 l3-interface vlan.1553 +set protocols router-advertisement interface vlan.1553 +set forwarding-options dhcp-relay group edge-switches interface vlan.1553 + + +set interfaces ge-0/0/15 description "e55-4 access / ae15" +set interfaces ge-0/0/15 ether-options 802.3ad ae15 +set interfaces ge-0/0/15 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/15 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/15 ether-options +set interfaces ge-1/0/15 description "e55-4 ae15" +set interfaces ge-1/0/15 ether-options 802.3ad ae15 +set interfaces ge-2/0/15 description "e55-4 ae15" +set interfaces ge-2/0/15 ether-options 802.3ad ae15 +set interfaces ae15 description "e55-4 ae15" +set interfaces ae15 unit 0 family ethernet-switching port-mode trunk +set interfaces ae15 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae15 unit 0 family ethernet-switching vlan members e55-4 +set interfaces vlan unit 1554 family inet address 88.92.22.129/26 +set interfaces vlan unit 1554 family inet6 address 2a06:5840:22c::1/64 +set event-options policy ae15down events snmp_trap_link_down +set event-options policy ae15down attributes-match snmp_trap_link_down.interface-name matches "ae15$" +set event-options policy ae15down then change-configuration retry count 10 +set event-options policy ae15down then change-configuration retry interval 10 +set event-options policy ae15down then change-configuration commands "activate interfaces ge-0/0/15 unit 0" +set event-options policy ae15down then change-configuration commands "deactivate interfaces ge-0/0/15 ether-options" +set event-options policy ae15down then change-configuration user-name technet +set event-options policy ae15down then change-configuration commit-options log "Autoconfig-script: ae15 went down so removed ge-0/0/15 from bundle" +set event-options policy ae15up events snmp_trap_link_up +set event-options policy ae15up attributes-match snmp_trap_link_up.interface-name matches "ae15$" +set event-options policy ae15up then change-configuration retry count 10 +set event-options policy ae15up then change-configuration retry interval 10 +set event-options policy ae15up then change-configuration commands "deactivate interfaces ge-0/0/15 unit 0" +set event-options policy ae15up then change-configuration commands "activate interfaces ge-0/0/15 ether-options" +set event-options policy ae15up then change-configuration user-name technet +set event-options policy ae15up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/15 to bundle" +set vlans e55-4 vlan-id 1554 +set vlans e55-4 l3-interface vlan.1554 +set protocols router-advertisement interface vlan.1554 +set forwarding-options dhcp-relay group edge-switches interface vlan.1554 + + +set interfaces ge-0/0/16 description "e57-3 access / ae16" +set interfaces ge-0/0/16 ether-options 802.3ad ae16 +set interfaces ge-0/0/16 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/16 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/16 ether-options +set interfaces ge-1/0/16 description "e57-3 ae16" +set interfaces ge-1/0/16 ether-options 802.3ad ae16 +set interfaces ge-2/0/16 description "e57-3 ae16" +set interfaces ge-2/0/16 ether-options 802.3ad ae16 +set interfaces ae16 description "e57-3 ae16" +set interfaces ae16 unit 0 family ethernet-switching port-mode trunk +set interfaces ae16 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae16 unit 0 family ethernet-switching vlan members e57-3 +set interfaces vlan unit 1573 family inet address 88.92.23.65/26 +set interfaces vlan unit 1573 family inet6 address 2a06:5840:23b::1/64 +set event-options policy ae16down events snmp_trap_link_down +set event-options policy ae16down attributes-match snmp_trap_link_down.interface-name matches "ae16$" +set event-options policy ae16down then change-configuration retry count 10 +set event-options policy ae16down then change-configuration retry interval 10 +set event-options policy ae16down then change-configuration commands "activate interfaces ge-0/0/16 unit 0" +set event-options policy ae16down then change-configuration commands "deactivate interfaces ge-0/0/16 ether-options" +set event-options policy ae16down then change-configuration user-name technet +set event-options policy ae16down then change-configuration commit-options log "Autoconfig-script: ae16 went down so removed ge-0/0/16 from bundle" +set event-options policy ae16up events snmp_trap_link_up +set event-options policy ae16up attributes-match snmp_trap_link_up.interface-name matches "ae16$" +set event-options policy ae16up then change-configuration retry count 10 +set event-options policy ae16up then change-configuration retry interval 10 +set event-options policy ae16up then change-configuration commands "deactivate interfaces ge-0/0/16 unit 0" +set event-options policy ae16up then change-configuration commands "activate interfaces ge-0/0/16 ether-options" +set event-options policy ae16up then change-configuration user-name technet +set event-options policy ae16up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/16 to bundle" +set vlans e57-3 vlan-id 1573 +set vlans e57-3 l3-interface vlan.1573 +set protocols router-advertisement interface vlan.1573 +set forwarding-options dhcp-relay group edge-switches interface vlan.1573 + + +set interfaces ge-0/0/17 description "e57-4 access / ae17" +set interfaces ge-0/0/17 ether-options 802.3ad ae17 +set interfaces ge-0/0/17 unit 0 family ethernet-switching port-mode access +set interfaces ge-0/0/17 unit 0 family ethernet-switching vlan members mgmt +deactivate interfaces ge-0/0/17 ether-options +set interfaces ge-1/0/17 description "e57-4 ae17" +set interfaces ge-1/0/17 ether-options 802.3ad ae17 +set interfaces ge-2/0/17 description "e57-4 ae17" +set interfaces ge-2/0/17 ether-options 802.3ad ae17 +set interfaces ae17 description "e57-4 ae17" +set interfaces ae17 unit 0 family ethernet-switching port-mode trunk +set interfaces ae17 unit 0 family ethernet-switching vlan members mgmt +set interfaces ae17 unit 0 family ethernet-switching vlan members e57-4 +set interfaces vlan unit 1574 family inet address 88.92.23.129/26 +set interfaces vlan unit 1574 family inet6 address 2a06:5840:23c::1/64 +set event-options policy ae17down events snmp_trap_link_down +set event-options policy ae17down attributes-match snmp_trap_link_down.interface-name matches "ae17$" +set event-options policy ae17down then change-configuration retry count 10 +set event-options policy ae17down then change-configuration retry interval 10 +set event-options policy ae17down then change-configuration commands "activate interfaces ge-0/0/17 unit 0" +set event-options policy ae17down then change-configuration commands "deactivate interfaces ge-0/0/17 ether-options" +set event-options policy ae17down then change-configuration user-name technet +set event-options policy ae17down then change-configuration commit-options log "Autoconfig-script: ae17 went down so removed ge-0/0/17 from bundle" +set event-options policy ae17up events snmp_trap_link_up +set event-options policy ae17up attributes-match snmp_trap_link_up.interface-name matches "ae17$" +set event-options policy ae17up then change-configuration retry count 10 +set event-options policy ae17up then change-configuration retry interval 10 +set event-options policy ae17up then change-configuration commands "deactivate interfaces ge-0/0/17 unit 0" +set event-options policy ae17up then change-configuration commands "activate interfaces ge-0/0/17 ether-options" +set event-options policy ae17up then change-configuration user-name technet +set event-options policy ae17up then change-configuration commit-options log "Autoconfig-script: ae0 came up so added ge-0/0/17 to bundle" +set vlans e57-4 vlan-id 1574 +set vlans e57-4 l3-interface vlan.1574 +set protocols router-advertisement interface vlan.1574 +set forwarding-options dhcp-relay group edge-switches interface vlan.1574 + + + +# +# The config below this line has been applied during the second day of TG16 to move L3 termination from distro to the connected edge switches +# // Jonas L, 2016-04-06 +# + + +### e43-3 ### +delete interfaces ae2 unit 0 family ethernet-switching +set interfaces ae2 unit 0 family ethernet-switching port-mode trunk +set interfaces ae2 unit 0 family ethernet-switching vlan members e43-3-static +set interfaces ae2 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1433 +set interfaces vlan unit 3002 family inet address 88.92.82.4/31 +set interfaces vlan unit 3002 description "e43-3 static routing linknet" +delete vlans e43-3 +set vlans e43-3-static l3-interface vlan.3002 +set vlans e43-3-static vlan-id 3002 +set routing-options rib inet.0 static route 88.92.16.64/26 next-hop 88.92.82.5 + +### e43-4 ### +delete interfaces ae3 unit 0 family ethernet-switching +set interfaces ae3 unit 0 family ethernet-switching port-mode trunk +set interfaces ae3 unit 0 family ethernet-switching vlan members e43-4-static +set interfaces ae3 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1434 +set interfaces vlan unit 3003 family inet address 88.92.82.6/31 +set interfaces vlan unit 3003 description "e43-4 static routing linknet" +delete vlans e43-4 +set vlans e43-4-static l3-interface vlan.3003 +set vlans e43-4-static vlan-id 3003 +set routing-options rib inet.0 static route 88.92.16.128/26 next-hop 88.92.82.7 + +### e45-3 ### +delete interfaces ae4 unit 0 family ethernet-switching +set interfaces ae4 unit 0 family ethernet-switching port-mode trunk +set interfaces ae4 unit 0 family ethernet-switching vlan members e45-3-static +set interfaces ae4 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1453 +set interfaces vlan unit 3004 family inet address 88.92.82.8/31 +set interfaces vlan unit 3004 description "e45-3 static routing linknet" +delete vlans e45-3 +set vlans e45-3-static l3-interface vlan.3004 +set vlans e45-3-static vlan-id 3004 +set routing-options rib inet.0 static route 88.92.17.64/26 next-hop 88.92.82.9 + +### e45-4 ### +delete interfaces ae5 unit 0 family ethernet-switching +set interfaces ae5 unit 0 family ethernet-switching port-mode trunk +set interfaces ae5 unit 0 family ethernet-switching vlan members e45-4-static +set interfaces ae5 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1454 +set interfaces vlan unit 3005 family inet address 88.92.82.10/31 +set interfaces vlan unit 3005 description "e45-4 static routing linknet" +delete vlans e45-4 +set vlans e45-4-static l3-interface vlan.3005 +set vlans e45-4-static vlan-id 3005 +set routing-options rib inet.0 static route 88.92.17.128/26 next-hop 88.92.82.11 + +### e47-3 ### +delete interfaces ae6 unit 0 family ethernet-switching +set interfaces ae6 unit 0 family ethernet-switching port-mode trunk +set interfaces ae6 unit 0 family ethernet-switching vlan members e47-3-static +set interfaces ae6 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1473 +set interfaces vlan unit 3006 family inet address 88.92.82.12/31 +set interfaces vlan unit 3006 description "e47-3 static routing linknet" +delete vlans e47-3 +set vlans e47-3-static l3-interface vlan.3006 +set vlans e47-3-static vlan-id 3006 +set routing-options rib inet.0 static route 88.92.18.64/26 next-hop 88.92.82.13 + +### e47-4 ### +delete interfaces ae7 unit 0 family ethernet-switching +set interfaces ae7 unit 0 family ethernet-switching port-mode trunk +set interfaces ae7 unit 0 family ethernet-switching vlan members e47-4-static +set interfaces ae7 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1474 +set interfaces vlan unit 3007 family inet address 88.92.82.14/31 +set interfaces vlan unit 3007 description "e47-4 static routing linknet" +delete vlans e47-4 +set vlans e47-4-static l3-interface vlan.3007 +set vlans e47-4-static vlan-id 3007 +set routing-options rib inet.0 static route 88.92.18.128/26 next-hop 88.92.82.15 + +### e49-3 ### +delete interfaces ae8 unit 0 family ethernet-switching +set interfaces ae8 unit 0 family ethernet-switching port-mode trunk +set interfaces ae8 unit 0 family ethernet-switching vlan members e49-3-static +set interfaces ae8 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1493 +set interfaces vlan unit 3008 family inet address 88.92.82.16/31 +set interfaces vlan unit 3008 description "e49-3 static routing linknet" +delete vlans e49-3 +set vlans e49-3-static l3-interface vlan.3008 +set vlans e49-3-static vlan-id 3008 +set routing-options rib inet.0 static route 88.92.19.64/26 next-hop 88.92.82.17 + +### e49-4 ### +delete interfaces ae9 unit 0 family ethernet-switching +set interfaces ae9 unit 0 family ethernet-switching port-mode trunk +set interfaces ae9 unit 0 family ethernet-switching vlan members e49-4-static +set interfaces ae9 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1494 +set interfaces vlan unit 3009 family inet address 88.92.82.18/31 +set interfaces vlan unit 3009 description "e49-4 static routing linknet" +delete vlans e49-4 +set vlans e49-4-static l3-interface vlan.3009 +set vlans e49-4-static vlan-id 3009 +set routing-options rib inet.0 static route 88.92.19.128/26 next-hop 88.92.82.19 + +### e51-3 ### +delete interfaces ae10 unit 0 family ethernet-switching +set interfaces ae10 unit 0 family ethernet-switching port-mode trunk +set interfaces ae10 unit 0 family ethernet-switching vlan members e51-3-static +set interfaces ae10 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1513 +set interfaces vlan unit 3010 family inet address 88.92.82.20/31 +set interfaces vlan unit 3010 description "e51-3 static routing linknet" +delete vlans e51-3 +set vlans e51-3-static l3-interface vlan.3010 +set vlans e51-3-static vlan-id 3010 +set routing-options rib inet.0 static route 88.92.20.64/26 next-hop 88.92.82.21 + +### e51-4 ### +delete interfaces ae11 unit 0 family ethernet-switching +set interfaces ae11 unit 0 family ethernet-switching port-mode trunk +set interfaces ae11 unit 0 family ethernet-switching vlan members e51-4-static +set interfaces ae11 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1514 +set interfaces vlan unit 3011 family inet address 88.92.82.22/31 +set interfaces vlan unit 3011 description "e51-4 static routing linknet" +delete vlans e51-4 +set vlans e51-4-static l3-interface vlan.3011 +set vlans e51-4-static vlan-id 3011 +set routing-options rib inet.0 static route 88.92.20.128/26 next-hop 88.92.82.23 + +### e53-3 ### +delete interfaces ae12 unit 0 family ethernet-switching +set interfaces ae12 unit 0 family ethernet-switching port-mode trunk +set interfaces ae12 unit 0 family ethernet-switching vlan members e53-3-static +set interfaces ae12 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1533 +set interfaces vlan unit 3012 family inet address 88.92.82.24/31 +set interfaces vlan unit 3012 description "e53-3 static routing linknet" +delete vlans e53-3 +set vlans e53-3-static l3-interface vlan.3012 +set vlans e53-3-static vlan-id 3012 +set routing-options rib inet.0 static route 88.92.21.64/26 next-hop 88.92.82.25 + +### e53-4 ### +delete interfaces ae13 unit 0 family ethernet-switching +set interfaces ae13 unit 0 family ethernet-switching port-mode trunk +set interfaces ae13 unit 0 family ethernet-switching vlan members e53-4-static +set interfaces ae13 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1534 +set interfaces vlan unit 3013 family inet address 88.92.82.26/31 +set interfaces vlan unit 3013 description "e53-4 static routing linknet" +delete vlans e53-4 +set vlans e53-4-static l3-interface vlan.3013 +set vlans e53-4-static vlan-id 3013 +set routing-options rib inet.0 static route 88.92.21.128/26 next-hop 88.92.82.27 + +### e55-3 ### +delete interfaces ae14 unit 0 family ethernet-switching +set interfaces ae14 unit 0 family ethernet-switching port-mode trunk +set interfaces ae14 unit 0 family ethernet-switching vlan members e55-3-static +set interfaces ae14 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1553 +set interfaces vlan unit 3014 family inet address 88.92.82.28/31 +set interfaces vlan unit 3014 description "e55-3 static routing linknet" +delete vlans e55-3 +set vlans e55-3-static l3-interface vlan.3014 +set vlans e55-3-static vlan-id 3014 +set routing-options rib inet.0 static route 88.92.22.64/26 next-hop 88.92.82.29 + +### e55-4 ### +delete interfaces ae15 unit 0 family ethernet-switching +set interfaces ae15 unit 0 family ethernet-switching port-mode trunk +set interfaces ae15 unit 0 family ethernet-switching vlan members e55-4-static +set interfaces ae15 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1554 +set interfaces vlan unit 3015 family inet address 88.92.82.30/31 +set interfaces vlan unit 3015 description "e55-4 static routing linknet" +delete vlans e55-4 +set vlans e55-4-static l3-interface vlan.3015 +set vlans e55-4-static vlan-id 3015 +set routing-options rib inet.0 static route 88.92.22.128/26 next-hop 88.92.82.31 + +### e57-3 ### +delete interfaces ae16 unit 0 family ethernet-switching +set interfaces ae16 unit 0 family ethernet-switching port-mode trunk +set interfaces ae16 unit 0 family ethernet-switching vlan members e57-3-static +set interfaces ae16 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1573 +set interfaces vlan unit 3016 family inet address 88.92.82.32/31 +set interfaces vlan unit 3016 description "e57-3 static routing linknet" +delete vlans e57-3 +set vlans e57-3-static l3-interface vlan.3016 +set vlans e57-3-static vlan-id 3016 +set routing-options rib inet.0 static route 88.92.23.64/26 next-hop 88.92.82.33 + +### e57-4 ### +delete interfaces ae17 unit 0 family ethernet-switching +set interfaces ae17 unit 0 family ethernet-switching port-mode trunk +set interfaces ae17 unit 0 family ethernet-switching vlan members e57-4-static +set interfaces ae17 unit 0 family ethernet-switching vlan members mgmt +delete interfaces vlan unit 1574 +set interfaces vlan unit 3017 family inet address 88.92.82.34/31 +set interfaces vlan unit 3017 description "e57-4 static routing linknet" +delete vlans e57-4 +set vlans e57-4-static l3-interface vlan.3017 +set vlans e57-4-static vlan-id 3017 +set routing-options rib inet.0 static route 88.92.23.128/26 next-hop 88.92.82.35 diff --git a/examples/tg16/netconf/distro6.conf b/examples/tg16/netconf/distro6.conf new file mode 100644 index 00000000..a1547e1f --- /dev/null +++ b/examples/tg16/netconf/distro6.conf @@ -0,0 +1,1447 @@ +## Last changed: 2016-03-24 13:39:24 CET +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name distro6; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.106; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range aps { + member-range ge-2/0/36 to ge-2/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-0/0/36 to ge-0/0/47; + description "Management/klientnett AP-er"; + unit 0 { + family ethernet-switching { + vlan { + members aps_mgmt; + } + } + } + } + interface-range all-ports { + member-range ge-0/0/0 to ge-0/0/47; + member-range ge-1/0/0 to ge-1/0/47; + member-range ge-2/0/0 to ge-2/0/47; + member-range xe-0/1/0 to xe-0/1/3; + member-range xe-1/1/0 to xe-1/1/3; + member-range xe-2/1/0 to xe-2/1/3; + } + ge-0/0/0 { + description "e59-3 access / ae0"; + ether-options { + 802.3ad ae0; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/1 { + description "e59-4 access / ae1"; + ether-options { + 802.3ad ae1; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/2 { + description "e61-3 access / ae2"; + ether-options { + 802.3ad ae2; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/3 { + description "e61-4 access / ae3"; + ether-options { + 802.3ad ae3; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/4 { + description "e63-3 access / ae4"; + ether-options { + 802.3ad ae4; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/5 { + description "e63-4 access / ae5"; + ether-options { + 802.3ad ae5; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/6 { + description "e65-3 access / ae6"; + ether-options { + 802.3ad ae6; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/7 { + description "e65-4 access / ae7"; + ether-options { + 802.3ad ae7; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/8 { + description "e67-3 access / ae8"; + ether-options { + 802.3ad ae8; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/9 { + description "e67-4 access / ae9"; + ether-options { + 802.3ad ae9; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/43 { + description "Temp INFO:Desk"; + } + xe-0/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-1/0/0 { + description "e59-3 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-1/0/1 { + description "e59-4 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-1/0/2 { + description "e61-3 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-1/0/3 { + description "e61-4 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-1/0/4 { + description "e63-3 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-1/0/5 { + description "e63-4 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/6 { + description "e65-3 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-1/0/7 { + description "e65-4 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-1/0/8 { + description "e67-3 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-1/0/9 { + description "e67-4 ae9"; + ether-options { + 802.3ad ae9; + } + } + xe-1/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-2/0/0 { + description "e59-3 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-2/0/1 { + description "e59-4 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-2/0/2 { + description "e61-3 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-2/0/3 { + description "e61-4 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-2/0/4 { + description "e63-3 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-2/0/5 { + description "e63-4 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-2/0/6 { + description "e65-3 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-2/0/7 { + description "e65-4 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-2/0/8 { + description "e67-3 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-2/0/9 { + description "e67-4 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-2/0/34 { + description "temp-nett til stand"; + disable; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members temp_nett; + } + } + } + } + ae0 { + description "e59-3 ae0"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e59-3 ]; + } + } + } + } + ae1 { + description "e59-4 ae1"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e59-4 ]; + } + } + } + } + ae2 { + description "e61-3 ae2"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e61-3 ]; + } + } + } + } + ae3 { + description "e61-4 ae3"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e61-4 ]; + } + } + } + } + ae4 { + description "e63-3 ae4"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e63-3 ]; + } + } + } + } + ae5 { + description "e63-4 ae5"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e63-4 ]; + } + } + } + } + ae6 { + description "e65-3 ae6"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e65-3 ]; + } + } + } + } + ae7 { + description "e65-4 ae7"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e65-4 ]; + } + } + } + } + ae8 { + description "e67-3 ae8"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e67-3 ]; + } + } + } + } + ae9 { + description "e67-4 ae9"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e67-4 ]; + } + } + } + } + ae31 { + description "Uplink mot coregw"; + unit 0 { + family inet { + address 185.110.148.165/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.106/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::106/128; + } + } + } + vlan { + description TEMP-NETT_SANDANDER; + unit 270 { + family inet { + address 88.92.93.1/24; + } + } + unit 666 { + description "mgmt til aksesswitcher/fapfapfap"; + family inet { + address 88.92.55.129/26; + } + } + unit 777 { + description "mgmt til AP-ene"; + family inet { + address 88.92.52.129/26; + } + } + unit 1593 { + family inet { + address 88.92.24.65/26; + } + family inet6 { + address 2a06:5840:24b::1/64; + } + } + unit 1594 { + family inet { + address 88.92.24.129/26; + } + family inet6 { + address 2a06:5840:24c::1/64; + } + } + unit 1613 { + family inet { + address 88.92.25.65/26; + } + family inet6 { + address 2a06:5840:25b::1/64; + } + } + unit 1614 { + family inet { + address 88.92.25.129/26; + } + family inet6 { + address 2a06:5840:25c::1/64; + } + } + unit 1633 { + family inet { + address 88.92.26.65/26; + } + family inet6 { + address 2a06:5840:26b::1/64; + } + } + unit 1634 { + family inet { + address 88.92.26.129/26; + } + family inet6 { + address 2a06:5840:26c::1/64; + } + } + unit 1653 { + family inet { + address 88.92.27.65/26; + } + family inet6 { + address 2a06:5840:27b::1/64; + } + } + unit 1654 { + family inet { + address 88.92.27.129/26; + } + family inet6 { + address 2a06:5840:27c::1/64; + } + } + unit 1673 { + family inet { + address 88.92.28.65/26; + } + family inet6 { + address 2a06:5840:28b::1/64; + } + } + unit 1674 { + family inet { + address 88.92.28.129/26; + } + family inet6 { + address 2a06:5840:28c::1/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + inactive: helpers { + bootp { + dhcp-option82 { + circuit-id { + prefix hostname; + } + } + server 185.110.148.22; + interface { + vlan.666; + } + } + } + dhcp-relay { + inactive: dhcpv6 { + group edge-switches { + active-server-group v6-edge-switches; + overrides; + interface vlan.270; + interface vlan.777; + interface vlan.1593; + interface vlan.1594; + interface vlan.1613; + interface vlan.1614; + interface vlan.1633; + interface vlan.1634; + interface vlan.1653; + interface vlan.1654; + interface vlan.1673; + interface vlan.1674; + } + server-group { + v6-edge-switches { + 2a06:5841:149a::2; + } + } + } + server-group { + v4-edge-switches { + 185.110.149.2; + 185.110.148.2; + } + fapfapfap-group { + 185.110.148.22; + } + } + group edge-switches { + active-server-group v4-edge-switches; + overrides { + trust-option-82; + } + /* vlan 270 = Temporary Santander nett */ + interface vlan.270; + interface vlan.777; + interface vlan.1593; + interface vlan.1594; + interface vlan.1613; + interface vlan.1614; + interface vlan.1633; + interface vlan.1634; + interface vlan.1653; + interface vlan.1654; + interface vlan.1673; + interface vlan.1674; + } + } +} +event-options { + policy ae0down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/0 unit 0"; + "deactivate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle"; + } + } + } + } + policy ae0up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae0$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/0 unit 0"; + "activate interfaces ge-0/0/0 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle"; + } + } + } + } + policy ae1down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/1 unit 0"; + "deactivate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle"; + } + } + } + } + policy ae1up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae1$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/1 unit 0"; + "activate interfaces ge-0/0/1 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle"; + } + } + } + } + policy ae2down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/2 unit 0"; + "deactivate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle"; + } + } + } + } + policy ae2up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae2$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/2 unit 0"; + "activate interfaces ge-0/0/2 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle"; + } + } + } + } + policy ae3down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/3 unit 0"; + "deactivate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle"; + } + } + } + } + policy ae3up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae3$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/3 unit 0"; + "activate interfaces ge-0/0/3 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle"; + } + } + } + } + policy ae4down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/4 unit 0"; + "deactivate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle"; + } + } + } + } + policy ae4up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae4$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/4 unit 0"; + "activate interfaces ge-0/0/4 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle"; + } + } + } + } + policy ae5down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/5 unit 0"; + "deactivate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle"; + } + } + } + } + policy ae5up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae5$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/5 unit 0"; + "activate interfaces ge-0/0/5 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle"; + } + } + } + } + policy ae6down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/6 unit 0"; + "deactivate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle"; + } + } + } + } + policy ae6up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae6$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/6 unit 0"; + "activate interfaces ge-0/0/6 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle"; + } + } + } + } + policy ae7down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/7 unit 0"; + "deactivate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle"; + } + } + } + } + policy ae7up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae7$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/7 unit 0"; + "activate interfaces ge-0/0/7 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle"; + } + } + } + } + policy ae8down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/8 unit 0"; + "deactivate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae8 went down so removed ge-0/0/8 from bundle"; + } + } + } + } + policy ae8up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae8$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/8 unit 0"; + "activate interfaces ge-0/0/8 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/8 to bundle"; + } + } + } + } + policy ae9down { + events snmp_trap_link_down; + attributes-match { + snmp_trap_link_down.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "activate interfaces ge-0/0/9 unit 0"; + "deactivate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae9 went down so removed ge-0/0/9 from bundle"; + } + } + } + } + policy ae9up { + events snmp_trap_link_up; + attributes-match { + snmp_trap_link_up.interface-name matches "ae9$"; + } + then { + change-configuration { + retry count 10 interval 10; + commands { + "deactivate interfaces ge-0/0/9 unit 0"; + "activate interfaces ge-0/0/9 ether-options"; + } + user-name technet; + commit-options { + log "Autoconfig-script: ae0 came up so added ge-0/0/9 to bundle"; + } + } + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + inactive: router-advertisement { + interface vlan.1593; + interface vlan.1594; + interface vlan.1613; + interface vlan.1614; + interface vlan.1633; + interface vlan.1634; + interface vlan.1653; + interface vlan.1654; + interface vlan.1673; + interface vlan.1674; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + sflow { + agent-id 185.110.148.107; + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 185.110.148.107; + collector ; + interfaces all-ports; + } + igmp-snooping { + vlan all; + } + rstp; + lldp { + management-address 185.110.148.106; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } + member 2 { + role line-card; + serial-number ; + } +} +ethernet-switching-options { + storm-control { + interface all; + } +} +vlans { + aps_mgmt { + vlan-id 777; + l3-interface vlan.777; + } + e59-3 { + vlan-id 1593; + l3-interface vlan.1593; + } + e59-4 { + vlan-id 1594; + l3-interface vlan.1594; + } + e61-3 { + vlan-id 1613; + l3-interface vlan.1613; + } + e61-4 { + vlan-id 1614; + l3-interface vlan.1614; + } + e63-3 { + vlan-id 1633; + l3-interface vlan.1633; + } + e63-4 { + vlan-id 1634; + l3-interface vlan.1634; + } + e65-3 { + vlan-id 1653; + l3-interface vlan.1653; + } + e65-4 { + vlan-id 1654; + l3-interface vlan.1654; + } + e67-3 { + vlan-id 1673; + l3-interface vlan.1673; + } + e67-4 { + vlan-id 1674; + l3-interface vlan.1674; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } + temp_nett { + description TMPNETT_SANTANDER; + vlan-id 270; + l3-interface vlan.270; + } +} +poe { + interface aps; +} diff --git a/examples/tg16/netconf/distro7.conf b/examples/tg16/netconf/distro7.conf new file mode 100644 index 00000000..695cb555 --- /dev/null +++ b/examples/tg16/netconf/distro7.conf @@ -0,0 +1,1759 @@ +## Last changed: 2016-03-24 13:39:24 CET +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name distro7; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.107; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range aps { + member-range ge-0/0/36 to ge-0/0/47; + member-range ge-1/0/36 to ge-1/0/47; + member-range ge-2/0/36 to ge-2/0/47; + description "Management/klientnett AP-er"; + unit 0 { + family ethernet-switching { + vlan { + members aps_mgmt; + } + } + } + } + interface-range all-ports { + member-range ge-0/0/0 to ge-0/0/47; + member-range ge-1/0/0 to ge-1/0/47; + member-range ge-2/0/0 to ge-2/0/47; + member-range xe-0/1/0 to xe-0/1/3; + member-range xe-1/1/0 to xe-1/1/3; + member-range xe-2/1/0 to xe-2/1/3; + } + ge-0/0/0 { + description "e59-1 access / ae0"; + inactive: ether-options { + 802.3ad ae0; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/1 { + description "e59-2 access / ae1"; + inactive: ether-options { + 802.3ad ae1; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/2 { + description "e61-1 access / ae2"; + inactive: ether-options { + 802.3ad ae2; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/3 { + description "e61-2 access / ae3"; + ether-options { + 802.3ad ae3; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/4 { + description "e63-1 access / ae4"; + inactive: ether-options { + 802.3ad ae4; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/5 { + description "e63-2 access / ae5"; + inactive: ether-options { + 802.3ad ae5; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/6 { + description "e65-1 access / ae6"; + ether-options { + 802.3ad ae6; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/7 { + description "e65-2 access / ae7"; + ether-options { + 802.3ad ae7; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/8 { + description "e67-1 access / ae8"; + ether-options { + 802.3ad ae8; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/9 { + description "e67-2 access / ae9"; + ether-options { + 802.3ad ae9; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/10 { + description "e69-1 access / ae10"; + ether-options { + 802.3ad ae10; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/11 { + description "e69-2 access / ae11"; + inactive: ether-options { + 802.3ad ae11; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/12 { + description "e71-1 access / ae12"; + ether-options { + 802.3ad ae12; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/13 { + description "e71-2 access / ae13"; + ether-options { + 802.3ad ae13; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/14 { + description "e73-1 access / ae14"; + inactive: ether-options { + 802.3ad ae14; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/15 { + description "e73-2 access / ae15"; + ether-options { + 802.3ad ae15; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/16 { + description "e75-1 access / ae16"; + ether-options { + 802.3ad ae16; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/17 { + description "e75-2 access / ae17"; + ether-options { + 802.3ad ae17; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/18 { + description "e77-1 access / ae18"; + ether-options { + 802.3ad ae18; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/19 { + description "e77-2 access / ae19"; + ether-options { + 802.3ad ae19; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/20 { + description "e79-1 access / ae20"; + ether-options { + 802.3ad ae20; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/21 { + description "e79-2 access / ae21"; + inactive: ether-options { + 802.3ad ae21; + } + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/22 { + description "e81-1 access / ae22"; + ether-options { + 802.3ad ae22; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/23 { + description "e81-2 access / ae23"; + ether-options { + 802.3ad ae23; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/24 { + description "e83-2 access / ae24"; + ether-options { + 802.3ad ae24; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/25 { + description "e85-2 access / ae25"; + ether-options { + 802.3ad ae25; + } + inactive: unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members mgmt; + } + } + } + } + ge-0/0/26 { + description INFO:DESK; + ether-options { + 802.3ad ae26; + } + } + xe-0/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ge-1/0/0 { + description "e59-1 ae0"; + ether-options { + 802.3ad ae0; + } + } + ge-1/0/1 { + description "e59-2 ae1"; + ether-options { + 802.3ad ae1; + } + } + ge-1/0/2 { + description "e61-1 ae2"; + ether-options { + 802.3ad ae2; + } + } + ge-1/0/3 { + description "e61-2 ae3"; + ether-options { + 802.3ad ae3; + } + } + ge-1/0/4 { + description "e63-1 ae4"; + ether-options { + 802.3ad ae4; + } + } + ge-1/0/5 { + description "e63-2 ae5"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/6 { + description "e65-1 ae6"; + ether-options { + 802.3ad ae6; + } + } + ge-1/0/7 { + description "e65-2 ae7"; + ether-options { + 802.3ad ae7; + } + } + ge-1/0/8 { + description "e67-1 ae8"; + ether-options { + 802.3ad ae8; + } + } + ge-1/0/9 { + description "e67-2 ae9"; + ether-options { + 802.3ad ae9; + } + } + ge-1/0/10 { + description "e69-1 ae10"; + ether-options { + 802.3ad ae10; + } + } + ge-1/0/11 { + description "e69-2 ae11"; + ether-options { + 802.3ad ae11; + } + } + ge-1/0/12 { + description "e71-1 ae12"; + ether-options { + 802.3ad ae12; + } + } + ge-1/0/13 { + description "e71-2 ae13"; + ether-options { + 802.3ad ae13; + } + } + ge-1/0/14 { + description "e73-1 ae14"; + ether-options { + 802.3ad ae14; + } + } + ge-1/0/15 { + description "e73-2 ae15"; + ether-options { + 802.3ad ae15; + } + } + ge-1/0/16 { + description "e75-1 ae16"; + ether-options { + 802.3ad ae16; + } + } + ge-1/0/17 { + description "e75-2 ae17"; + ether-options { + 802.3ad ae17; + } + } + ge-1/0/18 { + description "e77-1 ae18"; + ether-options { + 802.3ad ae18; + } + } + ge-1/0/19 { + description "e77-2 ae19"; + ether-options { + 802.3ad ae19; + } + } + ge-1/0/20 { + description "e79-1 ae20"; + ether-options { + 802.3ad ae20; + } + } + ge-1/0/21 { + description "e79-2 ae21"; + ether-options { + 802.3ad ae21; + } + } + ge-1/0/22 { + description "e81-1 ae22"; + ether-options { + 802.3ad ae22; + } + } + ge-1/0/23 { + description "e81-2 ae23"; + ether-options { + 802.3ad ae23; + } + } + ge-1/0/24 { + description "e83-2 ae24"; + ether-options { + 802.3ad ae24; + } + } + ge-1/0/25 { + description "e85-2 ae25"; + ether-options { + 802.3ad ae25; + } + } + ge-1/0/26 { + description INFO:DASK; + ether-options { + 802.3ad ae26; + } + } + xe-1/1/0 { + description "Uplink mot coregw"; + ether-options { + 802.3ad ae31; + } + } + ae0 { + description "e59-1 ae0"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e59-1 ]; + } + } + } + } + ae1 { + description "e59-2 ae1"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e59-2 ]; + } + } + } + } + ae2 { + description "e61-1 ae2"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e61-1 ]; + } + } + } + } + ae3 { + description "e61-2 ae3"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e61-2 ]; + } + } + } + } + ae4 { + description "e63-1 ae4"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e63-1 ]; + } + } + } + } + ae5 { + description "e63-2 ae5"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e63-2 ]; + } + } + } + } + ae6 { + description "e65-1 ae6"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e65-1 ]; + } + } + } + } + ae7 { + description "e65-2 ae7"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e65-2 ]; + } + } + } + } + ae8 { + description "e67-1 ae8"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e67-1 ]; + } + } + } + } + ae9 { + description "e67-2 ae9"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e67-2 ]; + } + } + } + } + ae10 { + description "e69-1 ae10"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e69-1 ]; + } + } + } + } + ae11 { + description "e69-2 ae11"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e69-2 ]; + } + } + } + } + ae12 { + description "e71-1 ae12"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e71-1 ]; + } + } + } + } + ae13 { + description "e71-2 ae13"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e71-2 ]; + } + } + } + } + ae14 { + description "e73-1 ae14"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e73-1 ]; + } + } + } + } + ae15 { + description "e73-2 ae15"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e73-2 ]; + } + } + } + } + ae16 { + description "e75-1 ae16"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e75-1 ]; + } + } + } + } + ae17 { + description "e75-2 ae17"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e75-2 ]; + } + } + } + } + ae18 { + description "e77-1 ae18"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e77-1 ]; + } + } + } + } + ae19 { + description "e77-2 ae19"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e77-2 ]; + } + } + } + } + ae20 { + description "e79-1 ae20"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e79-1 ]; + } + } + } + } + ae21 { + description "e79-2 ae21"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e79-2 ]; + } + } + } + } + ae22 { + description "e81-1 ae22"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e81-1 ]; + } + } + } + } + ae23 { + description "e81-2 ae23"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e81-2 ]; + } + } + } + } + ae24 { + description "e83-2 ae24"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e83-2 ]; + } + } + } + } + ae25 { + description "e85-2 ae25"; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt e85-2 ]; + } + } + } + } + ae26 { + description INFO:DESK; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt info_desk ]; + } + } + } + } + ae31 { + description "Uplink mot coregw"; + unit 0 { + family inet { + address 185.110.148.167/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.107/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::107/128; + } + } + } + vlan { + unit 237 { + description Info:Desk; + family inet { + address 88.92.63.1/24; + } + family inet6 { + address 2a06:5840:63::1/64; + } + } + unit 666 { + description "mgmt til aksesswitcher/fapfapfap"; + family inet { + address 88.92.55.193/26; + } + } + unit 777 { + description "mgmt til AP-ene"; + family inet { + address 88.92.52.193/26; + } + } + unit 1591 { + family inet { + address 88.92.23.193/26; + } + family inet6 { + address 2a06:5840:23d::1/64; + } + } + unit 1592 { + family inet { + address 88.92.24.1/26; + } + family inet6 { + address 2a06:5840:24a::1/64; + } + } + unit 1611 { + family inet { + address 88.92.24.193/26; + } + family inet6 { + address 2a06:5840:24d::1/64; + } + } + unit 1612 { + family inet { + address 88.92.25.1/26; + } + family inet6 { + address 2a06:5840:25a::1/64; + } + } + unit 1631 { + family inet { + address 88.92.25.193/26; + } + family inet6 { + address 2a06:5840:25d::1/64; + } + } + unit 1632 { + family inet { + address 88.92.26.1/26; + } + family inet6 { + address 2a06:5840:26a::1/64; + } + } + unit 1651 { + family inet { + address 88.92.26.193/26; + } + family inet6 { + address 2a06:5840:26d::1/64; + } + } + unit 1652 { + family inet { + address 88.92.27.1/26; + } + family inet6 { + address 2a06:5840:27a::1/64; + } + } + unit 1671 { + family inet { + address 88.92.27.193/26; + } + family inet6 { + address 2a06:5840:27d::1/64; + } + } + unit 1672 { + family inet { + address 88.92.28.1/26; + } + family inet6 { + address 2a06:5840:28a::1/64; + } + } + unit 1691 { + family inet { + address 88.92.28.193/26; + } + family inet6 { + address 2a06:5840:28d::1/64; + } + } + unit 1692 { + family inet { + address 88.92.29.1/26; + } + family inet6 { + address 2a06:5840:29a::1/64; + } + } + unit 1711 { + family inet { + address 88.92.29.65/26; + } + family inet6 { + address 2a06:5840:29b::1/64; + } + } + unit 1712 { + family inet { + address 88.92.29.129/26; + } + family inet6 { + address 2a06:5840:29c::1/64; + } + } + unit 1731 { + family inet { + address 88.92.29.193/26; + } + family inet6 { + address 2a06:5840:29d::1/64; + } + } + unit 1732 { + family inet { + address 88.92.30.1/26; + } + family inet6 { + address 2a06:5840:30a::1/64; + } + } + unit 1751 { + family inet { + address 88.92.30.65/26; + } + family inet6 { + address 2a06:5840:30b::1/64; + } + } + unit 1752 { + family inet { + address 88.92.30.129/26; + } + family inet6 { + address 2a06:5840:30c::1/64; + } + } + unit 1771 { + family inet { + address 88.92.30.193/26; + } + family inet6 { + address 2a06:5840:30d::1/64; + } + } + unit 1772 { + family inet { + address 88.92.31.1/26; + } + family inet6 { + address 2a06:5840:31a::1/64; + } + } + unit 1791 { + family inet { + address 88.92.31.65/26; + } + family inet6 { + address 2a06:5840:31b::1/64; + } + } + unit 1792 { + family inet { + address 88.92.31.129/26; + } + family inet6 { + address 2a06:5840:31c::1/64; + } + } + unit 1811 { + family inet { + address 88.92.31.193/26; + } + family inet6 { + address 2a06:5840:31d::1/64; + } + } + unit 1812 { + family inet { + address 88.92.32.1/26; + } + family inet6 { + address 2a06:5840:32a::1/64; + } + } + unit 1832 { + family inet { + address 88.92.32.65/26; + } + family inet6 { + address 2a06:5840:32b::1/64; + } + } + unit 1852 { + family inet { + address 88.92.32.129/26; + } + family inet6 { + address 2a06:5840:32c::1/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + inactive: helpers { + bootp { + dhcp-option82 { + circuit-id { + prefix hostname; + } + } + server 185.110.148.22; + interface { + vlan.666; + } + } + } + dhcp-relay { + inactive: dhcpv6 { + group edge-switches { + active-server-group v6-edge-switches; + overrides; + interface vlan.237; + interface vlan.777; + interface vlan.1591; + interface vlan.1592; + interface vlan.1611; + interface vlan.1612; + interface vlan.1631; + interface vlan.1632; + interface vlan.1651; + interface vlan.1652; + interface vlan.1671; + interface vlan.1672; + interface vlan.1691; + interface vlan.1692; + interface vlan.1711; + interface vlan.1712; + interface vlan.1731; + interface vlan.1732; + interface vlan.1751; + interface vlan.1752; + interface vlan.1771; + interface vlan.1772; + interface vlan.1791; + interface vlan.1792; + interface vlan.1811; + interface vlan.1812; + interface vlan.1832; + interface vlan.1852; + } + server-group { + v6-edge-switches { + 2a06:5841:149a::2; + } + } + } + server-group { + v4-edge-switches { + 185.110.149.2; + 185.110.148.2; + } + fapfapfap-group { + 185.110.148.22; + } + } + group edge-switches { + active-server-group v4-edge-switches; + overrides { + trust-option-82; + } + interface vlan.237; + interface vlan.777; + interface vlan.1591; + interface vlan.1592; + interface vlan.1611; + interface vlan.1612; + interface vlan.1631; + interface vlan.1632; + interface vlan.1651; + interface vlan.1652; + interface vlan.1671; + interface vlan.1672; + interface vlan.1691; + interface vlan.1692; + interface vlan.1711; + interface vlan.1712; + interface vlan.1731; + interface vlan.1732; + interface vlan.1751; + interface vlan.1752; + interface vlan.1771; + interface vlan.1772; + interface vlan.1791; + interface vlan.1792; + interface vlan.1811; + interface vlan.1812; + interface vlan.1832; + interface vlan.1852; + } + group fapfapfap { + active-server-group fapfapfap-group; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + inactive: router-advertisement { + interface vlan.1591; + interface vlan.1592; + interface vlan.1611; + interface vlan.1612; + interface vlan.1631; + interface vlan.1632; + interface vlan.1651; + interface vlan.1652; + interface vlan.1671; + interface vlan.1672; + interface vlan.1691; + interface vlan.1692; + interface vlan.1711; + interface vlan.1712; + interface vlan.1731; + interface vlan.1732; + interface vlan.1751; + interface vlan.1752; + interface vlan.1771; + interface vlan.1772; + interface vlan.1791; + interface vlan.1792; + interface vlan.1811; + interface vlan.1812; + interface vlan.1832; + interface vlan.1852; + interface vlan.237; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae31.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + sflow { + agent-id 185.110.148.107; + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 185.110.148.107; + collector ; + interfaces all-ports; + } + igmp-snooping { + vlan all; + } + rstp; + lldp { + management-address 185.110.148.107; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } +} +ethernet-switching-options { + storm-control { + interface all; + } +} +vlans { + aps_mgmt { + vlan-id 777; + l3-interface vlan.777; + } + e59-1 { + vlan-id 1591; + l3-interface vlan.1591; + } + e59-2 { + vlan-id 1592; + l3-interface vlan.1592; + } + e61-1 { + vlan-id 1611; + l3-interface vlan.1611; + } + e61-2 { + vlan-id 1612; + l3-interface vlan.1612; + } + e63-1 { + vlan-id 1631; + l3-interface vlan.1631; + } + e63-2 { + vlan-id 1632; + l3-interface vlan.1632; + } + e65-1 { + vlan-id 1651; + l3-interface vlan.1651; + } + e65-2 { + vlan-id 1652; + l3-interface vlan.1652; + } + e67-1 { + vlan-id 1671; + l3-interface vlan.1671; + } + e67-2 { + vlan-id 1672; + l3-interface vlan.1672; + } + e69-1 { + vlan-id 1691; + l3-interface vlan.1691; + } + e69-2 { + vlan-id 1692; + l3-interface vlan.1692; + } + e71-1 { + vlan-id 1711; + l3-interface vlan.1711; + } + e71-2 { + vlan-id 1712; + l3-interface vlan.1712; + } + e73-1 { + vlan-id 1731; + l3-interface vlan.1731; + } + e73-2 { + vlan-id 1732; + l3-interface vlan.1732; + } + e75-1 { + vlan-id 1751; + l3-interface vlan.1751; + } + e75-2 { + vlan-id 1752; + l3-interface vlan.1752; + } + e77-1 { + vlan-id 1771; + l3-interface vlan.1771; + } + e77-2 { + vlan-id 1772; + l3-interface vlan.1772; + } + e79-1 { + vlan-id 1791; + l3-interface vlan.1791; + } + e79-2 { + vlan-id 1792; + l3-interface vlan.1792; + } + e81-1 { + vlan-id 1811; + l3-interface vlan.1811; + } + e81-2 { + vlan-id 1812; + l3-interface vlan.1812; + } + e83-2 { + vlan-id 1832; + l3-interface vlan.1832; + } + e85-2 { + vlan-id 1852; + l3-interface vlan.1852; + } + info_desk { + vlan-id 237; + l3-interface vlan.237; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/e25-2.conf b/examples/tg16/netconf/e25-2.conf new file mode 100644 index 00000000..daa60afe --- /dev/null +++ b/examples/tg16/netconf/e25-2.conf @@ -0,0 +1,282 @@ +## Last changed: 2015-04-05 07:41:52 UTC +version 14.1X53-D15.2; +system { + host-name e25-2; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 88.92.54.195; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + /* Save changes to central site */ + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 1; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } +} +interfaces { + interface-range edge-ports { + member-range ge-0/0/0 to ge-0/0/43; + description Clients; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members clients; + } + } + } + } + interface-range core-ports { + member-range ge-0/0/44 to ge-0/0/47; + description "distro3 ge-0/0/1"; + ether-options { + 802.3ad ae0; + } + } + ae0 { + description "distro3 ge-0/0/1"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ clients mgmt ]; + } + } + } + } + vlan { + unit 666 { + description "MGMT L3 interface"; + family inet { + filter { + input v4-mgmt; + } + address 88.92.54.195/26; + } + inactive: family inet6 { + filter { + input v6-mgmt; + } + address 2a06:5840:54d::195/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 next-hop 88.92.54.193; + } + } +} +protocols { + sflow { + sample-rate { + ingress 10000; + egress 10000; + } + source-ip 88.92.54.195; + collector ; + collector ; + interfaces core-ports; + interfaces edge-ports; + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface edge-ports { + edge; + no-root-port; + } + } + lldp { + management-address 88.92.54.195; + interface ae0.0; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + /* Merged separate v4- og v6-lister */ + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } +} +firewall { + family inet { + filter v4-mgmt { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter v6-mgmt { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term accept-all { + then accept; + } + } + } +} +vlans { + clients { + vlan-id 1252; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } +} diff --git a/examples/tg16/netconf/ex2200.conf b/examples/tg16/netconf/ex2200.conf new file mode 100755 index 00000000..9f1e7549 --- /dev/null +++ b/examples/tg16/netconf/ex2200.conf @@ -0,0 +1,305 @@ +system { + host-name ; + domain-name infra.gathering.org; + auto-snapshot; + time-zone Europe/Oslo; + authentication-order [ tacplus ]; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + { + secret ""; + source-address ; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + + /* Save changes to central site */ + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://@/home/tgconfig/configs/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} + +chassis { + aggregated-devices { + ethernet { + device-count 1; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } +} + +interfaces { + interface-range edge-ports { + description "Clients"; + member-range ge-0/0/0 to ge-0/0/43; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members clients; + } + } + } + } + interface-range core-ports { + description " "; + member-range ge-0/0/44 to ge-0/0/47; + ether-options { + 802.3ad ae0; + } + } + ae0 { + description " "; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [clients mgmt]; + } + } + } + } + vlan { + unit { + description "MGMT L3 interface"; + family inet { + filter { + input v4-mgmt; + } + address /26; + } + inactive: family inet6 { + filter { + input v6-mgmt; + } + address /64; + } + } + } +} + +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} + +policy-options { + prefix-list mgmt-v4 { + + /* Kandu PA-nett */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + + /* Den delen av v6-nett som er satt av til infra, tech o.l. */ + 2a06:5841::/32; + } + /* Merged separate v4- og v6-lister */ + prefix-list mgmt { + + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } +} +firewall { + family inet { + filter v4-mgmt { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then { + accept; + } + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then { + accept; + } + } + } + } + family inet6 { + filter v6-mgmt { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then { + accept; + } + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then { + + accept; + } + } + } + } +} + +protocols { + sflow { + sample-rate { + ingress 10000; + egress 10000; + } + interfaces edge-ports; + interfaces core-ports; + source-ip ; + collector 185.110.148.12; + collector 185.110.148.11; + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface edge-ports { + edge; + no-root-port; + } + } + lldp { + interface ae0.0; + management-address ; + } +} + +vlans { + clients { + vlan-id ; + } + mgmt { + vlan-id ; + l3-interface vlan.; + } +} + +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 { + next-hop ; + } + } + } +} + + diff --git a/examples/tg16/netconf/ex2200_secure.conf b/examples/tg16/netconf/ex2200_secure.conf new file mode 100755 index 00000000..7a004792 --- /dev/null +++ b/examples/tg16/netconf/ex2200_secure.conf @@ -0,0 +1,332 @@ +system { + host-name ; + domain-name infra.gathering.org; + auto-snapshot; + time-zone Europe/Oslo; + authentication-order [ tacplus ]; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + { + secret ""; + source-address ; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + + /* Save changes to central site */ + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://@/home/tgconfig/configs/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} + +chassis { + aggregated-devices { + ethernet { + device-count 1; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } +} + +interfaces { + interface-range edge-ports { + description "Clients"; + member-range ge-0/0/0 to ge-0/0/43; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members clients; + } + } + } + } + interface-range core-ports { + description " "; + member-range ge-0/0/44 to ge-0/0/47; + ether-options { + 802.3ad ae0; + } + } + ae0 { + description " "; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [clients mgmt]; + } + } + } + } + vlan { + unit { + description "MGMT L3 interface"; + family inet { + filter { + input v4-mgmt; + } + address /26; + } + inactive: family inet6 { + filter { + input v6-mgmt; + } + address /64; + } + } + } +} + +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} + +policy-options { + prefix-list mgmt-v4 { + + /* Kandu PA-nett */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + + /* Den delen av v6-nett som er satt av til infra, tech o.l. */ + 2a06:5841::/32; + } + /* Merged separate v4- og v6-lister */ + prefix-list mgmt { + + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } +} + +ethernet-switching-options { + secure-access-port { + interface edge-ports { + no-dhcp-trusted; + } + vlan clients { + arp-inspection; + examine-dhcp; + examine-dhcpv6; + neighbor-discovery-inspection; + ip-source-guard; + ipv6-source-guard; + dhcp-option82; + dhcpv6-option18 { + use-option-82; + } + } + ipv6-source-guard-sessions { + max-number 128; + } + } + storm-control { + interface all; + } +} + +firewall { + family inet { + filter v4-mgmt { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then { + accept; + } + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then { + accept; + } + } + } + } + family inet6 { + filter v6-mgmt { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then { + accept; + } + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then { + + accept; + } + } + } + } +} + +protocols { + sflow { + sample-rate { + ingress 10000; + egress 10000; + } + interfaces edge-ports; + interfaces core-ports; + source-ip ; + collector 185.110.148.12; + collector 185.110.148.11; + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface edge-ports { + edge; + no-root-port; + } + } + lldp { + interface ae0.0; + management-address ; + } +} + +vlans { + clients { + vlan-id ; + } + mgmt { + vlan-id ; + l3-interface vlan.; + } +} + +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 { + next-hop ; + } + } + } +} + + diff --git a/examples/tg16/netconf/ex2200_secure_with_l3.conf b/examples/tg16/netconf/ex2200_secure_with_l3.conf new file mode 100755 index 00000000..a11989ee --- /dev/null +++ b/examples/tg16/netconf/ex2200_secure_with_l3.conf @@ -0,0 +1,351 @@ +system { + host-name ; + domain-name infra.gathering.org; + auto-snapshot; + time-zone Europe/Oslo; + authentication-order [ tacplus ]; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + { + secret ""; + source-address ; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + + /* Save changes to central site */ + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://@/home/tgconfig/configs/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} + +chassis { + aggregated-devices { + ethernet { + device-count 1; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } +} + +interfaces { + interface-range edge-ports { + description "Clients"; + member-range ge-0/0/0 to ge-0/0/43; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members clients; + } + } + } + } + interface-range core-ports { + description " "; + member-range ge-0/0/44 to ge-0/0/47; + ether-options { + 802.3ad ae0; + } + } + ae0 { + description " "; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [clients mgmt]; + } + } + } + } + vlan { + unit { + description "MGMT L3 interface"; + family inet { + filter { + input v4-mgmt; + } + address /26; + } + inactive: family inet6 { + filter { + input v6-mgmt; + } + address /64; + } + } + } +} + +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} + +policy-options { + prefix-list mgmt-v4 { + + /* Kandu PA-nett */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + + /* Den delen av v6-nett som er satt av til infra, tech o.l. */ + 2a06:5841::/32; + } + /* Merged separate v4- og v6-lister */ + prefix-list mgmt { + + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } +} + +ethernet-switching-options { + secure-access-port { + interface edge-ports { + no-dhcp-trusted; + } + vlan clients { + arp-inspection; + examine-dhcp; + examine-dhcpv6; + neighbor-discovery-inspection; + ip-source-guard; + ipv6-source-guard; + dhcp-option82; + dhcpv6-option18 { + use-option-82; + } + } + ipv6-source-guard-sessions { + max-number 128; + } + } + storm-control { + interface all; + } +} + +firewall { + family inet { + filter v4-mgmt { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then { + accept; + } + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then { + accept; + } + } + } + } + family inet6 { + filter v6-mgmt { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then { + accept; + } + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then { + + accept; + } + } + } + } +} + +protocols { + sflow { + sample-rate { + ingress 10000; + egress 10000; + } + interfaces edge-ports; + interfaces core-ports; + source-ip ; + collector 185.110.148.12; + collector 185.110.148.11; + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface edge-ports { + edge; + no-root-port; + } + } + lldp { + interface ae0.0; + management-address ; + } +} + +vlans { + clients { + vlan-id ; + } + mgmt { + vlan-id ; + l3-interface vlan.; + } +} + +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 { + next-hop ; + } + } + } +} + +# +# This particular set-config is for e57-4, generated the second day of TG16 +# +delete interfaces interface-range edge-ports unit 0 family ethernet-switching vlan members clients +set interfaces interface-range edge-ports unit 0 family ethernet-switching vlan members clients-static +delete interfaces ae0 unit 0 family ethernet-switching vlan members clients +set interfaces ae0 unit 0 family ethernet-switching vlan members linknet +set interfaces vlan unit 2 description "Routed L3 interface for participants" +set interfaces vlan unit 2 family inet address 88.92.23.129/26 +set interfaces vlan unit 3017 family inet address 88.92.82.35/31 +set forwarding-options dhcp-relay server-group v4-edge-switches 185.110.149.2 +set forwarding-options dhcp-relay server-group v4-edge-switches 185.110.148.2 +set forwarding-options dhcp-relay group edge-switches active-server-group v4-edge-switches +set forwarding-options dhcp-relay group edge-switches overrides trust-option-82 +set forwarding-options dhcp-relay group edge-switches interface vlan.2 +delete routing-options rib inet.0 static +set routing-options rib inet.0 static route 0.0.0.0/0 next-hop 88.92.82.34 +set vlans clients-static vlan-id 2 +set vlans clients-static l3-interface vlan.2 +set vlans linknet vlan-id 3017 l3-interface vlan.3017 diff --git a/examples/tg16/netconf/gamegw.conf b/examples/tg16/netconf/gamegw.conf new file mode 100644 index 00000000..4bdb158e --- /dev/null +++ b/examples/tg16/netconf/gamegw.conf @@ -0,0 +1,451 @@ +## Last changed: 2015-05-31 17:36:27 CEST +version 14.1X53-D26.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area 0.0.0.0 { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + ospf3 { + reference-bandwidth 1000g; + area 0.0.0.0 { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + } + } +} +system { + host-name gamegw; + auto-snapshot; + time-zone Europe/Oslo; + authentication-order [ tacplus password ]; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.72; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + dhcp { + traceoptions { + file dhcp_logfile; + level all; + flag all; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + /* Save changes to central site */ + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + ge-0/0/46 { + description "ae30 mot AUDGW"; + ether-options { + 802.3ad ae30; + } + } + ge-0/0/47 { + description "ae30 mot AUDGW"; + ether-options { + 802.3ad ae30; + } + } + xe-0/1/0 { + description "ae28 mot NORTH"; + ether-options { + 802.3ad ae28; + } + } + ae28 { + description "mot NORTH"; + unit 0 { + family inet { + address 185.110.148.184/31; + } + family inet6; + } + } + ae30 { + description "mot AUDGW"; + unit 0 { + family inet { + address 185.110.148.183/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + address 185.110.148.78/32; + } + family inet6 { + address 2a06:5841:148b::78/128; + } + } + } +} +protocols { + apply-groups SET_OSPF_DEFAULTS; + ospf { + export [ redistribute-direct redistribute-static ]; + area 0.0.0.0 { + interface ae28.0; + interface ae30.0; + } + } + ospf3 { + export [ redistribute-direct redistribute-static ]; + area 0.0.0.0 { + interface ae28.0; + interface ae30.0; + } + } + rstp; + lldp { + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + /* sammensl̴tt av separate v4- og v6-lister */ + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement STATIC-TO-OSPF { + from protocol static; + then { + external { + type 1; + } + accept; + } + } + policy-statement redistribute-direct { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement redistribute-static { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then { + count snmp-nms; + accept; + } + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then { + policer policer-1Mbit; + count snmp-throttle; + accept; + } + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then { + count icmp-trusted; + accept; + } + } + term icmp-throttled { + from { + protocol icmp; + } + then { + policer policer-1Mbit; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + inactive: mgmt-v6; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then { + count snmp-nms; + accept; + } + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then { + policer policer-1Mbit; + count snmp-throttle; + accept; + } + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then { + count icmp-trusted; + accept; + } + } + term icmp-throttled { + from { + next-header icmp6; + } + then { + policer policer-1Mbit; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + } + policer policer-1Mbit { + if-exceeding { + bandwidth-limit 1m; + burst-size-limit 500k; + } + then discard; + } +} +ethernet-switching-options { + storm-control { + interface all; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/gamestagegw.conf b/examples/tg16/netconf/gamestagegw.conf new file mode 100644 index 00000000..d93e04da --- /dev/null +++ b/examples/tg16/netconf/gamestagegw.conf @@ -0,0 +1,695 @@ +## Last changed: 2016-03-23 04:20:03 CET +version 14.1X53-D26.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area 0.0.0.0 { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + ospf3 { + reference-bandwidth 1000g; + area 0.0.0.0 { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name gamestagegw; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + 8.8.8.8; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.78; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + /* Save changes to central site */ + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range GAMESTAGE_CLIENTS { + member-range ge-0/0/10 to ge-0/0/41; + description "GAMESTAGE CLIENTS"; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members GAMESTAGE_CLIENTS; + } + } + } + } + interface-range GAMESTAGE_CLOSED { + member-range ge-0/0/0 to ge-0/0/9; + description "GAMESTAGE CLOSED"; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members GAMESTAGE_CLOSED; + } + } + } + } + ge-0/0/42 { + ether-options { + 802.3ad ae26; + } + } + ge-0/0/43 { + ether-options { + 802.3ad ae26; + } + } + ge-0/0/44 { + ether-options { + 802.3ad ae27; + } + } + ge-0/0/45 { + ether-options { + 802.3ad ae27; + } + } + ge-0/0/46 { + description "ae30 mot AUDGW"; + ether-options { + 802.3ad ae30; + } + } + ge-0/0/47 { + description "ae30 mot AUDGW"; + ether-options { + 802.3ad ae30; + } + } + xe-0/1/0 { + description "ae28 mot NORTH"; + ether-options { + 802.3ad ae28; + } + } + xe-0/1/1 { + description "ae28 mot NOCGW"; + } + ae26 { + description "link til gamestagesw1"; + unit 0 { + family ethernet-switching { + vlan { + members GAMESTAGE_CLIENTS; + } + } + } + } + ae27 { + description "link til gamestagesw2"; + unit 0 { + family ethernet-switching { + vlan { + members GAMESTAGE_CLIENTS; + } + } + } + } + ae28 { + description "ae28 mot NOCGW"; + unit 0 { + family inet { + address 185.110.148.184/31; + } + family inet6; + } + } + ae30 { + description "mot AUDGW"; + unit 0 { + family inet { + address 185.110.148.183/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + address 185.110.148.78/32; + } + family inet6 { + address 2a06:5841:148b::78/128; + } + } + } + vlan { + /* Klient-VLAN */ + unit 252 { + description "GAMESTAGE CLIENTS"; + family inet { + address 88.92.78.1/24; + } + family inet6 { + address 2a06:5840:78::1/64; + } + } + unit 999 { + description "GAMESTAGE CLOSED"; + } + unit 1229 { + description "gamestagegw - management"; + family inet { + address 88.92.57.145/28; + } + family inet6 { + address 2a06:5840:577::145/64; + } + } + unit 3001 { + description "Event lukket/internett/lol"; + family inet { + address 10.30.60.1/24; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + dhcp-relay { + dhcpv6 { + group EDGE { + active-server-group v6-EDGE; + overrides; + interface vlan.252; + interface vlan.3001; + } + server-group { + v6-EDGE { + 2a02:ed02:1ee7::66; + } + } + } + server-group { + v4-EDGE { + 185.110.149.2; + 185.110.148.2; + } + inactive: v4-autoconfig { + 1.1.1.1; + } + } + group EDGE { + active-server-group v4-EDGE; + overrides { + trust-option-82; + } + interface vlan.252; + interface vlan.3001; + } + inactive: group autoconfig { + active-server-group v4-autoconfig; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +protocols { + apply-groups SET_OSPF_DEFAULTS; + mld; + router-advertisement { + interface vlan.252; + interface vlan.1229; + } + ospf { + export [ redistribute-direct redistribute-static static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae28.0; + interface ae30.0; + } + } + ospf3 { + export [ redistribute-direct redistribute-static static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae28.0; + interface ae30.0; + } + } + pim { + rp { + /* STANDGW */ + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface GAMESTAGE_CLIENTS { + edge; + no-root-port; + } + } + lldp { + management-address 185.110.148.78; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + /* sammensl̴tt av separate v4- og v6-lister */ + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement STATIC-TO-OSPF { + from protocol static; + then { + external { + type 1; + } + accept; + } + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement redistribute-direct { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement redistribute-static { + from protocol static; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then { + count snmp-nms; + accept; + } + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then { + policer policer-1Mbit; + count snmp-throttle; + accept; + } + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then { + count icmp-trusted; + accept; + } + } + term icmp-throttled { + from { + protocol icmp; + } + then { + policer policer-1Mbit; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + inactive: mgmt-v6; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then { + count snmp-nms; + accept; + } + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then { + policer policer-1Mbit; + count snmp-throttle; + accept; + } + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then { + count icmp-trusted; + accept; + } + } + term icmp-throttled { + from { + next-header icmp6; + } + then { + policer policer-1Mbit; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + } + } + policer policer-1Mbit { + if-exceeding { + bandwidth-limit 1m; + burst-size-limit 500k; + } + then discard; + } +} +ethernet-switching-options { + /* EDGE SLUTT */ + storm-control { + interface all; + } +} +vlans { + EVENTNETT { + description "Event lukket/internett/lol"; + vlan-id 3001; + l3-interface vlan.3001; + } + GAMESTAGE_CLIENTS { + description "GAMESTAGE CLIENTS"; + vlan-id 252; + l3-interface vlan.252; + } + GAMESTAGE_CLOSED { + vlan-id 999; + } + MGMT { + description Management; + vlan-id 1229; + l3-interface vlan.1229; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/loggw.conf b/examples/tg16/netconf/loggw.conf new file mode 100644 index 00000000..3425b718 --- /dev/null +++ b/examples/tg16/netconf/loggw.conf @@ -0,0 +1,709 @@ +## Last changed: 2016-03-26 13:25:28 CET +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name loggw; + auto-snapshot; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.72; + } + } + login { + user lars { + uid 2003; + class super-user; + authentication { + encrypted-password ""; + } + } + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + processes { + dhcp-service { + traceoptions { + file JDHCPDEBUG size 20m files 5; + flag all; + } + } + } + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range edge-ports { + member ge-0/0/0; + member-range ge-0/0/3 to ge-0/0/29; + member-range ge-0/0/31 to ge-0/0/42; + description "Direkteterminerte klienter"; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members log_clients; + } + } + } + } + ge-0/0/1 { + description sw2-flankesor; + ether-options { + 802.3ad ae26; + } + } + ge-0/0/2 { + description sw2-flankesor; + ether-options { + 802.3ad ae26; + } + } + ge-0/0/30 { + unit 0 { + family ethernet-switching; + } + } + ge-0/0/44 { + description eventsw1; + ether-options { + 802.3ad ae27; + } + } + ge-0/0/45 { + description eventsw1; + ether-options { + 802.3ad ae27; + } + } + ge-0/0/46 { + description logsw; + ether-options { + 802.3ad ae28; + } + } + ge-0/0/47 { + description logsw; + ether-options { + 802.3ad ae28; + } + } + xe-0/1/0 { + description swinggw; + ether-options { + 802.3ad ae30; + } + } + xe-0/1/1 { + description southgw; + ether-options { + 802.3ad ae31; + } + } + xe-0/1/2 { + description stagegw; + ether-options { + 802.3ad ae29; + } + } + ae26 { + description sw2-flankesor; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt FLANKESOR_CLIENTS ]; + } + } + } + } + ae27 { + description event_clients; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ event_clients mgmt ]; + } + } + } + } + ae28 { + description log_clients; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ log_clients mgmt ]; + } + } + } + } + ae29 { + description "mot stagegw ae31"; + unit 0 { + family inet { + address 185.110.148.175/31; + } + family inet6; + } + } + ae30 { + description "mot swinggw ae31"; + unit 0 { + family inet { + address 185.110.148.142/31; + } + family inet6; + } + } + ae31 { + description "mot southgw ae31"; + unit 0 { + family inet { + address 185.110.148.144/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + address 185.110.148.72/32; + } + family inet6 { + address 2a06:5841:148b::72/128; + } + } + } + vlan { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.72/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::72/128; + } + } + unit 224 { + description event_clients; + family inet { + address 88.92.59.1/24; + } + family inet6 { + address 2a06:5840:59::1/64; + } + } + unit 234 { + description log_clients; + family inet { + address 88.92.60.1/24; + } + family inet6 { + address 2a06:5840:60::1/64; + } + } + unit 1224 { + description mgmt; + family inet { + address 88.92.57.65/28; + } + family inet6 { + address 2a06:5840:572::65/64; + } + } + /* Klient-VLAN */ + unit 2007 { + description "FLANKESOR CLIENTS"; + family inet { + address 88.92.41.129/26; + } + family inet6 { + address 2a06:5840:41c::1/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + dhcp-relay { + dhcpv6 { + group edge-switches { + active-server-group v6-edge-switches; + overrides; + interface vlan.224; + interface vlan.234; + interface vlan.1224; + interface vlan.2007; + } + server-group { + v6-edge-switches { + 2a02:ed02:1ee7::66; + } + } + } + server-group { + v4-edge-switches { + 185.110.149.2; + 185.110.148.2; + } + inactive: v4-autoconfig { + 1.1.1.1; + } + } + group edge-switches { + active-server-group v4-edge-switches; + overrides { + trust-option-82; + } + interface vlan.224; + interface vlan.234; + interface vlan.1224; + interface vlan.2007; + } + inactive: group autoconfig { + active-server-group v4-autoconfig; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + router-advertisement { + interface vlan.224; + interface vlan.234; + interface vlan.1224; + interface vlan.2007; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae29.0; + interface ae30.0; + interface ae31.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae29.0; + interface ae30.0; + interface ae31.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::65; + address 185.110.148.65; + } + } + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + } + stp { + disable; + } + rstp { + bridge-priority 8k; + interface edge-ports { + edge; + no-root-port; + } + } + lldp { + management-address 185.110.148.72; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + inactive: mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +ethernet-switching-options { + secure-access-port { + interface edge-ports { + inactive: no-dhcp-trusted; + } + inactive: vlan event_clients { + arp-inspection; + examine-dhcp; + examine-dhcpv6; + neighbor-discovery-inspection; + ip-source-guard; + ipv6-source-guard; + dhcp-option82; + dhcpv6-option18 { + use-option-82; + } + } + inactive: vlan log_clients { + arp-inspection; + examine-dhcp; + examine-dhcpv6; + neighbor-discovery-inspection; + ip-source-guard; + ipv6-source-guard; + dhcp-option82; + dhcpv6-option18 { + use-option-82; + } + } + ipv6-source-guard-sessions { + max-number 128; + } + } + storm-control { + interface all; + } +} +vlans { + FLANKESOR_CLIENTS { + description "FLANKESOR CLIENTS"; + vlan-id 2007; + l3-interface vlan.2007; + } + event_clients { + description event_clients; + vlan-id 234; + l3-interface vlan.234; + } + log_clients { + description log_clients; + vlan-id 224; + l3-interface vlan.224; + } + mgmt { + description mgmt; + vlan-id 1224; + l3-interface vlan.1224; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/nocgw.conf b/examples/tg16/netconf/nocgw.conf new file mode 100644 index 00000000..3aa2338c --- /dev/null +++ b/examples/tg16/netconf/nocgw.conf @@ -0,0 +1,1072 @@ +## Last changed: 2016-03-26 01:37:02 CET +version 14.1X53-D16.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name nocgw; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + arp { + aging-timer 5; + } + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.65; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + } + } + syslog { + file messages { + any notice; + authorization notice; + } + } + commit synchronize; + processes { + dhcp-service { + traceoptions { + file JDHCPDEBUG size 20m files 5; + flag all; + } + } + } + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range CREW_CLIENTS_APS { + member-range ge-2/0/10 to ge-2/0/12; + description "Fragleberg Access Points"; + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members CREW_CLIENTS; + } + } + } + } + ge-0/0/3 { + description "ae3 fugleberg"; + ether-options { + 802.3ad ae3; + } + } + ge-0/0/4 { + description "ae4 fugleberg"; + ether-options { + 802.3ad ae4; + } + } + ge-0/0/5 { + description "ae5 fugleberg"; + ether-options { + 802.3ad ae5; + } + } + ge-0/0/6 { + description "Trunk mot SEC"; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ Klientnett_security mgmt security ]; + } + } + } + } + ge-0/0/7 { + description "Trunk mot SEC:Video"; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ mgmt Klientnett_security_video security ]; + } + } + } + } + ge-0/0/8 { + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members CREW_CLIENTS; + } + } + } + } + ge-0/0/12 { + description CREWSW1; + ether-options { + 802.3ad ae12; + } + } + ge-0/0/13 { + description CREWSW2; + ether-options { + 802.3ad ae13; + } + } + ge-0/0/14 { + description CREWSW3; + ether-options { + 802.3ad ae14; + } + } + ge-0/0/15 { + description CREWSW4; + ether-options { + 802.3ad ae15; + } + } + ge-0/0/16 { + description CREWSW5; + ether-options { + 802.3ad ae16; + } + } + ge-0/0/23 { + description "Presserom - EX2200"; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ klientnett_presse mgmt ]; + } + } + } + } + et-0/1/0 { + description "ae31 mot telegw"; + ether-options { + 802.3ad ae31; + } + } + et-0/1/1 { + description "40G mot standgw"; + unit 0 { + family inet { + address 185.110.148.132/31; + } + family inet6; + } + } + xe-0/2/0 { + description GAMEGW; + ether-options { + 802.3ad ae26; + } + } + et-0/2/1 { + description "40G mot standgw"; + } + ge-1/0/1 { + description "ae1 mot nocsw1"; + ether-options { + 802.3ad ae1; + } + } + ge-1/0/2 { + description "ae2 mot nocsw2"; + ether-options { + 802.3ad ae2; + } + } + ge-1/0/3 { + description "ae3 fugleberg"; + ether-options { + 802.3ad ae3; + } + } + ge-1/0/4 { + description "ae4 fugleberg"; + ether-options { + 802.3ad ae4; + } + } + ge-1/0/5 { + description "ae5 fugleberg"; + ether-options { + 802.3ad ae5; + } + } + ge-1/0/12 { + description CREWSW1; + ether-options { + 802.3ad ae12; + } + } + ge-1/0/13 { + description CREWSW2; + ether-options { + 802.3ad ae13; + } + } + ge-1/0/14 { + description CREWSW3; + ether-options { + 802.3ad ae14; + } + } + ge-1/0/15 { + description CREWSW4; + ether-options { + 802.3ad ae15; + } + } + ge-1/0/16 { + description CREWSW5; + ether-options { + 802.3ad ae16; + } + } + ge-1/0/23 { + description klientnett_noc; + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members klientnett_noc; + } + } + } + } + et-1/1/0 { + description "ae31 mot telegw"; + ether-options { + 802.3ad ae31; + } + } + et-1/1/1 { + description "ae30 mot coregw"; + ether-options { + 802.3ad ae30; + } + } + ge-2/0/1 { + description "ae1 mot nocsw1"; + ether-options { + 802.3ad ae1; + } + } + ge-2/0/2 { + description "ae2 mot nocsw2"; + ether-options { + 802.3ad ae2; + } + } + ge-2/0/23 { + description servernett_stand; + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members servernett_stand; + } + } + } + } + et-2/1/0 { + description "ae30 mot coregw"; + ether-options { + 802.3ad ae30; + } + } + xe-2/2/0 { + description "link mot northgw"; + ether-options { + 802.3ad ae28; + } + } + ge-3/0/1 { + description "ae1 mot nocsw1"; + ether-options { + 802.3ad ae1; + } + } + ge-3/0/2 { + description "ae2 mot nocsw2"; + ether-options { + 802.3ad ae2; + } + } + ae1 { + description nocsw1; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members klientnett_noc; + } + } + } + } + ae2 { + description nocsw2; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members klientnett_noc; + } + } + } + } + ae3 { + description "mot fugleberget 3"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ klientnett_fugleberget mgmt ]; + } + } + } + } + ae4 { + description "mot fugleberget 2"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ klientnett_fugleberget mgmt ]; + } + } + } + } + ae5 { + description "mot fugleberget 1"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ klientnett_fugleberget mgmt ]; + } + } + } + } + ae12 { + description CREWSW1; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ CREW_CLIENTS mgmt ]; + } + } + } + } + ae13 { + description CREWSW2; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ CREW_CLIENTS mgmt ]; + } + } + } + } + ae14 { + description CREWSW3; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ CREW_CLIENTS mgmt ]; + } + } + } + } + ae15 { + description CREWSW4; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ CREW_CLIENTS mgmt ]; + } + } + } + } + ae16 { + description CREWSW5; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ CREW_CLIENTS mgmt ]; + } + } + } + } + ae26 { + unit 0 { + family inet { + address 185.110.148.185/31; + } + family inet6; + } + } + ae27 { + unit 0 { + description "link to stand"; + } + } + ae28 { + description "mot northgw ae31"; + unit 0 { + family inet { + address 185.110.148.138/31; + } + } + } + ae30 { + description "80G mot coregw"; + unit 0 { + family inet { + address 185.110.148.136/31; + } + family inet6; + } + } + ae31 { + description "80G mot telegw"; + unit 0 { + family inet { + address 185.110.148.131/31; + } + family inet6; + } + } + irb { + unit 239 { + description "Klientnett Fugleberget"; + family inet { + address 88.92.65.1/24; + } + family inet6 { + address 2a06:5840:65::1/64; + } + } + unit 240 { + description CREW_CLIENTS; + family inet { + address 88.92.66.1/24; + } + family inet6 { + address 2a06:5840:66::1/66; + } + } + unit 247 { + family inet { + address 88.92.73.1/24; + } + family inet6 { + address 2a06:5840:73::1/64; + } + } + unit 248 { + family inet { + address 88.92.74.1/24; + } + family inet6 { + address 2a06:5840:74::1/64; + } + } + unit 249 { + family inet { + address 88.92.75.1/24; + } + family inet6 { + address 2a06:5840:75::1/64; + } + } + unit 1220 { + description mgmt; + family inet { + address 88.92.57.1/27; + } + family inet6 { + address 2a06:5840:570::1/64; + } + } + unit 1481 { + description "Servernett Stand"; + } + unit 1501 { + description "Klientnett NOC"; + family inet { + address 185.110.150.1/25; + } + family inet6 { + address 2a06:5841:150a::1/64; + } + } + unit 3000 { + description Security; + family inet { + filter { + input v4-security; + output v4-security; + } + address 10.30.10.1/24; + } + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.65/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::65/128; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + dhcp-relay { + dhcpv6 { + group all { + interface irb.239; + interface irb.240; + interface irb.247; + interface irb.248; + interface irb.249; + interface irb.1481; + interface irb.1501; + } + server-group { + v6-dhcp { + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + } + active-server-group v6-dhcp; + } + server-group { + v4-dhcp { + 185.110.149.2; + 185.110.148.2; + } + } + active-server-group v4-dhcp; + group all { + overrides { + trust-option-82; + } + interface irb.239; + interface irb.240; + interface irb.247; + interface irb.248; + interface irb.249; + interface irb.1481; + interface irb.1501; + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + router-advertisement { + interface irb.1501; + interface irb.240; + interface irb.248; + interface irb.249; + interface irb.239; + interface irb.247; + interface irb.1481; + } + ospf { + export [ redistribute-direct redistribute-static ]; + reference-bandwidth 1000g; + area 0.0.0.0 { + interface ae31.0; + interface ae30.0; + interface xe-0/2/0.0; + interface et-0/1/1.0 { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + interface ae28.0; + interface ae26.0; + } + } + ospf3 { + export [ redistribute-direct redistribute-static ]; + reference-bandwidth 1000g; + area 0.0.0.0 { + interface ae31.0; + interface ae30.0; + interface xe-0/2/0.0; + interface et-0/1/1.0 { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + lacp { + traceoptions { + file log-lacp size 100k files 2; + flag all; + } + } + lldp { + interface all; + } + lldp-med { + interface all; + } + igmp-snooping { + vlan default; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + /* sammenslått av separate v4- og v6-lister */ + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement redistribute-direct { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement redistribute-static { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then { + count snmp-nms; + accept; + } + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then { + policer policer-1Mbit; + count snmp-throttle; + accept; + } + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then { + count icmp-trusted; + accept; + } + } + term icmp-throttled { + from { + protocol icmp; + } + then { + policer policer-1Mbit; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter v4-security { + term accept-security { + from { + source-address { + 10.30.0.0/16; + } + destination-address { + 10.30.0.0/16; + } + } + then accept; + } + term discard-all { + then { + discard; + } + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + inactive: mgmt-v6; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then { + count snmp-nms; + accept; + } + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then { + policer policer-1Mbit; + count snmp-throttle; + accept; + } + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then { + count icmp-trusted; + accept; + } + } + term icmp-throttled { + from { + next-header icmp6; + } + then { + policer policer-1Mbit; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + } + policer policer-1Mbit { + if-exceeding { + bandwidth-limit 1m; + burst-size-limit 500k; + } + then discard; + } + policer policer-slowest { + if-exceeding { + bandwidth-limit 32k; + burst-size-limit 32k; + } + then discard; + } +} +access { + address-assignment { + pool sec_lukket { + family inet { + network 10.30.10.0/24; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } + member 2 { + role line-card; + serial-number ; + } +} +vlans { + CREW_CLIENTS { + vlan-id 240; + l3-interface irb.240; + } + Klientnett_security { + vlan-id 248; + l3-interface irb.248; + } + Klientnett_security_video { + vlan-id 249; + l3-interface irb.249; + } + klientnett_fugleberget { + vlan-id 239; + l3-interface irb.239; + } + klientnett_noc { + vlan-id 1501; + l3-interface irb.1501; + } + klientnett_presse { + vlan-id 247; + l3-interface irb.247; + } + mgmt { + vlan-id 1220; + l3-interface irb.1220; + } + security { + vlan-id 3000; + l3-interface irb.3000; + } + servernett_stand { + vlan-id 1481; + l3-interface irb.1481; + } +} +poe; diff --git a/examples/tg16/netconf/northgw.conf b/examples/tg16/netconf/northgw.conf new file mode 100644 index 00000000..296cf033 --- /dev/null +++ b/examples/tg16/netconf/northgw.conf @@ -0,0 +1,500 @@ +## Last changed: 2016-03-22 11:35:46 CET +version 14.1X53-D26.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name northgw; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 8.8.8.8; + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.73; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + xe-0/1/0 { + description LOGGW; + ether-options { + 802.3ad ae30; + } + } + xe-0/1/1 { + description NOCGW; + ether-options { + 802.3ad ae31; + } + } + xe-0/1/2 { + description AUDGW; + ether-options { + 802.3ad ae29; + } + } + xe-0/1/3 { + description GAMEGW; + ether-options { + 802.3ad ae28; + } + } + ae28 { + description GAMEGW; + unit 0 { + family inet { + address 185.110.148.185/31; + } + family inet6; + } + } + ae29 { + description AUDGW; + unit 0 { + family inet { + address 185.110.148.180/31; + } + family inet6; + } + } + ae30 { + description LOGGW; + unit 0 { + family inet { + address 185.110.148.140/31; + } + family inet6; + } + } + ae31 { + description NOCGW; + unit 0 { + family inet { + address 185.110.148.139/31; + } + family inet6; + } + } + lo0 { + description MGMT-INTERFACE; + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.73/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::73/128; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + dhcp-relay { + dhcpv6 { + group EDGE { + active-server-group v6-EDGE; + overrides; + } + server-group { + v6-EDGE { + 2a02:ed02:1ee7::66; + } + } + } + server-group { + v4-EDGE { + 185.110.149.2; + 185.110.148.2; + } + inactive: v4-autoconfig { + 1.1.1.1; + } + } + group EDGE { + active-server-group v4-EDGE; + overrides { + trust-option-82; + } + } + inactive: group autoconfig { + active-server-group v4-autoconfig; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +protocols { + mld; + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae28.0; + interface ae29.0; + interface ae30.0; + interface ae31.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae28.0; + interface ae29.0; + interface ae30.0; + interface ae31.0; + } + } + pim { + rp { + /* STANDGW */ + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + } + lldp { + management-address 185.110.148.73; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/southgw.conf b/examples/tg16/netconf/southgw.conf new file mode 100644 index 00000000..f2c0463d --- /dev/null +++ b/examples/tg16/netconf/southgw.conf @@ -0,0 +1,598 @@ +## Last changed: 2016-03-23 21:22:01 CET +version 14.1X53-D26.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name southgw; + auto-snapshot; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.70; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 15; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + processes { + dhcp-service { + traceoptions { + file JDHCPDEBUG size 20m files 5; + flag all; + } + } + } + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range CREATIVIA_CLIENTS { + member-range ge-0/0/0 to ge-0/0/43; + description "CREATIVIA CLIENTS"; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members CREATIVIA_CLIENTS; + } + } + } + } + ge-0/0/46 { + description CREATIVIASW1; + ether-options { + 802.3ad ae29; + } + } + ge-0/0/47 { + description CREATIVIASW1; + ether-options { + 802.3ad ae29; + } + } + xe-0/1/0 { + description TELEGW; + ether-options { + 802.3ad ae30; + } + } + xe-0/1/1 { + description LOGGW; + ether-options { + 802.3ad ae31; + } + } + ae29 { + description CREATIVIASW1; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ MGMT CREATIVIA_CLIENTS CREATIVIA_LOUNGE ]; + } + } + } + } + ae30 { + description TELEGW; + unit 0 { + family inet { + address 185.110.148.146/31; + } + family inet6; + } + } + ae31 { + description LOGGW; + unit 0 { + family inet { + address 185.110.148.145/31; + } + family inet6; + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.70/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::70/128; + } + } + } + vlan { + unit 235 { + description "CREATIVIA CLIENTS"; + family inet { + address 88.92.61.1/24; + } + family inet6 { + address 2a06:5840:61::1/64; + } + } + unit 1225 { + description MGMT; + family inet { + address 88.92.57.81/28; + } + family inet6 { + address 2a06:5840:573::81/64; + } + } + unit 2013 { + description "CREATIVIA LOUNGE"; + family inet { + address 88.92.43.1/26; + } + family inet6 { + address 2a06:5840:43a::1/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + dhcp-relay { + inactive: dhcpv6 { + group EDGE { + active-server-group v6-EDGE; + overrides; + interface vlan.235; + interface vlan.1225; + interface vlan.2013; + } + server-group { + v6-EDGE { + 2a02:ed02:1ee7::66; + } + } + } + server-group { + v4-EDGE { + 185.110.149.2; + 185.110.148.2; + } + inactive: v4-autoconfig { + 1.1.1.1; + } + } + group EDGE { + active-server-group v4-EDGE; + overrides { + trust-option-82; + } + interface vlan.235; + interface vlan.1225; + interface vlan.2013; + } + inactive: group autoconfig { + active-server-group v4-autoconfig; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + mld; + router-advertisement { + interface vlan.235; + interface vlan.1225; + interface vlan.2013; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae29.0; + interface ae30.0; + interface ae31.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae29.0; + interface ae30.0; + interface ae31.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface CREATIVIA_CLIENTS { + edge; + no-root-port; + } + } + lldp { + management-address 185.110.148.70; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +ethernet-switching-options { + secure-access-port { + interface CREATIVIA_CLIENTS { + no-dhcp-trusted; + } + vlan CREATIVIA_CLIENTS { + arp-inspection; + examine-dhcp; + examine-dhcpv6; + neighbor-discovery-inspection; + ip-source-guard; + ipv6-source-guard; + dhcp-option82; + dhcpv6-option18 { + use-option-82; + } + } + ipv6-source-guard-sessions { + max-number 128; + } + } + storm-control { + interface all; + } +} +vlans { + CREATIVIA_CLIENTS { + description "CREATIVIA CLIENTS"; + vlan-id 235; + l3-interface vlan.235; + } + CREATIVIA_LOUNGE { + description "CREATIVIA LOUNGE"; + vlan-id 2013; + l3-interface vlan.2013; + } + MGMT { + description "CREATIVIA CLIENTS"; + vlan-id 1225; + l3-interface vlan.1225; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/stagegw.conf b/examples/tg16/netconf/stagegw.conf new file mode 100644 index 00000000..54067b17 --- /dev/null +++ b/examples/tg16/netconf/stagegw.conf @@ -0,0 +1,676 @@ +## Last changed: 2016-03-24 08:57:28 CET +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface ; + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name stagegw; + auto-snapshot; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.75; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range LYD { + member-range ge-0/0/0 to ge-0/0/4; + description LYD; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members LYD_NETT; + } + } + } + } + interface-range EDGE { + member-range ge-0/0/7 to ge-0/0/39; + description EDGE; + unit 0 { + family ethernet-switching { + vlan { + members temp; + } + } + } + } + ge-0/0/5 { + description AV; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members AV_NETT; + } + } + } + } + ge-0/0/6 { + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members temp; + } + } + } + } + ge-0/0/40 { + description AP; + unit 0 { + family ethernet-switching { + vlan { + members klientnett_FOH; + } + } + } + } + ge-0/0/41 { + description AP; + unit 0 { + family ethernet-switching { + vlan { + members klientnett_FOH; + } + } + } + } + ge-0/0/42 { + description AP; + unit 0 { + family ethernet-switching { + vlan { + members klientnett_FOH; + } + } + } + } + ge-0/0/43 { + description AP; + unit 0 { + family ethernet-switching { + vlan { + members klientnett_FOH; + } + } + } + } + ge-0/0/44 { + description AP; + unit 0 { + family ethernet-switching { + vlan { + members klientnett_FOH; + } + } + } + } + ge-0/0/47 { + description "mot backstage"; + ether-options { + 802.3ad ae29; + } + } + xe-0/1/0 { + description "mot swinggw"; + ether-options { + 802.3ad ae0; + } + } + xe-0/1/1 { + description "mot distro3 "; + ether-options { + 802.3ad ae1; + } + } + ae0 { + description "mot swinggw "; + unit 0 { + family inet { + address 185.110.148.174/31; + } + family inet6; + } + } + ae29 { + description "mot backstage "; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt klientnett_stage LYD_NETT AV_NETT ]; + } + } + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.75/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::75/128; + } + } + } + vlan { + unit 241 { + description "stage - klientnett"; + family inet { + address 88.92.67.1/24; + } + family inet6 { + address 2a06:5840:67::1/64; + } + } + unit 242 { + description "FOH - klientnett"; + family inet { + address 88.92.68.1/24; + } + family inet6 { + address 2a06:5840:68::1/64; + } + } + unit 1227 { + description "stage - management"; + family inet { + address 88.92.57.113/28; + } + family inet6 { + address 2a06:5840:575::113/64; + } + } + unit 3001 { + description "Event lukket/internett/lol"; + family inet { + address 10.30.50.1/24; + } + } + unit 4090 { + family inet { + address 88.92.79.1/24; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + dhcp-relay { + dhcpv6 { + group EDGE { + active-server-group v6-EDGE; + overrides; + interface vlan.241; + interface vlan.242; + interface vlan.1227; + interface vlan.3001; + } + server-group { + v6-EDGE { + 2a02:ed02:1ee7::66; + } + } + } + server-group { + v4-EDGE { + 185.110.149.2; + 185.110.148.2; + } + inactive: v4-autoconfig { + 1.1.1.1; + } + } + group EDGE { + active-server-group v4-EDGE; + overrides { + trust-option-82; + } + interface vlan.241; + interface vlan.242; + interface vlan.1227; + interface vlan.3001; + interface vlan.4090; + } + inactive: group autoconfig { + active-server-group v4-autoconfig; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +protocols { + mld; + router-advertisement { + interface vlan.241; + interface vlan.242; + interface vlan.1227; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface xe-0/1/0.0; + interface xe-0/1/1.0; + interface ae0.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface xe-0/1/0.0; + interface xe-0/1/1.0; + interface ae0.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::75; + address 185.110.148.75; + } + } + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface EDGE { + edge; + no-root-port; + } + } + lldp { + management-address 185.110.148.75; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +ethernet-switching-options { + secure-access-port { + interface EDGE { + no-dhcp-trusted; + } + vlan klientnett_FOH { + arp-inspection; + examine-dhcp; + examine-dhcpv6; + neighbor-discovery-inspection; + ip-source-guard; + ipv6-source-guard; + dhcp-option82; + dhcpv6-option18 { + use-option-82; + } + } + ipv6-source-guard-sessions { + max-number 128; + } + } + storm-control { + interface all; + } +} +vlans { + AV_NETT { + description "Internt for L2 utstyr"; + vlan-id 321; + } + EVENTNETT { + description "Event lukket/internett/lol"; + vlan-id 3001; + l3-interface vlan.3001; + } + LYD_NETT { + description "Internt for L2 utstyr"; + vlan-id 123; + } + klientnett_FOH { + description "FOH - klientnett"; + vlan-id 242; + l3-interface vlan.242; + } + klientnett_stage { + description "stage - klientnett"; + vlan-id 241; + l3-interface vlan.241; + } + mgmt { + description "stage - management"; + vlan-id 1227; + l3-interface vlan.1227; + } + temp { + vlan-id 4090; + l3-interface vlan.4090; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/standgw.conf b/examples/tg16/netconf/standgw.conf new file mode 100644 index 00000000..9c99bd23 --- /dev/null +++ b/examples/tg16/netconf/standgw.conf @@ -0,0 +1,936 @@ +## Last changed: 2016-03-23 16:00:42 CET +version 14.1X53-D30.3; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name standgw; + auto-snapshot; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.67; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + /* Save changes to central site */ + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + xe-0/0/0 { + description Grevious; + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members eventnett_stand; + } + } + } + } + xe-0/0/1 { + description "ae mot rey"; + ether-options { + 802.3ad ae1; + } + } + xe-0/0/2 { + description "ae mot bb-8"; + ether-options { + 802.3ad ae2; + } + } + xe-0/0/3 { + description chewbacca; + unit 0 { + description chewbacca; + family ethernet-switching { + interface-mode trunk; + vlan { + members [ servernett eventnett_stand ]; + } + } + } + } + xe-0/0/4 { + description "Link mot Resepsjonen"; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ klientnett_resepsjonen klientnett_medic mgmt security ]; + } + } + } + } + xe-0/0/47 { + description "ae mot standsw"; + ether-options { + 802.3ad ae31; + } + } + et-0/0/48 { + description "link til nocgw"; + unit 0 { + family inet { + address 185.110.148.133/31; + } + family inet6; + } + } + xe-1/0/0 { + description "ae mot finn"; + ether-options { + 802.3ad ae4; + } + } + xe-1/0/1 { + description "ae mot obi-wan"; + ether-options { + 802.3ad ae5; + } + } + xe-1/0/2 { + description "ae mot han"; + ether-options { + 802.3ad ae6; + } + } + xe-1/0/3 { + description "ae mot yoda"; + ether-options { + 802.3ad ae7; + } + } + xe-1/0/4 { + description "ae mot palpatine"; + ether-options { + 802.3ad ae8; + } + } + xe-1/0/47 { + description "ae mot standsw"; + ether-options { + 802.3ad ae31; + } + } + xe-2/0/0 { + description "ae mot finn"; + ether-options { + 802.3ad ae4; + } + } + xe-2/0/1 { + description "ae mot obi-wan"; + ether-options { + 802.3ad ae5; + } + } + xe-2/0/2 { + description "ae mot han"; + ether-options { + 802.3ad ae6; + } + } + xe-2/0/3 { + description "ae mot yoda"; + ether-options { + 802.3ad ae7; + } + } + xe-2/0/4 { + description "ae mot palpatine"; + ether-options { + 802.3ad ae8; + } + } + inactive: xe-3/0/0 { + description "ae mot grievous"; + ether-options { + 802.3ad ae0; + } + } + xe-3/0/1 { + description "ae mot rey"; + ether-options { + 802.3ad ae1; + } + } + xe-3/0/2 { + description "ae mot bb-8"; + ether-options { + 802.3ad ae2; + } + } + xe-3/0/3 { + description chewbacca; + unit 0 { + description chewbacca; + family ethernet-switching { + interface-mode trunk; + vlan { + members [ servernett eventnett_stand ]; + } + } + } + } + et-3/0/48 { + description "link mot coregw"; + ether-options { + 802.3ad ae30; + } + } + et-3/0/49 { + description "link mot coregw"; + ether-options { + 802.3ad ae30; + } + } + inactive: ae0 { + description grievous; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members eventnett_stand; + } + } + } + } + ae1 { + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + description rey; + family ethernet-switching { + interface-mode access; + vlan { + members servernett; + } + } + } + } + ae2 { + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + description bb-8; + family ethernet-switching { + interface-mode access; + vlan { + members servernett; + } + } + } + } + ae3 { + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + description chewbacca; + family ethernet-switching { + interface-mode trunk; + vlan { + members [ servernett eventnett_stand ]; + } + } + } + } + ae4 { + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members servernett; + } + } + } + } + ae5 { + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members servernett; + } + } + } + } + ae6 { + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode access; + vlan { + members servernett; + } + } + } + } + ae7 { + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + description "ae til yoda"; + family ethernet-switching { + interface-mode access; + vlan { + members servernett; + } + } + } + } + ae8 { + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + description "ae til palpatine"; + family ethernet-switching { + interface-mode access; + vlan { + members eventnett_stand; + } + } + } + } + ae30 { + description "AE mot coregw"; + unit 0 { + family inet { + address 185.110.148.134/31; + } + family inet6; + } + } + ae31 { + description "ae til stand-ex3300-vc"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ mgmt eventnett_stand servernett deltaker_wifi noc_wifi aps klientnett_sponsorgate deltagerserbere ]; + } + } + } + } + irb { + unit 100 { + description deltaker_wifi; + family inet { + address 88.92.96.1/19; + } + } + unit 101 { + description noc_wifi; + family inet { + address 185.110.151.1/27; + } + } + unit 244 { + description "Klientnett resepsjonen"; + family inet { + address 88.92.70.1/24; + } + family inet6 { + address 2a06:5840:70::1/64; + } + } + unit 245 { + description "Klientnett Medic"; + family inet { + address 88.92.71.1/24; + } + family inet6 { + address 2a06:5840:71::1/64; + } + } + unit 246 { + description "Klientnett Sponsorgate"; + family inet { + address 88.92.72.1/24; + } + family inet6 { + address 2a06:5840:72::1/64; + } + } + unit 280 { + description deltagerserbere; + family inet { + address 88.92.95.1/25; + } + family inet6 { + address 2a06:5840:95a::1/64; + } + } + unit 300 { + description "AP nett for nocgw"; + family inet { + address 88.92.53.1/29; + } + } + unit 1481 { + description servernett; + family inet { + address 185.110.148.1/26; + } + family inet6 { + address 2a06:5841:1337::1/64; + } + } + unit 1482 { + description "servernett stand"; + family inet { + address 185.110.149.65/26; + } + family inet6 { + address 2a06:5841:149b::65/64; + } + } + unit 3000 { + family inet { + filter { + input v4-security; + output v4-security; + } + address 10.30.30.1/24; + } + } + unit 3911 { + description stand-ex3300-mgmt; + family inet { + address 88.92.57.97/28; + } + family inet6 { + address 2a06:5840:574::97/64; + } + } + } + lo0 { + unit 0 { + family inet { + address 185.110.148.67/32; + } + family inet6 { + address 2a06:5841:148b::67/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + dhcp-relay { + dhcpv6 { + group all { + interface irb.100; + interface irb.101; + interface irb.1481; + } + server-group { + v6-dhcp { + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + } + active-server-group v6-dhcp; + } + server-group { + v4-dhcp { + 185.110.149.2; + 185.110.148.2; + } + } + active-server-group v4-dhcp; + group all { + overrides { + trust-option-82; + } + interface irb.100; + interface irb.101; + interface irb.244; + interface irb.245; + interface irb.246; + interface irb.280; + interface irb.300; + interface irb.1481; + } + } +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + router-advertisement { + interface irb.1481; + interface irb.101; + interface irb.246; + interface irb.244; + interface irb.245; + interface irb.100; + interface irb.280; + } + ospf { + export [ redistribute-direct redistribute-static ]; + reference-bandwidth 1000g; + area 0.0.0.0 { + interface et-0/0/48.0; + interface ae30.0; + } + } + ospf3 { + export [ redistribute-direct redistribute-static ]; + reference-bandwidth 1000g; + area 0.0.0.0 { + interface et-0/0/48.0; + interface et-1/0/48.0; + interface ae30.0; + } + } + lldp { + management-address 185.110.148.67; + interface all; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + /* sammenslÃ¥tt av separate v4- og v6-lister */ + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement redistribute-direct { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement redistribute-static { + from protocol static; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + inactive: mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } + filter v4-security { + term accept-security { + from { + source-address { + 10.30.0.0/16; + } + destination-address { + 10.30.0.0/16; + } + } + then accept; + } + term discard-all { + then { + discard; + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } + member 2 { + role line-card; + serial-number ; + } + member 3 { + role line-card; + serial-number ; + } + member 4 { + role line-card; + serial-number ; + } +} +vlans { + aps { + vlan-id 300; + l3-interface irb.300; + } + deltagerserbere { + vlan-id 280; + l3-interface irb.280; + } + deltaker_wifi { + vlan-id 100; + l3-interface irb.100; + } + eventnett_stand { + vlan-id 1482; + l3-interface irb.1482; + } + klientnett_medic { + vlan-id 245; + l3-interface irb.245; + } + klientnett_resepsjonen { + vlan-id 244; + l3-interface irb.244; + } + klientnett_sponsorgate { + vlan-id 246; + l3-interface irb.246; + } + mgmt { + vlan-id 3911; + l3-interface irb.3911; + } + noc_wifi { + vlan-id 101; + l3-interface irb.101; + } + security { + vlan-id 3000; + l3-interface irb.3000; + } + servernett { + vlan-id 1481; + l3-interface irb.1481; + } +} diff --git a/examples/tg16/netconf/swinggw.conf b/examples/tg16/netconf/swinggw.conf new file mode 100644 index 00000000..fe9cee7d --- /dev/null +++ b/examples/tg16/netconf/swinggw.conf @@ -0,0 +1,716 @@ +## Last changed: 2016-03-23 04:17:59 CET +version 14.1X53-D26.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name swinggw; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.71; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range GAMEHQ_CLIENTS { + member ge-0/0/0; + member-range ge-0/0/10 to ge-0/0/43; + description "GameHQ Clients"; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members GAMEHQ_CLIENTS; + } + } + } + } + ge-0/0/2 { + description sw1.streamer-1; + ether-options { + 802.3ad ae27; + } + } + ge-0/0/3 { + description sw1.streamer-2; + ether-options { + 802.3ad ae27; + } + } + ge-0/0/4 { + description sw1.streamer-3; + ether-options { + 802.3ad ae27; + } + } + ge-0/0/5 { + description sw1-flankenord; + ether-options { + 802.3ad ae26; + } + } + ge-0/0/6 { + description sw1-flankenord; + ether-options { + 802.3ad ae26; + } + } + ge-0/0/7 { + description sw2.streamer-1; + ether-options { + 802.3ad ae28; + } + } + ge-0/0/8 { + description sw2.streamer-2; + ether-options { + 802.3ad ae28; + } + } + ge-0/0/9 { + description sw2.streamer-3; + ether-options { + 802.3ad ae28; + } + } + xe-0/1/0 { + description LOGGW; + ether-options { + 802.3ad ae31; + } + } + xe-0/1/1 { + description NORTHGW; + ether-options { + 802.3ad ae30; + } + } + xe-0/1/2 { + description "ae29 mot stagegw"; + ether-options { + 802.3ad ae29; + } + } + ae26 { + description sw1-flankenord; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ MGMT FLANKENORD_CLIENTS ]; + } + } + } + } + ae27 { + description uplinkstreamer1; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ MGMT klientnett_streamer1 ]; + } + } + } + } + ae28 { + description uplinkstreamer2; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ MGMT klientnett_streamer2 ]; + } + } + } + } + ae29 { + description "mot stagegw ae0"; + unit 0 { + family inet { + address 185.110.148.175/31; + } + family inet6; + } + } + ae30 { + description NORTHGW; + unit 0 { + family inet { + address 185.110.148.141/31; + } + family inet6; + } + } + ae31 { + description LOGGW; + unit 0 { + family inet { + address 185.110.148.143/31; + } + family inet6; + } + } + lo0 { + description MGMT-INTERFACE; + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.71/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::71/128; + } + } + } + vlan { + /* Klient-VLAN */ + unit 250 { + description "GameHQ Clients"; + family inet { + address 88.92.76.1/24; + } + family inet6 { + address 2a06:5840:76::1/64; + } + } + unit 1228 { + description "swing - management"; + family inet { + address 88.92.57.129/28; + } + family inet6 { + address 2a06:5840:576::129/64; + } + } + unit 2006 { + description "FLANKENORD CLIENTS"; + family inet { + address 88.92.41.65/26; + } + family inet6 { + address 2a06:5840:41b::1/64; + } + } + unit 2008 { + description Klientnett_streamer1; + family inet { + address 88.92.41.193/26; + } + family inet6 { + address 2a06:5840:41d::1/64; + } + } + unit 2009 { + description Klientnett_streamer2; + family inet { + address 88.92.42.1/26; + } + family inet6 { + address 2a06:5840:42a::1/64; + } + } + unit 3001 { + description "Event lukket/internett/lol"; + family inet { + address 10.30.40.1/24; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + dhcp-relay { + dhcpv6 { + group EDGE { + active-server-group v6-EDGE; + overrides; + interface vlan.250; + interface vlan.1228; + interface vlan.2006; + interface vlan.2008; + interface vlan.2009; + interface vlan.3001; + } + server-group { + v6-EDGE { + 2a02:ed02:1ee7::66; + } + } + } + server-group { + v4-EDGE { + 185.110.149.2; + 185.110.148.2; + } + inactive: v4-autoconfig { + 1.1.1.1; + } + } + group EDGE { + active-server-group v4-EDGE; + overrides { + trust-option-82; + } + interface vlan.250; + interface vlan.1228; + interface vlan.2006; + interface vlan.2008; + interface vlan.2009; + interface vlan.3001; + } + inactive: group autoconfig { + active-server-group v4-autoconfig; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +protocols { + mld; + router-advertisement { + interface vlan.250; + interface vlan.2006; + interface vlan.1228; + interface vlan.2008; + interface vlan.2009; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae30.0; + interface ae31.0; + interface ae29.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface ae30.0; + interface ae31.0; + interface ae29.0; + } + } + pim { + rp { + /* STANDGW */ + static { + address 2a06:5841:148b::67; + address 185.110.148.67; + } + } + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface GAMEHQ_CLIENTS { + edge; + no-root-port; + } + } + lldp { + management-address 185.110.148.71; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +/* EDGE */ +ethernet-switching-options { + /* EDGE */ + secure-access-port { + interface GAMEHQ_CLIENTS { + no-dhcp-trusted; + } + vlan GAMEHQ_CLIENTS { + arp-inspection; + examine-dhcp; + examine-dhcpv6; + neighbor-discovery-inspection; + ip-source-guard; + ipv6-source-guard; + dhcp-option82; + dhcpv6-option18 { + use-option-82; + } + } + ipv6-source-guard-sessions { + max-number 128; + } + } + /* EDGE SLUTT */ + storm-control { + interface all; + } +} +vlans { + EVENTNETT { + description "Event lukket/internett/lol"; + vlan-id 3001; + l3-interface vlan.3001; + } + FLANKENORD_CLIENTS { + description "FLANKENORD CLIENTS"; + vlan-id 2006; + l3-interface vlan.2006; + } + GAMEHQ_CLIENTS { + description "GameHQ Clients"; + vlan-id 250; + l3-interface vlan.250; + } + MGMT { + description "swing - management"; + vlan-id 1228; + l3-interface vlan.1228; + } + klientnett_streamer1 { + description Klientnett_streamer1; + vlan-id 2008; + l3-interface vlan.2008; + } + klientnett_streamer2 { + description Klientnett_streamer2; + vlan-id 2009; + l3-interface vlan.2009; + } +} +poe { + interface all; +} diff --git a/examples/tg16/netconf/telegw.conf b/examples/tg16/netconf/telegw.conf new file mode 100644 index 00000000..aaa8e11a --- /dev/null +++ b/examples/tg16/netconf/telegw.conf @@ -0,0 +1,1034 @@ +## Last changed: 2016-03-25 01:21:51 CET +version 14.1X53-D35.3; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name telegw; + auto-snapshot; + domain-name infra.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.64; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 10; + rate-limit 10; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + /* Save changes to central site */ + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + redundancy { + graceful-switchover; + } + aggregated-devices { + ethernet { + device-count 10; + } + } + fpc 0 { + pic 0 { + port 50 { + channel-speed disable-auto-speed-detection; + } + } + } + fpc 1 { + pic 0 { + port 50 { + channel-speed disable-auto-speed-detection; + } + } + } + alarm { + management-ethernet { + link-down ignore; + } + } +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range sflow-inet { + member xe-0/0/0; + member xe-0/0/1; + member xe-1/0/1; + member xe-1/0/0; + } + interface-range forbikobling-telefw-inside { + member-range xe-0/0/34 to xe-0/0/35; + member-range xe-1/0/34 to xe-1/0/35; + description "INSIDE for forbikobling telefw"; + ether-options { + 802.3ad ae6; + } + } + interface-range forbikobling-telefw-outside { + member-range xe-1/0/36 to xe-1/0/37; + member-range xe-0/0/36 to xe-0/0/37; + description "OUTSIDE for forbikobling telefw"; + ether-options { + 802.3ad ae7; + } + } + xe-0/0/0 { + description "ae0 - Telenor - LU1337 / SB1337 / PE slot 11 / ODF 11/12"; + ether-options { + 802.3ad ae0; + } + } + xe-0/0/1 { + description "ae0 - Telenor - LU1337 / SB1337 / PE slot 0 / ODF 7/8"; + ether-options { + 802.3ad ae0; + } + } + xe-0/0/10 { + description "Extensionswitch for Kobber"; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ security Klientnett_innsjekk ]; + } + } + } + } + xe-0/0/16 { + description "ae3 - link mot creativiagw"; + ether-options { + 802.3ad ae3; + } + } + xe-0/0/17 { + description "ae4 - link mot southgw"; + ether-options { + 802.3ad ae4; + } + } + xe-0/0/25 { + description "Fortigate FAN uplink"; + unit 0 { + family ethernet-switching { + vlan { + members tele_servers; + } + } + } + } + xe-0/0/26 { + description "FortiAnalyzer Uplink"; + unit 0 { + family ethernet-switching { + vlan { + members tele_servers; + } + } + } + } + ge-0/0/32 { + description "Tele servers"; + unit 0 { + family ethernet-switching { + vlan { + members tele_servers; + } + } + } + } + et-0/0/48 { + description "ae1 - link mot nocgw"; + ether-options { + 802.3ad ae1; + } + } + et-0/0/49 { + description "ae2 - link mot coregw"; + ether-options { + 802.3ad ae2; + } + } + et-0/0/50 { + description "Trunk til FW"; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ OUTSIDE_TO_FW INSIDE_TO_FW ]; + } + } + } + } + et-0/0/51 { + description "Monitoreringsport for Fortigate"; + } + xe-1/0/0 { + description "ae0 - Telenor - LU1337 / SB1337 / PE slot 11 / ODF 9/10"; + ether-options { + 802.3ad ae0; + } + } + xe-1/0/1 { + description "ae0 - Telenor - LU1337 / SB1337 / PE slot 0 / ODF 5/6"; + ether-options { + 802.3ad ae0; + } + } + xe-1/0/10 { + description "ae5 - link mot creativiagw"; + ether-options { + 802.3ad ae5; + } + } + xe-1/0/16 { + description "ae3 - link mot creativiagw"; + ether-options { + 802.3ad ae3; + } + } + xe-1/0/25 { + description "Fortigate FAN uplink"; + unit 0 { + family ethernet-switching { + vlan { + members tele_servers; + } + } + } + } + et-1/0/48 { + description "ae1 - link mot nocgw"; + ether-options { + 802.3ad ae1; + } + } + et-1/0/49 { + description "ae2 - link mot coregw"; + ether-options { + 802.3ad ae2; + } + } + et-1/0/50 { + description "Trunk til FW"; + unit 0 { + family ethernet-switching { + interface-mode trunk; + vlan { + members [ OUTSIDE_TO_FW INSIDE_TO_FW ]; + } + } + } + } + et-1/0/51 { + description "monitoreringsport Fortigate"; + unit 0 { + family ethernet-switching; + } + } + ae0 { + description "The Intarwebz - Telenor <3"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 193.212.22.2/30; + } + family inet6 { + address 2001:4600:9:300::292/126; + } + } + } + ae1 { + description "Mot nocgw"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.130/31; + } + family inet6; + } + } + ae2 { + description "Mot coregw"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.128/31; + } + family inet6; + } + } + ae4 { + description "Mot southgw"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.147/31; + } + family inet6; + } + } + ae5 { + description "Mot creativiagw"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family inet { + address 185.110.148.148/31; + } + family inet6; + } + } + ae6 { + apply-groups-except SET_AE_DEFAULTS; + description "INSIDE for forbikobling telefw"; + } + ae7 { + apply-groups-except SET_AE_DEFAULTS; + description "OUTSIDE for forbikobling telefw"; + } + irb { + unit 243 { + family inet { + address 88.92.69.1/24; + } + family inet6 { + address 2a06:5840:69::1/64; + } + } + unit 1491 { + description tele_servers; + family inet { + address 185.110.149.1/26; + } + family inet6 { + address 2a06:5841:149a::1/64; + } + } + unit 3000 { + description Security; + family inet { + address 10.30.20.1/24; + } + } + unit 4000 { + description "Outside to fortigate"; + family inet { + address 185.110.148.176/31; + } + family inet6 { + address 2a06:5841:148c:176::2/64; + } + } + unit 4001 { + description "Inside to fortigate"; + family inet { + address 185.110.148.178/31; + } + family inet6 { + address 2a06:5841:148c:178::2/64; + } + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.64/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::64/128; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + storm-control-profiles default { + all; + } + analyzer { + inactive: TO_FORTIGATE { + input { + ingress { + interface ae0.0; + } + egress { + interface ae0.0; + } + } + output { + interface et-1/0/51.0; + } + } + } + dhcp-relay { + dhcpv6 { + group all { + interface irb.243; + } + server-group { + v6-dhcp { + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + } + active-server-group v6-dhcp; + } + server-group { + v4-dhcp { + 185.110.149.2; + 185.110.148.2; + } + } + active-server-group v4-dhcp; + group all { + overrides { + trust-option-82; + } + interface irb.243; + } + } +} +routing-options { + nonstop-routing; + rib inet6.0 { + static { + route 2a06:5840::/30 reject; + route 2a06:5844::/30 reject; + route ::0/0 next-hop 2a06:5841:148c:178::1; + } + } + rib inet.0 { + static { + route 0.0.0.0/0 { + next-hop 185.110.148.179; + metric 10; + } + } + } + autonomous-system 21067; +} +protocols { + apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; + router-advertisement { + interface irb.243; + } + bgp { + traceoptions { + file bgp-trace size 3m files 7 world-readable; + flag state; + } + log-updown; + local-as 21067; + inactive: group TN-v4 { + type external; + local-address 193.212.22.2; + import TN-v4-import; + authentication-algorithm hmac-sha-1-96; + export TN-v4-export; + neighbor 193.212.22.1 { + authentication-key "";; + peer-as 2119; + } + } + inactive: group TN-v6 { + type external; + local-address 2001:4600:9:300::292; + import TN-v6-import; + authentication-algorithm hmac-sha-1-96; + export TN-v6-export; + neighbor 2001:4600:9:300::291 { + authentication-key "";; + peer-as 2119; + } + } + } + ospf { + export [ STATIC-TO-OSPF redistribute-direct ]; + reference-bandwidth 1000g; + area 0.0.0.0 { + interface ae1.0; + interface ae2.0; + interface ae3.0; + interface ae4.0; + interface ae5.0; + } + } + ospf3 { + export [ STATIC-TO-OSPF redistribute-direct ]; + reference-bandwidth 1000g; + area 0.0.0.0 { + interface ae1.0; + interface ae2.0; + interface ae3.0; + interface ae4.0; + interface ae5.0; + } + } + lldp { + management-address 185.110.148.64; + interface all; + } + lldp-med { + interface all; + } + igmp-snooping { + vlan default; + } + sflow { + agent-id 185.110.148.64; + polling-interval 20; + sample-rate { + ingress 3000; + egress 3000; + } + source-ip 185.110.148.64; + collector ; + collector ; + interfaces sflow-inet; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + /* sammenslått av separate v4- og v6-lister */ + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + /* NMS boxes - separate list to give full speed to SNMP read */ + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + prefix-list blackhole { + 185.110.148.178/32; + } + policy-statement STATIC-TO-OSPF { + from protocol static; + then { + external { + type 1; + } + accept; + } + } + policy-statement TN-v4-export { + term blackhole_export { + from tag 995; + then { + community set blackhole; + accept; + } + } + term default_export { + from { + route-filter 185.110.148.0/22 exact; + route-filter 185.110.148.0/24 exact; + route-filter 185.110.149.0/24 exact; + route-filter 185.110.150.0/24 exact; + route-filter 185.110.151.0/24 exact; + route-filter 88.92.0.0/17 exact; + } + then accept; + } + } + policy-statement TN-v4-import { + from { + route-filter 0.0.0.0/0 exact; + } + then accept; + } + policy-statement TN-v6-export { + term blackhole_export { + from tag 995; + then { + community set blackhole; + accept; + } + } + term default_export { + from { + route-filter 2a06:5840::/29 exact; + route-filter 2a06:5840::/30 exact; + route-filter 2a06:5844::/30 exact; + } + then accept; + } + } + policy-statement TN-v6-import { + from { + route-filter ::/0 exact; + } + then accept; + } + policy-statement redistribute-direct { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + community blackhole members 2119:995; +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then { + count snmp-nms; + accept; + } + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then { + policer policer-1Mbit; + count snmp-throttle; + accept; + } + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then { + count icmp-trusted; + accept; + } + } + term icmp-throttled { + from { + protocol icmp; + } + then { + policer policer-1Mbit; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + filter v4-security { + term accept-security { + from { + source-address { + 10.30.0.0/16; + } + destination-address { + 10.30.0.0/16; + } + } + then accept; + } + term discard-all { + then { + discard; + } + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + inactive: mgmt-v6; + } + destination-port 22; + } + then { + count accept-ssh; + accept; + } + } + term reject-ssh { + from { + destination-port 22; + } + then { + count reject-ssh; + reject; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then { + count snmp-nms; + accept; + } + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then { + policer policer-1Mbit; + count snmp-throttle; + accept; + } + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then { + count icmp-trusted; + accept; + } + } + term icmp-throttled { + from { + next-header icmp6; + } + then { + policer policer-1Mbit; + accept; + } + } + term accept-all { + then { + count accept-all; + accept; + } + } + } + } + policer policer-1Mbit { + if-exceeding { + bandwidth-limit 1m; + burst-size-limit 500k; + } + then discard; + } + policer policer-slowest { + if-exceeding { + bandwidth-limit 8k; + burst-size-limit 1k; + } + then discard; + } +} +routing-instances { + OUTSIDE { + description "Utside mot Telenor - untrust/internett"; + instance-type virtual-router; + interface xe-0/0/33.0; + interface xe-0/0/34.0; + interface xe-1/0/33.0; + interface xe-1/0/34.0; + interface ae0.0; + interface ae7.0; + interface irb.4000; + routing-options { + rib OUTSIDE.inet.0 { + static { + route 185.110.148.0/22 next-hop 185.110.148.177; + route 185.110.148.0/24 next-hop 185.110.148.177; + route 185.110.149.0/24 next-hop 185.110.148.177; + route 185.110.150.0/24 next-hop 185.110.148.177; + route 185.110.151.0/24 next-hop 185.110.148.177; + route 88.92.0.0/17 next-hop 185.110.148.177; + } + } + rib OUTSIDE.inet6.0 { + static { + route 2a06:5840::/30 next-hop 2a06:5841:148c:176::1; + route 2a06:5844::/30 next-hop 2a06:5841:148c:176::1; + } + } + } + protocols { + bgp { + traceoptions { + file bgp-trace-outside size 3m files 7 world-readable; + flag state; + } + log-updown; + local-as 21067; + group TN-v4 { + type external; + local-address 193.212.22.2; + import TN-v4-import; + authentication-algorithm hmac-sha-1-96; + export TN-v4-export; + neighbor 193.212.22.1 { + authentication-key "";; + peer-as 2119; + } + } + group TN-v6 { + type external; + local-address 2001:4600:9:300::292; + import TN-v6-import; + authentication-algorithm hmac-sha-1-96; + export TN-v6-export; + neighbor 2001:4600:9:300::291 { + authentication-key "";; + peer-as 2119; + } + } + } + } + } +} +virtual-chassis { + preprovisioned; + member 0 { + role routing-engine; + serial-number ; + } + member 1 { + role routing-engine; + serial-number ; + } +} +vlans { + INSIDE_TO_FW { + vlan-id 4001; + l3-interface irb.4001; + } + Klientnett_innsjekk { + vlan-id 243; + l3-interface irb.243; + } + OUTSIDE_TO_FW { + vlan-id 4000; + l3-interface irb.4000; + } + security { + vlan-id 3000; + l3-interface irb.3000; + } + tele_servers { + vlan-id 1491; + l3-interface irb.1491; + } +} diff --git a/examples/tg16/netconf/vrimlegw.conf b/examples/tg16/netconf/vrimlegw.conf new file mode 100644 index 00000000..610b24c1 --- /dev/null +++ b/examples/tg16/netconf/vrimlegw.conf @@ -0,0 +1,573 @@ +## Last changed: 2015-04-05 16:26:02 UTC +version 14.1X53-D15.2; +groups { + SET_AE_DEFAULTS { + interfaces { + { + aggregated-ether-options { + lacp { + active; + } + } + } + } + } + SET_OSPF_DEFAULTS { + protocols { + ospf { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + ospf3 { + reference-bandwidth 1000g; + area <*> { + interface { + bfd-liveness-detection { + minimum-interval 100; + multiplier 3; + } + } + } + } + } + } + SET_RA_DEFAULTS { + protocols { + router-advertisement { + interface <*> { + max-advertisement-interval 15; + managed-configuration; + } + } + } + } +} +system { + host-name vrimlegw; + auto-snapshot; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password ""; + } + name-server { + 185.110.149.2; + 185.110.148.2; + 2a06:5841:149a::2; + 2a06:5841:1337::2; + } + tacplus-server { + 134.90.150.164 { + secret ""; + source-address 185.110.148.79; + } + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password ""; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 5; + rate-limit 5; + } + netconf { + ssh { + connection-limit 3; + rate-limit 3; + } + } + } + syslog { + user * { + any emergency; + } + host 185.110.148.17 { + any info; + authorization info; + port 515; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password ""; + } + } + } + commit synchronize; + ntp { + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 32; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } + auto-image-upgrade; +} +security { + ssh-known-hosts { + host 134.90.150.164 { + ecdsa-sha2-nistp256-key ; + } + } +} +interfaces { + apply-groups SET_AE_DEFAULTS; + interface-range EDGE { + member-range ge-0/0/0 to ge-0/0/45; + description "FOH clients"; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members klientnett_FOH; + } + } + } + } + ge-0/0/46 { + description "mot Hilights"; + ether-options { + 802.3ad ae29; + } + } + ge-0/0/47 { + description "mot OB Bussen"; + ether-options { + 802.3ad ae29; + } + } + xe-0/1/0 { + description "mot loggw"; + ether-options { + 802.3ad ae0; + } + } + ae0 { + description "mot swinggw "; + unit 0 { + family inet { + address 185.110.148.187/31; + } + family inet6; + } + } + ae29 { + description "mot backstage "; + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ mgmt klientnett_stage ]; + } + } + } + } + lo0 { + unit 0 { + family inet { + filter { + input protect-mgmt-v4; + } + address 185.110.148.79/32; + } + family inet6 { + filter { + input protect-mgmt-v6; + } + address 2a06:5841:148b::79/128; + } + } + } + vlan { + unit 241 { + description "vrimle - klientnett"; + family inet { + address 88.92.67.1/24; + } + family inet6 { + address 2a06:5840:67::1/64; + } + } + unit 242 { + description "FOH - klientnett"; + family inet { + address 88.92.68.1/24; + } + family inet6 { + address 2a06:5840:68::1/64; + } + } + unit 1226 { + description "vrimle - management"; + family inet { + address 88.92.57.129/28; + } + family inet6 { + address 2a06:5840:575::129/64; + } + } + } +} +snmp { + community { + authorization read-only; + client-list-name mgmt; + } + community { + authorization read-only; + client-list-name mgmt-nms; + } +} +forwarding-options { + dhcp-relay { + dhcpv6 { + group EDGE { + active-server-group v6-EDGE; + overrides; + interface vlan.241; + interface vlan.242; + interface vlan.1226; + } + server-group { + v6-EDGE { + 2a02:ed02:1ee7::66; + } + } + } + server-group { + v4-EDGE { + 185.110.149.2; + 185.110.148.2; + } + inactive: v4-autoconfig { + 1.1.1.1; + } + } + group EDGE { + active-server-group v4-EDGE; + overrides { + trust-option-82; + } + interface vlan.241; + interface vlan.242; + interface vlan.1226; + } + inactive: group autoconfig { + active-server-group v4-autoconfig; + relay-option-82 { + circuit-id { + prefix { + host-name; + } + include-irb-and-l2; + } + } + interface vlan.666; + } + } +} +protocols { + mld; + router-advertisement { + interface vlan.241; + interface vlan.242; + interface vlan.1226; + } + ospf { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface xe-0/1/0.0; + interface xe-0/1/1.0; + interface ae0.0; + } + } + ospf3 { + export [ static-to-ospf direct-to-ospf ]; + area 0.0.0.0 { + interface xe-0/1/0.0; + interface xe-0/1/1.0; + interface ae0.0; + } + } + pim { + rp { + static { + address 2a06:5841:148b::79; + address 185.110.148.79; + } + } + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface EDGE { + edge; + no-root-port; + } + } + lldp { + management-address 185.110.148.79; + } + lldp-med { + interface all; + } +} +policy-options { + prefix-list mgmt-v4 { + /* KANDU PA-nett (brukt på servere, infra etc) */ + 185.110.148.0/22; + } + prefix-list mgmt-v6 { + /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ + 2a06:5841::/32; + } + prefix-list mgmt { + 185.110.148.0/22; + 2a06:5841::/32; + } + prefix-list mgmt-v4-nms { + 185.110.148.11/32; + 185.110.148.12/32; + } + prefix-list mgmt-v6-nms { + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list mgmt-nms { + 185.110.148.11/32; + 185.110.148.12/32; + 185.110.150.10/32; + 2a06:5841:1337::11/128; + 2a06:5841:1337::12/128; + } + prefix-list icmp_unthrottled-v4 { + 185.110.148.0/22; + 193.212.22.0/30; + } + prefix-list icmp_unthrottled-v6 { + 2001:4600:9:300::290/126; + 2a06:5841::/32; + } + policy-statement direct-to-ospf { + from protocol direct; + then { + external { + type 1; + } + accept; + } + } + policy-statement static-to-ospf { + from protocol static; + then { + external { + type 1; + } + accept; + } + } +} +firewall { + family inet { + filter protect-mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v4-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v4; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v4; + } + protocol icmp; + } + then accept; + } + term icmp-throttled { + from { + protocol icmp; + } + then accept; + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter protect-mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term snmp-nms { + from { + source-prefix-list { + mgmt-v6-nms; + } + destination-port snmp; + } + then accept; + } + term snmp-throttle { + from { + source-prefix-list { + mgmt-v6; + } + destination-port snmp; + } + then accept; + } + term icmp-trusted { + from { + source-prefix-list { + icmp_unthrottled-v6; + } + next-header icmp6; + } + then accept; + } + term icmp-throttled { + from { + next-header icmp6; + } + then accept; + } + term accept-all { + then accept; + } + } + } +} +ethernet-switching-options { + secure-access-port { + interface EDGE { + no-dhcp-trusted; + } + vlan klientnett_stage { + arp-inspection; + examine-dhcp; + examine-dhcpv6; + neighbor-discovery-inspection; + ip-source-guard; + ipv6-source-guard; + dhcp-option82; + dhcpv6-option18 { + use-option-82; + } + } + ipv6-source-guard-sessions { + max-number 128; + } + } + storm-control { + interface all; + } +} +vlans { + klientnett_FOH { + description "FOH - klientnett"; + vlan-id 242; + l3-interface vlan.242; + } + klientnett_stage { + description "stage - klientnett"; + vlan-id 241; + l3-interface vlan.241; + } + mgmt { + description "stage - management"; + vlan-id 1226; + l3-interface vlan.1226; + } +} +poe { + interface all; +} diff --git a/tools/strip-netconf.sh b/tools/strip-netconf.sh new file mode 100755 index 00000000..79cf53a1 --- /dev/null +++ b/tools/strip-netconf.sh @@ -0,0 +1,40 @@ +#!/bin/bash +mkdir -p tmp +ls -1 *.conf | while read file; do + # Remove rusk & rask + sed -E \ + -e 's/secret ".+";/secret "";/g' \ + -e 's/encrypted-password ".+";/encrypted-password "";/g' \ + -e 's/"scp:\/\/.+" password ".+";/"scp:\/\/user\@host\/some\/folder\/" password "";/g' \ + -e 's/serial-number .+;/serial-number ;/g' \ + -e 's/community .+ {/community {/g' \ + -e '/\/\* dat/d' \ + -e 's/ecdsa-sha2-nistp256-key .+;/ecdsa-sha2-nistp256-key ;/g' \ + -e 's/collector .+;/collector ;/g' \ + -e 's/authentication-key ".+"/authentication-key "";/g' \ + -e 's/LU[0-9]+/LU1337/g' \ + -e 's/SB[0-9]+/SB1337/g' \ + $file > tmp/$file + + # Remove SSH-host-info + sed -i '' \ + -e '/ssh-known-hosts {/ {' -e 'n; s/host .\+ {/host {/' -e '}' \ + tmp/$file + + # Remove stuff from ACL's + sed -i '' \ + -e ':again' -e N -e '$!b again' \ + -e 's/prefix-list mgmt-v4 {[^}]*}/prefix-list mgmt-v4 {\'$'\n'' \/\* KANDU PA-nett (brukt på servere, infra etc) \*\/\'$'\n'' 185.110.148.0\/22;\'$'\n'' }/g' \ + tmp/$file + + sed -i '' \ + -e ':again' -e N -e '$!b again' \ + -e 's/prefix-list mgmt-v6 {[^}]*}/prefix-list mgmt-v6 {\'$'\n'' \/\* KANDU PA-nett (den delen som er brukt på servere, infra etc) \*\/\'$'\n'' 2a06:5841::\/32;\'$'\n'' }/g' \ + tmp/$file + + sed -i '' \ + -e ':again' -e N -e '$!b again' \ + -e 's/prefix-list mgmt {[^}]*}/prefix-list mgmt {\'$'\n'' 185.110.148.0\/22;\'$'\n'' 2a06:5841::\/32;\'$'\n'' }/g' \ + tmp/$file + +done