Skip to content

Commit

Permalink
TG19 Netconfig (Better late than never)
Browse files Browse the repository at this point in the history
  • Loading branch information
@olemathias
olemathias committed Apr 10, 2020
1 parent 38cc638 commit f5da0d9
Show file tree
Hide file tree
Showing 12 changed files with 16,310 additions and 12 deletions.
338 changes: 338 additions & 0 deletions examples/tg19/netconf/e69-4.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,338 @@
## Last changed: 2019-04-17 16:58:03 CEST
version 15.1R6.7;
system {
host-name e69-4;
auto-snapshot;
domain-name tg19.gathering.org;
time-zone Europe/Oslo;
authentication-order tacplus;
root-authentication {
encrypted-password "<removed>";
}
name-server {
2a06:5841:a:103::62;
2a06:5841:a:104::126;
}
tacplus-server {
134.90.150.164 secret "<removed>";
}
login {
user technet {
uid 2000;
class super-user;
authentication {
encrypted-password "<removed>";
}
}
}
services {
ssh {
root-login deny;
no-tcp-forwarding;
protocol-version v2;
client-alive-count-max 2;
client-alive-interval 300;
connection-limit 50;
rate-limit 5;
}
netconf {
ssh {
port 830;
}
}
}
syslog {
user * {
any emergency;
}
host log.tg19.gathering.org {
any warning;
authorization info;
daemon warning;
user warning;
change-log any;
interactive-commands any;
match "!(.*License.*)";
allow-duplicates;
facility-override local7;
explicit-priority;
}
/* Local logging of syslog message */
file messages {
any notice;
authorization info;
}
/* Local logging of all user-commands typed in the CLI */
file interactive-commands {
interactive-commands any;
match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED";
}
}
/* Save changes to central site */
archival {
configuration {
transfer-on-commit;
archive-sites {
"scp://user@host/some/folder/" password "<removed>";
}
}
}
commit synchronize;
ntp {
/* ntp.uio.no */
server 2001:700:100:2::6;
}
}
chassis {
aggregated-devices {
ethernet {
device-count 2;
}
}
alarm {
management-ethernet {
link-down ignore;
}
}
}
security {
ssh-known-hosts {
host <removed> {
ecdsa-sha2-nistp256-key <removed>;
}
}
}
interfaces {
interface-range all-ports {
member ge-*/*/*;
member xe-*/*/*;
member et-*/*/*;
}
interface-range edge-ports {
member-range ge-0/0/0 to ge-0/0/43;
description Clients;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members clients;
}
}
}
}
interface-range uplink-ports {
member-range ge-0/0/44 to ge-0/0/46;
description "G: s6.floor";
ether-options {
802.3ad ae0;
}
}
interface-range unused-ports {
member ge-0/0/47;
description not-in-use;
}
ae0 {
description "B: s6.floor";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ clients mgmt ];
}
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input mgmt-v4;
}
address 127.0.0.1/32;
}
family inet6 {
filter {
input mgmt-v6;
}
address ::1/128;
}
}
}
vlan {
unit 666 {
description "Switch mgmt";
family inet {
filter {
input mgmt-v4;
}
address 88.92.1.77/26;
}
family inet6 {
filter {
input mgmt-v6;
}
address 2a06:5841:d:6::77/64;
}
}
}
}
snmp {
contact NOC;
community <removed> {
authorization read-only;
client-list-name mgmt;
}
}
routing-options {
rib inet.0 {
static {
route 0.0.0.0/0 next-hop 88.92.1.65;
}
}
rib inet6.0 {
static {
route ::/0 next-hop 2a06:5841:d:6::1;
}
}
}
protocols {
sflow {
sample-rate {
ingress 10000;
egress 10000;
}
collector <removed>;
interfaces all-ports;
}
igmp-snooping {
vlan all {
version 3;
immediate-leave;
}
}
inactive: mld-snooping {
vlan all {
version 2;
immediate-leave;
}
}
rstp {
bridge-priority 32k;
interface edge-ports {
edge;
no-root-port;
}
}
lldp {
interface uplink-ports;
}
}
policy-options {
prefix-list mgmt-v4 {
}
prefix-list mgmt-v6 {
}
/* Merged separate v4- og v6-lister */
prefix-list mgmt {
apply-path "policy-options prefix-list <mgmt-v*> <*>";
}
}
firewall {
family inet {
filter mgmt-v4 {
term accept-ssh {
from {
source-prefix-list {
mgmt-v4;
}
destination-port 22;
}
then accept;
}
term discard-ssh {
from {
destination-port 22;
}
then {
discard;
}
}
term accept-all {
then accept;
}
}
}
family inet6 {
filter mgmt-v6 {
term accept-ssh {
from {
source-prefix-list {
mgmt-v6;
}
destination-port 22;
}
then accept;
}
term discard-ssh {
from {
destination-port 22;
}
then discard;
}
term accept-all {
then accept;
}
}
}
}
ethernet-switching-options {
secure-access-port {
interface edge-ports {
no-dhcp-trusted;
}
vlan clients {
arp-inspection;
examine-dhcp;
examine-dhcpv6;
neighbor-discovery-inspection;
ip-source-guard;
ipv6-source-guard;
dhcp-option82 {
circuit-id {
use-vlan-id;
}
}
no-option-37;
inactive: dhcpv6-option18 {
use-option-82;
}
}
ipv6-source-guard-sessions {
max-number 128;
}
}
storm-control {
action-shutdown;
interface edge-ports {
bandwidth 20000;
multicast;
}
}
}
vlans {
clients {
vlan-id 1694;
}
mgmt {
vlan-id 666;
l3-interface vlan.666;
}
}
poe {
interface all;
}
Loading

0 comments on commit f5da0d9

Please sign in to comment.