diff options
| author | Joachim Tingvold <joachim@tingvold.com> | 2016-04-08 01:43:34 +0200 | 
|---|---|---|
| committer | Joachim Tingvold <joachim@tingvold.com> | 2016-04-08 01:43:34 +0200 | 
| commit | f447b06dc5c4daa6085a5d41f125dad3ad08e937 (patch) | |
| tree | 1d0c346ea0d23ffe8e9d20d712eee97cb46a2512 /examples/tg16/netconf/ex2200.conf | |
| parent | d1d1e3c9cbf405eae86e5a46fc90765cd429acff (diff) | |
Netconfig for TG16 added.TG16NMS-REPO-SPLIT
Diffstat (limited to 'examples/tg16/netconf/ex2200.conf')
| -rwxr-xr-x | examples/tg16/netconf/ex2200.conf | 305 | 
1 files changed, 305 insertions, 0 deletions
| diff --git a/examples/tg16/netconf/ex2200.conf b/examples/tg16/netconf/ex2200.conf new file mode 100755 index 0000000..9f1e754 --- /dev/null +++ b/examples/tg16/netconf/ex2200.conf @@ -0,0 +1,305 @@ +system { +    host-name <?php echo $c['sysname']; ?>; +    domain-name infra.gathering.org; +    auto-snapshot; +    time-zone Europe/Oslo; +    authentication-order [ tacplus ]; +    root-authentication { +        encrypted-password "<removed>";  +    } +    name-server { +        185.110.149.2; +        185.110.148.2; +        2a06:5841:149a::2; +        2a06:5841:1337::2; +    } +    tacplus-server { +        <removed> { +            secret "<removed>";  +            source-address <?php echo $c['mgmt_v4_addr']; ?>; +        } +    }  +    login { +        user technet { +            uid 2000; +            class super-user; +            authentication { +                encrypted-password "<removed>";  +            } +        } +    } +    services { +        ssh {                          +            root-login deny; +            no-tcp-forwarding; +            client-alive-count-max 2; +            client-alive-interval 300; +            connection-limit 5; +            rate-limit 5; +        } +        netconf { +            ssh { +                connection-limit 3; +                rate-limit 3; +            } +        } +    } +    syslog { +        user * { +            any emergency; +        } +        host 185.110.148.17 { +            any info; +            authorization info; +            port 515; +        } +        file messages { +            any notice; +            authorization info; +        } +        file interactive-commands { +            interactive-commands any; +        } +    } +      +    /* Save changes to central site */ +    archival { +        configuration { +            transfer-on-commit; +            archive-sites { +                "scp://<removed>@<removed>/home/tgconfig/configs/" password "<removed>";  +            } +        } +    } +    commit synchronize; +    ntp { +        server 2001:700:100:2::6; +    } +} + +chassis { +    aggregated-devices { +        ethernet { +            device-count 1; +        } +    } +    alarm { +        management-ethernet { +            link-down ignore; +        } +    } +} + +interfaces { +    interface-range edge-ports { +        description "Clients"; +        member-range ge-0/0/0 to ge-0/0/43; +        unit 0 { +            family ethernet-switching { +                port-mode access; +                vlan { +                    members clients; +                } +            } +        } +    } +    interface-range core-ports { +        description "<?php echo $c['distro_name']; ?> <?php echo $c['distro_phy_port']; ?>"; +        member-range ge-0/0/44 to ge-0/0/47; +        ether-options { +            802.3ad ae0; +        } +    } +    ae0 { +        description "<?php echo $c['distro_name']; ?> <?php echo $c['distro_phy_port']; ?>"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members [clients mgmt]; +                } +            } +        } +    } +    vlan { +        unit <?php echo $c['mgmt_vlan']; ?> { +            description "MGMT L3 interface"; +            family inet { +                filter { +                    input v4-mgmt; +                } +                address <?php echo $c['mgmt_v4_addr']; ?>/26; +            } +            inactive: family inet6 { +                filter { +                    input v6-mgmt; +                } +                address <?php echo $c['mgmt_v6_addr']; ?>/64; +            } +        } +    } +} + +snmp { +    community <removed> { +        authorization read-only; +        client-list-name mgmt; +    } +    community <removed> { +        authorization read-only; +        client-list-name mgmt-nms; +    } +} + +policy-options { +    prefix-list mgmt-v4 { +        <removed> +        /* Kandu PA-nett */ +        185.110.148.0/22; +    } +    prefix-list mgmt-v6 { +        <removed> +        /* Den delen av v6-nett som er satt av til infra, tech o.l. */ +        2a06:5841::/32; +    } +    /* Merged separate v4- og v6-lister */ +    prefix-list mgmt { +        <removed> +        2a06:5841::/32; +    } +    /* NMS boxes - separate list to give full speed to SNMP read */ +    prefix-list mgmt-v4-nms { +        185.110.148.11/32;              +        185.110.148.12/32; +    } +    /* NMS boxes - separate list to give full speed to SNMP read */ +    prefix-list mgmt-v6-nms { +        2a06:5841:1337::11/128; +        2a06:5841:1337::12/128; +    } +    /* NMS boxes - separate list to give full speed to SNMP read */ +    prefix-list mgmt-nms { +        185.110.148.11/32; +        185.110.148.12/32; +        185.110.150.10/32; +        2a06:5841:1337::11/128; +        2a06:5841:1337::12/128; +    } +} +firewall { +    family inet { +        filter v4-mgmt { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v4; +                    } +                    destination-port 22; +                } +                then { +                    accept; +                } +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then { +                    discard; +                } +            } +            term accept-all { +                then { +                    accept; +                } +            } +        } +    } +    family inet6 { +        filter v6-mgmt { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v6; +                    } +                    destination-port 22; +                } +                then { +                    accept; +                } +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then { +                    discard; +                } +            } +            term accept-all { +                then { + +                    accept; +                } +            } +        } +    } +} + +protocols { +    sflow { +        sample-rate { +            ingress 10000; +            egress 10000; +        } +        interfaces edge-ports; +        interfaces core-ports; +        source-ip <?php echo $c['mgmt_v4_addr']; ?>; +        collector 185.110.148.12; +        collector 185.110.148.11; +    } +    igmp-snooping { +        vlan all { +            version 3; +            immediate-leave; +        } +    } +    rstp { +        bridge-priority 8k; +        interface edge-ports { +            edge; +            no-root-port; +        } +    } +    lldp { +        interface ae0.0; +        management-address <?php echo $c['mgmt_v4_addr']; ?>; +    } +} + +vlans { +    clients { +        vlan-id <?php echo $c['traffic_vlan']; ?>; +    } +    mgmt { +        vlan-id <?php echo $c['mgmt_vlan']; ?>; +        l3-interface vlan.<?php echo $c['mgmt_vlan']; ?>; +    } +} + +routing-options { +    rib inet.0 { +        static { +            route 0.0.0.0/0 { +                next-hop <?php echo $c['mgmt_v4_gw']; ?>; +            } +        } +    } +} + + | 
