diff options
Diffstat (limited to 'examples/tg16/netconf/coregw.conf')
| -rw-r--r-- | examples/tg16/netconf/coregw.conf | 1613 | 
1 files changed, 1613 insertions, 0 deletions
| diff --git a/examples/tg16/netconf/coregw.conf b/examples/tg16/netconf/coregw.conf new file mode 100644 index 0000000..61b609a --- /dev/null +++ b/examples/tg16/netconf/coregw.conf @@ -0,0 +1,1613 @@ +## Last changed: 2016-03-24 06:38:20 CET +version 14.1X53-D35.3; +groups { +    SET_AE_DEFAULTS { +        interfaces { +            <ae*> { +                aggregated-ether-options { +                    lacp { +                        active; +                    } +                } +            } +        } +    } +    SET_OSPF_DEFAULTS { +        protocols { +            ospf { +                reference-bandwidth 1000g; +                area <*> { +                    interface <ae*> { +                        bfd-liveness-detection { +                            minimum-interval 100; +                            multiplier 3; +                        } +                    } +                } +            } +            ospf3 { +                reference-bandwidth 1000g; +                area <*> { +                    interface <ae*> { +                        bfd-liveness-detection { +                            minimum-interval 100; +                            multiplier 3; +                        } +                    } +                } +            } +        } +    } +    SET_RA_DEFAULTS { +        protocols { +            router-advertisement { +                interface <*> { +                    max-advertisement-interval 15; +                    managed-configuration; +                } +            } +        } +    } +} +system { +    host-name coregw; +    auto-snapshot; +    time-zone Europe/Oslo; +    arp { +        aging-timer 5; +    } +    authentication-order [ tacplus password ]; +    root-authentication { +        encrypted-password "<removed>"; +    } +    name-server { +        185.110.149.2; +        185.110.148.2; +        2a06:5841:149a::2; +        2a06:5841:1337::2; +    } +    tacplus-server { +        134.90.150.164 { +            secret "<removed>"; +            source-address 185.110.148.66; +        } +    } +    login { +        user technet { +            uid 2000; +            class super-user; +            authentication { +                encrypted-password "<removed>"; +            } +        } +    } +    services { +        ssh { +            root-login deny; +            no-tcp-forwarding; +            client-alive-count-max 2; +            client-alive-interval 300; +            connection-limit 10; +            rate-limit 5; +        } +        netconf { +            ssh { +                connection-limit 3; +                rate-limit 3; +            } +        } +    } +    syslog { +        user * { +            any emergency; +        } +        host 185.110.148.17 { +            any info; +            authorization info; +            port 515; +        } +        file messages { +            any notice; +            authorization info; +        } +        file interactive-commands { +            interactive-commands any; +        } +    } +    archival { +        configuration { +            transfer-on-commit; +            archive-sites { +                "scp://user@host/some/folder/" password "<removed>"; +            } +        } +    } +    commit synchronize; +    processes { +        app-engine-virtual-machine-management-service { +            traceoptions { +                level notice; +                flag all; +            } +        } +    } +    ntp { +        server 2001:700:100:2::6; +    } +} +chassis { +    aggregated-devices { +        ethernet { +            device-count 32; +        } +    } +} +security { +    ssh-known-hosts { +        host 134.90.150.164 { +            ecdsa-sha2-nistp256-key <removed>; +        } +    } +} +interfaces { +    apply-groups SET_AE_DEFAULTS; +    interface-range all-ports { +        member-range xe-0/0/0 to xe-0/0/47; +        member-range xe-1/0/0 to xe-1/0/47; +        member-range et-0/0/48 to et-0/0/53; +        member-range et-1/0/48 to et-1/0/53; +    } +    ge-0/0/0 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/0 { +        description "ae0 - link mot distro0"; +        ether-options { +            802.3ad ae0; +        } +    } +    ge-0/0/1 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/1 { +        description "Link mot distro1"; +        ether-options { +            802.3ad ae1; +        } +    } +    ge-0/0/2 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/2 { +        description "Link mot distro2"; +        ether-options { +            802.3ad ae2; +        } +    } +    ge-0/0/3 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/3 { +        description "Link mot distro3"; +        ether-options { +            802.3ad ae3; +        } +    } +    ge-0/0/4 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/4 { +        description "Link mot distro4"; +        ether-options { +            802.3ad ae4; +        } +    } +    ge-0/0/5 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/5 { +        description "Link mot distro5"; +        ether-options { +            802.3ad ae5; +        } +    } +    ge-0/0/6 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/6 { +        description "Link mot distro6"; +        ether-options { +            802.3ad ae6; +        } +    } +    ge-0/0/7 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/7 { +        description "Link mot distro7"; +        ether-options { +            802.3ad ae7; +        } +    } +    ge-0/0/8 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/8 { +        description "Link mot creativiagw"; +        ether-options { +            802.3ad ae8; +        } +    } +    ge-0/0/9 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/9 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/10 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/10 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/11 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/11 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/12 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/12 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/13 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/13 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/14 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/14 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/15 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/15 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/16 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/16 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/17 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/17 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/18 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/18 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/19 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/19 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/20 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/20 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/21 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/21 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/22 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/22 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/23 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/23 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/24 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/24 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/25 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/25 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/26 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/26 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/27 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/27 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/28 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/28 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/29 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/29 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/30 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/30 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/31 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/31 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/32 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/32 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/33 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/33 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/34 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/34 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/35 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/35 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/36 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/36 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/37 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/37 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/38 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/38 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/39 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/39 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/40 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/40 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/41 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/41 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/42 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/42 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/43 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/43 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/44 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/44 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/45 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/45 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/46 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/46 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    ge-0/0/47 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/47 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    et-0/0/48 { +        description "ae11 - link mot nocgw"; +        ether-options { +            802.3ad ae11; +        } +    } +    xe-0/0/48:0 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/48:1 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/48:2 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/48:3 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    et-0/0/49 { +        description "ae10 - link mot telegw"; +        ether-options { +            802.3ad ae10; +        } +    } +    xe-0/0/49:0 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/49:1 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/49:2 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/49:3 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    et-0/0/50 { +        description "ae12 - link mot standgw"; +        ether-options { +            802.3ad ae12; +        } +    } +    xe-0/0/50:0 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/50:1 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/50:2 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/50:3 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    et-0/0/51 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/51:0 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/51:1 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/51:2 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/51:3 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    et-0/0/52 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/52:0 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/52:1 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/52:2 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/52:3 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    et-0/0/53 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/53:0 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/53:1 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/53:2 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-0/0/53:3 { +        unit 0 { +            family ethernet-switching { +                storm-control default; +            } +        } +    } +    xe-1/0/0 { +        description "ae0 - link mot distro0"; +        ether-options { +            802.3ad ae0; +        } +    } +    xe-1/0/1 { +        description "Link mot distro1"; +        ether-options { +            802.3ad ae1; +        } +    } +    xe-1/0/2 { +        description "Link mot distro2"; +        ether-options { +            802.3ad ae2; +        } +    } +    xe-1/0/3 { +        description "Link mot distro3"; +        ether-options { +            802.3ad ae3; +        } +    } +    xe-1/0/4 { +        description "Link mot distro4"; +        ether-options { +            802.3ad ae4; +        } +    } +    xe-1/0/5 { +        description "Link mot distro5"; +        ether-options { +            802.3ad ae5; +        } +    } +    xe-1/0/6 { +        description "Link mot distro6"; +        ether-options { +            802.3ad ae6; +        } +    } +    xe-1/0/7 { +        description "Link mot distro7"; +        ether-options { +            802.3ad ae7; +        } +    } +    xe-1/0/8 { +        description "Link mot creativiagw"; +        ether-options { +            802.3ad ae8; +        } +    } +    et-1/0/48 { +        description "ae11 - link mot nocgw"; +        ether-options { +            802.3ad ae11; +        } +    } +    et-1/0/49 { +        description "ae10 - link mot telegw"; +        ether-options { +            802.3ad ae10; +        } +    } +    et-1/0/50 { +        description "ae12 - link mot standgw"; +        ether-options { +            802.3ad ae12; +        } +    } +    ae0 { +        description "mot distro0"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.152/31; +            } +            family inet6; +        } +    } +    ae1 { +        description "mot distro1"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.154/31; +            } +            family inet6; +        } +    } +    ae2 { +        description "mot distro2"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.156/31; +            } +            family inet6; +        } +    } +    ae3 { +        description "mot distro3"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.158/31; +            } +            family inet6; +        } +    } +    ae4 { +        description "mot distro4"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.160/31; +            } +            family inet6; +        } +    } +    ae5 { +        description "mot distro5"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.162/31; +            } +            family inet6; +        } +    } +    ae6 { +        description "mot distro6"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.164/31; +            } +            family inet6; +        } +    } +    ae7 { +        description "mot distro7"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.166/31; +            } +            family inet6; +        } +    } +    ae8 { +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family inet { +                address 185.110.148.151/31; +            } +            family inet6; +        } +    } +    ae10 { +        description "80G mot telegw"; +        unit 0 { +            family inet { +                address 185.110.148.129/31; +            } +            family inet6; +        } +    } +    ae11 { +        description "80G mot nocgw"; +        unit 0 { +            family inet { +                address 185.110.148.137/31; +            } +            family inet6; +        } +    } +    ae12 { +        description "80G mot standgw"; +        unit 0 { +            family inet { +                address 185.110.148.135/31; +            } +            family inet6; +        } +    } +    em1 { +        unit 0 { +            family inet; +        } +    } +    irb { +        unit 0 { +            family inet; +        } +    } +    lo0 { +        unit 0 { +            family inet { +                filter { +                    input protect-mgmt-v4; +                } +                address 185.110.148.66/32; +            } +            family inet6 { +                filter { +                    input protect-mgmt-v6; +                } +                address 2a06:5841:148b::66/128; +            } +        } +    } +    vme { +        unit 0 { +            family inet; +        } +    } +} +snmp { +    community <removed> { +        authorization read-only; +        client-list-name mgmt; +    } +    community <removed> { +        authorization read-only; +        client-list-name mgmt-nms; +    } +} +forwarding-options { +    storm-control-profiles default { +        all; +    } +} +protocols { +    apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; +    ospf { +        export [ redistribute-direct redistribute-static ]; +        area 0.0.0.0 { +            interface all; +            interface ae0.0; +            interface ae1.0; +            interface ae2.0; +            interface ae8.0 { +                metric 200; +            } +        } +    } +    ospf3 { +        export [ redistribute-direct redistribute-static ]; +        area 0.0.0.0 { +            interface all; +            interface ae2.0; +            interface ae1.0; +            interface ae0.0; +            interface ae8.0 { +                metric 200; +            } +        } +    } +    lldp { +        management-address 185.110.148.66; +        interface all; +    } +    lldp-med { +        interface all; +    } +    igmp-snooping { +        vlan default; +    } +    sflow { +        agent-id 185.110.148.66; +        sample-rate { +            ingress 10000; +            egress 10000; +        } +        source-ip 185.110.148.66; +        collector <removed>; +        interfaces all-ports; +    } +} +policy-options { +    prefix-list mgmt-v4 { +        /* KANDU PA-nett (brukt på servere, infra etc) */ +        185.110.148.0/22; +    } +    prefix-list mgmt-v6 { +        /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ +        2a06:5841::/32; +    } +    /* sammenslått av separate v4- og v6-lister */ +    prefix-list mgmt { +        185.110.148.0/22; +        2a06:5841::/32; +    } +    /* NMS boxes - separate list to give full speed to SNMP read */ +    prefix-list mgmt-v4-nms { +        185.110.148.11/32; +        185.110.148.12/32; +    } +    /* NMS boxes - separate list to give full speed to SNMP read */ +    prefix-list mgmt-v6-nms { +        2a06:5841:1337::11/128; +        2a06:5841:1337::12/128; +    } +    /* NMS boxes - separate list to give full speed to SNMP read */ +    prefix-list mgmt-nms { +        185.110.148.11/32; +        185.110.148.12/32; +        185.110.150.10/32; +        2a06:5841:1337::11/128; +        2a06:5841:1337::12/128; +    } +    prefix-list icmp_unthrottled-v4 { +        185.110.148.0/22; +        193.212.22.0/30; +    } +    prefix-list icmp_unthrottled-v6 { +        2001:4600:9:300::290/126; +        2a06:5841::/32; +    } +    policy-statement redistribute-direct { +        from protocol direct; +        then { +            external { +                type 1; +            } +            accept; +        } +    } +    policy-statement redistribute-static { +        from protocol static; +        then { +            external { +                type 1; +            } +            accept; +        } +    } +} +firewall { +    family inet { +        filter protect-mgmt-v4 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v4; +                    } +                    destination-port 22; +                } +                then { +                    count accept-ssh; +                    accept; +                } +            } +            term reject-ssh { +                from { +                    destination-port 22; +                } +                then { +                    count reject-ssh; +                    reject; +                } +            } +            term snmp-nms { +                from { +                    source-prefix-list { +                        mgmt-v4-nms; +                    } +                    destination-port snmp; +                } +                then { +                    count snmp-nms; +                    accept; +                } +            } +            term snmp-throttle { +                from { +                    source-prefix-list { +                        mgmt-v4; +                    } +                    destination-port snmp; +                } +                then { +                    policer policer-1Mbit; +                    count snmp-throttle; +                    accept; +                } +            } +            term icmp-trusted { +                from { +                    source-prefix-list { +                        icmp_unthrottled-v4; +                    } +                    protocol icmp; +                } +                then { +                    count icmp-trusted; +                    accept; +                } +            } +            term icmp-throttled { +                from { +                    protocol icmp; +                } +                then { +                    policer policer-1Mbit; +                    accept; +                } +            } +            term accept-all { +                then { +                    count accept-all; +                    accept; +                } +            } +        } +        filter v4-security { +            term accept-security { +                from { +                    source-address { +                        10.30.0.0/16; +                    } +                    destination-address { +                        10.30.0.0/16; +                    } +                } +                then accept; +            } +            term discard-all { +                then { +                    discard; +                } +            } +        } +    } +    family inet6 { +        filter protect-mgmt-v6 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        inactive: mgmt-v6; +                    } +                    destination-port 22; +                } +                then { +                    count accept-ssh; +                    accept; +                } +            } +            term reject-ssh { +                from { +                    destination-port 22; +                } +                then { +                    count reject-ssh; +                    reject; +                } +            } +            term snmp-nms { +                from { +                    source-prefix-list { +                        mgmt-v6-nms; +                    } +                    destination-port snmp; +                } +                then { +                    count snmp-nms; +                    accept; +                } +            } +            term snmp-throttle { +                from { +                    source-prefix-list { +                        mgmt-v6; +                    } +                    destination-port snmp; +                } +                then { +                    policer policer-1Mbit; +                    count snmp-throttle; +                    accept; +                } +            } +            term icmp-trusted { +                from { +                    source-prefix-list { +                        icmp_unthrottled-v6; +                    } +                    next-header icmp6; +                } +                then { +                    count icmp-trusted; +                    accept; +                } +            } +            term icmp-throttled { +                from { +                    next-header icmp6; +                } +                then { +                    policer policer-1Mbit; +                    accept; +                } +            } +            term accept-all { +                then { +                    count accept-all; +                    accept; +                } +            } +        } +    } +    policer policer-1Mbit { +        if-exceeding { +            bandwidth-limit 1m; +            burst-size-limit 500k; +        } +        then discard; +    } +    policer policer-slowest { +        if-exceeding { +            bandwidth-limit 32k; +            burst-size-limit 32k; +        } +        then discard; +    } +} +virtual-chassis { +    preprovisioned; +    /* NLogic - Orange */ +    member 0 { +        role routing-engine; +        serial-number <removed>; +    } +    /* Juniper - Blue */ +    member 1 { +        role routing-engine; +        serial-number <removed>; +    } +} +vlans { +    default { +        vlan-id 1; +        l3-interface irb.0; +    } +} | 
