diff options
Diffstat (limited to 'examples/tg16/netconf/swinggw.conf')
| -rw-r--r-- | examples/tg16/netconf/swinggw.conf | 716 | 
1 files changed, 716 insertions, 0 deletions
| diff --git a/examples/tg16/netconf/swinggw.conf b/examples/tg16/netconf/swinggw.conf new file mode 100644 index 0000000..fe9cee7 --- /dev/null +++ b/examples/tg16/netconf/swinggw.conf @@ -0,0 +1,716 @@ +## Last changed: 2016-03-23 04:17:59 CET +version 14.1X53-D26.2; +groups { +    SET_AE_DEFAULTS { +        interfaces { +            <ae*> { +                aggregated-ether-options { +                    lacp { +                        active; +                    } +                } +            } +        } +    } +    SET_OSPF_DEFAULTS { +        protocols { +            ospf { +                reference-bandwidth 1000g; +                area <*> { +                    interface <ae*> { +                        bfd-liveness-detection { +                            minimum-interval 100; +                            multiplier 3; +                        } +                    } +                } +            } +            ospf3 { +                reference-bandwidth 1000g; +                area <*> { +                    interface <ae*> { +                        bfd-liveness-detection { +                            minimum-interval 100; +                            multiplier 3; +                        } +                    } +                } +            } +        } +    } +    SET_RA_DEFAULTS { +        protocols { +            router-advertisement { +                interface <*> { +                    max-advertisement-interval 15; +                    managed-configuration; +                } +            } +        } +    } +} +system { +    host-name swinggw; +    auto-snapshot; +    domain-name infra.gathering.org; +    time-zone Europe/Oslo; +    authentication-order tacplus; +    root-authentication { +        encrypted-password "<removed>"; +    } +    name-server { +        185.110.149.2; +        185.110.148.2; +        2a06:5841:149a::2; +        2a06:5841:1337::2; +    } +    tacplus-server { +        134.90.150.164 { +            secret "<removed>"; +            source-address 185.110.148.71; +        } +    } +    login { +        user technet { +            uid 2000; +            class super-user; +            authentication { +                encrypted-password "<removed>"; +            } +        } +    } +    services { +        ssh { +            root-login deny; +            no-tcp-forwarding; +            client-alive-count-max 2; +            client-alive-interval 300; +            connection-limit 5; +            rate-limit 5; +        } +        netconf { +            ssh { +                connection-limit 3; +                rate-limit 3; +            } +        } +    } +    syslog { +        user * { +            any emergency; +        } +        host 185.110.148.17 { +            any info; +            authorization info; +            port 515; +        } +        file messages { +            any notice; +            authorization info; +        } +        file interactive-commands { +            interactive-commands any; +        } +    } +    archival { +        configuration { +            transfer-on-commit; +            archive-sites { +                "scp://user@host/some/folder/" password "<removed>"; +            } +        } +    } +    commit synchronize; +    ntp { +        server 2001:700:100:2::6; +    } +} +chassis { +    aggregated-devices { +        ethernet { +            device-count 32; +        } +    } +    alarm { +        management-ethernet { +            link-down ignore; +        } +    } +    auto-image-upgrade; +} +security { +    ssh-known-hosts { +        host 134.90.150.164 { +            ecdsa-sha2-nistp256-key <removed>; +        } +    } +} +interfaces { +    apply-groups SET_AE_DEFAULTS; +    interface-range GAMEHQ_CLIENTS { +        member ge-0/0/0; +        member-range ge-0/0/10 to ge-0/0/43; +        description "GameHQ Clients"; +        unit 0 { +            family ethernet-switching { +                port-mode access; +                vlan { +                    members GAMEHQ_CLIENTS; +                } +            } +        } +    } +    ge-0/0/2 { +        description sw1.streamer-1; +        ether-options { +            802.3ad ae27; +        } +    } +    ge-0/0/3 { +        description sw1.streamer-2; +        ether-options { +            802.3ad ae27; +        } +    } +    ge-0/0/4 { +        description sw1.streamer-3; +        ether-options { +            802.3ad ae27; +        } +    } +    ge-0/0/5 { +        description sw1-flankenord; +        ether-options { +            802.3ad ae26; +        } +    } +    ge-0/0/6 { +        description sw1-flankenord; +        ether-options { +            802.3ad ae26; +        } +    } +    ge-0/0/7 { +        description sw2.streamer-1; +        ether-options { +            802.3ad ae28; +        } +    } +    ge-0/0/8 { +        description sw2.streamer-2; +        ether-options { +            802.3ad ae28; +        } +    } +    ge-0/0/9 { +        description sw2.streamer-3; +        ether-options { +            802.3ad ae28; +        } +    } +    xe-0/1/0 { +        description LOGGW; +        ether-options { +            802.3ad ae31; +        } +    } +    xe-0/1/1 { +        description NORTHGW; +        ether-options { +            802.3ad ae30; +        } +    } +    xe-0/1/2 { +        description "ae29 mot stagegw"; +        ether-options { +            802.3ad ae29; +        } +    } +    ae26 { +        description sw1-flankenord; +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members [ MGMT FLANKENORD_CLIENTS ]; +                } +            } +        } +    } +    ae27 { +        description uplinkstreamer1; +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members [ MGMT klientnett_streamer1 ]; +                } +            } +        } +    } +    ae28 { +        description uplinkstreamer2; +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members [ MGMT klientnett_streamer2 ]; +                } +            } +        } +    } +    ae29 { +        description "mot stagegw ae0"; +        unit 0 { +            family inet { +                address 185.110.148.175/31; +            } +            family inet6; +        } +    } +    ae30 { +        description NORTHGW; +        unit 0 { +            family inet { +                address 185.110.148.141/31; +            } +            family inet6; +        } +    } +    ae31 { +        description LOGGW; +        unit 0 { +            family inet { +                address 185.110.148.143/31; +            } +            family inet6; +        } +    } +    lo0 { +        description MGMT-INTERFACE; +        unit 0 { +            family inet { +                filter { +                    input protect-mgmt-v4; +                } +                address 185.110.148.71/32; +            } +            family inet6 { +                filter { +                    input protect-mgmt-v6; +                } +                address 2a06:5841:148b::71/128; +            } +        } +    } +    vlan { +        /* Klient-VLAN */ +        unit 250 { +            description "GameHQ Clients"; +            family inet { +                address 88.92.76.1/24; +            } +            family inet6 { +                address 2a06:5840:76::1/64; +            } +        } +        unit 1228 { +            description "swing - management"; +            family inet { +                address 88.92.57.129/28; +            } +            family inet6 { +                address 2a06:5840:576::129/64; +            } +        } +        unit 2006 { +            description "FLANKENORD CLIENTS"; +            family inet { +                address 88.92.41.65/26; +            } +            family inet6 { +                address 2a06:5840:41b::1/64; +            } +        } +        unit 2008 { +            description Klientnett_streamer1; +            family inet { +                address 88.92.41.193/26; +            } +            family inet6 { +                address 2a06:5840:41d::1/64; +            } +        } +        unit 2009 { +            description Klientnett_streamer2; +            family inet { +                address 88.92.42.1/26; +            } +            family inet6 { +                address 2a06:5840:42a::1/64; +            } +        } +        unit 3001 { +            description "Event lukket/internett/lol"; +            family inet { +                address 10.30.40.1/24; +            } +        } +    } +} +snmp { +    community <removed> { +        authorization read-only; +        client-list-name mgmt; +    } +    community <removed> { +        authorization read-only; +        client-list-name mgmt-nms; +    } +} +forwarding-options { +    dhcp-relay { +        dhcpv6 { +            group EDGE { +                active-server-group v6-EDGE; +                overrides; +                interface vlan.250; +                interface vlan.1228; +                interface vlan.2006; +                interface vlan.2008; +                interface vlan.2009; +                interface vlan.3001; +            } +            server-group { +                v6-EDGE { +                    2a02:ed02:1ee7::66; +                } +            } +        } +        server-group { +            v4-EDGE { +                185.110.149.2; +                185.110.148.2; +            } +            inactive: v4-autoconfig { +                1.1.1.1; +            } +        } +        group EDGE { +            active-server-group v4-EDGE; +            overrides { +                trust-option-82; +            } +            interface vlan.250; +            interface vlan.1228; +            interface vlan.2006; +            interface vlan.2008; +            interface vlan.2009; +            interface vlan.3001; +        } +        inactive: group autoconfig { +            active-server-group v4-autoconfig; +            relay-option-82 { +                circuit-id { +                    prefix { +                        host-name; +                    } +                    include-irb-and-l2; +                } +            } +            interface vlan.666; +        } +    } +} +protocols { +    mld; +    router-advertisement { +        interface vlan.250; +        interface vlan.2006; +        interface vlan.1228; +        interface vlan.2008; +        interface vlan.2009; +    } +    ospf { +        export [ static-to-ospf direct-to-ospf ]; +        area 0.0.0.0 { +            interface ae30.0; +            interface ae31.0; +            interface ae29.0; +        } +    } +    ospf3 { +        export [ static-to-ospf direct-to-ospf ]; +        area 0.0.0.0 { +            interface ae30.0; +            interface ae31.0; +            interface ae29.0; +        } +    } +    pim { +        rp { +            /* STANDGW */ +            static { +                address 2a06:5841:148b::67; +                address 185.110.148.67; +            } +        } +    } +    igmp-snooping { +        vlan all { +            version 3; +            immediate-leave; +        } +    } +    mld-snooping { +        vlan all { +            version 2; +            immediate-leave; +        } +    } +    rstp { +        bridge-priority 8k; +        interface GAMEHQ_CLIENTS { +            edge; +            no-root-port; +        } +    } +    lldp { +        management-address 185.110.148.71; +    } +    lldp-med { +        interface all; +    } +} +policy-options { +    prefix-list mgmt-v4 { +        /* KANDU PA-nett (brukt på servere, infra etc) */ +        185.110.148.0/22; +    } +    prefix-list mgmt-v6 { +        /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ +        2a06:5841::/32; +    } +    prefix-list mgmt { +        185.110.148.0/22; +        2a06:5841::/32; +    } +    prefix-list mgmt-v4-nms { +        185.110.148.11/32; +        185.110.148.12/32; +    } +    prefix-list mgmt-v6-nms { +        2a06:5841:1337::11/128; +        2a06:5841:1337::12/128; +    } +    prefix-list mgmt-nms { +        185.110.148.11/32; +        185.110.148.12/32; +        185.110.150.10/32; +        2a06:5841:1337::11/128; +        2a06:5841:1337::12/128; +    } +    prefix-list icmp_unthrottled-v4 { +        185.110.148.0/22; +        193.212.22.0/30; +    } +    prefix-list icmp_unthrottled-v6 { +        2001:4600:9:300::290/126; +        2a06:5841::/32; +    } +    policy-statement direct-to-ospf { +        from protocol direct; +        then { +            external { +                type 1; +            } +            accept; +        } +    } +    policy-statement static-to-ospf { +        from protocol static; +        then { +            external { +                type 1; +            } +            accept; +        } +    } +} +firewall { +    family inet { +        filter protect-mgmt-v4 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v4; +                    } +                    destination-port 22; +                } +                then accept; +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then { +                    discard; +                } +            } +            term snmp-nms { +                from { +                    source-prefix-list { +                        mgmt-v4-nms; +                    } +                    destination-port snmp; +                } +                then accept; +            } +            term snmp-throttle { +                from { +                    source-prefix-list { +                        mgmt-v4; +                    } +                    destination-port snmp; +                } +                then accept; +            } +            term icmp-trusted { +                from { +                    source-prefix-list { +                        icmp_unthrottled-v4; +                    } +                    protocol icmp; +                } +                then accept; +            } +            term icmp-throttled { +                from { +                    protocol icmp; +                } +                then accept; +            } +            term accept-all { +                then accept; +            } +        } +    } +    family inet6 { +        filter protect-mgmt-v6 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v6; +                    } +                    destination-port 22; +                } +                then accept; +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then discard; +            } +            term snmp-nms { +                from { +                    source-prefix-list { +                        mgmt-v6-nms; +                    } +                    destination-port snmp; +                } +                then accept; +            } +            term snmp-throttle { +                from { +                    source-prefix-list { +                        mgmt-v6; +                    } +                    destination-port snmp; +                } +                then accept; +            } +            term icmp-trusted { +                from { +                    source-prefix-list { +                        icmp_unthrottled-v6; +                    } +                    next-header icmp6; +                } +                then accept; +            } +            term icmp-throttled { +                from { +                    next-header icmp6; +                } +                then accept; +            } +            term accept-all { +                then accept; +            } +        } +    } +} +/* EDGE */ +ethernet-switching-options { +    /* EDGE */ +    secure-access-port { +        interface GAMEHQ_CLIENTS { +            no-dhcp-trusted; +        } +        vlan GAMEHQ_CLIENTS { +            arp-inspection; +            examine-dhcp; +            examine-dhcpv6; +            neighbor-discovery-inspection; +            ip-source-guard; +            ipv6-source-guard; +            dhcp-option82; +            dhcpv6-option18 { +                use-option-82; +            } +        } +        ipv6-source-guard-sessions { +            max-number 128; +        } +    } +    /* EDGE SLUTT */ +    storm-control { +        interface all; +    } +} +vlans { +    EVENTNETT { +        description "Event lukket/internett/lol"; +        vlan-id 3001; +        l3-interface vlan.3001; +    } +    FLANKENORD_CLIENTS { +        description "FLANKENORD CLIENTS"; +        vlan-id 2006; +        l3-interface vlan.2006; +    } +    GAMEHQ_CLIENTS { +        description "GameHQ Clients"; +        vlan-id 250; +        l3-interface vlan.250; +    } +    MGMT { +        description "swing - management"; +        vlan-id 1228; +        l3-interface vlan.1228; +    } +    klientnett_streamer1 { +        description Klientnett_streamer1; +        vlan-id 2008; +        l3-interface vlan.2008; +    } +    klientnett_streamer2 { +        description Klientnett_streamer2; +        vlan-id 2009; +        l3-interface vlan.2009; +    } +} +poe { +    interface all; +} | 
