diff options
Diffstat (limited to 'examples/tg19/netconf/s1.cna.conf')
| -rw-r--r-- | examples/tg19/netconf/s1.cna.conf | 338 | 
1 files changed, 338 insertions, 0 deletions
| diff --git a/examples/tg19/netconf/s1.cna.conf b/examples/tg19/netconf/s1.cna.conf new file mode 100644 index 0000000..847bc93 --- /dev/null +++ b/examples/tg19/netconf/s1.cna.conf @@ -0,0 +1,338 @@ +## Last changed: 2019-04-16 20:56:00 CEST +version 15.1R6.7; +system { +    host-name s1.cna; +    auto-snapshot; +    domain-name tg19.gathering.org; +    time-zone Europe/Oslo; +    authentication-order tacplus; +    root-authentication { +        encrypted-password "<removed>"; +    } +    name-server { +        2a06:5841:a:103::62; +        2a06:5841:a:104::126; +    } +    tacplus-server { +        134.90.150.164 secret "<removed>"; +    } +    login { +        user technet { +            uid 2000; +            class super-user; +            authentication { +                encrypted-password "<removed>"; +            } +        } +    } +    services { +        ssh { +            root-login deny; +            no-tcp-forwarding; +            protocol-version v2; +            client-alive-count-max 2; +            client-alive-interval 300; +            connection-limit 50; +            rate-limit 5; +        } +        netconf { +            ssh { +                port 830; +            } +        } +    } +    syslog { +        user * { +            any emergency; +        } +        host log.tg19.gathering.org { +            any warning; +            authorization info; +            daemon warning; +            user warning; +            change-log any; +            interactive-commands any; +            match "!(.*License.*)"; +            allow-duplicates; +            facility-override local7; +            explicit-priority; +        } +        /* Local logging of syslog message */ +        file messages { +            any notice; +            authorization info; +        } +        /* Local logging of all user-commands typed in the CLI */ +        file interactive-commands { +            interactive-commands any; +            match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; +        } +    } +    /* Save changes to central site */ +    archival { +        configuration { +            transfer-on-commit; +            archive-sites { +                "scp://user@host/some/folder/" password "<removed>"; +            } +        } +    } +    commit synchronize; +    ntp { +        /* ntp.uio.no */ +        server 2001:700:100:2::6; +    } +} +chassis { +    aggregated-devices { +        ethernet { +            device-count 2; +        } +    } +    alarm { +        management-ethernet { +            link-down ignore; +        } +    } +} +security { +    ssh-known-hosts { +        host <removed> { +            ecdsa-sha2-nistp256-key <removed>; +        } +    } +} +interfaces { +    interface-range all-ports { +        member ge-*/*/*; +        member xe-*/*/*; +        member et-*/*/*; +    } +    interface-range edge-ports { +        member-range ge-0/0/0 to ge-0/0/43; +        description Clients; +        unit 0 { +            family ethernet-switching { +                port-mode access; +                vlan { +                    members clients; +                } +            } +        } +    } +    interface-range uplink-ports { +        member-range ge-0/0/46 to ge-0/0/47; +        description "G: r1.ring"; +        ether-options { +            802.3ad ae0; +        } +    } +    interface-range unused-ports { +        member-range ge-0/0/44 to ge-0/0/45; +        description not-in-use; +    } +    ae0 { +        description "B: r1.ring"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members [ clients mgmt ]; +                } +            } +        } +    } +    lo0 { +        unit 0 { +            family inet { +                filter { +                    input mgmt-v4; +                } +                address 127.0.0.1/32; +            } +            family inet6 { +                filter { +                    input mgmt-v6; +                } +                address ::1/128; +            } +        } +    } +    vlan { +        unit 666 { +            description "Switch mgmt"; +            family inet { +                filter { +                    input mgmt-v4; +                } +                address 88.92.2.70/26; +            } +            family inet6 { +                filter { +                    input mgmt-v6; +                } +                address 2a06:5841:d:b::70/64; +            } +        } +    } +} +snmp { +    contact NOC; +    community <removed> { +        authorization read-only; +        client-list-name mgmt; +    } +} +routing-options { +    rib inet.0 { +        static { +            route 0.0.0.0/0 next-hop 88.92.2.65; +        } +    } +    rib inet6.0 { +        static { +            route ::/0 next-hop 2a06:5841:d:b::1; +        } +    } +} +protocols { +    sflow { +        sample-rate { +            ingress 10000; +            egress 10000; +        } +        collector <removed>; +        interfaces all-ports; +    } +    igmp-snooping { +        vlan all { +            version 3; +            immediate-leave; +        } +    } +    mld-snooping { +        vlan all { +            version 2; +            immediate-leave; +        } +    } +    rstp { +        bridge-priority 32k; +        interface edge-ports { +            edge; +            no-root-port; +        } +    } +    lldp { +        interface uplink-ports; +    } +} +policy-options { +    prefix-list mgmt-v4 { +    } +    prefix-list mgmt-v6 { +    } +    /* Merged separate v4- og v6-lister */ +    prefix-list mgmt { +        apply-path "policy-options prefix-list <mgmt-v*> <*>"; +    } +} +firewall { +    family inet { +        filter mgmt-v4 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v4; +                    } +                    destination-port 22; +                } +                then accept; +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then { +                    discard; +                } +            } +            term accept-all { +                then accept; +            } +        } +    } +    family inet6 { +        filter mgmt-v6 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v6; +                    } +                    destination-port 22; +                } +                then accept; +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then discard; +            } +            term accept-all { +                then accept; +            } +        } +    } +} +ethernet-switching-options { +    secure-access-port { +        interface edge-ports { +            no-dhcp-trusted; +        } +        vlan clients { +            arp-inspection; +            examine-dhcp; +            inactive: examine-dhcpv6; +            inactive: neighbor-discovery-inspection; +            ip-source-guard; +            inactive: ipv6-source-guard; +            dhcp-option82 { +                circuit-id { +                    use-vlan-id; +                } +            } +            no-option-37; +            inactive: dhcpv6-option18 { +                use-option-82; +            } +        } +        inactive: ipv6-source-guard-sessions { +            max-number 128; +        } +    } +    storm-control { +        action-shutdown; +        interface edge-ports { +            bandwidth 5000; +            multicast; +        } +    } +} +vlans { +    clients { +        vlan-id 114; +    } +    mgmt { +        vlan-id 666; +        l3-interface vlan.666; +    } +} +poe { +    interface all; +} | 
