diff options
Diffstat (limited to 'examples/tg23/netconfig/e1.foh.tg23.gathering.org.conf')
| -rw-r--r-- | examples/tg23/netconfig/e1.foh.tg23.gathering.org.conf | 451 | 
1 files changed, 451 insertions, 0 deletions
| diff --git a/examples/tg23/netconfig/e1.foh.tg23.gathering.org.conf b/examples/tg23/netconfig/e1.foh.tg23.gathering.org.conf new file mode 100644 index 0000000..04c8699 --- /dev/null +++ b/examples/tg23/netconfig/e1.foh.tg23.gathering.org.conf @@ -0,0 +1,451 @@ +## ex3300-48p +## Last commit: 2023-04-05 20:23:28 CEST by j +version 15.1R7-S13; +system { +    host-name e1.foh; +    auto-snapshot; +    domain-name tg23.gathering.org; +    time-zone Europe/Oslo; +    /* tacacs primary, failbacks to local users */ +    authentication-order tacplus; +    ports { +        console log-out-on-disconnect; +    } +    root-authentication { +        encrypted-password "<removed>"; ## SECRET-DATA +    } +    name-server { +        2a06:5841:f:d::101; +        2a06:5841:f:e::132; +    } +    tacplus-server { +        <removed> { +            secret "<removed>"; ## SECRET-DATA +            source-address 151.216.131.23; +        } +    } +    login { +        user api { +            uid 2000; +            class super-user; +            authentication { +                ssh-ed25519 "<removed>"; ## SECRET-DATA +            } +        } +        user tech { +            uid 2001; +            class super-user; +            authentication { +                encrypted-password "<removed>"; ## SECRET-DATA +            } +        } +    } +    services { +        ssh { +            root-login deny; +            no-tcp-forwarding; +            protocol-version v2; +            client-alive-count-max 2; +            client-alive-interval 300; +            connection-limit 50; +            rate-limit 5; +        } +        netconf { +            ssh { +                port 830; +            } +        } +    } +    syslog { +        user * { +            any emergency; +        } +        host log.tg23.gathering.org { +            any warning; +            authorization info; +            daemon warning; +            user warning; +            change-log any; +            interactive-commands any; +            match "!(.*License.*)"; +            allow-duplicates; +            facility-override local7; +            explicit-priority; +        } +        /* Oxidized syslog */ +        host 185.110.148.112 { +            interactive-commands notice; +            match UI_COMMIT_COMPLETED; +            source-address 151.216.131.23; +        } +        /* Local logging of syslog message */ +        file messages { +            any notice; +            authorization info; +            /* Fjerner mye graps i loggene */ +            match "!(.*License.*|.*EX-BCM PIC.*|.*mojito_i2c_read.*|.*qsfp_tk_read_mem_page.*)"; +        } +        /* Local logging of all user-commands typed in the CLI */ +        file interactive-commands { +            interactive-commands any; +            match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; +        } +    } +    commit synchronize; +    ntp { +        /* ntp.uio.no */ +        server 2001:700:100:2::6; +    } +} +chassis { +    aggregated-devices { +        ethernet { +            device-count 32; +        } +    } +    alarm { +        management-ethernet { +            link-down ignore; +        } +    } +} +interfaces { +    interface-range all-ports { +        member ge-*/*/*; +        member xe-*/*/*; +        member et-*/*/*; +    } +    interface-range edge-ports { +        member-range ge-0/0/0 to ge-0/0/35; +        member-range ge-0/0/40 to ge-0/0/43; +        description "C: e1.foh - VLAN 221"; +        unit 0 { +            family ethernet-switching { +                port-mode access; +                vlan { +                    members e1.foh; +                } +            } +        } +    } +    interface-range uplink-ports { +        member ge-0/0/44; +        member ge-0/0/45; +        description "G: d1.ring (ae0)"; +        ether-options { +            802.3ad ae0; +        } +    } +    interface-range unused-ports { +        member ge-0/0/46; +        member ge-0/0/47; +        description not-in-use; +        disable; +    } +    ge-0/0/36 { +        description "C: event-arena - VLAN 3000"; +        unit 0 { +            family ethernet-switching { +                port-mode access; +                vlan { +                    members event-arena; +                } +            } +        } +    } +    ge-0/0/37 { +        description "C: event-arena - VLAN 3000"; +        unit 0 { +            family ethernet-switching { +                port-mode access; +                vlan { +                    members event-arena; +                } +            } +        } +    } +    ge-0/0/38 { +        description "C: event-arena - VLAN 3000"; +        unit 0 { +            family ethernet-switching { +                port-mode access; +                vlan { +                    members event-arena; +                } +            } +        } +    } +    ge-0/0/39 { +        description "C: event-arena - VLAN 3000"; +        unit 0 { +            family ethernet-switching { +                port-mode access; +                vlan { +                    members event-arena; +                } +            } +        } +    } +    ge-0/0/40 { +        description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members ssid-the-gathering; +                } +                native-vlan-id 777; +            } +        } +    } +    ge-0/0/41 { +        description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members ssid-the-gathering; +                } +                native-vlan-id 777; +            } +        } +    } +    ge-0/0/42 { +        description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members ssid-the-gathering; +                } +                native-vlan-id 777; +            } +        } +    } +    ge-0/0/43 { +        description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members ssid-the-gathering; +                } +                native-vlan-id 777; +            } +        } +    } +    ae0 { +        description "B: d1.ring"; +        aggregated-ether-options { +            lacp { +                active; +            } +        } +        unit 0 { +            family ethernet-switching { +                port-mode trunk; +                vlan { +                    members [ e1.foh edge-mgmt event-arena aps-mgmt ssid-the-gathering ]; +                } +            } +        } +    } +    lo0 { +        unit 0 { +            family inet { +                filter { +                    input mgmt-v4; +                } +            } +            family inet6 { +                filter { +                    input mgmt-v6; +                } +            } +        } +    } +    vlan { +        unit 666 { +            description "switch management"; +            family inet { +                filter { +                    input mgmt-v4; +                } +                address 151.216.131.23/25; +            } +            family inet6 { +                filter { +                    input mgmt-v6; +                } +                address 2a06:5841:f:20::17/64; +            } +        } +    } +} +snmp { +    contact "<removed>"; +    community <removed> { +        authorization read-only; +        client-list-name mgmt; +    } +} +routing-options { +    rib inet.0 { +        static { +            route 0.0.0.0/0 next-hop 151.216.131.1; +        } +    } +    rib inet6.0 { +        static { +            route ::/0 next-hop 2a06:5841:f:20::1; +        } +    } +} +protocols { +    igmp-snooping { +        vlan all { +            version 3; +            immediate-leave; +        } +    } +    mld-snooping { +        vlan all { +            version 2; +            immediate-leave; +        } +    } +    rstp { +        bridge-priority 32k; +        interface edge-ports { +            edge; +            no-root-port; +        } +    } +    lldp { +        port-id-subtype interface-name; +        port-description-type interface-description; +        interface uplink-ports; +        interface ge-0/0/40.0; +        interface ge-0/0/41.0; +        interface ge-0/0/42.0; +        interface ge-0/0/43.0; +    } +} +policy-options { +    prefix-list mgmt-v4 { +    } +    prefix-list mgmt-v6 { +    } +    /* Merged separate v4- og v6-lister */ +    prefix-list mgmt { +        apply-path "policy-options prefix-list <mgmt-v*> <*>"; +    } +} +firewall { +    family inet { +        filter mgmt-v4 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v4; +                    } +                    destination-port 22; +                } +                then accept; +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then { +                    discard; +                } +            } +            term accept-all { +                then accept; +            } +        } +    } +    family inet6 { +        filter mgmt-v6 { +            term accept-ssh { +                from { +                    source-prefix-list { +                        mgmt-v6; +                    } +                    destination-port 22; +                } +                then accept; +            } +            term discard-ssh { +                from { +                    destination-port 22; +                } +                then discard; +            } +            term accept-all { +                then accept; +            } +        } +    } +} +ethernet-switching-options { +    secure-access-port { +        interface edge-ports { +            no-dhcp-trusted; +        } +        vlan e1.foh { +            arp-inspection; +            examine-dhcp; +            examine-dhcpv6; +            neighbor-discovery-inspection; +            ip-source-guard; +            ipv6-source-guard; +            dhcp-option82 { +                circuit-id { +                    use-vlan-id; +                } +            } +            no-option-37; +            /* inactive due to DHCP drops on MX platform */ +            inactive: dhcpv6-option18 { +                use-option-82; +            } +        } +        ipv6-source-guard-sessions { +            max-number 128; +        } +    } +    port-error-disable { +        /* 30 minutes in seconds */ +        disable-timeout 1800; +    } +    storm-control { +        action-shutdown; +        interface edge-ports { +            bandwidth 20000; +            multicast; +        } +    } +} +vlans { +    aps-mgmt { +        vlan-id 777; +    } +    e1.foh { +        vlan-id 221; +    } +    edge-mgmt { +        vlan-id 666; +        l3-interface vlan.666; +    } +    event-arena { +        vlan-id 3000; +    } +    ssid-the-gathering { +        vlan-id 778; +    } +} +poe { +    interface all; +} | 
