## ex4300-48mp ## Last commit: 2023-04-06 21:59:05 CEST by espenh version 20.2R3-S2.5; system { host-name e1.noc; root-authentication { encrypted-password ""; ## SECRET-DATA } commit synchronize; login { user api { uid 2000; class super-user; authentication { ssh-ed25519 ""; ## SECRET-DATA } } user tech { uid 2001; class super-user; authentication { encrypted-password ""; ## SECRET-DATA } } } services { ssh { root-login deny; no-tcp-forwarding; protocol-version v2; client-alive-count-max 2; client-alive-interval 300; connection-limit 50; rate-limit 5; } netconf { ssh { port 830; } } } auto-snapshot; domain-name tg23.gathering.org; time-zone Europe/Oslo; /* tacacs primary, failbacks to local users */ authentication-order tacplus; ports { console log-out-on-disconnect; } name-server { 2a06:5841:f:d::101; 2a06:5841:f:e::132; } tacplus-server { { secret ""; ## SECRET-DATA source-address 151.216.131.2; } } syslog { user * { any emergency; } host log.tg23.gathering.org { any warning; authorization info; daemon warning; user warning; change-log any; interactive-commands any; match "!(.*License.*)"; allow-duplicates; facility-override local7; explicit-priority; } /* Oxidized syslog */ host 185.110.148.112 { interactive-commands notice; match UI_COMMIT_COMPLETED; source-address 151.216.131.2; } /* Local logging of syslog message */ file messages { any notice; authorization info; /* Fjerner mye graps i loggene */ match "!(.*License.*|.*EX-BCM PIC.*|.*mojito_i2c_read.*|.*qsfp_tk_read_mem_page.*)"; } /* Local logging of all user-commands typed in the CLI */ file interactive-commands { interactive-commands any; match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; } } ntp { /* ntp.uio.no */ server 2001:700:100:2::6; } } chassis { aggregated-devices { ethernet { device-count 32; } } alarm { management-ethernet { link-down ignore; } } } interfaces { interface-range all-ports { member ge-*/*/*; member mge-*/*/*; member xe-*/*/*; member et-*/*/*; } interface-range edge-ports { member-range ge-0/0/0 to ge-0/0/23; member-range mge-0/0/24 to mge-0/0/43; member-range xe-0/2/2 to xe-0/2/3; description "C: e1.noc - VLAN 200"; unit 0 { family ethernet-switching { interface-mode access; vlan { members e1.noc; } } } } interface-range uplink-ports { member xe-0/2/0; member xe-0/2/1; description "G: d1.ring (ae0)"; ether-options { 802.3ad ae0; } } mge-0/0/40 { description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; native-vlan-id 777; unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ ssid-the-gathering aps-mgmt ]; } } } } mge-0/0/41 { description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; native-vlan-id 777; unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ ssid-the-gathering aps-mgmt ]; } } } } mge-0/0/42 { description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; native-vlan-id 777; unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ ssid-the-gathering aps-mgmt ]; } } } } mge-0/0/43 { description "C: AP - VLAN 777 untagged (mgmt) - VLAN 778 tagged"; native-vlan-id 777; unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ ssid-the-gathering aps-mgmt ]; } } } } ae0 { description "B: d1.ring"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ e1.noc edge-mgmt aps-mgmt ssid-the-gathering ]; } } } } irb { unit 666 { description "switch management"; family inet { filter { input mgmt-v4; } address 151.216.131.2/25; } family inet6 { filter { input mgmt-v6; } address 2a06:5841:f:20::2/64; } } } lo0 { unit 0 { family inet { filter { input mgmt-v4; } } family inet6 { filter { input mgmt-v6; } } } } } snmp { contact ""; community { authorization read-only; client-list-name mgmt; } } policy-options { prefix-list mgmt-v4 { } prefix-list mgmt-v6 { } /* Merged separate v4- og v6-lister */ prefix-list mgmt { apply-path "policy-options prefix-list <*>"; } } firewall { family inet { filter mgmt-v4 { term accept-ssh { from { source-prefix-list { mgmt-v4; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then { discard; } } term accept-all { then accept; } } } family inet6 { filter mgmt-v6 { term accept-ssh { from { source-prefix-list { mgmt-v6; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then discard; } term accept-all { then accept; } } } } routing-options { rib inet.0 { static { route 0.0.0.0/0 next-hop 151.216.131.1; } } rib inet6.0 { static { route ::/0 next-hop 2a06:5841:f:20::1; } } } protocols { lldp { port-id-subtype interface-name; port-description-type interface-description; interface uplink-ports; interface mge-0/0/40; interface mge-0/0/41; interface mge-0/0/42; interface mge-0/0/43; } lldp-med { interface mge-0/0/40; interface mge-0/0/41; interface mge-0/0/42; interface mge-0/0/43; } igmp-snooping { vlan all; } rstp { bridge-priority 32k; interface edge-ports { edge; no-root-port; } } } vlans { aps-mgmt { vlan-id 777; } e1.noc { vlan-id 200; } edge-mgmt { vlan-id 666; l3-interface irb.666; } ssid-the-gathering { vlan-id 778; } } poe { interface all { high-power; } }