system { host-name d1-bird; auto-snapshot; domain-name tg25.tg.no; time-zone Europe/Oslo; /* tacacs primary, failbacks to local users */ authentication-order tacplus; ports { console log-out-on-disconnect; } root-authentication { encrypted-password ""; } name-server { 1.1.1.1; 8.8.8.8; 2001:4860:4860::8888; 2001:4860:4860::8844; } tacplus-server { { secret ""; } } login { user admin { uid 2000; class super-user; authentication { encrypted-password ""; } } user tech { uid 2001; class super-user; authentication { encrypted-password ""; } } } services { ssh { root-login deny; protocol-version v2; client-alive-count-max 2; client-alive-interval 300; connection-limit 50; rate-limit 5; } netconf { ssh { port 830; } } } syslog { user * { any emergency; } host log.tg25.tg.no { any warning; authorization info; daemon warning; user warning; change-log any; interactive-commands any; match "!(.*License.*)"; allow-duplicates; facility-override local7; explicit-priority; } /* Oxidized syslog */ host { interactive-commands notice; match UI_COMMIT_COMPLETED; } /* Local logging of syslog messages */ file messages { any notice; authorization info; /* Fjerner mye graps i loggene */ match "!(.*License.*|.*EX-BCM PIC.*|.*mojito_i2c_read.*|.*qsfp_tk_read_mem_page.*)"; } /* Local logging of all user-commands typed in the CLI */ file interactive-commands { interactive-commands any; match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; } } commit synchronize; ntp { server 129.240.2.6; server 129.240.2.42; server 2001:700:100:425::42; server 2001:700:100:2::6; } } chassis { redundancy { graceful-switchover; } aggregated-devices { ethernet { device-count 32; } } alarm { management-ethernet { link-down ignore; } } } snmp { contact ""; location "LEGGETIIID!"; community { authorization read-only; client-list-name mgmt; } } policy-options { prefix-list mgmt-v4 { } prefix-list mgmt-v6 { } /* Merged separate v4- og v6-lister */ prefix-list mgmt { apply-path "policy-options prefix-list <*>"; } } firewall { family inet { filter mgmt-v4 { term accept-ssh { from { source-prefix-list { mgmt-v4; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then { discard; } } term accept-all { then accept; } } } family inet6 { filter mgmt-v6 { term accept-ssh { from { source-prefix-list { mgmt-v6; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then discard; } term accept-all { then accept; } } } } protocols { igmp-snooping { vlan all { immediate-leave; } } mld-snooping { vlan all { immediate-leave; } } } protocols { rstp { bridge-priority 8k; } lldp { port-id-subtype interface-name; port-description-type interface-description; interface all; } } poe { interface all; } routing-options { rib inet.0 { static { route 0.0.0.0/0 next-hop 185.110.149.1; } } rib inet6.0 { static { route ::/0 next-hop 2a06:5841:f:0::1; } } nonstop-routing; } interfaces { ge-0/0/0 { description "G: e1-bird ge-0/0/44 (ae10)"; ether-options { 802.3ad ae10; } } ge-0/0/1 { description "G: e1-bird ge-0/0/45 (ae10)"; ether-options { 802.3ad ae10; } } ge-0/0/2 { description "G: e2-bird ge-0/0/44 (ae11)"; ether-options { 802.3ad ae11; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members juniper-mgmt; } } } } ge-0/0/3 { description "G: e2-bird ge-0/0/45 (ae11)"; ether-options { 802.3ad ae11; } } ge-0/0/4 { description "G: e1-bula ge-0/0/44 (ae12)"; ether-options { 802.3ad ae12; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members juniper-mgmt; } } } } ge-0/0/5 { description "G: e1-bula ge-0/0/45 (ae12)"; ether-options { 802.3ad ae12; } } ge-0/0/6 { description "G: e1-taakeheimen ge-0/0/44 (ae13)"; ether-options { 802.3ad ae13; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members juniper-mgmt; } } } } ge-0/0/7 { description "G: e1-taakeheimen ge-0/0/45 (ae13)"; ether-options { 802.3ad ae13; } } ge-0/0/8 { description "G: e1-systemstotte ge-0/0/44 (ae14)"; ether-options { 802.3ad ae14; } } ge-0/0/9 { description "G: e1-systemstotte ge-0/0/45 (ae14)"; ether-options { 802.3ad ae14; } } ge-0/0/10 { description "G: e2-systemstotte ge-0/0/44 (ae15)"; ether-options { 802.3ad ae15; } } ge-0/0/11 { description "G: e2-systemstotte ge-0/0/45 (ae15)"; ether-options { 802.3ad ae15; } } ge-0/0/12 { unit 0 { } } ge-0/0/13 { unit 0 { } } ge-0/0/14 { unit 0 { } } ge-0/0/15 { unit 0 { } } ge-0/0/16 { unit 0 { } } ge-0/0/17 { unit 0 { } } ge-0/0/18 { unit 0 { } } ge-0/0/19 { unit 0 { } } ge-0/0/20 { unit 0 { } } ge-0/0/21 { unit 0 { } } ge-0/0/22 { unit 0 { } } ge-0/0/23 { unit 0 { } } ge-0/0/24 { unit 0 { } } ge-0/0/25 { unit 0 { } } ge-0/0/26 { unit 0 { } } ge-0/0/27 { unit 0 { } } ge-0/0/28 { unit 0 { } } ge-0/0/29 { unit 0 { } } ge-0/0/30 { unit 0 { } } ge-0/0/31 { unit 0 { } } ge-0/0/32 { unit 0 { } } ge-0/0/33 { unit 0 { } } ge-0/0/34 { unit 0 { } } ge-0/0/35 { unit 0 { } } ge-0/0/36 { unit 0 { } } ge-0/0/37 { unit 0 { } } ge-0/0/38 { unit 0 { } } ge-0/0/39 { unit 0 { } } ge-0/0/40 { unit 0 { } } ge-0/0/41 { unit 0 { } } ge-0/0/42 { unit 0 { } } ge-0/0/43 { unit 0 { } } ge-0/0/44 { unit 0 { } } ge-0/0/45 { unit 0 { } } ge-0/0/46 { unit 0 { } } ge-0/0/47 { description "AP"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ wifi-tg-legacy wifi-thegathering ]; } native-vlan-id 667; } } } xe-0/1/0 { description "G: d1-ring-noc xe-4/0/2 (ae0)"; ether-options { 802.3ad ae0; } } xe-0/1/1 { description "G: d1-ring-noc xe-4/0/3 (ae0)"; ether-options { 802.3ad ae0; } } xe-0/1/2 { unit 0 { } } xe-0/1/3 { unit 0 { } } ae0 { description "B: d1-ring-noc ae11"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members all; } native-vlan-id 10; } } } ae10 { description "B: e1-bird ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ e1-bird juniper-mgmt ]; } } } } ae11 { description "B: e2-bird ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ e2-bird juniper-mgmt ]; } } } } ae12 { description "B: e1-bula ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ e1-bula wifi-tg-legacy wifi-thegathering juniper-mgmt ap-mgmt ]; } } } } ae13 { description "B: e1-taakeheimen ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ e1-taakeheimen juniper-mgmt ]; } } } } ae14 { description "B: e1-systemstotte ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ e1-systemstotte juniper-mgmt ]; } } } } ae15 { description "B: e2-systemstotte ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ e2-systemstotte wifi-tg-legacy wifi-thegathering juniper-mgmt ap-mgmt ]; } } } } vlan { unit 10 { description "X: Mgmt"; family inet { filter { input mgmt-v4; } address 185.110.149.3/25; } family inet6 { filter { input mgmt-v6; } address 2a06:5841:f::10/64; } } } } ethernet-switching-options { secure-access-port { vlan juniper-mgmt { dhcp-option82 { circuit-id { prefix hostname; use-vlan-id; } } } } } ethernet-switching-options { secure-access-port { vlan juniper-mgmt { dhcp-option82 { circuit-id { prefix hostname; use-vlan-id; } } } } port-error-disable { /* 30 minutes in seconds */ disable-timeout 1800; } storm-control { interface ae10.0; interface ae11.0; interface ae12.0; interface ae13.0; interface ae14.0; interface ae15.0; } } vlans { wifi-tg-legacy { vlan-id 670; } wifi-thegathering { vlan-id 1337; } ap-mgmt { vlan-id 667; } juniper-mgmt { vlan-id 10; l3-interface vlan.10; } e1-bird { vlan-id 201; } e2-bird { vlan-id 202; } e1-bula { vlan-id 203; } e1-taakeheimen { vlan-id 204; } e1-systemstotte { vlan-id 205; } e2-systemstotte { vlan-id 206; } } event-options { policy ae10down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae10$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/0 unit 0"; "deactivate interfaces ge-0/0/0 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae10went down so removed ge-0/0/0 from bundle"; } } } } policy ae10up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae10$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/0 unit 0"; "activate interfaces ge-0/0/0 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae10 came up so added ge-0/0/0 to bundle"; } } } } policy ae11down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae11$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/2 unit 0"; "deactivate interfaces ge-0/0/2 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae11went down so removed ge-0/0/2 from bundle"; } } } } policy ae11up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae11$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/2 unit 0"; "activate interfaces ge-0/0/2 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae11 came up so added ge-0/0/2 to bundle"; } } } } policy ae12down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae12$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/4 unit 0"; "deactivate interfaces ge-0/0/4 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae12went down so removed ge-0/0/4 from bundle"; } } } } policy ae12up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae12$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/4 unit 0"; "activate interfaces ge-0/0/4 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae12 came up so added ge-0/0/4 to bundle"; } } } } policy ae13down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae13$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/6 unit 0"; "deactivate interfaces ge-0/0/6 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae13went down so removed ge-0/0/6 from bundle"; } } } } policy ae13up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae13$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/6 unit 0"; "activate interfaces ge-0/0/6 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae13 came up so added ge-0/0/6 to bundle"; } } } } policy ae14down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae14$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/8 unit 0"; "deactivate interfaces ge-0/0/8 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae14went down so removed ge-0/0/8 from bundle"; } } } } policy ae14up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae14$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/8 unit 0"; "activate interfaces ge-0/0/8 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae14 came up so added ge-0/0/8 to bundle"; } } } } policy ae15down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae15$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/10 unit 0"; "deactivate interfaces ge-0/0/10 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae15went down so removed ge-0/0/10 from bundle"; } } } } policy ae15up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae15$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/10 unit 0"; "activate interfaces ge-0/0/10 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae15 came up so added ge-0/0/10 to bundle"; } } } } }