aboutsummaryrefslogtreecommitdiffstats
path: root/examples/tg16/netconf/nocgw.conf
diff options
context:
space:
mode:
Diffstat (limited to 'examples/tg16/netconf/nocgw.conf')
-rw-r--r--examples/tg16/netconf/nocgw.conf1072
1 files changed, 1072 insertions, 0 deletions
diff --git a/examples/tg16/netconf/nocgw.conf b/examples/tg16/netconf/nocgw.conf
new file mode 100644
index 0000000..3aa2338
--- /dev/null
+++ b/examples/tg16/netconf/nocgw.conf
@@ -0,0 +1,1072 @@
+## Last changed: 2016-03-26 01:37:02 CET
+version 14.1X53-D16.2;
+groups {
+ SET_AE_DEFAULTS {
+ interfaces {
+ <ae*> {
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ }
+ }
+ }
+ SET_OSPF_DEFAULTS {
+ protocols {
+ ospf {
+ reference-bandwidth 1000g;
+ area <*> {
+ interface <ae*> {
+ bfd-liveness-detection {
+ minimum-interval 100;
+ multiplier 3;
+ }
+ }
+ }
+ }
+ ospf3 {
+ reference-bandwidth 1000g;
+ area <*> {
+ interface <ae*> {
+ bfd-liveness-detection {
+ minimum-interval 100;
+ multiplier 3;
+ }
+ }
+ }
+ }
+ }
+ }
+ SET_RA_DEFAULTS {
+ protocols {
+ router-advertisement {
+ interface <*> {
+ max-advertisement-interval 15;
+ managed-configuration;
+ }
+ }
+ }
+ }
+}
+system {
+ host-name nocgw;
+ domain-name infra.gathering.org;
+ time-zone Europe/Oslo;
+ arp {
+ aging-timer 5;
+ }
+ authentication-order tacplus;
+ root-authentication {
+ encrypted-password "<removed>";
+ }
+ name-server {
+ 185.110.149.2;
+ 185.110.148.2;
+ }
+ tacplus-server {
+ 134.90.150.164 {
+ secret "<removed>";
+ source-address 185.110.148.65;
+ }
+ }
+ login {
+ user technet {
+ uid 2000;
+ class super-user;
+ authentication {
+ encrypted-password "<removed>";
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ }
+ }
+ syslog {
+ file messages {
+ any notice;
+ authorization notice;
+ }
+ }
+ commit synchronize;
+ processes {
+ dhcp-service {
+ traceoptions {
+ file JDHCPDEBUG size 20m files 5;
+ flag all;
+ }
+ }
+ }
+ ntp {
+ server 2001:700:100:2::6;
+ }
+}
+chassis {
+ aggregated-devices {
+ ethernet {
+ device-count 32;
+ }
+ }
+}
+interfaces {
+ apply-groups SET_AE_DEFAULTS;
+ interface-range CREW_CLIENTS_APS {
+ member-range ge-2/0/10 to ge-2/0/12;
+ description "Fragleberg Access Points";
+ unit 0 {
+ family ethernet-switching {
+ interface-mode access;
+ vlan {
+ members CREW_CLIENTS;
+ }
+ }
+ }
+ }
+ ge-0/0/3 {
+ description "ae3 fugleberg";
+ ether-options {
+ 802.3ad ae3;
+ }
+ }
+ ge-0/0/4 {
+ description "ae4 fugleberg";
+ ether-options {
+ 802.3ad ae4;
+ }
+ }
+ ge-0/0/5 {
+ description "ae5 fugleberg";
+ ether-options {
+ 802.3ad ae5;
+ }
+ }
+ ge-0/0/6 {
+ description "Trunk mot SEC";
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ Klientnett_security mgmt security ];
+ }
+ }
+ }
+ }
+ ge-0/0/7 {
+ description "Trunk mot SEC:Video";
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ mgmt Klientnett_security_video security ];
+ }
+ }
+ }
+ }
+ ge-0/0/8 {
+ unit 0 {
+ family ethernet-switching {
+ interface-mode access;
+ vlan {
+ members CREW_CLIENTS;
+ }
+ }
+ }
+ }
+ ge-0/0/12 {
+ description CREWSW1;
+ ether-options {
+ 802.3ad ae12;
+ }
+ }
+ ge-0/0/13 {
+ description CREWSW2;
+ ether-options {
+ 802.3ad ae13;
+ }
+ }
+ ge-0/0/14 {
+ description CREWSW3;
+ ether-options {
+ 802.3ad ae14;
+ }
+ }
+ ge-0/0/15 {
+ description CREWSW4;
+ ether-options {
+ 802.3ad ae15;
+ }
+ }
+ ge-0/0/16 {
+ description CREWSW5;
+ ether-options {
+ 802.3ad ae16;
+ }
+ }
+ ge-0/0/23 {
+ description "Presserom - EX2200";
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ klientnett_presse mgmt ];
+ }
+ }
+ }
+ }
+ et-0/1/0 {
+ description "ae31 mot telegw";
+ ether-options {
+ 802.3ad ae31;
+ }
+ }
+ et-0/1/1 {
+ description "40G mot standgw";
+ unit 0 {
+ family inet {
+ address 185.110.148.132/31;
+ }
+ family inet6;
+ }
+ }
+ xe-0/2/0 {
+ description GAMEGW;
+ ether-options {
+ 802.3ad ae26;
+ }
+ }
+ et-0/2/1 {
+ description "40G mot standgw";
+ }
+ ge-1/0/1 {
+ description "ae1 mot nocsw1";
+ ether-options {
+ 802.3ad ae1;
+ }
+ }
+ ge-1/0/2 {
+ description "ae2 mot nocsw2";
+ ether-options {
+ 802.3ad ae2;
+ }
+ }
+ ge-1/0/3 {
+ description "ae3 fugleberg";
+ ether-options {
+ 802.3ad ae3;
+ }
+ }
+ ge-1/0/4 {
+ description "ae4 fugleberg";
+ ether-options {
+ 802.3ad ae4;
+ }
+ }
+ ge-1/0/5 {
+ description "ae5 fugleberg";
+ ether-options {
+ 802.3ad ae5;
+ }
+ }
+ ge-1/0/12 {
+ description CREWSW1;
+ ether-options {
+ 802.3ad ae12;
+ }
+ }
+ ge-1/0/13 {
+ description CREWSW2;
+ ether-options {
+ 802.3ad ae13;
+ }
+ }
+ ge-1/0/14 {
+ description CREWSW3;
+ ether-options {
+ 802.3ad ae14;
+ }
+ }
+ ge-1/0/15 {
+ description CREWSW4;
+ ether-options {
+ 802.3ad ae15;
+ }
+ }
+ ge-1/0/16 {
+ description CREWSW5;
+ ether-options {
+ 802.3ad ae16;
+ }
+ }
+ ge-1/0/23 {
+ description klientnett_noc;
+ unit 0 {
+ family ethernet-switching {
+ interface-mode access;
+ vlan {
+ members klientnett_noc;
+ }
+ }
+ }
+ }
+ et-1/1/0 {
+ description "ae31 mot telegw";
+ ether-options {
+ 802.3ad ae31;
+ }
+ }
+ et-1/1/1 {
+ description "ae30 mot coregw";
+ ether-options {
+ 802.3ad ae30;
+ }
+ }
+ ge-2/0/1 {
+ description "ae1 mot nocsw1";
+ ether-options {
+ 802.3ad ae1;
+ }
+ }
+ ge-2/0/2 {
+ description "ae2 mot nocsw2";
+ ether-options {
+ 802.3ad ae2;
+ }
+ }
+ ge-2/0/23 {
+ description servernett_stand;
+ unit 0 {
+ family ethernet-switching {
+ interface-mode access;
+ vlan {
+ members servernett_stand;
+ }
+ }
+ }
+ }
+ et-2/1/0 {
+ description "ae30 mot coregw";
+ ether-options {
+ 802.3ad ae30;
+ }
+ }
+ xe-2/2/0 {
+ description "link mot northgw";
+ ether-options {
+ 802.3ad ae28;
+ }
+ }
+ ge-3/0/1 {
+ description "ae1 mot nocsw1";
+ ether-options {
+ 802.3ad ae1;
+ }
+ }
+ ge-3/0/2 {
+ description "ae2 mot nocsw2";
+ ether-options {
+ 802.3ad ae2;
+ }
+ }
+ ae1 {
+ description nocsw1;
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members klientnett_noc;
+ }
+ }
+ }
+ }
+ ae2 {
+ description nocsw2;
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members klientnett_noc;
+ }
+ }
+ }
+ }
+ ae3 {
+ description "mot fugleberget 3";
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ klientnett_fugleberget mgmt ];
+ }
+ }
+ }
+ }
+ ae4 {
+ description "mot fugleberget 2";
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ klientnett_fugleberget mgmt ];
+ }
+ }
+ }
+ }
+ ae5 {
+ description "mot fugleberget 1";
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ klientnett_fugleberget mgmt ];
+ }
+ }
+ }
+ }
+ ae12 {
+ description CREWSW1;
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ CREW_CLIENTS mgmt ];
+ }
+ }
+ }
+ }
+ ae13 {
+ description CREWSW2;
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ CREW_CLIENTS mgmt ];
+ }
+ }
+ }
+ }
+ ae14 {
+ description CREWSW3;
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ CREW_CLIENTS mgmt ];
+ }
+ }
+ }
+ }
+ ae15 {
+ description CREWSW4;
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ CREW_CLIENTS mgmt ];
+ }
+ }
+ }
+ }
+ ae16 {
+ description CREWSW5;
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ members [ CREW_CLIENTS mgmt ];
+ }
+ }
+ }
+ }
+ ae26 {
+ unit 0 {
+ family inet {
+ address 185.110.148.185/31;
+ }
+ family inet6;
+ }
+ }
+ ae27 {
+ unit 0 {
+ description "link to stand";
+ }
+ }
+ ae28 {
+ description "mot northgw ae31";
+ unit 0 {
+ family inet {
+ address 185.110.148.138/31;
+ }
+ }
+ }
+ ae30 {
+ description "80G mot coregw";
+ unit 0 {
+ family inet {
+ address 185.110.148.136/31;
+ }
+ family inet6;
+ }
+ }
+ ae31 {
+ description "80G mot telegw";
+ unit 0 {
+ family inet {
+ address 185.110.148.131/31;
+ }
+ family inet6;
+ }
+ }
+ irb {
+ unit 239 {
+ description "Klientnett Fugleberget";
+ family inet {
+ address 88.92.65.1/24;
+ }
+ family inet6 {
+ address 2a06:5840:65::1/64;
+ }
+ }
+ unit 240 {
+ description CREW_CLIENTS;
+ family inet {
+ address 88.92.66.1/24;
+ }
+ family inet6 {
+ address 2a06:5840:66::1/66;
+ }
+ }
+ unit 247 {
+ family inet {
+ address 88.92.73.1/24;
+ }
+ family inet6 {
+ address 2a06:5840:73::1/64;
+ }
+ }
+ unit 248 {
+ family inet {
+ address 88.92.74.1/24;
+ }
+ family inet6 {
+ address 2a06:5840:74::1/64;
+ }
+ }
+ unit 249 {
+ family inet {
+ address 88.92.75.1/24;
+ }
+ family inet6 {
+ address 2a06:5840:75::1/64;
+ }
+ }
+ unit 1220 {
+ description mgmt;
+ family inet {
+ address 88.92.57.1/27;
+ }
+ family inet6 {
+ address 2a06:5840:570::1/64;
+ }
+ }
+ unit 1481 {
+ description "Servernett Stand";
+ }
+ unit 1501 {
+ description "Klientnett NOC";
+ family inet {
+ address 185.110.150.1/25;
+ }
+ family inet6 {
+ address 2a06:5841:150a::1/64;
+ }
+ }
+ unit 3000 {
+ description Security;
+ family inet {
+ filter {
+ input v4-security;
+ output v4-security;
+ }
+ address 10.30.10.1/24;
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input protect-mgmt-v4;
+ }
+ address 185.110.148.65/32;
+ }
+ family inet6 {
+ filter {
+ input protect-mgmt-v6;
+ }
+ address 2a06:5841:148b::65/128;
+ }
+ }
+ }
+}
+snmp {
+ community <removed> {
+ authorization read-only;
+ client-list-name mgmt;
+ }
+ community <removed> {
+ authorization read-only;
+ client-list-name mgmt-nms;
+ }
+}
+forwarding-options {
+ dhcp-relay {
+ dhcpv6 {
+ group all {
+ interface irb.239;
+ interface irb.240;
+ interface irb.247;
+ interface irb.248;
+ interface irb.249;
+ interface irb.1481;
+ interface irb.1501;
+ }
+ server-group {
+ v6-dhcp {
+ 2a06:5841:149a::2;
+ 2a06:5841:1337::2;
+ }
+ }
+ active-server-group v6-dhcp;
+ }
+ server-group {
+ v4-dhcp {
+ 185.110.149.2;
+ 185.110.148.2;
+ }
+ }
+ active-server-group v4-dhcp;
+ group all {
+ overrides {
+ trust-option-82;
+ }
+ interface irb.239;
+ interface irb.240;
+ interface irb.247;
+ interface irb.248;
+ interface irb.249;
+ interface irb.1481;
+ interface irb.1501;
+ }
+ }
+}
+protocols {
+ apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ];
+ router-advertisement {
+ interface irb.1501;
+ interface irb.240;
+ interface irb.248;
+ interface irb.249;
+ interface irb.239;
+ interface irb.247;
+ interface irb.1481;
+ }
+ ospf {
+ export [ redistribute-direct redistribute-static ];
+ reference-bandwidth 1000g;
+ area 0.0.0.0 {
+ interface ae31.0;
+ interface ae30.0;
+ interface xe-0/2/0.0;
+ interface et-0/1/1.0 {
+ bfd-liveness-detection {
+ minimum-interval 100;
+ multiplier 3;
+ }
+ }
+ interface ae28.0;
+ interface ae26.0;
+ }
+ }
+ ospf3 {
+ export [ redistribute-direct redistribute-static ];
+ reference-bandwidth 1000g;
+ area 0.0.0.0 {
+ interface ae31.0;
+ interface ae30.0;
+ interface xe-0/2/0.0;
+ interface et-0/1/1.0 {
+ bfd-liveness-detection {
+ minimum-interval 100;
+ multiplier 3;
+ }
+ }
+ }
+ }
+ lacp {
+ traceoptions {
+ file log-lacp size 100k files 2;
+ flag all;
+ }
+ }
+ lldp {
+ interface all;
+ }
+ lldp-med {
+ interface all;
+ }
+ igmp-snooping {
+ vlan default;
+ }
+}
+policy-options {
+ prefix-list mgmt-v4 {
+ /* KANDU PA-nett (brukt på servere, infra etc) */
+ 185.110.148.0/22;
+ }
+ prefix-list mgmt-v6 {
+ /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */
+ 2a06:5841::/32;
+ }
+ /* sammenslått av separate v4- og v6-lister */
+ prefix-list mgmt {
+ 185.110.148.0/22;
+ 2a06:5841::/32;
+ }
+ /* NMS boxes - separate list to give full speed to SNMP read */
+ prefix-list mgmt-v4-nms {
+ 185.110.148.11/32;
+ 185.110.148.12/32;
+ }
+ /* NMS boxes - separate list to give full speed to SNMP read */
+ prefix-list mgmt-v6-nms {
+ 2a06:5841:1337::11/128;
+ 2a06:5841:1337::12/128;
+ }
+ /* NMS boxes - separate list to give full speed to SNMP read */
+ prefix-list mgmt-nms {
+ 185.110.148.11/32;
+ 185.110.148.12/32;
+ 185.110.150.10/32;
+ 2a06:5841:1337::11/128;
+ 2a06:5841:1337::12/128;
+ }
+ prefix-list icmp_unthrottled-v4 {
+ 185.110.148.0/22;
+ 193.212.22.0/30;
+ }
+ prefix-list icmp_unthrottled-v6 {
+ 2001:4600:9:300::290/126;
+ 2a06:5841::/32;
+ }
+ policy-statement redistribute-direct {
+ from protocol direct;
+ then {
+ external {
+ type 1;
+ }
+ accept;
+ }
+ }
+ policy-statement redistribute-static {
+ from protocol static;
+ then {
+ external {
+ type 1;
+ }
+ accept;
+ }
+ }
+}
+firewall {
+ family inet {
+ filter protect-mgmt-v4 {
+ term accept-ssh {
+ from {
+ source-prefix-list {
+ mgmt-v4;
+ }
+ destination-port 22;
+ }
+ then {
+ count accept-ssh;
+ accept;
+ }
+ }
+ term reject-ssh {
+ from {
+ destination-port 22;
+ }
+ then {
+ count reject-ssh;
+ reject;
+ }
+ }
+ term snmp-nms {
+ from {
+ source-prefix-list {
+ mgmt-v4-nms;
+ }
+ destination-port snmp;
+ }
+ then {
+ count snmp-nms;
+ accept;
+ }
+ }
+ term snmp-throttle {
+ from {
+ source-prefix-list {
+ mgmt-v4;
+ }
+ destination-port snmp;
+ }
+ then {
+ policer policer-1Mbit;
+ count snmp-throttle;
+ accept;
+ }
+ }
+ term icmp-trusted {
+ from {
+ source-prefix-list {
+ icmp_unthrottled-v4;
+ }
+ protocol icmp;
+ }
+ then {
+ count icmp-trusted;
+ accept;
+ }
+ }
+ term icmp-throttled {
+ from {
+ protocol icmp;
+ }
+ then {
+ policer policer-1Mbit;
+ accept;
+ }
+ }
+ term accept-all {
+ then {
+ count accept-all;
+ accept;
+ }
+ }
+ }
+ filter v4-security {
+ term accept-security {
+ from {
+ source-address {
+ 10.30.0.0/16;
+ }
+ destination-address {
+ 10.30.0.0/16;
+ }
+ }
+ then accept;
+ }
+ term discard-all {
+ then {
+ discard;
+ }
+ }
+ }
+ }
+ family inet6 {
+ filter protect-mgmt-v6 {
+ term accept-ssh {
+ from {
+ source-prefix-list {
+ inactive: mgmt-v6;
+ }
+ destination-port 22;
+ }
+ then {
+ count accept-ssh;
+ accept;
+ }
+ }
+ term reject-ssh {
+ from {
+ destination-port 22;
+ }
+ then {
+ count reject-ssh;
+ reject;
+ }
+ }
+ term snmp-nms {
+ from {
+ source-prefix-list {
+ mgmt-v6-nms;
+ }
+ destination-port snmp;
+ }
+ then {
+ count snmp-nms;
+ accept;
+ }
+ }
+ term snmp-throttle {
+ from {
+ source-prefix-list {
+ mgmt-v6;
+ }
+ destination-port snmp;
+ }
+ then {
+ policer policer-1Mbit;
+ count snmp-throttle;
+ accept;
+ }
+ }
+ term icmp-trusted {
+ from {
+ source-prefix-list {
+ icmp_unthrottled-v6;
+ }
+ next-header icmp6;
+ }
+ then {
+ count icmp-trusted;
+ accept;
+ }
+ }
+ term icmp-throttled {
+ from {
+ next-header icmp6;
+ }
+ then {
+ policer policer-1Mbit;
+ accept;
+ }
+ }
+ term accept-all {
+ then {
+ count accept-all;
+ accept;
+ }
+ }
+ }
+ }
+ policer policer-1Mbit {
+ if-exceeding {
+ bandwidth-limit 1m;
+ burst-size-limit 500k;
+ }
+ then discard;
+ }
+ policer policer-slowest {
+ if-exceeding {
+ bandwidth-limit 32k;
+ burst-size-limit 32k;
+ }
+ then discard;
+ }
+}
+access {
+ address-assignment {
+ pool sec_lukket {
+ family inet {
+ network 10.30.10.0/24;
+ }
+ }
+ }
+}
+virtual-chassis {
+ preprovisioned;
+ member 0 {
+ role routing-engine;
+ serial-number <removed>;
+ }
+ member 1 {
+ role routing-engine;
+ serial-number <removed>;
+ }
+ member 2 {
+ role line-card;
+ serial-number <removed>;
+ }
+}
+vlans {
+ CREW_CLIENTS {
+ vlan-id 240;
+ l3-interface irb.240;
+ }
+ Klientnett_security {
+ vlan-id 248;
+ l3-interface irb.248;
+ }
+ Klientnett_security_video {
+ vlan-id 249;
+ l3-interface irb.249;
+ }
+ klientnett_fugleberget {
+ vlan-id 239;
+ l3-interface irb.239;
+ }
+ klientnett_noc {
+ vlan-id 1501;
+ l3-interface irb.1501;
+ }
+ klientnett_presse {
+ vlan-id 247;
+ l3-interface irb.247;
+ }
+ mgmt {
+ vlan-id 1220;
+ l3-interface irb.1220;
+ }
+ security {
+ vlan-id 3000;
+ l3-interface irb.3000;
+ }
+ servernett_stand {
+ vlan-id 1481;
+ l3-interface irb.1481;
+ }
+}
+poe;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 10:21:02 +0000