aboutsummaryrefslogtreecommitdiffstats
path: root/examples/tg16/netconf/swinggw.conf
diff options
context:
space:
mode:
Diffstat (limited to 'examples/tg16/netconf/swinggw.conf')
-rw-r--r--examples/tg16/netconf/swinggw.conf716
1 files changed, 716 insertions, 0 deletions
diff --git a/examples/tg16/netconf/swinggw.conf b/examples/tg16/netconf/swinggw.conf
new file mode 100644
index 0000000..fe9cee7
--- /dev/null
+++ b/examples/tg16/netconf/swinggw.conf
@@ -0,0 +1,716 @@
+## Last changed: 2016-03-23 04:17:59 CET
+version 14.1X53-D26.2;
+groups {
+ SET_AE_DEFAULTS {
+ interfaces {
+ <ae*> {
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ }
+ }
+ }
+ SET_OSPF_DEFAULTS {
+ protocols {
+ ospf {
+ reference-bandwidth 1000g;
+ area <*> {
+ interface <ae*> {
+ bfd-liveness-detection {
+ minimum-interval 100;
+ multiplier 3;
+ }
+ }
+ }
+ }
+ ospf3 {
+ reference-bandwidth 1000g;
+ area <*> {
+ interface <ae*> {
+ bfd-liveness-detection {
+ minimum-interval 100;
+ multiplier 3;
+ }
+ }
+ }
+ }
+ }
+ }
+ SET_RA_DEFAULTS {
+ protocols {
+ router-advertisement {
+ interface <*> {
+ max-advertisement-interval 15;
+ managed-configuration;
+ }
+ }
+ }
+ }
+}
+system {
+ host-name swinggw;
+ auto-snapshot;
+ domain-name infra.gathering.org;
+ time-zone Europe/Oslo;
+ authentication-order tacplus;
+ root-authentication {
+ encrypted-password "<removed>";
+ }
+ name-server {
+ 185.110.149.2;
+ 185.110.148.2;
+ 2a06:5841:149a::2;
+ 2a06:5841:1337::2;
+ }
+ tacplus-server {
+ 134.90.150.164 {
+ secret "<removed>";
+ source-address 185.110.148.71;
+ }
+ }
+ login {
+ user technet {
+ uid 2000;
+ class super-user;
+ authentication {
+ encrypted-password "<removed>";
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ no-tcp-forwarding;
+ client-alive-count-max 2;
+ client-alive-interval 300;
+ connection-limit 5;
+ rate-limit 5;
+ }
+ netconf {
+ ssh {
+ connection-limit 3;
+ rate-limit 3;
+ }
+ }
+ }
+ syslog {
+ user * {
+ any emergency;
+ }
+ host 185.110.148.17 {
+ any info;
+ authorization info;
+ port 515;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ }
+ archival {
+ configuration {
+ transfer-on-commit;
+ archive-sites {
+ "scp://user@host/some/folder/" password "<removed>";
+ }
+ }
+ }
+ commit synchronize;
+ ntp {
+ server 2001:700:100:2::6;
+ }
+}
+chassis {
+ aggregated-devices {
+ ethernet {
+ device-count 32;
+ }
+ }
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+ auto-image-upgrade;
+}
+security {
+ ssh-known-hosts {
+ host 134.90.150.164 {
+ ecdsa-sha2-nistp256-key <removed>;
+ }
+ }
+}
+interfaces {
+ apply-groups SET_AE_DEFAULTS;
+ interface-range GAMEHQ_CLIENTS {
+ member ge-0/0/0;
+ member-range ge-0/0/10 to ge-0/0/43;
+ description "GameHQ Clients";
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members GAMEHQ_CLIENTS;
+ }
+ }
+ }
+ }
+ ge-0/0/2 {
+ description sw1.streamer-1;
+ ether-options {
+ 802.3ad ae27;
+ }
+ }
+ ge-0/0/3 {
+ description sw1.streamer-2;
+ ether-options {
+ 802.3ad ae27;
+ }
+ }
+ ge-0/0/4 {
+ description sw1.streamer-3;
+ ether-options {
+ 802.3ad ae27;
+ }
+ }
+ ge-0/0/5 {
+ description sw1-flankenord;
+ ether-options {
+ 802.3ad ae26;
+ }
+ }
+ ge-0/0/6 {
+ description sw1-flankenord;
+ ether-options {
+ 802.3ad ae26;
+ }
+ }
+ ge-0/0/7 {
+ description sw2.streamer-1;
+ ether-options {
+ 802.3ad ae28;
+ }
+ }
+ ge-0/0/8 {
+ description sw2.streamer-2;
+ ether-options {
+ 802.3ad ae28;
+ }
+ }
+ ge-0/0/9 {
+ description sw2.streamer-3;
+ ether-options {
+ 802.3ad ae28;
+ }
+ }
+ xe-0/1/0 {
+ description LOGGW;
+ ether-options {
+ 802.3ad ae31;
+ }
+ }
+ xe-0/1/1 {
+ description NORTHGW;
+ ether-options {
+ 802.3ad ae30;
+ }
+ }
+ xe-0/1/2 {
+ description "ae29 mot stagegw";
+ ether-options {
+ 802.3ad ae29;
+ }
+ }
+ ae26 {
+ description sw1-flankenord;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ MGMT FLANKENORD_CLIENTS ];
+ }
+ }
+ }
+ }
+ ae27 {
+ description uplinkstreamer1;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ MGMT klientnett_streamer1 ];
+ }
+ }
+ }
+ }
+ ae28 {
+ description uplinkstreamer2;
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ MGMT klientnett_streamer2 ];
+ }
+ }
+ }
+ }
+ ae29 {
+ description "mot stagegw ae0";
+ unit 0 {
+ family inet {
+ address 185.110.148.175/31;
+ }
+ family inet6;
+ }
+ }
+ ae30 {
+ description NORTHGW;
+ unit 0 {
+ family inet {
+ address 185.110.148.141/31;
+ }
+ family inet6;
+ }
+ }
+ ae31 {
+ description LOGGW;
+ unit 0 {
+ family inet {
+ address 185.110.148.143/31;
+ }
+ family inet6;
+ }
+ }
+ lo0 {
+ description MGMT-INTERFACE;
+ unit 0 {
+ family inet {
+ filter {
+ input protect-mgmt-v4;
+ }
+ address 185.110.148.71/32;
+ }
+ family inet6 {
+ filter {
+ input protect-mgmt-v6;
+ }
+ address 2a06:5841:148b::71/128;
+ }
+ }
+ }
+ vlan {
+ /* Klient-VLAN */
+ unit 250 {
+ description "GameHQ Clients";
+ family inet {
+ address 88.92.76.1/24;
+ }
+ family inet6 {
+ address 2a06:5840:76::1/64;
+ }
+ }
+ unit 1228 {
+ description "swing - management";
+ family inet {
+ address 88.92.57.129/28;
+ }
+ family inet6 {
+ address 2a06:5840:576::129/64;
+ }
+ }
+ unit 2006 {
+ description "FLANKENORD CLIENTS";
+ family inet {
+ address 88.92.41.65/26;
+ }
+ family inet6 {
+ address 2a06:5840:41b::1/64;
+ }
+ }
+ unit 2008 {
+ description Klientnett_streamer1;
+ family inet {
+ address 88.92.41.193/26;
+ }
+ family inet6 {
+ address 2a06:5840:41d::1/64;
+ }
+ }
+ unit 2009 {
+ description Klientnett_streamer2;
+ family inet {
+ address 88.92.42.1/26;
+ }
+ family inet6 {
+ address 2a06:5840:42a::1/64;
+ }
+ }
+ unit 3001 {
+ description "Event lukket/internett/lol";
+ family inet {
+ address 10.30.40.1/24;
+ }
+ }
+ }
+}
+snmp {
+ community <removed> {
+ authorization read-only;
+ client-list-name mgmt;
+ }
+ community <removed> {
+ authorization read-only;
+ client-list-name mgmt-nms;
+ }
+}
+forwarding-options {
+ dhcp-relay {
+ dhcpv6 {
+ group EDGE {
+ active-server-group v6-EDGE;
+ overrides;
+ interface vlan.250;
+ interface vlan.1228;
+ interface vlan.2006;
+ interface vlan.2008;
+ interface vlan.2009;
+ interface vlan.3001;
+ }
+ server-group {
+ v6-EDGE {
+ 2a02:ed02:1ee7::66;
+ }
+ }
+ }
+ server-group {
+ v4-EDGE {
+ 185.110.149.2;
+ 185.110.148.2;
+ }
+ inactive: v4-autoconfig {
+ 1.1.1.1;
+ }
+ }
+ group EDGE {
+ active-server-group v4-EDGE;
+ overrides {
+ trust-option-82;
+ }
+ interface vlan.250;
+ interface vlan.1228;
+ interface vlan.2006;
+ interface vlan.2008;
+ interface vlan.2009;
+ interface vlan.3001;
+ }
+ inactive: group autoconfig {
+ active-server-group v4-autoconfig;
+ relay-option-82 {
+ circuit-id {
+ prefix {
+ host-name;
+ }
+ include-irb-and-l2;
+ }
+ }
+ interface vlan.666;
+ }
+ }
+}
+protocols {
+ mld;
+ router-advertisement {
+ interface vlan.250;
+ interface vlan.2006;
+ interface vlan.1228;
+ interface vlan.2008;
+ interface vlan.2009;
+ }
+ ospf {
+ export [ static-to-ospf direct-to-ospf ];
+ area 0.0.0.0 {
+ interface ae30.0;
+ interface ae31.0;
+ interface ae29.0;
+ }
+ }
+ ospf3 {
+ export [ static-to-ospf direct-to-ospf ];
+ area 0.0.0.0 {
+ interface ae30.0;
+ interface ae31.0;
+ interface ae29.0;
+ }
+ }
+ pim {
+ rp {
+ /* STANDGW */
+ static {
+ address 2a06:5841:148b::67;
+ address 185.110.148.67;
+ }
+ }
+ }
+ igmp-snooping {
+ vlan all {
+ version 3;
+ immediate-leave;
+ }
+ }
+ mld-snooping {
+ vlan all {
+ version 2;
+ immediate-leave;
+ }
+ }
+ rstp {
+ bridge-priority 8k;
+ interface GAMEHQ_CLIENTS {
+ edge;
+ no-root-port;
+ }
+ }
+ lldp {
+ management-address 185.110.148.71;
+ }
+ lldp-med {
+ interface all;
+ }
+}
+policy-options {
+ prefix-list mgmt-v4 {
+ /* KANDU PA-nett (brukt på servere, infra etc) */
+ 185.110.148.0/22;
+ }
+ prefix-list mgmt-v6 {
+ /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */
+ 2a06:5841::/32;
+ }
+ prefix-list mgmt {
+ 185.110.148.0/22;
+ 2a06:5841::/32;
+ }
+ prefix-list mgmt-v4-nms {
+ 185.110.148.11/32;
+ 185.110.148.12/32;
+ }
+ prefix-list mgmt-v6-nms {
+ 2a06:5841:1337::11/128;
+ 2a06:5841:1337::12/128;
+ }
+ prefix-list mgmt-nms {
+ 185.110.148.11/32;
+ 185.110.148.12/32;
+ 185.110.150.10/32;
+ 2a06:5841:1337::11/128;
+ 2a06:5841:1337::12/128;
+ }
+ prefix-list icmp_unthrottled-v4 {
+ 185.110.148.0/22;
+ 193.212.22.0/30;
+ }
+ prefix-list icmp_unthrottled-v6 {
+ 2001:4600:9:300::290/126;
+ 2a06:5841::/32;
+ }
+ policy-statement direct-to-ospf {
+ from protocol direct;
+ then {
+ external {
+ type 1;
+ }
+ accept;
+ }
+ }
+ policy-statement static-to-ospf {
+ from protocol static;
+ then {
+ external {
+ type 1;
+ }
+ accept;
+ }
+ }
+}
+firewall {
+ family inet {
+ filter protect-mgmt-v4 {
+ term accept-ssh {
+ from {
+ source-prefix-list {
+ mgmt-v4;
+ }
+ destination-port 22;
+ }
+ then accept;
+ }
+ term discard-ssh {
+ from {
+ destination-port 22;
+ }
+ then {
+ discard;
+ }
+ }
+ term snmp-nms {
+ from {
+ source-prefix-list {
+ mgmt-v4-nms;
+ }
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term snmp-throttle {
+ from {
+ source-prefix-list {
+ mgmt-v4;
+ }
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term icmp-trusted {
+ from {
+ source-prefix-list {
+ icmp_unthrottled-v4;
+ }
+ protocol icmp;
+ }
+ then accept;
+ }
+ term icmp-throttled {
+ from {
+ protocol icmp;
+ }
+ then accept;
+ }
+ term accept-all {
+ then accept;
+ }
+ }
+ }
+ family inet6 {
+ filter protect-mgmt-v6 {
+ term accept-ssh {
+ from {
+ source-prefix-list {
+ mgmt-v6;
+ }
+ destination-port 22;
+ }
+ then accept;
+ }
+ term discard-ssh {
+ from {
+ destination-port 22;
+ }
+ then discard;
+ }
+ term snmp-nms {
+ from {
+ source-prefix-list {
+ mgmt-v6-nms;
+ }
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term snmp-throttle {
+ from {
+ source-prefix-list {
+ mgmt-v6;
+ }
+ destination-port snmp;
+ }
+ then accept;
+ }
+ term icmp-trusted {
+ from {
+ source-prefix-list {
+ icmp_unthrottled-v6;
+ }
+ next-header icmp6;
+ }
+ then accept;
+ }
+ term icmp-throttled {
+ from {
+ next-header icmp6;
+ }
+ then accept;
+ }
+ term accept-all {
+ then accept;
+ }
+ }
+ }
+}
+/* EDGE */
+ethernet-switching-options {
+ /* EDGE */
+ secure-access-port {
+ interface GAMEHQ_CLIENTS {
+ no-dhcp-trusted;
+ }
+ vlan GAMEHQ_CLIENTS {
+ arp-inspection;
+ examine-dhcp;
+ examine-dhcpv6;
+ neighbor-discovery-inspection;
+ ip-source-guard;
+ ipv6-source-guard;
+ dhcp-option82;
+ dhcpv6-option18 {
+ use-option-82;
+ }
+ }
+ ipv6-source-guard-sessions {
+ max-number 128;
+ }
+ }
+ /* EDGE SLUTT */
+ storm-control {
+ interface all;
+ }
+}
+vlans {
+ EVENTNETT {
+ description "Event lukket/internett/lol";
+ vlan-id 3001;
+ l3-interface vlan.3001;
+ }
+ FLANKENORD_CLIENTS {
+ description "FLANKENORD CLIENTS";
+ vlan-id 2006;
+ l3-interface vlan.2006;
+ }
+ GAMEHQ_CLIENTS {
+ description "GameHQ Clients";
+ vlan-id 250;
+ l3-interface vlan.250;
+ }
+ MGMT {
+ description "swing - management";
+ vlan-id 1228;
+ l3-interface vlan.1228;
+ }
+ klientnett_streamer1 {
+ description Klientnett_streamer1;
+ vlan-id 2008;
+ l3-interface vlan.2008;
+ }
+ klientnett_streamer2 {
+ description Klientnett_streamer2;
+ vlan-id 2009;
+ l3-interface vlan.2009;
+ }
+}
+poe {
+ interface all;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 15:43:22 +0000