aboutsummaryrefslogtreecommitdiffstats
path: root/examples/tg19/netconf/s1.cna.conf
diff options
context:
space:
mode:
Diffstat (limited to 'examples/tg19/netconf/s1.cna.conf')
-rw-r--r--examples/tg19/netconf/s1.cna.conf338
1 files changed, 338 insertions, 0 deletions
diff --git a/examples/tg19/netconf/s1.cna.conf b/examples/tg19/netconf/s1.cna.conf
new file mode 100644
index 0000000..847bc93
--- /dev/null
+++ b/examples/tg19/netconf/s1.cna.conf
@@ -0,0 +1,338 @@
+## Last changed: 2019-04-16 20:56:00 CEST
+version 15.1R6.7;
+system {
+ host-name s1.cna;
+ auto-snapshot;
+ domain-name tg19.gathering.org;
+ time-zone Europe/Oslo;
+ authentication-order tacplus;
+ root-authentication {
+ encrypted-password "<removed>";
+ }
+ name-server {
+ 2a06:5841:a:103::62;
+ 2a06:5841:a:104::126;
+ }
+ tacplus-server {
+ 134.90.150.164 secret "<removed>";
+ }
+ login {
+ user technet {
+ uid 2000;
+ class super-user;
+ authentication {
+ encrypted-password "<removed>";
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ no-tcp-forwarding;
+ protocol-version v2;
+ client-alive-count-max 2;
+ client-alive-interval 300;
+ connection-limit 50;
+ rate-limit 5;
+ }
+ netconf {
+ ssh {
+ port 830;
+ }
+ }
+ }
+ syslog {
+ user * {
+ any emergency;
+ }
+ host log.tg19.gathering.org {
+ any warning;
+ authorization info;
+ daemon warning;
+ user warning;
+ change-log any;
+ interactive-commands any;
+ match "!(.*License.*)";
+ allow-duplicates;
+ facility-override local7;
+ explicit-priority;
+ }
+ /* Local logging of syslog message */
+ file messages {
+ any notice;
+ authorization info;
+ }
+ /* Local logging of all user-commands typed in the CLI */
+ file interactive-commands {
+ interactive-commands any;
+ match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED";
+ }
+ }
+ /* Save changes to central site */
+ archival {
+ configuration {
+ transfer-on-commit;
+ archive-sites {
+ "scp://user@host/some/folder/" password "<removed>";
+ }
+ }
+ }
+ commit synchronize;
+ ntp {
+ /* ntp.uio.no */
+ server 2001:700:100:2::6;
+ }
+}
+chassis {
+ aggregated-devices {
+ ethernet {
+ device-count 2;
+ }
+ }
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+}
+security {
+ ssh-known-hosts {
+ host <removed> {
+ ecdsa-sha2-nistp256-key <removed>;
+ }
+ }
+}
+interfaces {
+ interface-range all-ports {
+ member ge-*/*/*;
+ member xe-*/*/*;
+ member et-*/*/*;
+ }
+ interface-range edge-ports {
+ member-range ge-0/0/0 to ge-0/0/43;
+ description Clients;
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members clients;
+ }
+ }
+ }
+ }
+ interface-range uplink-ports {
+ member-range ge-0/0/46 to ge-0/0/47;
+ description "G: r1.ring";
+ ether-options {
+ 802.3ad ae0;
+ }
+ }
+ interface-range unused-ports {
+ member-range ge-0/0/44 to ge-0/0/45;
+ description not-in-use;
+ }
+ ae0 {
+ description "B: r1.ring";
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members [ clients mgmt ];
+ }
+ }
+ }
+ }
+ lo0 {
+ unit 0 {
+ family inet {
+ filter {
+ input mgmt-v4;
+ }
+ address 127.0.0.1/32;
+ }
+ family inet6 {
+ filter {
+ input mgmt-v6;
+ }
+ address ::1/128;
+ }
+ }
+ }
+ vlan {
+ unit 666 {
+ description "Switch mgmt";
+ family inet {
+ filter {
+ input mgmt-v4;
+ }
+ address 88.92.2.70/26;
+ }
+ family inet6 {
+ filter {
+ input mgmt-v6;
+ }
+ address 2a06:5841:d:b::70/64;
+ }
+ }
+ }
+}
+snmp {
+ contact NOC;
+ community <removed> {
+ authorization read-only;
+ client-list-name mgmt;
+ }
+}
+routing-options {
+ rib inet.0 {
+ static {
+ route 0.0.0.0/0 next-hop 88.92.2.65;
+ }
+ }
+ rib inet6.0 {
+ static {
+ route ::/0 next-hop 2a06:5841:d:b::1;
+ }
+ }
+}
+protocols {
+ sflow {
+ sample-rate {
+ ingress 10000;
+ egress 10000;
+ }
+ collector <removed>;
+ interfaces all-ports;
+ }
+ igmp-snooping {
+ vlan all {
+ version 3;
+ immediate-leave;
+ }
+ }
+ mld-snooping {
+ vlan all {
+ version 2;
+ immediate-leave;
+ }
+ }
+ rstp {
+ bridge-priority 32k;
+ interface edge-ports {
+ edge;
+ no-root-port;
+ }
+ }
+ lldp {
+ interface uplink-ports;
+ }
+}
+policy-options {
+ prefix-list mgmt-v4 {
+ }
+ prefix-list mgmt-v6 {
+ }
+ /* Merged separate v4- og v6-lister */
+ prefix-list mgmt {
+ apply-path "policy-options prefix-list <mgmt-v*> <*>";
+ }
+}
+firewall {
+ family inet {
+ filter mgmt-v4 {
+ term accept-ssh {
+ from {
+ source-prefix-list {
+ mgmt-v4;
+ }
+ destination-port 22;
+ }
+ then accept;
+ }
+ term discard-ssh {
+ from {
+ destination-port 22;
+ }
+ then {
+ discard;
+ }
+ }
+ term accept-all {
+ then accept;
+ }
+ }
+ }
+ family inet6 {
+ filter mgmt-v6 {
+ term accept-ssh {
+ from {
+ source-prefix-list {
+ mgmt-v6;
+ }
+ destination-port 22;
+ }
+ then accept;
+ }
+ term discard-ssh {
+ from {
+ destination-port 22;
+ }
+ then discard;
+ }
+ term accept-all {
+ then accept;
+ }
+ }
+ }
+}
+ethernet-switching-options {
+ secure-access-port {
+ interface edge-ports {
+ no-dhcp-trusted;
+ }
+ vlan clients {
+ arp-inspection;
+ examine-dhcp;
+ inactive: examine-dhcpv6;
+ inactive: neighbor-discovery-inspection;
+ ip-source-guard;
+ inactive: ipv6-source-guard;
+ dhcp-option82 {
+ circuit-id {
+ use-vlan-id;
+ }
+ }
+ no-option-37;
+ inactive: dhcpv6-option18 {
+ use-option-82;
+ }
+ }
+ inactive: ipv6-source-guard-sessions {
+ max-number 128;
+ }
+ }
+ storm-control {
+ action-shutdown;
+ interface edge-ports {
+ bandwidth 5000;
+ multicast;
+ }
+ }
+}
+vlans {
+ clients {
+ vlan-id 114;
+ }
+ mgmt {
+ vlan-id 666;
+ l3-interface vlan.666;
+ }
+}
+poe {
+ interface all;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 17:19:40 +0000