## Last commit: 2014-12-23 01:51:04 CET by root version 14.1X53-D15.2; system { host-name rs1.crew; auto-snapshot; time-zone Europe/Oslo; authentication-order [ tacplus password ]; root-authentication { } name-server { 2a02:ed02:1ee7::66; 2a02:ed02:1337::2; } login { user technet { uid 2000; class super-user; authentication { } } } services { ssh; } syslog { user * { any emergency; } host 185.12.59.18 { any info; authorization info; port 515; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } commit synchronize; ntp; } chassis { aggregated-devices { ethernet { device-count 32; } } } interfaces { interface-range klientporter-crew-1 { member ge-0/0/0; member ge-0/0/1; member ge-0/0/2; member-range ge-0/0/5 to ge-0/0/38; description "klientporter crew"; unit 0 { family ethernet-switching { port-mode access; vlan { members crew_klientnett_rs1-crew; } } } } interface-range klientporter-crew-2 { member-range ge-0/1/0 to ge-0/1/47; description "klientporter crew"; unit 0 { family ethernet-switching { port-mode access; vlan { members crew_klientnett_rs1-crew; } } } } ge-0/0/3 { ether-options { 802.3ad ae3; } } ge-0/0/4 { ether-options { 802.3ad ae3; } } ge-0/0/39 { description "sw1-crew access / ae0"; ether-options { 802.3ad ae0; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/40 { description sw1-crew; ether-options { 802.3ad ae0; } } ge-0/0/41 { description sw1-crew; ether-options { 802.3ad ae0; } } ge-0/0/42 { description "sw2-crew access / ae1"; ether-options { 802.3ad ae1; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/43 { description sw2-crew; ether-options { 802.3ad ae1; } } ge-0/0/44 { description sw2-crew; ether-options { 802.3ad ae1; } } ge-0/0/45 { description "sw3-crew access / ae2"; ether-options { 802.3ad ae2; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/46 { description sw3-crew; ether-options { 802.3ad ae2; } } ge-0/0/47 { description sw3-crew; ether-options { 802.3ad ae2; } } xe-0/1/0 { description "rs1.core xe-0/0/8"; ether-options { 802.3ad ae31; } } xe-0/1/1 { description "rs1.south xe-0/1/2"; ether-options { 802.3ad ae30; } } ge-1/0/0 { unit 0 { family ethernet-switching { vlan { members crew_klientnett_rs1-crew; } } } } ge-1/0/1 { unit 0 { family ethernet-switching { vlan { members crew_klientnett_rs1-crew; } } } } xe-1/1/0 { description "rs1.core xe-1/0/8"; ether-options { 802.3ad ae31; } } xe-1/1/1 { description "rs1.south xe-0/1/3"; ether-options { 802.3ad ae30; } } ae0 { description "sw1-crew ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt sw1-crew ]; } } } } ae1 { description "sw2-crew ae1"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt sw2-crew ]; } } } } ae2 { description "sw3-crew ae2"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt sw3-crew ]; } } } } ae3 { aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode access; vlan { members crew_klientnett_rs1-crew; } } } } ae30 { description "rs1.south ae31"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 151.216.128.25/31; } family inet6 { address 2a02:ed02:fffe::25/127; } } } ae31 { description "rs1.core ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 151.216.128.27/31; } family inet6 { address 2a02:ed02:fffe::27/127; } } } lo0 { unit 0 { family inet { filter { input v4-mgmt; } address 151.216.255.17/32; } family inet6 { filter { input v6-mgmt; } address 2a02:ed02:ffff::17/128; } } } vlan { unit 666 { family inet { address 151.216.183.65/27; } family inet6 { address 2a02:ed02:1832::1/64; } } unit 1700 { description "klientnett crew rs1.crew"; family inet { address 151.216.170.1/24; } family inet6 { address 2a02:ed02:170a::1/64; } } unit 1701 { description sw1-crew; family inet { address 151.216.171.65/26; } family inet6 { address 2a02:ed02:171b::1/64; } } unit 1702 { description sw2-crew; family inet { address 151.216.171.129/26; } family inet6 { address 2a02:ed02:171c::1/64; } } unit 1703 { description sw3-crew; family inet { address 151.216.171.193/26; } family inet6 { address 2a02:ed02:171d::1/64; } } } } snmp { community { client-list-name mgmt; } } forwarding-options { inactive: helpers { bootp { server 185.12.59.11; server 185.12.59.2; interface { vlan.1701; vlan.1702; vlan.1703; vlan.666 { server 185.12.59.11; source-address-giaddr; dhcp-option82 { circuit-id { prefix hostname; } } } vlan.1700 { server 185.12.59.11; server 185.12.59.2; } } } } dhcp-relay { dhcpv6 { group crew-clients { active-server-group v6-dhcp; overrides; interface vlan.1700; interface vlan.1701; interface vlan.1702; interface vlan.1703; } server-group { v6-dhcp { 2a02:ed02:1ee7::66; } } active-server-group v6-dhcp; } server-group { v4-dhcp { 185.12.59.66; } } active-server-group v4-dhcp; group all { overrides { trust-option-82; } interface vlan.65; } group crew-clients { active-server-group v4-dhcp; overrides { trust-option-82; } interface vlan.1700; interface vlan.1701; interface vlan.1702; interface vlan.1703; } } } event-options { policy ae0down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae0$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/39 unit 0"; "deactivate interfaces ge-0/0/39 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 went down so removed ge-0/0/39 from bundle"; } } } } policy ae0up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae0$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/39 unit 0"; "activate interfaces ge-0/0/39 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/39 to bundle"; } } } } policy ae1down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae1$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/42 unit 0"; "deactivate interfaces ge-0/0/42 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae1 went down so removed ge-0/0/42 from bundle"; } } } } policy ae1up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae1$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/42 unit 0"; "activate interfaces ge-0/0/42 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae1 came up so added ge-0/0/42 to bundle"; } } } } policy ae2down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae2$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/45 unit 0"; "deactivate interfaces ge-0/0/45 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae2 went down so removed ge-0/0/45 from bundle"; } } } } policy ae2up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae2$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/45 unit 0"; "activate interfaces ge-0/0/45 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae2 came up so added ge-0/0/45 to bundle"; } } } } } protocols { igmp { interface vlan.65 { group-policy v4-multicast; } } mld { interface vlan.65 { group-policy v6-multicast; } } router-advertisement { interface vlan.65 { max-advertisement-interval 30; managed-configuration; } interface vlan.1701 { min-advertisement-interval 15; managed-configuration; } interface vlan.1702 { min-advertisement-interval 15; managed-configuration; } interface vlan.1703 { min-advertisement-interval 15; managed-configuration; } } ospf { export [ redistribute-direct redistribute-static ]; reference-bandwidth 1000g; area 0.0.0.0 { interface ae31.0; interface ae30.0; } } ospf3 { export [ redistribute-direct redistribute-static ]; reference-bandwidth 1000g; area 0.0.0.0 { interface ae31.0; interface ae30.0; } } pim { rp { static { address 2a02:ed02:ffff::11; address 151.216.255.11; } } } lldp { interface all; } lldp-med { interface all; } } policy-options { prefix-list v4-mgmt { /* NOC clients */ 151.216.254.0/24; /* Servers */ 185.12.59.0/26; } prefix-list v6-mgmt { /* NOC clients */ 2a02:ed02:254::/64; /* Servers */ 2a02:ed02:1337::/64; } prefix-list mgmt { /* NOC clients */ 151.216.254.0/24; /* Servers */ 185.12.59.0/26; /* NOC clients */ 2a02:ed02:254::/64; /* Servers */ 2a02:ed02:1337::/64; } policy-statement redistribute-direct { from protocol direct; then { external { type 1; } accept; } } policy-statement redistribute-static { from protocol static; then { external { type 1; } accept; } } policy-statement v4-multicast { term accept-our { from { route-filter 233.139.58.0/24 orlonger; source-address-filter 185.12.59.0/26 orlonger; source-address-filter 151.216.254.0/24 orlonger; } then accept; } term reject-all { then reject; } } policy-statement v6-multicast { term accept-our { from { route-filter ff35:2001:67c:2e44::/120 orlonger; source-address-filter 2a02:ed02:1337::/64 orlonger; source-address-filter 2a02:ed02:252::/64 orlonger; } } term reject-all { then reject; } } } firewall { family inet { filter v4-mgmt { term accept-ssh { from { source-prefix-list { v4-mgmt; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then { discard; } } term accept-all { then accept; } } } family inet6 { filter v6-mgmt { term accept-ssh { from { source-prefix-list { v6-mgmt; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then discard; } term accept-all { then accept; } } } } virtual-chassis { preprovisioned; member 0 { role routing-engine; serial-number ; } member 1 { role routing-engine; serial-number ; } } vlans { crew_klientnett_rs1-crew { vlan-id 1700; l3-interface vlan.1700; } mgmt { vlan-id 666; l3-interface vlan.666; } sw1-crew { vlan-id 1701; l3-interface vlan.1701; } sw2-crew { vlan-id 1702; l3-interface vlan.1702; } sw3-crew { vlan-id 1703; l3-interface vlan.1703; } } poe { interface ge-0/0/0; interface ge-0/0/1; interface ge-1/0/0; interface ge-1/0/1; }