## Last commit: 2014-12-25 22:24:35 CET by technet version 14.1X53-D15.2; system { host-name rs1.north; auto-snapshot; time-zone Europe/Oslo; authentication-order [ tacplus password ]; root-authentication { } name-server { 2a02:ed02:1ee7::66; 2a02:ed02:1337::2; } login { user technet { uid 2000; class super-user; authentication { } } } services { ssh; } syslog { user * { any emergency; } host 185.12.59.18 { any info; authorization info; port 515; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } commit synchronize; ntp; } chassis { aggregated-devices { ethernet { device-count 32; } } } interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode access; vlan { members sw1-infodesk; } } } } ge-0/0/1 { unit 0 { family ethernet-switching { port-mode access; vlan { members sw1-infodesk; } } } } ge-0/0/2 { unit 0 { family ethernet-switching { port-mode access; vlan { members sw1-infodesk; } } } } ge-0/0/3 { unit 0 { family ethernet-switching { port-mode access; vlan { members sw1-infodesk; } } } } ge-0/0/4 { unit 0 { family ethernet-switching { port-mode access; vlan { members sw1-infodesk; } } } } ge-0/0/5 { unit 0 { family ethernet-switching { port-mode access; vlan { members sw1-infodesk; } } } } ge-0/0/6 { unit 0 { family ethernet-switching; } } ge-0/0/7 { unit 0 { family ethernet-switching; } } ge-0/0/8 { unit 0 { family ethernet-switching; } } ge-0/0/9 { unit 0 { family ethernet-switching; } } ge-0/0/10 { unit 0 { family ethernet-switching; } } ge-0/0/11 { unit 0 { family ethernet-switching; } } ge-0/0/12 { description "sw1-infodesk access / ae1"; ether-options { 802.3ad ae1; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/13 { description "iptelefon desk/support"; unit 0 { family ethernet-switching { port-mode access; vlan { members sw1-infodesk; } } } } ge-0/0/14 { description "iptelefon desk/support"; unit 0 { family ethernet-switching { port-mode access; vlan { members sw1-infodesk; } } } } ge-0/0/15 { unit 0 { family ethernet-switching; } } ge-0/0/16 { description "sw3-streamerlounge access / ae3"; ether-options { 802.3ad ae3; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/17 { unit 0 { family ethernet-switching; } } ge-0/0/18 { unit 0 { family ethernet-switching; } } ge-0/0/19 { unit 0 { family ethernet-switching; } } ge-0/0/20 { unit 0 { family ethernet-switching; } } ge-0/0/21 { unit 0 { family ethernet-switching; } } ge-0/0/22 { unit 0 { family ethernet-switching; } } ge-0/0/23 { unit 0 { family ethernet-switching; } } ge-0/0/24 { unit 0 { family ethernet-switching { port-mode access; vlan { members sw1-infodesk; } } } } ge-0/0/25 { unit 0 { family ethernet-switching; } } ge-0/0/26 { unit 0 { family ethernet-switching; } } ge-0/0/27 { unit 0 { family ethernet-switching; } } ge-0/0/28 { unit 0 { family ethernet-switching; } } ge-0/0/29 { unit 0 { family ethernet-switching; } } ge-0/0/30 { unit 0 { family ethernet-switching; } } ge-0/0/31 { unit 0 { family ethernet-switching; } } ge-0/0/32 { unit 0 { family ethernet-switching; } } ge-0/0/33 { unit 0 { family ethernet-switching; } } ge-0/0/34 { unit 0 { family ethernet-switching; } } ge-0/0/35 { unit 0 { family ethernet-switching; } } ge-0/0/36 { unit 0 { family ethernet-switching; } } ge-0/0/37 { unit 0 { family ethernet-switching; } } ge-0/0/38 { unit 0 { family ethernet-switching; } } ge-0/0/39 { unit 0 { family ethernet-switching; } } ge-0/0/40 { unit 0 { family ethernet-switching; } } ge-0/0/41 { unit 0 { family ethernet-switching; } } ge-0/0/42 { unit 0 { family ethernet-switching; } } ge-0/0/43 { unit 0 { family ethernet-switching; } } ge-0/0/44 { unit 0 { family ethernet-switching; } } ge-0/0/45 { description "sw2-gamestudio access / ae2"; ether-options { 802.3ad ae2; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/46 { description Event:Studio-link; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ sw3-event north_event mgmt ]; } } } } ge-0/0/47 { description Resepsjon; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ north_security klientnett_resepsjon klientnett_medic mgmt ]; } } } } ge-0/1/0 { unit 0 { family ethernet-switching; } } xe-0/1/0 { description rs1.gamehq; unit 0 { family inet { address 151.216.128.17/31; } family inet6 { address 2a02:ed02:fffe::17/127; } } } ge-0/1/1 { unit 0 { family ethernet-switching; } } xe-0/1/1 { description "rs1.noc xe-2/0/3"; unit 0 { family inet { address 151.216.128.18/31; } family inet6 { address 2a02:ed02:fffe::18/127; } } } ge-0/1/2 { unit 0 { family ethernet-switching; } } xe-0/1/2 { unit 0 { family ethernet-switching; } } ge-0/1/3 { unit 0 { family ethernet-switching; } } xe-0/1/3 { unit 0 { family ethernet-switching; } } ae0 { description "sw3-event ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ sw3-event mgmt ]; } } } } ae1 { description "sw1-infodesk ae1"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt sw1-infodesk ]; } } } } ae2 { description "sw2-gamestudio ae2"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt clients_game ]; } } } } ae3 { description "sw3-streamerlounge ae3"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt clients_game ]; } } } } lo0 { unit 0 { family inet { filter { input v4-mgmt; } address 151.216.255.16/31; } family inet6 { filter { input v6-mgmt; } address 2a02:ed02:ffff::16/128; } } } vlan { unit 229 { description clients_game; family inet { address 151.216.229.1/24; } family inet6 { address 2a02:ed02:229::1/64; } } unit 230 { description sw1-infodesk; family inet { address 151.216.230.1/24; } family inet6 { address 2a02:ed02:230::1/64; } } unit 232 { description "Klientnett resepsjon"; family inet { address 151.216.232.1/24; } family inet6 { address 2a02:ed02:232::1/64; } } unit 236 { description "Klientnett Medic"; family inet { address 151.216.236.1/24; } family inet6 { address 2a02:ed02:236::1/64; } } unit 244 { family inet { address 151.216.244.1/24; } family inet6 { address 2a02:ed02:244::1/64; } } unit 666 { family inet { filter { input v4-mgmt; } address 151.216.183.225/27; } family inet6 { filter { input v6-mgmt; } address 2a02:ed02:1837::225/64; } } unit 2500 { family inet { filter { output v4-event; } address 10.20.40.1/24; } } unit 3000 { family inet { filter { input v4-security; output v4-security; } address 10.30.30.1/24; } } } } snmp { community { client-list-name mgmt; } } forwarding-options { helpers { bootp { interface { vlan.244 { server 185.12.59.66; server 185.12.59.2; } vlan.2500 { server 185.12.59.66; server 185.12.59.2; } vlan.232 { server 185.12.59.66; server 185.12.59.2; } vlan.230 { server 185.12.59.66; server 185.12.59.2; } vlan.236 { server 185.12.59.66; server 185.12.59.2; } vlan.666 { server 185.12.59.11; source-address-giaddr; dhcp-option82 { circuit-id { prefix hostname; } } } vlan.229 { server 185.12.59.66; server 185.12.59.2; } } } } } protocols { igmp { interface vlan.65 { group-policy v4-multicast; } } mld { interface vlan.65 { group-policy v6-multicast; } } router-advertisement { interface vlan.65 { max-advertisement-interval 30; managed-configuration; } interface vlan.244 { min-advertisement-interval 15; managed-configuration; } interface vlan.230 { min-advertisement-interval 15; managed-configuration; } interface vlan.229 { min-advertisement-interval 15; managed-configuration; } } ospf { export [ redistribute-direct redistribute-static ]; reference-bandwidth 1000g; area 0.0.0.0 { interface xe-0/1/0.0; interface xe-0/1/1.0; } } ospf3 { export [ redistribute-direct redistribute-static ]; reference-bandwidth 1000g; area 0.0.0.0 { interface xe-0/1/0.0; } } pim { rp { static { address 2a02:ed02:ffff::11; address 151.216.255.11; } } } igmp-snooping { vlan all; } rstp; lldp { interface all; } lldp-med { interface all; } } policy-options { prefix-list v4-mgmt { /* NOC clients */ 151.216.254.0/24; /* Servers */ 185.12.59.0/26; } prefix-list v6-mgmt { /* NOC clients */ 2a02:ed02:254::/64; /* Servers */ 2a02:ed02:1337::/64; } prefix-list mgmt { /* NOC clients */ 151.216.254.0/24; /* Servers */ 185.12.59.0/26; /* NOC clients */ 2a02:ed02:254::/64; /* Servers */ 2a02:ed02:1337::/64; } policy-statement redistribute-direct { from protocol direct; then { external { type 1; } accept; } } policy-statement redistribute-static { from protocol static; then { external { type 1; } accept; } } policy-statement v4-multicast { term accept-our { from { route-filter 233.139.58.0/24 orlonger; source-address-filter 185.12.59.0/26 orlonger; source-address-filter 151.216.254.0/24 orlonger; } then accept; } term reject-all { then reject; } } policy-statement v6-multicast { term accept-our { from { route-filter ff35:2001:67c:2e44::/120 orlonger; source-address-filter 2a02:ed02:1337::/64 orlonger; source-address-filter 2a02:ed02:252::/64 orlonger; } } term reject-all { then reject; } } } firewall { family inet { filter v4-mgmt { term accept-ssh { from { source-prefix-list { v4-mgmt; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then { discard; } } term accept-all { then accept; } } filter v4-security { term accept-security { from { source-address { 10.30.0.0/16; } destination-address { 10.30.0.0/16; } } then accept; } term discard-all { then { discard; } } } filter v4-event { term accept-event { from { source-address { 10.20.0.0/16; } } then accept; } term accept-noc { from { source-address { 185.12.59.0/26; 185.12.59.64/27; } } then accept; } term reject-tg { from { source-address { 185.12.59.0/24; 151.216.128.0/17; } } then { discard; } } term accept-all { then accept; } } } family inet6 { filter v6-mgmt { term accept-ssh { from { source-prefix-list { v6-mgmt; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then discard; } term accept-all { then accept; } } } } ethernet-switching-options { storm-control { interface all; } } vlans { clients_game { vlan-id 229; l3-interface vlan.229; } klientnett_medic { vlan-id 236; l3-interface vlan.236; } klientnett_resepsjon { vlan-id 232; l3-interface vlan.232; } mgmt { vlan-id 666; l3-interface vlan.666; } north_event { vlan-id 2500; l3-interface vlan.2500; } north_security { vlan-id 3000; l3-interface vlan.3000; } sw1-infodesk { vlan-id 230; l3-interface vlan.230; } sw3-event { vlan-id 244; l3-interface vlan.244; } } poe { interface all; }