## Last changed: 2016-03-24 06:38:20 CET version 14.1X53-D35.3; groups { SET_AE_DEFAULTS { interfaces { { aggregated-ether-options { lacp { active; } } } } } SET_OSPF_DEFAULTS { protocols { ospf { reference-bandwidth 1000g; area <*> { interface { bfd-liveness-detection { minimum-interval 100; multiplier 3; } } } } ospf3 { reference-bandwidth 1000g; area <*> { interface { bfd-liveness-detection { minimum-interval 100; multiplier 3; } } } } } } SET_RA_DEFAULTS { protocols { router-advertisement { interface <*> { max-advertisement-interval 15; managed-configuration; } } } } } system { host-name coregw; auto-snapshot; time-zone Europe/Oslo; arp { aging-timer 5; } authentication-order [ tacplus password ]; root-authentication { encrypted-password ""; } name-server { 185.110.149.2; 185.110.148.2; 2a06:5841:149a::2; 2a06:5841:1337::2; } tacplus-server { 134.90.150.164 { secret ""; source-address 185.110.148.66; } } login { user technet { uid 2000; class super-user; authentication { encrypted-password ""; } } } services { ssh { root-login deny; no-tcp-forwarding; client-alive-count-max 2; client-alive-interval 300; connection-limit 10; rate-limit 5; } netconf { ssh { connection-limit 3; rate-limit 3; } } } syslog { user * { any emergency; } host 185.110.148.17 { any info; authorization info; port 515; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } archival { configuration { transfer-on-commit; archive-sites { "scp://user@host/some/folder/" password ""; } } } commit synchronize; processes { app-engine-virtual-machine-management-service { traceoptions { level notice; flag all; } } } ntp { server 2001:700:100:2::6; } } chassis { aggregated-devices { ethernet { device-count 32; } } } security { ssh-known-hosts { host 134.90.150.164 { ecdsa-sha2-nistp256-key ; } } } interfaces { apply-groups SET_AE_DEFAULTS; interface-range all-ports { member-range xe-0/0/0 to xe-0/0/47; member-range xe-1/0/0 to xe-1/0/47; member-range et-0/0/48 to et-0/0/53; member-range et-1/0/48 to et-1/0/53; } ge-0/0/0 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/0 { description "ae0 - link mot distro0"; ether-options { 802.3ad ae0; } } ge-0/0/1 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/1 { description "Link mot distro1"; ether-options { 802.3ad ae1; } } ge-0/0/2 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/2 { description "Link mot distro2"; ether-options { 802.3ad ae2; } } ge-0/0/3 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/3 { description "Link mot distro3"; ether-options { 802.3ad ae3; } } ge-0/0/4 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/4 { description "Link mot distro4"; ether-options { 802.3ad ae4; } } ge-0/0/5 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/5 { description "Link mot distro5"; ether-options { 802.3ad ae5; } } ge-0/0/6 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/6 { description "Link mot distro6"; ether-options { 802.3ad ae6; } } ge-0/0/7 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/7 { description "Link mot distro7"; ether-options { 802.3ad ae7; } } ge-0/0/8 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/8 { description "Link mot creativiagw"; ether-options { 802.3ad ae8; } } ge-0/0/9 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/9 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/10 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/10 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/11 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/11 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/12 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/12 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/13 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/13 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/14 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/14 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/15 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/15 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/16 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/16 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/17 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/17 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/18 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/18 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/19 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/19 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/20 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/20 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/21 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/21 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/22 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/22 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/23 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/23 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/24 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/24 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/25 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/25 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/26 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/26 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/27 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/27 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/28 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/28 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/29 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/29 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/30 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/30 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/31 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/31 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/32 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/32 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/33 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/33 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/34 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/34 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/35 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/35 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/36 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/36 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/37 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/37 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/38 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/38 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/39 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/39 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/40 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/40 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/41 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/41 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/42 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/42 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/43 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/43 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/44 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/44 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/45 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/45 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/46 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/46 { unit 0 { family ethernet-switching { storm-control default; } } } ge-0/0/47 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/47 { unit 0 { family ethernet-switching { storm-control default; } } } et-0/0/48 { description "ae11 - link mot nocgw"; ether-options { 802.3ad ae11; } } xe-0/0/48:0 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/48:1 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/48:2 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/48:3 { unit 0 { family ethernet-switching { storm-control default; } } } et-0/0/49 { description "ae10 - link mot telegw"; ether-options { 802.3ad ae10; } } xe-0/0/49:0 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/49:1 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/49:2 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/49:3 { unit 0 { family ethernet-switching { storm-control default; } } } et-0/0/50 { description "ae12 - link mot standgw"; ether-options { 802.3ad ae12; } } xe-0/0/50:0 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/50:1 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/50:2 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/50:3 { unit 0 { family ethernet-switching { storm-control default; } } } et-0/0/51 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/51:0 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/51:1 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/51:2 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/51:3 { unit 0 { family ethernet-switching { storm-control default; } } } et-0/0/52 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/52:0 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/52:1 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/52:2 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/52:3 { unit 0 { family ethernet-switching { storm-control default; } } } et-0/0/53 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/53:0 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/53:1 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/53:2 { unit 0 { family ethernet-switching { storm-control default; } } } xe-0/0/53:3 { unit 0 { family ethernet-switching { storm-control default; } } } xe-1/0/0 { description "ae0 - link mot distro0"; ether-options { 802.3ad ae0; } } xe-1/0/1 { description "Link mot distro1"; ether-options { 802.3ad ae1; } } xe-1/0/2 { description "Link mot distro2"; ether-options { 802.3ad ae2; } } xe-1/0/3 { description "Link mot distro3"; ether-options { 802.3ad ae3; } } xe-1/0/4 { description "Link mot distro4"; ether-options { 802.3ad ae4; } } xe-1/0/5 { description "Link mot distro5"; ether-options { 802.3ad ae5; } } xe-1/0/6 { description "Link mot distro6"; ether-options { 802.3ad ae6; } } xe-1/0/7 { description "Link mot distro7"; ether-options { 802.3ad ae7; } } xe-1/0/8 { description "Link mot creativiagw"; ether-options { 802.3ad ae8; } } et-1/0/48 { description "ae11 - link mot nocgw"; ether-options { 802.3ad ae11; } } et-1/0/49 { description "ae10 - link mot telegw"; ether-options { 802.3ad ae10; } } et-1/0/50 { description "ae12 - link mot standgw"; ether-options { 802.3ad ae12; } } ae0 { description "mot distro0"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.152/31; } family inet6; } } ae1 { description "mot distro1"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.154/31; } family inet6; } } ae2 { description "mot distro2"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.156/31; } family inet6; } } ae3 { description "mot distro3"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.158/31; } family inet6; } } ae4 { description "mot distro4"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.160/31; } family inet6; } } ae5 { description "mot distro5"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.162/31; } family inet6; } } ae6 { description "mot distro6"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.164/31; } family inet6; } } ae7 { description "mot distro7"; aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.166/31; } family inet6; } } ae8 { aggregated-ether-options { lacp { active; } } unit 0 { family inet { address 185.110.148.151/31; } family inet6; } } ae10 { description "80G mot telegw"; unit 0 { family inet { address 185.110.148.129/31; } family inet6; } } ae11 { description "80G mot nocgw"; unit 0 { family inet { address 185.110.148.137/31; } family inet6; } } ae12 { description "80G mot standgw"; unit 0 { family inet { address 185.110.148.135/31; } family inet6; } } em1 { unit 0 { family inet; } } irb { unit 0 { family inet; } } lo0 { unit 0 { family inet { filter { input protect-mgmt-v4; } address 185.110.148.66/32; } family inet6 { filter { input protect-mgmt-v6; } address 2a06:5841:148b::66/128; } } } vme { unit 0 { family inet; } } } snmp { community { authorization read-only; client-list-name mgmt; } community { authorization read-only; client-list-name mgmt-nms; } } forwarding-options { storm-control-profiles default { all; } } protocols { apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; ospf { export [ redistribute-direct redistribute-static ]; area 0.0.0.0 { interface all; interface ae0.0; interface ae1.0; interface ae2.0; interface ae8.0 { metric 200; } } } ospf3 { export [ redistribute-direct redistribute-static ]; area 0.0.0.0 { interface all; interface ae2.0; interface ae1.0; interface ae0.0; interface ae8.0 { metric 200; } } } lldp { management-address 185.110.148.66; interface all; } lldp-med { interface all; } igmp-snooping { vlan default; } sflow { agent-id 185.110.148.66; sample-rate { ingress 10000; egress 10000; } source-ip 185.110.148.66; collector ; interfaces all-ports; } } policy-options { prefix-list mgmt-v4 { /* KANDU PA-nett (brukt på servere, infra etc) */ 185.110.148.0/22; } prefix-list mgmt-v6 { /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ 2a06:5841::/32; } /* sammenslått av separate v4- og v6-lister */ prefix-list mgmt { 185.110.148.0/22; 2a06:5841::/32; } /* NMS boxes - separate list to give full speed to SNMP read */ prefix-list mgmt-v4-nms { 185.110.148.11/32; 185.110.148.12/32; } /* NMS boxes - separate list to give full speed to SNMP read */ prefix-list mgmt-v6-nms { 2a06:5841:1337::11/128; 2a06:5841:1337::12/128; } /* NMS boxes - separate list to give full speed to SNMP read */ prefix-list mgmt-nms { 185.110.148.11/32; 185.110.148.12/32; 185.110.150.10/32; 2a06:5841:1337::11/128; 2a06:5841:1337::12/128; } prefix-list icmp_unthrottled-v4 { 185.110.148.0/22; 193.212.22.0/30; } prefix-list icmp_unthrottled-v6 { 2001:4600:9:300::290/126; 2a06:5841::/32; } policy-statement redistribute-direct { from protocol direct; then { external { type 1; } accept; } } policy-statement redistribute-static { from protocol static; then { external { type 1; } accept; } } } firewall { family inet { filter protect-mgmt-v4 { term accept-ssh { from { source-prefix-list { mgmt-v4; } destination-port 22; } then { count accept-ssh; accept; } } term reject-ssh { from { destination-port 22; } then { count reject-ssh; reject; } } term snmp-nms { from { source-prefix-list { mgmt-v4-nms; } destination-port snmp; } then { count snmp-nms; accept; } } term snmp-throttle { from { source-prefix-list { mgmt-v4; } destination-port snmp; } then { policer policer-1Mbit; count snmp-throttle; accept; } } term icmp-trusted { from { source-prefix-list { icmp_unthrottled-v4; } protocol icmp; } then { count icmp-trusted; accept; } } term icmp-throttled { from { protocol icmp; } then { policer policer-1Mbit; accept; } } term accept-all { then { count accept-all; accept; } } } filter v4-security { term accept-security { from { source-address { 10.30.0.0/16; } destination-address { 10.30.0.0/16; } } then accept; } term discard-all { then { discard; } } } } family inet6 { filter protect-mgmt-v6 { term accept-ssh { from { source-prefix-list { inactive: mgmt-v6; } destination-port 22; } then { count accept-ssh; accept; } } term reject-ssh { from { destination-port 22; } then { count reject-ssh; reject; } } term snmp-nms { from { source-prefix-list { mgmt-v6-nms; } destination-port snmp; } then { count snmp-nms; accept; } } term snmp-throttle { from { source-prefix-list { mgmt-v6; } destination-port snmp; } then { policer policer-1Mbit; count snmp-throttle; accept; } } term icmp-trusted { from { source-prefix-list { icmp_unthrottled-v6; } next-header icmp6; } then { count icmp-trusted; accept; } } term icmp-throttled { from { next-header icmp6; } then { policer policer-1Mbit; accept; } } term accept-all { then { count accept-all; accept; } } } } policer policer-1Mbit { if-exceeding { bandwidth-limit 1m; burst-size-limit 500k; } then discard; } policer policer-slowest { if-exceeding { bandwidth-limit 32k; burst-size-limit 32k; } then discard; } } virtual-chassis { preprovisioned; /* NLogic - Orange */ member 0 { role routing-engine; serial-number ; } /* Juniper - Blue */ member 1 { role routing-engine; serial-number ; } } vlans { default { vlan-id 1; l3-interface irb.0; } }