## Last changed: 2016-03-27 09:01:50 CEST version 14.1X53-D15.2; groups { SET_AE_DEFAULTS { interfaces { { aggregated-ether-options { lacp { active; } } } } } SET_OSPF_DEFAULTS { protocols { ospf { reference-bandwidth 1000g; area <*> { interface ; } } ospf3 { reference-bandwidth 1000g; area <*> { interface ; } } } } SET_RA_DEFAULTS { protocols { router-advertisement { interface { max-advertisement-interval 15; managed-configuration; } } } } } system { host-name distro0; auto-snapshot; domain-name infra.gathering.org; time-zone Europe/Oslo; authentication-order tacplus; root-authentication { encrypted-password ""; } name-server { 185.110.149.2; 185.110.148.2; 2a06:5841:149a::2; 2a06:5841:1337::2; } tacplus-server { 134.90.150.164 { secret ""; source-address 185.110.148.100; } } login { user technet { uid 2000; class super-user; authentication { encrypted-password ""; } } } services { ssh { root-login deny; no-tcp-forwarding; client-alive-count-max 2; client-alive-interval 300; connection-limit 5; rate-limit 5; } netconf { ssh { connection-limit 3; rate-limit 3; } } } syslog { user * { any emergency; } host 185.110.148.17 { any info; authorization info; port 515; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } archival { configuration { transfer-on-commit; archive-sites { "scp://user@host/some/folder/" password ""; } } } commit synchronize; ntp { server 2001:700:100:2::6; } } chassis { aggregated-devices { ethernet { device-count 32; } } alarm { management-ethernet { link-down ignore; } } auto-image-upgrade; } security { ssh-known-hosts { host 134.90.150.164 { ecdsa-sha2-nistp256-key ; } } } interfaces { apply-groups SET_AE_DEFAULTS; interface-range aps { member-range ge-0/0/36 to ge-0/0/47; member-range ge-1/0/36 to ge-1/0/47; member-range ge-2/0/36 to ge-2/0/47; description "Management/klientnett AP-er"; unit 0 { family ethernet-switching { vlan { members aps_mgmt; } } } } interface-range all-ports { member-range ge-0/0/0 to ge-0/0/47; member-range ge-1/0/0 to ge-1/0/47; member-range ge-2/0/0 to ge-2/0/47; member-range xe-0/1/0 to xe-0/1/3; member-range xe-1/1/0 to xe-1/1/3; member-range xe-2/1/0 to xe-2/1/3; } ge-0/0/0 { description "e1-3 access / ae0"; ether-options { 802.3ad ae0; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/1 { description "e1-4 access / ae1"; ether-options { 802.3ad ae1; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/2 { description "e3-3 access / ae2"; ether-options { 802.3ad ae2; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/3 { description "e3-4 access / ae3"; inactive: ether-options { 802.3ad ae3; } unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/4 { description "e5-3 access / ae4"; ether-options { 802.3ad ae4; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/5 { description "e5-4 access / ae5"; ether-options { 802.3ad ae5; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/6 { description "e7-3 access / ae6"; ether-options { 802.3ad ae6; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/7 { description "e7-4 access / ae7"; inactive: ether-options { 802.3ad ae7; } unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/8 { description "e9-3 access / ae8"; inactive: ether-options { 802.3ad ae8; } unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/9 { description "e9-4 access / ae9"; ether-options { 802.3ad ae9; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/10 { description "e11-3 access / ae10"; ether-options { 802.3ad ae10; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } ge-0/0/11 { description "e11-4 access / ae11"; ether-options { 802.3ad ae11; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members mgmt; } } } } xe-0/1/0 { description "Uplink mot coregw"; ether-options { 802.3ad ae31; } } ge-1/0/0 { description "e1-3 ae0"; ether-options { 802.3ad ae0; } } ge-1/0/1 { description "e1-4 ae1"; ether-options { 802.3ad ae1; } } ge-1/0/2 { description "e3-3 ae2"; ether-options { 802.3ad ae2; } } ge-1/0/3 { description "e3-4 ae3"; ether-options { 802.3ad ae3; } } ge-1/0/4 { description "e5-3 ae4"; ether-options { 802.3ad ae4; } } ge-1/0/5 { description "e5-4 ae5"; ether-options { 802.3ad ae5; } } ge-1/0/6 { description "e7-3 ae6"; ether-options { 802.3ad ae6; } } ge-1/0/7 { description "e7-4 ae7"; ether-options { 802.3ad ae7; } } ge-1/0/8 { description "e9-3 ae8"; ether-options { 802.3ad ae8; } } ge-1/0/9 { description "e9-4 ae9"; ether-options { 802.3ad ae9; } } ge-1/0/10 { description "e11-3 ae10"; ether-options { 802.3ad ae10; } } ge-1/0/11 { description "e11-4 ae11"; ether-options { 802.3ad ae11; } } xe-1/1/0 { description "Uplink mot coregw"; ether-options { 802.3ad ae31; } } ge-2/0/0 { description "e1-3 ae0"; ether-options { 802.3ad ae0; } } ge-2/0/1 { description "e1-4 ae1"; ether-options { 802.3ad ae1; } } ge-2/0/2 { description "e3-3 ae2"; ether-options { 802.3ad ae2; } } ge-2/0/3 { description "e3-4 ae3"; ether-options { 802.3ad ae3; } } ge-2/0/4 { description "e5-3 ae4"; ether-options { 802.3ad ae4; } } ge-2/0/5 { description "e5-4 ae5"; ether-options { 802.3ad ae5; } } ge-2/0/6 { description "e7-3 ae6"; ether-options { 802.3ad ae6; } } ge-2/0/7 { description "e7-4 ae7"; ether-options { 802.3ad ae7; } } ge-2/0/8 { description "e9-3 ae8"; ether-options { 802.3ad ae8; } } ge-2/0/9 { description "e9-4 ae9"; ether-options { 802.3ad ae9; } } ge-2/0/10 { description "e11-3 ae10"; ether-options { 802.3ad ae10; } } ge-2/0/11 { description "e11-4 ae11"; ether-options { 802.3ad ae11; } } ae0 { description "e1-3 ae0"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e1-3 ]; } } } } ae1 { description "e1-4 ae1"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e1-4 ]; } } } } ae2 { description "e3-3 ae2"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e3-3 ]; } } } } ae3 { description "e3-4 ae3"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e3-4 ]; } } } } ae4 { description "e5-3 ae4"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e5-3 ]; } } } } ae5 { description "e5-4 ae5"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e5-4 ]; } } } } ae6 { description "e7-3 ae6"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e7-3 ]; } } } } ae7 { description "e7-4 ae7"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e7-4 ]; } } } } ae8 { description "e9-3 ae8"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e9-3 ]; } } } } ae9 { description "e9-4 ae9"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e9-4 ]; } } } } ae10 { description "e11-3 ae10"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e11-3 ]; } } } } ae11 { description "e11-4 ae11"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ mgmt e11-4 ]; } } } } ae31 { description "Uplink mot coregw"; unit 0 { family inet { address 185.110.148.153/31; } family inet6; } } lo0 { unit 0 { family inet { filter { input protect-mgmt-v4; } address 185.110.148.100/32; } family inet6 { filter { input protect-mgmt-v6; } address 2a06:5841:148b::100/128; } } } vlan { unit 666 { description "mgmt til aksesswitcher/fapfapfap"; family inet { address 88.92.54.1/26; } } unit 777 { description "mgmt til AP-ene"; family inet { address 88.92.51.1/26; } } unit 1013 { family inet { address 88.92.0.1/26; } family inet6 { address 2a06:5840:0a::1/64; } } unit 1014 { family inet { address 88.92.0.65/26; } family inet6 { address 2a06:5840:0b::1/64; } } unit 1033 { family inet { address 88.92.0.129/26; } family inet6 { address 2a06:5840:0c::1/64; } } unit 1034 { family inet { address 88.92.0.193/26; } family inet6 { address 2a06:5840:0d::1/64; } } unit 1053 { family inet { address 88.92.1.65/26; } family inet6 { address 2a06:5840:1b::1/64; } } unit 1054 { family inet { address 88.92.1.129/26; } family inet6 { address 2a06:5840:1c::1/64; } } unit 1073 { family inet { address 88.92.2.65/26; } family inet6 { address 2a06:5840:2b::1/64; } } unit 1074 { family inet { address 88.92.2.129/26; } family inet6 { address 2a06:5840:2c::1/64; } } unit 1093 { family inet { address 88.92.3.65/26; } family inet6 { address 2a06:5840:3b::1/64; } } unit 1094 { family inet { address 88.92.3.129/26; } family inet6 { address 2a06:5840:3c::1/64; } } unit 1113 { family inet { address 88.92.4.65/26; } family inet6 { address 2a06:5840:4b::1/64; } } unit 1114 { family inet { address 88.92.4.129/26; } family inet6 { address 2a06:5840:4c::1/64; } } } } snmp { community { authorization read-only; client-list-name mgmt; } community { authorization read-only; client-list-name mgmt-nms; } } forwarding-options { inactive: helpers { bootp { dhcp-option82 { circuit-id { prefix hostname; } } server 185.110.148.22; interface { vlan.666; } } } dhcp-relay { inactive: dhcpv6 { group edge-switches { active-server-group v6-edge-switches; overrides; interface vlan.777; interface vlan.1013; interface vlan.1014; interface vlan.1033; interface vlan.1034; interface vlan.1053; interface vlan.1054; interface vlan.1073; interface vlan.1074; interface vlan.1093; interface vlan.1094; interface vlan.1113; interface vlan.1114; } server-group { v6-edge-switches { 2a06:5841:149a::2; } } } server-group { v4-edge-switches { 185.110.149.2; 185.110.148.2; } fapfapfap-group { 185.110.148.22; } } group edge-switches { active-server-group v4-edge-switches; overrides { trust-option-82; } interface vlan.777; interface vlan.1013; interface vlan.1014; interface vlan.1033; interface vlan.1034; interface vlan.1053; interface vlan.1054; interface vlan.1073; interface vlan.1074; interface vlan.1093; interface vlan.1094; interface vlan.1113; interface vlan.1114; } group fapfapfap { active-server-group fapfapfap-group; relay-option-82 { circuit-id { prefix { host-name; } include-irb-and-l2; } } interface vlan.666; } } } event-options { policy ae0down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae0$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/0 unit 0"; "deactivate interfaces ge-0/0/0 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 went down so removed ge-0/0/0 from bundle"; } } } } policy ae0up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae0$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/0 unit 0"; "activate interfaces ge-0/0/0 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/0 to bundle"; } } } } policy ae1down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae1$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/1 unit 0"; "deactivate interfaces ge-0/0/1 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae1 went down so removed ge-0/0/1 from bundle"; } } } } policy ae1up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae1$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/1 unit 0"; "activate interfaces ge-0/0/1 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/1 to bundle"; } } } } policy ae2down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae2$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/2 unit 0"; "deactivate interfaces ge-0/0/2 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae2 went down so removed ge-0/0/2 from bundle"; } } } } policy ae2up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae2$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/2 unit 0"; "activate interfaces ge-0/0/2 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/2 to bundle"; } } } } policy ae3down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae3$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/3 unit 0"; "deactivate interfaces ge-0/0/3 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae3 went down so removed ge-0/0/3 from bundle"; } } } } policy ae3up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae3$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/3 unit 0"; "activate interfaces ge-0/0/3 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/3 to bundle"; } } } } policy ae4down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae4$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/4 unit 0"; "deactivate interfaces ge-0/0/4 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae4 went down so removed ge-0/0/4 from bundle"; } } } } policy ae4up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae4$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/4 unit 0"; "activate interfaces ge-0/0/4 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/4 to bundle"; } } } } policy ae5down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae5$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/5 unit 0"; "deactivate interfaces ge-0/0/5 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae5 went down so removed ge-0/0/5 from bundle"; } } } } policy ae5up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae5$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/5 unit 0"; "activate interfaces ge-0/0/5 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/5 to bundle"; } } } } policy ae6down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae6$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/6 unit 0"; "deactivate interfaces ge-0/0/6 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae6 went down so removed ge-0/0/6 from bundle"; } } } } policy ae6up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae6$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/6 unit 0"; "activate interfaces ge-0/0/6 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/6 to bundle"; } } } } policy ae7down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae7$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/7 unit 0"; "deactivate interfaces ge-0/0/7 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae7 went down so removed ge-0/0/7 from bundle"; } } } } policy ae7up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae7$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/7 unit 0"; "activate interfaces ge-0/0/7 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/7 to bundle"; } } } } policy ae8down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae8$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/8 unit 0"; "deactivate interfaces ge-0/0/8 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae8 went down so removed ge-0/0/8 from bundle"; } } } } policy ae8up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae8$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/8 unit 0"; "activate interfaces ge-0/0/8 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/8 to bundle"; } } } } policy ae9down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae9$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/9 unit 0"; "deactivate interfaces ge-0/0/9 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae9 went down so removed ge-0/0/9 from bundle"; } } } } policy ae9up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae9$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/9 unit 0"; "activate interfaces ge-0/0/9 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/9 to bundle"; } } } } policy ae10down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae10$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/10 unit 0"; "deactivate interfaces ge-0/0/10 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae10 went down so removed ge-0/0/10 from bundle"; } } } } policy ae10up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae10$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/10 unit 0"; "activate interfaces ge-0/0/10 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/10 to bundle"; } } } } policy ae11down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae11$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/11 unit 0"; "deactivate interfaces ge-0/0/11 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae11 went down so removed ge-0/0/11 from bundle"; } } } } policy ae11up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae11$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/11 unit 0"; "activate interfaces ge-0/0/11 ether-options"; } user-name technet; commit-options { log "Autoconfig-script: ae0 came up so added ge-0/0/11 to bundle"; } } } } } protocols { apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; mld; inactive: router-advertisement { interface vlan.1013; interface vlan.1014; interface vlan.1033; interface vlan.1034; interface vlan.1053; interface vlan.1054; interface vlan.1073; interface vlan.1074; interface vlan.1093; interface vlan.1094; interface vlan.1113; interface vlan.1114; } ospf { export [ static-to-ospf direct-to-ospf ]; area 0.0.0.0 { interface ae31.0; } } ospf3 { export [ static-to-ospf direct-to-ospf ]; area 0.0.0.0 { interface ae31.0; } } pim { rp { static { address 2a06:5841:148b::67; address 185.110.148.67; } } } sflow { agent-id 185.110.148.100; sample-rate { ingress 10000; egress 10000; } source-ip 185.110.148.100; collector ; interfaces all-ports; } igmp-snooping { vlan all; } rstp; lldp { management-address 185.110.148.100; interface all; } lldp-med { interface all; } } policy-options { prefix-list mgmt-v4 { /* KANDU PA-nett (brukt på servere, infra etc) */ 185.110.148.0/22; } prefix-list mgmt-v6 { /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ 2a06:5841::/32; } prefix-list mgmt { 185.110.148.0/22; 2a06:5841::/32; } prefix-list mgmt-v4-nms { 185.110.148.11/32; 185.110.148.12/32; } prefix-list mgmt-v6-nms { 2a06:5841:1337::11/128; 2a06:5841:1337::12/128; } prefix-list mgmt-nms { 185.110.148.11/32; 185.110.148.12/32; 185.110.150.10/32; 2a06:5841:1337::11/128; 2a06:5841:1337::12/128; } prefix-list icmp_unthrottled-v4 { 185.110.148.0/22; 193.212.22.0/30; } prefix-list icmp_unthrottled-v6 { 2001:4600:9:300::290/126; 2a06:5841::/32; } policy-statement direct-to-ospf { from protocol direct; then { external { type 1; } accept; } } policy-statement static-to-ospf { from protocol static; then { external { type 1; } accept; } } } firewall { family inet { filter protect-mgmt-v4 { term accept-ssh { from { source-prefix-list { mgmt-v4; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then { discard; } } term snmp-nms { from { source-prefix-list { mgmt-v4-nms; } destination-port snmp; } then accept; } term snmp-throttle { from { source-prefix-list { mgmt-v4; } destination-port snmp; } then accept; } term icmp-trusted { from { source-prefix-list { icmp_unthrottled-v4; } protocol icmp; } then accept; } term icmp-throttled { from { protocol icmp; } then accept; } term accept-all { then accept; } } } family inet6 { filter protect-mgmt-v6 { term accept-ssh { from { source-prefix-list { mgmt-v6; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then discard; } term snmp-nms { from { source-prefix-list { mgmt-v6-nms; } destination-port snmp; } then accept; } term snmp-throttle { from { source-prefix-list { mgmt-v6; } destination-port snmp; } then accept; } term icmp-trusted { from { source-prefix-list { icmp_unthrottled-v6; } next-header icmp6; } then accept; } term icmp-throttled { from { next-header icmp6; } then accept; } term accept-all { then accept; } } } } virtual-chassis { preprovisioned; member 0 { role routing-engine; serial-number ; } member 1 { role routing-engine; serial-number ; } member 2 { role line-card; serial-number ; } } ethernet-switching-options { storm-control { interface all; } } vlans { aps_mgmt { vlan-id 777; l3-interface vlan.777; } e1-3 { vlan-id 1013; l3-interface vlan.1013; } e1-4 { vlan-id 1014; l3-interface vlan.1014; } e11-3 { vlan-id 1113; l3-interface vlan.1113; } e11-4 { vlan-id 1114; l3-interface vlan.1114; } e3-3 { vlan-id 1033; l3-interface vlan.1033; } e3-4 { vlan-id 1034; l3-interface vlan.1034; } e5-3 { vlan-id 1053; l3-interface vlan.1053; } e5-4 { vlan-id 1054; l3-interface vlan.1054; } e7-3 { vlan-id 1073; l3-interface vlan.1073; } e7-4 { vlan-id 1074; l3-interface vlan.1074; } e9-3 { vlan-id 1093; l3-interface vlan.1093; } e9-4 { vlan-id 1094; l3-interface vlan.1094; } mgmt { vlan-id 666; l3-interface vlan.666; } } poe { interface all; }