## Last changed: 2015-04-05 07:41:52 UTC version 14.1X53-D15.2; system { host-name e25-2; auto-snapshot; domain-name infra.gathering.org; time-zone Europe/Oslo; authentication-order tacplus; root-authentication { encrypted-password ""; } name-server { 185.110.149.2; 185.110.148.2; 2a06:5841:149a::2; 2a06:5841:1337::2; } tacplus-server { 134.90.150.164 { secret ""; source-address 88.92.54.195; } } login { user technet { uid 2000; class super-user; authentication { encrypted-password ""; } } } services { ssh { root-login deny; no-tcp-forwarding; client-alive-count-max 2; client-alive-interval 300; connection-limit 5; rate-limit 5; } netconf { ssh { connection-limit 3; rate-limit 3; } } } syslog { user * { any emergency; } host 185.110.148.17 { any info; authorization info; port 515; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } /* Save changes to central site */ archival { configuration { transfer-on-commit; archive-sites { "scp://user@host/some/folder/" password ""; } } } commit synchronize; ntp { server 2001:700:100:2::6; } } chassis { aggregated-devices { ethernet { device-count 1; } } alarm { management-ethernet { link-down ignore; } } } interfaces { interface-range edge-ports { member-range ge-0/0/0 to ge-0/0/43; description Clients; unit 0 { family ethernet-switching { port-mode access; vlan { members clients; } } } } interface-range core-ports { member-range ge-0/0/44 to ge-0/0/47; description "distro3 ge-0/0/1"; ether-options { 802.3ad ae0; } } ae0 { description "distro3 ge-0/0/1"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ clients mgmt ]; } } } } vlan { unit 666 { description "MGMT L3 interface"; family inet { filter { input v4-mgmt; } address 88.92.54.195/26; } inactive: family inet6 { filter { input v6-mgmt; } address 2a06:5840:54d::195/64; } } } } snmp { community { authorization read-only; client-list-name mgmt; } community { authorization read-only; client-list-name mgmt-nms; } } routing-options { rib inet.0 { static { route 0.0.0.0/0 next-hop 88.92.54.193; } } } protocols { sflow { sample-rate { ingress 10000; egress 10000; } source-ip 88.92.54.195; collector ; collector ; interfaces core-ports; interfaces edge-ports; } igmp-snooping { vlan all { version 3; immediate-leave; } } rstp { bridge-priority 8k; interface edge-ports { edge; no-root-port; } } lldp { management-address 88.92.54.195; interface ae0.0; } } policy-options { prefix-list mgmt-v4 { /* KANDU PA-nett (brukt på servere, infra etc) */ 185.110.148.0/22; } prefix-list mgmt-v6 { /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ 2a06:5841::/32; } /* Merged separate v4- og v6-lister */ prefix-list mgmt { 185.110.148.0/22; 2a06:5841::/32; } /* NMS boxes - separate list to give full speed to SNMP read */ prefix-list mgmt-v4-nms { 185.110.148.11/32; 185.110.148.12/32; } /* NMS boxes - separate list to give full speed to SNMP read */ prefix-list mgmt-v6-nms { 2a06:5841:1337::11/128; 2a06:5841:1337::12/128; } /* NMS boxes - separate list to give full speed to SNMP read */ prefix-list mgmt-nms { 185.110.148.11/32; 185.110.148.12/32; 185.110.150.10/32; 2a06:5841:1337::11/128; 2a06:5841:1337::12/128; } } firewall { family inet { filter v4-mgmt { term accept-ssh { from { source-prefix-list { mgmt-v4; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then { discard; } } term accept-all { then accept; } } } family inet6 { filter v6-mgmt { term accept-ssh { from { source-prefix-list { mgmt-v6; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then discard; } term accept-all { then accept; } } } } vlans { clients { vlan-id 1252; } mgmt { vlan-id 666; l3-interface vlan.666; } }