## Last changed: 2016-03-23 16:00:42 CET version 14.1X53-D30.3; groups { SET_AE_DEFAULTS { interfaces { { aggregated-ether-options { lacp { active; } } } } } SET_OSPF_DEFAULTS { protocols { ospf { reference-bandwidth 1000g; area <*> { interface { bfd-liveness-detection { minimum-interval 100; multiplier 3; } } } } ospf3 { reference-bandwidth 1000g; area <*> { interface { bfd-liveness-detection { minimum-interval 100; multiplier 3; } } } } } } SET_RA_DEFAULTS { protocols { router-advertisement { interface <*> { max-advertisement-interval 15; managed-configuration; } } } } } system { host-name standgw; auto-snapshot; time-zone Europe/Oslo; authentication-order tacplus; root-authentication { encrypted-password ""; } name-server { 185.110.149.2; 185.110.148.2; 2a06:5841:149a::2; 2a06:5841:1337::2; } tacplus-server { 134.90.150.164 { secret ""; source-address 185.110.148.67; } } login { user technet { uid 2000; class super-user; authentication { encrypted-password ""; } } } services { ssh { root-login deny; no-tcp-forwarding; client-alive-count-max 2; client-alive-interval 300; connection-limit 5; rate-limit 5; } netconf { ssh { connection-limit 3; rate-limit 3; } } } syslog { user * { any emergency; } host 185.110.148.17 { any info; authorization info; port 515; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } /* Save changes to central site */ archival { configuration { transfer-on-commit; archive-sites { "scp://user@host/some/folder/" password ""; } } } commit synchronize; ntp { server 2001:700:100:2::6; } } chassis { aggregated-devices { ethernet { device-count 32; } } } interfaces { apply-groups SET_AE_DEFAULTS; xe-0/0/0 { description Grevious; unit 0 { family ethernet-switching { interface-mode access; vlan { members eventnett_stand; } } } } xe-0/0/1 { description "ae mot rey"; ether-options { 802.3ad ae1; } } xe-0/0/2 { description "ae mot bb-8"; ether-options { 802.3ad ae2; } } xe-0/0/3 { description chewbacca; unit 0 { description chewbacca; family ethernet-switching { interface-mode trunk; vlan { members [ servernett eventnett_stand ]; } } } } xe-0/0/4 { description "Link mot Resepsjonen"; unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ klientnett_resepsjonen klientnett_medic mgmt security ]; } } } } xe-0/0/47 { description "ae mot standsw"; ether-options { 802.3ad ae31; } } et-0/0/48 { description "link til nocgw"; unit 0 { family inet { address 185.110.148.133/31; } family inet6; } } xe-1/0/0 { description "ae mot finn"; ether-options { 802.3ad ae4; } } xe-1/0/1 { description "ae mot obi-wan"; ether-options { 802.3ad ae5; } } xe-1/0/2 { description "ae mot han"; ether-options { 802.3ad ae6; } } xe-1/0/3 { description "ae mot yoda"; ether-options { 802.3ad ae7; } } xe-1/0/4 { description "ae mot palpatine"; ether-options { 802.3ad ae8; } } xe-1/0/47 { description "ae mot standsw"; ether-options { 802.3ad ae31; } } xe-2/0/0 { description "ae mot finn"; ether-options { 802.3ad ae4; } } xe-2/0/1 { description "ae mot obi-wan"; ether-options { 802.3ad ae5; } } xe-2/0/2 { description "ae mot han"; ether-options { 802.3ad ae6; } } xe-2/0/3 { description "ae mot yoda"; ether-options { 802.3ad ae7; } } xe-2/0/4 { description "ae mot palpatine"; ether-options { 802.3ad ae8; } } inactive: xe-3/0/0 { description "ae mot grievous"; ether-options { 802.3ad ae0; } } xe-3/0/1 { description "ae mot rey"; ether-options { 802.3ad ae1; } } xe-3/0/2 { description "ae mot bb-8"; ether-options { 802.3ad ae2; } } xe-3/0/3 { description chewbacca; unit 0 { description chewbacca; family ethernet-switching { interface-mode trunk; vlan { members [ servernett eventnett_stand ]; } } } } et-3/0/48 { description "link mot coregw"; ether-options { 802.3ad ae30; } } et-3/0/49 { description "link mot coregw"; ether-options { 802.3ad ae30; } } inactive: ae0 { description grievous; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { interface-mode access; vlan { members eventnett_stand; } } } } ae1 { aggregated-ether-options { lacp { active; } } unit 0 { description rey; family ethernet-switching { interface-mode access; vlan { members servernett; } } } } ae2 { aggregated-ether-options { lacp { active; } } unit 0 { description bb-8; family ethernet-switching { interface-mode access; vlan { members servernett; } } } } ae3 { aggregated-ether-options { lacp { active; } } unit 0 { description chewbacca; family ethernet-switching { interface-mode trunk; vlan { members [ servernett eventnett_stand ]; } } } } ae4 { aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { interface-mode access; vlan { members servernett; } } } } ae5 { aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { interface-mode access; vlan { members servernett; } } } } ae6 { aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { interface-mode access; vlan { members servernett; } } } } ae7 { aggregated-ether-options { lacp { active; } } unit 0 { description "ae til yoda"; family ethernet-switching { interface-mode access; vlan { members servernett; } } } } ae8 { aggregated-ether-options { lacp { active; } } unit 0 { description "ae til palpatine"; family ethernet-switching { interface-mode access; vlan { members eventnett_stand; } } } } ae30 { description "AE mot coregw"; unit 0 { family inet { address 185.110.148.134/31; } family inet6; } } ae31 { description "ae til stand-ex3300-vc"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ mgmt eventnett_stand servernett deltaker_wifi noc_wifi aps klientnett_sponsorgate deltagerserbere ]; } } } } irb { unit 100 { description deltaker_wifi; family inet { address 88.92.96.1/19; } } unit 101 { description noc_wifi; family inet { address 185.110.151.1/27; } } unit 244 { description "Klientnett resepsjonen"; family inet { address 88.92.70.1/24; } family inet6 { address 2a06:5840:70::1/64; } } unit 245 { description "Klientnett Medic"; family inet { address 88.92.71.1/24; } family inet6 { address 2a06:5840:71::1/64; } } unit 246 { description "Klientnett Sponsorgate"; family inet { address 88.92.72.1/24; } family inet6 { address 2a06:5840:72::1/64; } } unit 280 { description deltagerserbere; family inet { address 88.92.95.1/25; } family inet6 { address 2a06:5840:95a::1/64; } } unit 300 { description "AP nett for nocgw"; family inet { address 88.92.53.1/29; } } unit 1481 { description servernett; family inet { address 185.110.148.1/26; } family inet6 { address 2a06:5841:1337::1/64; } } unit 1482 { description "servernett stand"; family inet { address 185.110.149.65/26; } family inet6 { address 2a06:5841:149b::65/64; } } unit 3000 { family inet { filter { input v4-security; output v4-security; } address 10.30.30.1/24; } } unit 3911 { description stand-ex3300-mgmt; family inet { address 88.92.57.97/28; } family inet6 { address 2a06:5840:574::97/64; } } } lo0 { unit 0 { family inet { address 185.110.148.67/32; } family inet6 { address 2a06:5841:148b::67/64; } } } } snmp { community { authorization read-only; client-list-name mgmt; } community { authorization read-only; client-list-name mgmt-nms; } } forwarding-options { dhcp-relay { dhcpv6 { group all { interface irb.100; interface irb.101; interface irb.1481; } server-group { v6-dhcp { 2a06:5841:149a::2; 2a06:5841:1337::2; } } active-server-group v6-dhcp; } server-group { v4-dhcp { 185.110.149.2; 185.110.148.2; } } active-server-group v4-dhcp; group all { overrides { trust-option-82; } interface irb.100; interface irb.101; interface irb.244; interface irb.245; interface irb.246; interface irb.280; interface irb.300; interface irb.1481; } } } protocols { apply-groups [ SET_OSPF_DEFAULTS SET_RA_DEFAULTS ]; router-advertisement { interface irb.1481; interface irb.101; interface irb.246; interface irb.244; interface irb.245; interface irb.100; interface irb.280; } ospf { export [ redistribute-direct redistribute-static ]; reference-bandwidth 1000g; area 0.0.0.0 { interface et-0/0/48.0; interface ae30.0; } } ospf3 { export [ redistribute-direct redistribute-static ]; reference-bandwidth 1000g; area 0.0.0.0 { interface et-0/0/48.0; interface et-1/0/48.0; interface ae30.0; } } lldp { management-address 185.110.148.67; interface all; } lldp-med { interface all; } } policy-options { prefix-list mgmt-v4 { /* KANDU PA-nett (brukt på servere, infra etc) */ 185.110.148.0/22; } prefix-list mgmt-v6 { /* KANDU PA-nett (den delen som er brukt på servere, infra etc) */ 2a06:5841::/32; } /* sammenslÃ¥tt av separate v4- og v6-lister */ prefix-list mgmt { 185.110.148.0/22; 2a06:5841::/32; } /* NMS boxes - separate list to give full speed to SNMP read */ prefix-list mgmt-v4-nms { 185.110.148.11/32; 185.110.148.12/32; } /* NMS boxes - separate list to give full speed to SNMP read */ prefix-list mgmt-v6-nms { 2a06:5841:1337::11/128; 2a06:5841:1337::12/128; } /* NMS boxes - separate list to give full speed to SNMP read */ prefix-list mgmt-nms { 185.110.148.11/32; 185.110.148.12/32; 185.110.150.10/32; 2a06:5841:1337::11/128; 2a06:5841:1337::12/128; } prefix-list icmp_unthrottled-v4 { 185.110.148.0/22; 193.212.22.0/30; } prefix-list icmp_unthrottled-v6 { 2001:4600:9:300::290/126; 2a06:5841::/32; } policy-statement direct-to-ospf { from protocol direct; then { external { type 1; } accept; } } policy-statement redistribute-direct { from protocol direct; then { external { type 1; } accept; } } policy-statement redistribute-static { from protocol static; then { external { type 1; } accept; } } policy-statement static-to-ospf { from protocol static; then { external { type 1; } accept; } } } firewall { family inet { filter protect-mgmt-v4 { term accept-ssh { from { source-prefix-list { mgmt-v4; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then { discard; } } term snmp-nms { from { source-prefix-list { mgmt-v4-nms; } destination-port snmp; } then accept; } term snmp-throttle { from { source-prefix-list { mgmt-v4; } destination-port snmp; } then accept; } term icmp-trusted { from { source-prefix-list { icmp_unthrottled-v4; } protocol icmp; } then accept; } term icmp-throttled { from { protocol icmp; } then accept; } term accept-all { then accept; } } } family inet6 { filter protect-mgmt-v6 { term accept-ssh { from { source-prefix-list { inactive: mgmt-v6; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then discard; } term snmp-nms { from { source-prefix-list { mgmt-v6-nms; } destination-port snmp; } then accept; } term snmp-throttle { from { source-prefix-list { mgmt-v6; } destination-port snmp; } then accept; } term icmp-trusted { from { source-prefix-list { icmp_unthrottled-v6; } next-header icmp6; } then accept; } term icmp-throttled { from { next-header icmp6; } then accept; } term accept-all { then accept; } } } filter v4-security { term accept-security { from { source-address { 10.30.0.0/16; } destination-address { 10.30.0.0/16; } } then accept; } term discard-all { then { discard; } } } } virtual-chassis { preprovisioned; member 0 { role routing-engine; serial-number ; } member 1 { role routing-engine; serial-number ; } member 2 { role line-card; serial-number ; } member 3 { role line-card; serial-number ; } member 4 { role line-card; serial-number ; } } vlans { aps { vlan-id 300; l3-interface irb.300; } deltagerserbere { vlan-id 280; l3-interface irb.280; } deltaker_wifi { vlan-id 100; l3-interface irb.100; } eventnett_stand { vlan-id 1482; l3-interface irb.1482; } klientnett_medic { vlan-id 245; l3-interface irb.245; } klientnett_resepsjonen { vlan-id 244; l3-interface irb.244; } klientnett_sponsorgate { vlan-id 246; l3-interface irb.246; } mgmt { vlan-id 3911; l3-interface irb.3911; } noc_wifi { vlan-id 101; l3-interface irb.101; } security { vlan-id 3000; l3-interface irb.3000; } servernett { vlan-id 1481; l3-interface irb.1481; } }