## Last changed: 2019-04-17 16:58:03 CEST version 15.1R6.7; system { host-name e69-4; auto-snapshot; domain-name tg19.gathering.org; time-zone Europe/Oslo; authentication-order tacplus; root-authentication { encrypted-password ""; } name-server { 2a06:5841:a:103::62; 2a06:5841:a:104::126; } tacplus-server { 134.90.150.164 secret ""; } login { user technet { uid 2000; class super-user; authentication { encrypted-password ""; } } } services { ssh { root-login deny; no-tcp-forwarding; protocol-version v2; client-alive-count-max 2; client-alive-interval 300; connection-limit 50; rate-limit 5; } netconf { ssh { port 830; } } } syslog { user * { any emergency; } host log.tg19.gathering.org { any warning; authorization info; daemon warning; user warning; change-log any; interactive-commands any; match "!(.*License.*)"; allow-duplicates; facility-override local7; explicit-priority; } /* Local logging of syslog message */ file messages { any notice; authorization info; } /* Local logging of all user-commands typed in the CLI */ file interactive-commands { interactive-commands any; match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; } } /* Save changes to central site */ archival { configuration { transfer-on-commit; archive-sites { "scp://user@host/some/folder/" password ""; } } } commit synchronize; ntp { /* ntp.uio.no */ server 2001:700:100:2::6; } } chassis { aggregated-devices { ethernet { device-count 2; } } alarm { management-ethernet { link-down ignore; } } } security { ssh-known-hosts { host { ecdsa-sha2-nistp256-key ; } } } interfaces { interface-range all-ports { member ge-*/*/*; member xe-*/*/*; member et-*/*/*; } interface-range edge-ports { member-range ge-0/0/0 to ge-0/0/43; description Clients; unit 0 { family ethernet-switching { port-mode access; vlan { members clients; } } } } interface-range uplink-ports { member-range ge-0/0/44 to ge-0/0/46; description "G: s6.floor"; ether-options { 802.3ad ae0; } } interface-range unused-ports { member ge-0/0/47; description not-in-use; } ae0 { description "B: s6.floor"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ clients mgmt ]; } } } } lo0 { unit 0 { family inet { filter { input mgmt-v4; } address 127.0.0.1/32; } family inet6 { filter { input mgmt-v6; } address ::1/128; } } } vlan { unit 666 { description "Switch mgmt"; family inet { filter { input mgmt-v4; } address 88.92.1.77/26; } family inet6 { filter { input mgmt-v6; } address 2a06:5841:d:6::77/64; } } } } snmp { contact NOC; community { authorization read-only; client-list-name mgmt; } } routing-options { rib inet.0 { static { route 0.0.0.0/0 next-hop 88.92.1.65; } } rib inet6.0 { static { route ::/0 next-hop 2a06:5841:d:6::1; } } } protocols { sflow { sample-rate { ingress 10000; egress 10000; } collector ; interfaces all-ports; } igmp-snooping { vlan all { version 3; immediate-leave; } } inactive: mld-snooping { vlan all { version 2; immediate-leave; } } rstp { bridge-priority 32k; interface edge-ports { edge; no-root-port; } } lldp { interface uplink-ports; } } policy-options { prefix-list mgmt-v4 { } prefix-list mgmt-v6 { } /* Merged separate v4- og v6-lister */ prefix-list mgmt { apply-path "policy-options prefix-list <*>"; } } firewall { family inet { filter mgmt-v4 { term accept-ssh { from { source-prefix-list { mgmt-v4; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then { discard; } } term accept-all { then accept; } } } family inet6 { filter mgmt-v6 { term accept-ssh { from { source-prefix-list { mgmt-v6; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then discard; } term accept-all { then accept; } } } } ethernet-switching-options { secure-access-port { interface edge-ports { no-dhcp-trusted; } vlan clients { arp-inspection; examine-dhcp; examine-dhcpv6; neighbor-discovery-inspection; ip-source-guard; ipv6-source-guard; dhcp-option82 { circuit-id { use-vlan-id; } } no-option-37; inactive: dhcpv6-option18 { use-option-82; } } ipv6-source-guard-sessions { max-number 128; } } storm-control { action-shutdown; interface edge-ports { bandwidth 20000; multicast; } } } vlans { clients { vlan-id 1694; } mgmt { vlan-id 666; l3-interface vlan.666; } } poe { interface all; }