## ex3300-48p ## Last commit: 2023-04-09 11:40:42 CEST by tech version 15.1R7-S4; system { host-name d1.bird; auto-snapshot; domain-name tg23.gathering.org; time-zone Europe/Oslo; /* tacacs primary, failbacks to local users */ authentication-order tacplus; ports { console log-out-on-disconnect; } root-authentication { encrypted-password ""; ## SECRET-DATA } name-server { 2a06:5841:f:d::101; 2a06:5841:f:e::132; } tacplus-server { { secret ""; ## SECRET-DATA source-address 185.110.148.11; } } login { user api { uid 2000; class super-user; authentication { ssh-ed25519 ""; ## SECRET-DATA } } user tech { uid 2001; class super-user; authentication { encrypted-password ""; ## SECRET-DATA } } } services { ssh { root-login deny; no-tcp-forwarding; protocol-version v2; client-alive-count-max 2; client-alive-interval 300; connection-limit 50; rate-limit 5; } netconf { ssh { port 830; } } } syslog { user * { any emergency; } host log.tg23.gathering.org { any warning; authorization info; daemon warning; user warning; change-log any; interactive-commands any; match "!(.*License.*)"; allow-duplicates; facility-override local7; explicit-priority; } /* Oxidized syslog */ host 185.110.148.112 { interactive-commands notice; match UI_COMMIT_COMPLETED; source-address 185.110.148.11; } /* Local logging of syslog message */ file messages { any notice; authorization info; /* Fjerner mye graps i loggene */ match "!(.*License.*|.*EX-BCM PIC.*|.*mojito_i2c_read.*|.*qsfp_tk_read_mem_page.*)"; } /* Local logging of all user-commands typed in the CLI */ file interactive-commands { interactive-commands any; match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; } } commit synchronize; ntp { /* ntp.uio.no */ server 2001:700:100:2::6; } } chassis { aggregated-devices { ethernet { device-count 32; } } alarm { management-ethernet { link-down ignore; } } } interfaces { interface-range all-ports { member ge-*/*/*; member xe-*/*/*; member et-*/*/*; } ge-0/0/0 { description "G: e1.presse ge-0/0/44 (ae206)"; inactive: ether-options { 802.3ad ae206; } unit 0 { family ethernet-switching { port-mode access; vlan { members edge-mgmt; } } } } ge-0/0/1 { description "G: e1.presse ge-0/0/45 (ae206)"; ether-options { 802.3ad ae206; } } ge-0/0/2 { description "G: e1.bird ge-0/0/44 (ae207)"; inactive: ether-options { 802.3ad ae207; } unit 0 { family ethernet-switching { port-mode access; vlan { members edge-mgmt; } } } } ge-0/0/3 { description "G: e1.bird ge-0/0/45 (ae207)"; ether-options { 802.3ad ae207; } } ge-0/0/4 { description "G: e2.bird ge-0/0/44 (ae208)"; inactive: ether-options { 802.3ad ae208; } unit 0 { family ethernet-switching { port-mode access; vlan { members edge-mgmt; } } } } ge-0/0/5 { description "G: e2.bird ge-0/0/45 (ae208)"; ether-options { 802.3ad ae208; } } ge-0/0/8 { description "G: e1.redet ge-0/0/44 (ae211)"; inactive: ether-options { 802.3ad ae211; } unit 0 { family ethernet-switching { port-mode access; vlan { members edge-mgmt; } } } } ge-0/0/9 { description "G: e1.redet ge-0/0/45 (ae211)"; ether-options { 802.3ad ae211; } } ge-0/0/10 { description "G: e1.sec ge-0/0/44 (ae213)"; ether-options { 802.3ad ae213; } inactive: unit 0 { family ethernet-switching { port-mode access; vlan { members edge-mgmt; } } } } ge-0/0/11 { description "G: e1.sec ge-0/0/45 (ae213)"; ether-options { 802.3ad ae213; } } xe-0/1/0 { description "G: d1.ring xe-4/0/2 (ae0)"; ether-options { 802.3ad ae0; } } xe-0/1/1 { description "G: d1.ring xe-4/0/3 (ae0)"; ether-options { 802.3ad ae0; } } ae0 { description "B: d1.ring ae100"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members all; } } } } ae206 { description "B: e1.presse ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ edge-mgmt e1.presse aps-mgmt ssid-the-gathering ]; } } } } ae207 { description "B: e1.bird ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ edge-mgmt e1.bird aps-mgmt ssid-the-gathering ]; } } } } ae208 { description "B: e2.bird ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ edge-mgmt e2.bird aps-mgmt ssid-the-gathering ]; } } } } ae211 { description "B: e1.redet ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ edge-mgmt e1.redet location-beredskap ]; } } } } ae213 { description "B: e1.sec ae0"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ edge-mgmt e1.sec aps-mgmt ssid-the-gathering location-beredskap ]; } } } } lo0 { unit 0 { family inet { filter { input mgmt-v4; } } family inet6 { filter { input mgmt-v6; } } } } vlan { unit 667 { description "switch management"; family inet { filter { input mgmt-v4; } address 185.110.148.11/29; } family inet6 { filter { input mgmt-v6; } address 2a06:5841:f:21::3/64; } } } } snmp { contact ""; community { authorization read-only; client-list-name mgmt; } } event-options { policy ae213down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae213$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/10 unit 0"; "deactivate interfaces ge-0/0/10 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae213 went down so removed ge-0/0/10 from bundle"; } } } } policy ae213up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae213$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/10 unit 0"; "activate interfaces ge-0/0/10 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae213 came up so added ge-0/0/10 to bundle"; } } } } policy ae211down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae211$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/8 unit 0"; "deactivate interfaces ge-0/0/8 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae211 went down so removed ge-0/0/8 from bundle"; } } } } policy ae211up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae211$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/8 unit 0"; "activate interfaces ge-0/0/8 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae211 came up so added ge-0/0/8 to bundle"; } } } } policy ae206down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae206$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/0 unit 0"; "deactivate interfaces ge-0/0/0 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae206 went down so removed ge-0/0/0 from bundle"; } } } } policy ae206up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae206$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/0 unit 0"; "activate interfaces ge-0/0/0 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae206 came up so added ge-0/0/0 to bundle"; } } } } policy ae208down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae208$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/4 unit 0"; "deactivate interfaces ge-0/0/4 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae208 went down so removed ge-0/0/4 from bundle"; } } } } policy ae208up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae208$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/4 unit 0"; "activate interfaces ge-0/0/4 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae208 came up so added ge-0/0/4 to bundle"; } } } } policy ae207down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches "ae207$"; } then { change-configuration { retry count 10 interval 10; commands { "activate interfaces ge-0/0/2 unit 0"; "deactivate interfaces ge-0/0/2 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae207 went down so removed ge-0/0/2 from bundle"; } } } } policy ae207up { events snmp_trap_link_up; attributes-match { snmp_trap_link_up.interface-name matches "ae207$"; } then { change-configuration { retry count 10 interval 10; commands { "deactivate interfaces ge-0/0/2 unit 0"; "activate interfaces ge-0/0/2 ether-options"; } user-name tech; commit-options { log "Autoconfig-script: ae207 came up so added ge-0/0/2 to bundle"; } } } } } routing-options { rib inet.0 { static { route 0.0.0.0/0 next-hop 185.110.148.9; } } rib inet6.0 { static { route ::/0 next-hop 2a06:5841:f:21::1; } } } protocols { igmp-snooping { vlan all; } rstp { bridge-priority 4k; } lldp { port-id-subtype interface-name; port-description-type interface-description; interface all; } } policy-options { prefix-list mgmt-v4 { } prefix-list mgmt-v6 { } /* Merged separate v4- og v6-lister */ prefix-list mgmt { apply-path "policy-options prefix-list <*>"; } } firewall { family inet { filter mgmt-v4 { term accept-ssh { from { source-prefix-list { mgmt-v4; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then { discard; } } term accept-all { then accept; } } } family inet6 { filter mgmt-v6 { term accept-ssh { from { source-prefix-list { mgmt-v6; } destination-port 22; } then accept; } term discard-ssh { from { destination-port 22; } then discard; } term accept-all { then accept; } } } } ethernet-switching-options { secure-access-port { vlan edge-mgmt { dhcp-option82 { circuit-id { prefix hostname; use-vlan-id; } } } } storm-control { interface ae206.0; interface ae207.0; interface ae208.0; interface ae211.0; interface ae213.0; } } vlans { aps-mgmt { vlan-id 777; } distro-mgmt { vlan-id 667; l3-interface vlan.667; } e1.bird { vlan-id 207; } e1.presse { vlan-id 206; } e1.redet { vlan-id 211; } e1.sec { vlan-id 213; } e2.bird { vlan-id 208; } edge-mgmt { vlan-id 666; } event-activites { vlan-id 3002; } event-arena { vlan-id 3000; } event-artnet { vlan-id 3001; } location-beredskap { vlan-id 3003; } ssid-the-gathering { vlan-id 778; } } poe { interface all; }