system { host-name $hostname; auto-snapshot; time-zone Europe/Oslo; authentication-order [ tacplus password ]; root-authentication { encrypted-password "$1$v1xWD3zI$OhStP6PnpgIUO3RLtMmIJ/"; } name-server { 1.1.1.1; 2.2.2.2; } login { user technet{ uid 2000; class super-user; authentication { encrypted-password "$1$v1xWD3zI$OhStP6PnpgIUO3RLtMmIJ/"; } } } services { ssh { root-login deny; } netconf { ssh; } } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } ntp { server 1.2.3.4; server 2.3.4.5; } } chassis { aggregated-devices { ethernet { device-count 1; } } } interfaces { interface-range edge-ports { member-range ge-0/0/0 to ge-0/0/43; unit 0 { family ethernet-switching { port-mode access; vlan { members deltagere; } } } } interface-range core-ports { member-range ge-0/0/44 to ge-0/0/47; ether-options { 802.3ad ae0; } } ae0 { description "Til $distro_name $distro_phy_port"; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { port-mode trunk; vlan { members [deltagere mgmt]; } } } } vlan { unit $mgmt_vlan { description "MGMT L3 interface"; family inet { filter { input v4-mgmt; } address $mgmt_addr/$mgmt_cidr; } family inet6 { filter { input v6-mgmt; } address $mgmt_v6_addr/$mgmt_v6_cidr; } } } } firewall { family inet { filter v4-mgmt { term accept-noc { from { source-address { 0.0.0.0/0; } } then accept; } term accept-icmp { from { protocol icmp; } then { accept; } } term reject-all { then { log; syslog; reject; } } } } family inet6 { filter v6-mgmt { term accept-noc { from { source-address { ::/0; } } then accept; } term accept-icmp { from { next-header icmp6; } then { accept; } } term reject-all { then { log; syslog; reject; } } } } } protocols { sflow { sample-rate { ingress 10000; egress 10000; } collector 91.209.30.12; interfaces edge-ports; interfaces core-ports; } igmp-snooping { vlan all { version 3; immediate-leave; } } mld-snooping { vlan all { version 2; immediate-leave; } } rstp { bridge-priority 8k; interface edge-ports { edge; no-root-port; } } lldp { interface ae0.0 } } vlans { deltagere { vlan-id $traffic_vlan; } mgmt { vlan-id $mgmt_vlan; l3-interface vlan.$mgmt_vlan; } } routing-options { rib inet.0 { static { route 0.0.0.0/0 { next-hop $mgmt_gw; } } } rib inet6.0 { static { route ::/0 { next-hop $mgmt_v6_gw; } } } }