Browse Source

Add network configs

master
root 2 years ago
parent
commit
bd5447e1ff
4 changed files with 1315 additions and 0 deletions
  1. +457
    -0
      rb_latest_config.txt
  2. +181
    -0
      rb_latest_config_display_set.txt
  3. +397
    -0
      rb_latest_config_sebastian
  4. +280
    -0
      rb_latest_config_steve

+ 457
- 0
rb_latest_config.txt View File

@@ -0,0 +1,457 @@
version 12.1X46-D40.2;
system {
host-name cerberus;
time-zone GMT;
root-authentication {
encrypted-password "$1$5a81bcLc$1iBwYxR5QREg0cGBty1G.1"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
login {
message "#############################################################################################################################\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t All connections are monitored and recorded \t\t \n\t\t Disconnect IMMEDIATELY if you are not an authorized user!\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n##############################################################################################################################";
user admin {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$PhkoFBjA$ljDz7mgHnfwgFjcEH1lUo0"; ## SECRET-DATA
}
}
user kyle {
uid 2002;
class super-user;
authentication {
encrypted-password "$1$TXCvgFds$SFfnLuVj1EDmkfJeYh5Rk0"; ## SECRET-DATA
}
}
}
services {
ssh;
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
host log.internal {
explicit-priority;
structured-data {
brief;
}
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
source-address 192.168.0.30;
}
max-configurations-on-flash 49;
max-configuration-rollbacks 49;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server time.dcu.ie;
}
}
interfaces {
ge-0/0/0 {
description "Link to DCU Core";
unit 0 {
family inet {
address 136.206.33.142/26;
}
}
}
ge-0/0/1 {
description "Trunk Link to Sebastian";
vlan-tagging;
unit 0 {
vlan-id 0;
}
unit 1 {
vlan-id 3;
family inet {
address 192.168.0.254/24;
}
}
unit 2 {
vlan-id 4;
family inet {
address 192.168.1.254/24;
}
}
unit 16 {
vlan-id 16;
family inet {
address 136.206.16.254/24;
}
}
unit 122 {
vlan-id 122;
family inet {
address 136.206.15.254/24;
}
}
unit 999 {
vlan-id 999;
family inet {
address 172.168.1.1/24;
}
}
}
ge-0/0/5 {
description "VPN Management";
unit 0 {
family inet {
address 136.206.16.254/24;
}
}
}
ge-0/0/7 {
vlan-tagging;
unit 0 {
vlan-id 0;
}
unit 30 {
vlan-id 30;
family inet {
address 1.1.1.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 136.206.33.190;
}
resolution;
}
protocols {
lldp {
interface all;
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
pool nat_EMAIL {
address {
136.206.15.5/32;
}
}
rule-set OUT-TEST {
from zone trust;
to zone WAN;
rule EMAIL_OUT {
match {
source-address 192.168.0.135/32;
}
then {
source-nat {
pool {
nat_EMAIL;
}
}
}
}
inactive: rule r1 {
match {
source-address [ 172.168.1.0/24 192.168.0.1/24 ];
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool nat_Test {
address 192.168.0.135/32;
}
rule-set rs1 {
from interface ge-0/0/0.0;
rule r1 {
match {
destination-address 136.206.15.5/32;
}
then {
destination-nat {
pool {
nat_Test;
}
}
}
}
}
}
}
policies {
from-zone WAN to-zone ServersPublic {
policy dcu_access {
match {
source-address dcu_supernet;
destination-address redbrick_primary_subnet;
application [ junos-http junos-https junos-dns-udp junos-dns-tcp junos-ldap LDAPS ];
}
then {
permit;
}
}
inactive: policy MOSH {
match {
source-address any;
destination-address MOSH_ACCESS;
application junos-ssh;
}
then {
permit;
}
}
policy GAME_SOC_ACCESS {
match {
source-address any;
destination-address GAME_SOC_SERVER;
application any;
}
then {
permit;
}
}
policy internet_access {
match {
source-address any;
destination-address redbrick_primary_subnet;
application [ junos-http junos-https junos-ssh junos-smtp junos-pop3 junos-imap junos-imaps junos-dns-tcp junos-dns-udp irc_peering_tcp_6668 irc_tls_tcp_6697 irc_tcp_6667 pop3s_tcp_995 tcp_465 ];
}
then {
permit;
}
}
policy drop_and_log {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone ServersPublic to-zone WAN {
policy DENY_MOSH {
match {
source-address MOSH_ACCESS;
destination-address any;
application junos-ssh;
}
then {
permit;
}
}
policy Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone WAN {
policy Allow-All {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone WAN to-zone trust {
policy test_inbound {
match {
source-address any;
destination-address test;
application any;
}
then {
permit;
log {
session-close;
}
}
}
}
from-zone VPN to-zone WAN {
policy Management_ACCESS {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-close;
}
}
}
}
from-zone WAN to-zone VPN {
policy VPN_IN {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-close;
}
}
}
}
}
zones {
security-zone ServersPublic {
address-book {
address redbrick_primary_subnet 136.206.15.0/24;
address GAME_SOC_SERVER 136.206.15.41/32;
address MOSH_ACCESS 136.206.15.73/32;
}
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
ge-0/0/1.122;
ge-0/0/1.16;
}
}
security-zone WAN {
address-book {
address dcu_supernet 136.206.0.0/16;
address GAME_SOC_SERVER 136.206.15.41/32;
address MOSH_ACCESS 136.206.15.73/32;
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ssh;
ping;
}
}
}
}
}
security-zone trust {
address-book {
address test 192.168.0.135/32;
}
host-inbound-traffic {
system-services {
ping;
ssh;
}
}
interfaces {
ge-0/0/1.1;
ge-0/0/1.2;
ge-0/0/1.999;
ge-0/0/7.30;
}
}
security-zone VPN {
host-inbound-traffic {
system-services {
ping;
ssh;
}
}
interfaces {
ge-0/0/5.0;
}
}
}
}
applications {
application irc_peering_tcp_6668 {
protocol tcp;
destination-port 6668;
description "IRC Peering";
}
application irc_tcp_6667 {
protocol tcp;
destination-port 6667;
description IRC;
}
application irc_tls_tcp_6697 {
protocol tcp;
destination-port 6697;
description "IRC TLS";
}
application tcp_465 {
protocol tcp;
destination-port 465;
description "Mail? d_fens requested";
}
application pop3s_tcp_995 {
protocol tcp;
destination-port 995;
description POP3S;
}
application LDAPS {
protocol tcp;
destination-port 636;
description LDAPS;
}
}

+ 181
- 0
rb_latest_config_display_set.txt View File

@@ -0,0 +1,181 @@
set version 12.1X46-D40.2
set system host-name cerberus
set system time-zone GMT
set system root-authentication encrypted-password "$1$5a81bcLc$1iBwYxR5QREg0cGBty1G.1"
set system name-server 208.67.222.222
set system name-server 208.67.220.220
set system name-resolution no-resolve-on-input
set system login message "#############################################################################################################################\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t All connections are monitored and recorded \t\t \n\t\t Disconnect IMMEDIATELY if you are not an authorized user!\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n##############################################################################################################################"
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "$1$PhkoFBjA$ljDz7mgHnfwgFjcEH1lUo0"
set system login user kyle uid 2002
set system login user kyle class super-user
set system login user kyle authentication encrypted-password "$1$TXCvgFds$SFfnLuVj1EDmkfJeYh5Rk0"
set system services ssh
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog host log.internal explicit-priority
set system syslog host log.internal structured-data brief
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system syslog source-address 192.168.0.30
set system max-configurations-on-flash 49
set system max-configuration-rollbacks 49
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server time.dcu.ie
set interfaces ge-0/0/0 description "Link to DCU Core"
set interfaces ge-0/0/0 unit 0 family inet address 136.206.33.142/26
set interfaces ge-0/0/1 description "Trunk Link to Sebastian"
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 unit 0 vlan-id 0
set interfaces ge-0/0/1 unit 1 vlan-id 3
set interfaces ge-0/0/1 unit 1 family inet address 192.168.0.254/24
set interfaces ge-0/0/1 unit 2 vlan-id 4
set interfaces ge-0/0/1 unit 2 family inet address 192.168.1.254/24
set interfaces ge-0/0/1 unit 16 vlan-id 16
set interfaces ge-0/0/1 unit 16 family inet address 136.206.16.254/24
set interfaces ge-0/0/1 unit 122 vlan-id 122
set interfaces ge-0/0/1 unit 122 family inet address 136.206.15.254/24
set interfaces ge-0/0/1 unit 999 vlan-id 999
set interfaces ge-0/0/1 unit 999 family inet address 172.168.1.1/24
set interfaces ge-0/0/5 description "VPN Management"
set interfaces ge-0/0/5 unit 0 family inet address 136.206.16.254/24
set interfaces ge-0/0/7 vlan-tagging
set interfaces ge-0/0/7 unit 0 vlan-id 0
set interfaces ge-0/0/7 unit 30 vlan-id 30
set interfaces ge-0/0/7 unit 30 family inet address 1.1.1.1/24
set routing-options static route 0.0.0.0/0 next-hop 136.206.33.190
set routing-options resolution
set protocols lldp interface all
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source pool nat_EMAIL address 136.206.15.5/32
set security nat source rule-set OUT-TEST from zone trust
set security nat source rule-set OUT-TEST to zone WAN
set security nat source rule-set OUT-TEST rule EMAIL_OUT match source-address 192.168.0.135/32
set security nat source rule-set OUT-TEST rule EMAIL_OUT then source-nat pool nat_EMAIL
set security nat source rule-set OUT-TEST rule r1 match source-address 172.168.1.0/24
set security nat source rule-set OUT-TEST rule r1 match source-address 192.168.0.1/24
set security nat source rule-set OUT-TEST rule r1 then source-nat interface
deactivate security nat source rule-set OUT-TEST rule r1
set security nat destination pool nat_Test address 192.168.0.135/32
set security nat destination rule-set rs1 from interface ge-0/0/0.0
set security nat destination rule-set rs1 rule r1 match destination-address 136.206.15.5/32
set security nat destination rule-set rs1 rule r1 then destination-nat pool nat_Test
set security policies from-zone WAN to-zone ServersPublic policy dcu_access match source-address dcu_supernet
set security policies from-zone WAN to-zone ServersPublic policy dcu_access match destination-address redbrick_primary_subnet
set security policies from-zone WAN to-zone ServersPublic policy dcu_access match application junos-http
set security policies from-zone WAN to-zone ServersPublic policy dcu_access match application junos-https
set security policies from-zone WAN to-zone ServersPublic policy dcu_access match application junos-dns-udp
set security policies from-zone WAN to-zone ServersPublic policy dcu_access match application junos-dns-tcp
set security policies from-zone WAN to-zone ServersPublic policy dcu_access match application junos-ldap
set security policies from-zone WAN to-zone ServersPublic policy dcu_access match application LDAPS
set security policies from-zone WAN to-zone ServersPublic policy dcu_access then permit
set security policies from-zone WAN to-zone ServersPublic policy MOSH match source-address any
set security policies from-zone WAN to-zone ServersPublic policy MOSH match destination-address MOSH_ACCESS
set security policies from-zone WAN to-zone ServersPublic policy MOSH match application junos-ssh
set security policies from-zone WAN to-zone ServersPublic policy MOSH then permit
deactivate security policies from-zone WAN to-zone ServersPublic policy MOSH
set security policies from-zone WAN to-zone ServersPublic policy GAME_SOC_ACCESS match source-address any
set security policies from-zone WAN to-zone ServersPublic policy GAME_SOC_ACCESS match destination-address GAME_SOC_SERVER
set security policies from-zone WAN to-zone ServersPublic policy GAME_SOC_ACCESS match application any
set security policies from-zone WAN to-zone ServersPublic policy GAME_SOC_ACCESS then permit
set security policies from-zone WAN to-zone ServersPublic policy internet_access match source-address any
set security policies from-zone WAN to-zone ServersPublic policy internet_access match destination-address redbrick_primary_subnet
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application junos-http
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application junos-https
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application junos-ssh
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application junos-smtp
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application junos-pop3
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application junos-imap
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application junos-imaps
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application junos-dns-tcp
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application junos-dns-udp
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application irc_peering_tcp_6668
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application irc_tls_tcp_6697
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application irc_tcp_6667
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application pop3s_tcp_995
set security policies from-zone WAN to-zone ServersPublic policy internet_access match application tcp_465
set security policies from-zone WAN to-zone ServersPublic policy internet_access then permit
set security policies from-zone WAN to-zone ServersPublic policy drop_and_log match source-address any
set security policies from-zone WAN to-zone ServersPublic policy drop_and_log match destination-address any
set security policies from-zone WAN to-zone ServersPublic policy drop_and_log match application any
set security policies from-zone WAN to-zone ServersPublic policy drop_and_log then deny
set security policies from-zone WAN to-zone ServersPublic policy drop_and_log then log session-init
set security policies from-zone WAN to-zone ServersPublic policy drop_and_log then log session-close
set security policies from-zone ServersPublic to-zone WAN policy DENY_MOSH match source-address MOSH_ACCESS
set security policies from-zone ServersPublic to-zone WAN policy DENY_MOSH match destination-address any
set security policies from-zone ServersPublic to-zone WAN policy DENY_MOSH match application junos-ssh
set security policies from-zone ServersPublic to-zone WAN policy DENY_MOSH then permit
set security policies from-zone ServersPublic to-zone WAN policy Internet match source-address any
set security policies from-zone ServersPublic to-zone WAN policy Internet match destination-address any
set security policies from-zone ServersPublic to-zone WAN policy Internet match application any
set security policies from-zone ServersPublic to-zone WAN policy Internet then permit
set security policies from-zone trust to-zone WAN policy Allow-All match source-address any
set security policies from-zone trust to-zone WAN policy Allow-All match destination-address any
set security policies from-zone trust to-zone WAN policy Allow-All match application any
set security policies from-zone trust to-zone WAN policy Allow-All then permit
set security policies from-zone WAN to-zone trust policy test_inbound match source-address any
set security policies from-zone WAN to-zone trust policy test_inbound match destination-address test
set security policies from-zone WAN to-zone trust policy test_inbound match application any
set security policies from-zone WAN to-zone trust policy test_inbound then permit
set security policies from-zone WAN to-zone trust policy test_inbound then log session-close
set security policies from-zone VPN to-zone WAN policy Management_ACCESS match source-address any
set security policies from-zone VPN to-zone WAN policy Management_ACCESS match destination-address any
set security policies from-zone VPN to-zone WAN policy Management_ACCESS match application any
set security policies from-zone VPN to-zone WAN policy Management_ACCESS then permit
set security policies from-zone VPN to-zone WAN policy Management_ACCESS then log session-close
set security policies from-zone WAN to-zone VPN policy VPN_IN match source-address any
set security policies from-zone WAN to-zone VPN policy VPN_IN match destination-address any
set security policies from-zone WAN to-zone VPN policy VPN_IN match application any
set security policies from-zone WAN to-zone VPN policy VPN_IN then permit
set security policies from-zone WAN to-zone VPN policy VPN_IN then log session-close
set security zones security-zone ServersPublic address-book address redbrick_primary_subnet 136.206.15.0/24
set security zones security-zone ServersPublic address-book address GAME_SOC_SERVER 136.206.15.41/32
set security zones security-zone ServersPublic address-book address MOSH_ACCESS 136.206.15.73/32
set security zones security-zone ServersPublic interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
set security zones security-zone ServersPublic interfaces ge-0/0/1.122
set security zones security-zone ServersPublic interfaces ge-0/0/1.16
set security zones security-zone WAN address-book address dcu_supernet 136.206.0.0/16
set security zones security-zone WAN address-book address GAME_SOC_SERVER 136.206.15.41/32
set security zones security-zone WAN address-book address MOSH_ACCESS 136.206.15.73/32
set security zones security-zone WAN interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone WAN interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone trust address-book address test 192.168.0.135/32
set security zones security-zone trust host-inbound-traffic system-services ping
set security zones security-zone trust host-inbound-traffic system-services ssh
set security zones security-zone trust interfaces ge-0/0/1.1
set security zones security-zone trust interfaces ge-0/0/1.2
set security zones security-zone trust interfaces ge-0/0/1.999
set security zones security-zone trust interfaces ge-0/0/7.30
set security zones security-zone VPN host-inbound-traffic system-services ping
set security zones security-zone VPN host-inbound-traffic system-services ssh
set security zones security-zone VPN interfaces ge-0/0/5.0
set applications application irc_peering_tcp_6668 protocol tcp
set applications application irc_peering_tcp_6668 destination-port 6668
set applications application irc_peering_tcp_6668 description "IRC Peering"
set applications application irc_tcp_6667 protocol tcp
set applications application irc_tcp_6667 destination-port 6667
set applications application irc_tcp_6667 description IRC
set applications application irc_tls_tcp_6697 protocol tcp
set applications application irc_tls_tcp_6697 destination-port 6697
set applications application irc_tls_tcp_6697 description "IRC TLS"
set applications application tcp_465 protocol tcp
set applications application tcp_465 destination-port 465
set applications application tcp_465 description "Mail? d_fens requested"
set applications application pop3s_tcp_995 protocol tcp
set applications application pop3s_tcp_995 destination-port 995
set applications application pop3s_tcp_995 description POP3S
set applications application LDAPS protocol tcp
set applications application LDAPS destination-port 636
set applications application LDAPS description LDAPS

+ 397
- 0
rb_latest_config_sebastian View File

@@ -0,0 +1,397 @@
Current configuration : 9395 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Sebastian
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$lcI8$ItV3X9wikgKd0L5zjhvnK0
!
username Kyle privilege 15 secret 5 $1$ozGC$qIcK8X.cuxNNlqY.AS7jh0
!
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip routing
ip domain-name redbrick.dcu.ie
!
!
!
!
crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR
enrollment selfsigned
serial-number
revocation-check none
rsakeypair HTTPS_SS_CERT_KEYPAIR
!
!
crypto pki certificate chain HTTPS_SS_CERT_KEYPAIR
certificate self-signed 01
308202AD 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
5F312230 20060355 04031319 53656261 73746961 6E2E7265 64627269 636B2E64
63752E69 65313930 0F060355 04051308 42453944 31413830 30260609 2A864886
F70D0109 02161953 65626173 7469616E 2E726564 62726963 6B2E6463 752E6965
301E170D 39333033 30323038 35343238 5A170D32 30303130 31303030 3030305A
305F3122 30200603 55040313 19536562 61737469 616E2E72 65646272 69636B2E
6463752E 69653139 300F0603 55040513 08424539 44314138 30302606 092A8648
86F70D01 09021619 53656261 73746961 6E2E7265 64627269 636B2E64 63752E69
6530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C584
44C832D0 6C7F8715 50247E3B 19998AD5 C379B29A 42193AA0 761C709F FEE605AC
B58D3BDE 5DAF3A65 FFB43D43 D488E42E 114B4E61 6C2BE86B 09550497 BEF4B828
4CD47B21 7D60AE93 99D33FA5 A72BA2CC 84FD2DC8 4A5AD863 6BDBAA17 67EFDE90
C58B1E91 0F0E5B0C 239CAEB2 631237A3 B6E02F6B 9F36793B F389A80E C46D0203
010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603 551D1104
1D301B82 19536562 61737469 616E2E72 65646272 69636B2E 6463752E 6965301F
0603551D 23041830 16801464 EF0F1559 AE9D3D46 12F797D5 A820A016 CE3B2530
1D060355 1D0E0416 041464EF 0F1559AE 9D3D4612 F797D5A8 20A016CE 3B25300D
06092A86 4886F70D 01010405 00038181 003DA0D9 0B05E7B0 CB750158 7FB60D57
980EFD9B FD7B39DB 3459DB81 4A053B7F D9D38E4F 4B3ADB62 856BC4BD 0B19423C
7FB55DCF CA3AC615 392F7C8D 87700B3C 8725F91A 4B62D123 FD4D97BB 8C3E3F66
3347C51B 05E73013 17A64BEF 7A1C3516 8624E689 C7C4EB6F FFB152F5 2B2361E5
9AC769F5 9559F68E C1343D45 63FDF1E2 8F
quit
!
!
!
port-channel load-balance src-dst-ip
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2-4
!
vlan 16
name DCU 136.206.16.0/24
!
vlan 122
name Redbrick
!
vlan 999,4094
!
ip ssh version 2
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Port-channel1
switchport access vlan 4094
switchport mode access
spanning-tree bpdufilter enable
!
interface Port-channel2
description "Link with Steve"
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
description "Router on a stick to SRX"
switchport access vlan 999
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,16,122,999
switchport mode trunk
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 122
!
interface GigabitEthernet0/3
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/5
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/6
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/7
description SERVER OUTBOUND ACCESS
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/8
description SERVER OUTBOUND ACCESS
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/9
description SERVER OUTBOUND ACCESS
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/10
description SERVER OUTBOUND ACCESS
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/11
description SERVER OUTBOUND ACCESS
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/12
description SERVER OUTBOUND ACCESS
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/13
description SERVER OUTBOUND ACCESS
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/14
description SERVER OUTBOUND ACCESS
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/15
description SERVER OUTBOUND ACCESS
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/16
description SERVER OUTBOUND ACCESS
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/17
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/18
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/19
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/20
switchport access vlan 122
switchport mode access
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/26
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/27
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/28
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/29
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/30
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/31
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/32
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/33
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/34
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/35
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/36
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/37
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/38
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/39
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/40
description INTERNAL SERVER ACCESS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
description "Etherchannel to Steve"
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet0/43
description "Etherchannel to Steve"
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet0/44
description "Etherchannel to Steve"
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet0/45
description "Etherchannel to Steve"
switchport access vlan 3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,16,122,999
switchport mode trunk
!
interface GigabitEthernet0/46
description "SRX - 192.168.0.0/24"
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/47
description "REDBRICK-SRX-GE-0/0/0"
switchport access vlan 4094
switchport mode access
!
interface GigabitEthernet0/48
description "SRX - 192.168.1.0/24"
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/49
!
interface GigabitEthernet0/50
!
interface GigabitEthernet0/51
switchport access vlan 4094
switchport mode access
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet0/52
switchport access vlan 4094
switchport mode access
channel-protocol lacp
channel-group 1 mode active
!
interface Vlan1
no ip address
shutdown
!
interface Vlan3
description internal
ip address 192.168.0.252 255.255.255.0
no ip route-cache cef
no ip route-cache
no ip mroute-cache
standby version 2
standby 0 ip 192.168.0.253
standby 0 preempt
!
interface Vlan4
description management
ip address 192.168.1.252 255.255.255.0
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface Vlan16
ip address 136.206.16.250 255.255.255.0
!
interface Vlan122
ip address 136.206.15.252 255.255.255.0
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface Vlan999
ip address 172.168.1.2 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
vstack
banner login ^C
Unauthorized access to this device is prohibited!
^C
banner motd ^C
Unauthorized access to this device is prohibited!
^C
!
line con 0
password 7 04035C505A751F1C58
logging synchronous
login
line vty 0 4
password 7 050F0C1C2A4A5D292A233230483E350E69
login local
transport input all
line vty 5 15
password 7 050F0C1C2A4A5D292A233230483E350E69
login local
transport input all
!
end

+ 280
- 0
rb_latest_config_steve View File

@@ -0,0 +1,280 @@
Current configuration : 5446 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname Steve
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$sVjm$ceZ9qKYN8h.ouXNKOki9V.
!
username steve privilege 10 password 7 113A0D5601413F0401193C753C303D
!
!
no aaa new-model
ip subnet-zero
ip domain-name redbrick.dcu.ie
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
ip vrf mgmtVrf
!
!
!
!
power redundancy-mode redundant
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
no ip ftp passive
ip ssh version 2
!
!
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
switchport mode trunk
!
interface Port-channel3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
switchport mode trunk
!
interface Port-channel4
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
switchport mode trunk
!
interface FastEthernet1
ip vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet1/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
channel-group 1 mode active
!
interface GigabitEthernet1/3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
switchport mode trunk
channel-protocol lacp
!
interface GigabitEthernet1/5
!
interface GigabitEthernet1/6
!
interface GigabitEthernet1/7
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 30
switchport mode trunk
!
interface GigabitEthernet1/8
!
interface GigabitEthernet1/9
!
interface GigabitEthernet1/10
!
interface GigabitEthernet1/11
!
interface GigabitEthernet1/12
!
interface GigabitEthernet1/13
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/16
!
interface GigabitEthernet1/17
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
switchport mode trunk
channel-group 3 mode active
spanning-tree portfast
!
interface GigabitEthernet1/18
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
switchport mode trunk
channel-group 3 mode active
spanning-tree portfast
!
interface GigabitEthernet1/19
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/20
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/21
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/22
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/23
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/24
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/25
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
switchport mode trunk
channel-protocol lacp
channel-group 4 mode active
spanning-tree portfast
!
interface GigabitEthernet1/26
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3,4,122,999
switchport mode trunk
channel-protocol lacp
channel-group 4 mode active
spanning-tree portfast
!
interface GigabitEthernet1/27
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/28
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/29
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/30
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/31
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/32
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/33
!
interface GigabitEthernet1/34
!
interface GigabitEthernet1/35
!
interface GigabitEthernet1/36
!
interface GigabitEthernet1/37
!
interface GigabitEthernet1/38
!
interface GigabitEthernet1/39
!
interface GigabitEthernet1/40
!
interface GigabitEthernet1/41
!
interface GigabitEthernet1/42
!
interface GigabitEthernet1/43
!
interface GigabitEthernet1/44
!
interface GigabitEthernet1/45
!
interface GigabitEthernet1/46
!
interface GigabitEthernet1/47
!
interface GigabitEthernet1/48
!
interface Vlan1
no ip address
!
interface Vlan3
ip address 192.168.0.251 255.255.255.0
standby version 2
standby 0 ip 192.168.0.250
!
interface Vlan4
ip address 192.168.1.251 255.255.255.0
!
interface Vlan30
ip address 1.1.1.2 255.255.255.0
!
!
interface Vlan122
no ip address
!
interface Vlan999
ip address 172.168.1.3 255.255.255.0
!
ip http server
no ip http secure-server
!
!
!
!
control-plane
!
banner login ^C
Unauthorized access to this device is prohibited!
^C
banner motd ^C
Unauthorized access to this device is prohibited!
^C
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
logging synchronous
login local
line vty 5 15
logging synchronous
login local
!
end

Loading…
Cancel
Save