sh/sh-noc-a8360-3-a.cfg Tue Sep 23 10:31:45 PM EDT 2025

2025-09-23 22:31:46 -04:00 · 2025-09-23 22:31:46 -04:00 · 04ae8b2f56
commit 04ae8b2f56
parent 4d6485d810
1 changed files with 73 additions and 1 deletions
--- a/configs/sh/sh-noc-a8360-3-a.cfg
+++ b/configs/sh/sh-noc-a8360-3-a.cfg
@ -22,6 +22,7 @@ banner motd #
 user admin group administrators password ciphertext AQBapchyXMs91yc46bisUG02SnIUId1PM4GHOvm4J50+iRfEYgAAAHaasxMUB06aaHrR2H5Pt/Kt1lmQJ6fc4h0xxvnEaEWkZblwKMLFPTbOMpDdC+5U9ybIHUNFxzgF/K8gzCejt6YzPNjY0LOrwFoj0wQn+mVvCNEaTdR84hLQHKbakJq3GukL
 clock timezone america/new_york
 profile aggregation-leaf
+vrf outside
 ntp server 10.1.1.2 iburst
 ntp server 10.1.1.3 iburst
 ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst
@ -499,6 +500,8 @@ vlan 638
    name Nysernet_CDN
 vlan 699
    name SCSDDCDefaultVLAN
+vlan 811
+    name linewize-a-inside
 vlan 995
    name l3vlan
 vlan 999
@ -506,10 +509,16 @@ vlan 999
    description VPN_Concentrator
 vlan 1202
    name Inside
+vlan 1251
+    name InsideFirewall
+vlan 1254
+    name OutsideVRFTransit
 vlan 1256
    name InterJuniperLink
 vlan 1298
    name CrownCastle-sh
+vlan 1811
+    name linewize-a-outside
 vlan 2180
    name Nutanix mgmt sh-noc
    description Nutanix mgmt ct-noc
@ -524,7 +533,7 @@ spanning-tree
 spanning-tree priority 2
 spanning-tree trap topology-change instance 0
 spanning-tree ignore-pvid-inconsistency
-spanning-tree vlan 3,5-7,9-12,16,18-21,24,30,34,35,40,45,48,50,60,70,72,99-101,107,114,140,145,150,151,160,161,164,165,168,172-179,200,203,230,251,252,302-304,306-310,313-316,320-325,328-330,333,334,336,337,340-342,344,345,348,349,351,353-356,360,386,402-404,406-410,413-416,420-425,428-430,433,434,436,437,440-442,444,445,448,449,451,453-456,460,486,500-509,521-529,531-539,637,638,699,995,999,1202,1256,2180,2999,3000
+spanning-tree vlan 3,5-7,9-12,16,18-21,24,30,34,35,40,45,48,50,60,70,72,99-101,107,114,140,145,150,151,160,161,164,165,168,172-179,200,203,230,251,252,302-304,306-310,313-316,320-325,328-330,333,334,336,337,340-342,344,345,348,349,351,353-356,360,386,402-404,406-410,413-416,420-425,428-430,433,434,436,437,440-442,444,445,448,449,451,453-456,460,486,500-509,521-529,531-539,637,638,699,811,995,999,1202,1251,1254,1256,1811,2180,2999,3000
 spanning-tree vlan 3 priority 12
 spanning-tree vlan 5 priority 12
 spanning-tree vlan 6 priority 12
@ -685,10 +694,14 @@ spanning-tree vlan 539 priority 12
 spanning-tree vlan 637 priority 12
 spanning-tree vlan 638 priority 12
 spanning-tree vlan 699 priority 12
+spanning-tree vlan 811 priority 12
 spanning-tree vlan 995 priority 12
 spanning-tree vlan 999 priority 12
 spanning-tree vlan 1202 priority 12
+spanning-tree vlan 1251 priority 4
+spanning-tree vlan 1254 priority 4
 spanning-tree vlan 1256 priority 12
+spanning-tree vlan 1811 priority 4
 spanning-tree vlan 2180 priority 4
 spanning-tree vlan 2999 priority 12
 spanning-tree vlan 3000 priority 12
@ -725,6 +738,18 @@ qos dscp-map 45 local-priority 6 color green name CS5
 qos dscp-map 47 local-priority 6 color green name CS5 
 system interface-group 1 speed 10g
    !interface group 1 contains ports 1/1/1-1/1/4
+interface lag 106 multi-chassis
+    description to to FG-A Inside
+    no shutdown
+    no routing
+    vlan access 1251
+    lacp mode active
+interface lag 107 multi-chassis
+    description to to FG-A Outside
+    no shutdown
+    no routing
+    vlan access 1202
+    lacp mode active
 interface lag 114 multi-chassis
    description to shea-noc-6300 sw1
    no shutdown
@ -768,6 +793,24 @@ interface 1/1/3
    no shutdown
    no routing
    vlan access 1298
+interface 1/1/4
+    description linewize a inside
+    no shutdown
+    no routing
+    vlan access 811
+interface 1/1/5
+    description linewize a outside
+    no shutdown
+    no routing
+    vlan access 1811
+interface 1/1/6
+    description to FG-A port 17
+    no shutdown
+    lag 106
+interface 1/1/7
+    description to FG-A port 19
+    no shutdown
+    lag 107
 interface 1/1/11
    description Ring#1
    no shutdown
@ -842,6 +885,30 @@ interface 1/1/36
    description ISL LAG
    no shutdown
    lag 256
+interface vlan 1251
+    description ct-noc inside firewall
+    vrf attach outside
+    ip address 10.251.1.251/24
+    ip ospf 2 area 0.0.0.0
+    vrrp dual-active-forwarding
+    vrrp 1 address-family ipv4
+        address 10.251.1.1 primary
+        no shutdown
+        exit
+interface vlan 1254
+    description outside vrf transit-vlan
+    vrf attach outside
+    ip address 172.31.254.251/24
+    ip ospf 2 area 0.0.0.0
+    no ip ospf passive
+    ip pim-sparse enable
+interface vlan 1811
+    description linewize a outside
+    vrf attach outside
+    ip address 172.31.251.2/24
+    ip ospf 2 area 0.0.0.0
+    ip ospf cost 1000
+    ip ospf bfd
 snmp-server vrf default
 snmp-server vrf mgmt
 snmp-server system-description sh-noc-8360-3-a
@ -861,6 +928,11 @@ ip dns server-address 10.21.48.10 vrf mgmt
 !
 !
 !
+router ospf 2 vrf outside
+    router-id 10.251.1.251
+    passive-interface default
+    rfc1583-compatibility
+    area 0.0.0.0
 https-server vrf default
 https-server vrf mgmt
 configuration-lockout central managed