mckin/mckin-mdf-a6300-sw1.cfg Thu Aug 14 05:08:41 PM EDT 2025

configs/mckin/mckin-mdf-a6300-sw1.cfg

@@ -155,58 +155,30 @@ interface lag 1
     lacp mode active
     dhcpv4-snooping trust
 interface 1/1/1
-    description Auto
+    description UPS
     no shutdown
     no routing
-    vlan access 168
+    vlan access 10
     spanning-tree bpdu-guard
     spanning-tree port-type admin-edge
     spanning-tree root-guard
     spanning-tree tcn-guard
     loop-protect
     port-access onboarding-method concurrent enable
-    aaa authentication port-access allow-cdp-bpdu
-    aaa authentication port-access allow-lldp-bpdu
-    aaa authentication port-access client-limit 3
-    aaa authentication port-access dot1x authenticator
-        cached-reauth
-        cached-reauth-period 86400
-        reauth
-        enable
-    aaa authentication port-access mac-auth
-        cached-reauth
-        cached-reauth-period 86400
-        quiet-period 30
-        reauth
-        enable
     client track ip enable
     client track ip update-interval 120
     power-over-ethernet pre-std-detect
 interface 1/1/2
-    description Auto
+    description UPS test
     no shutdown
     no routing
-    vlan access 168
+    vlan access 30
     spanning-tree bpdu-guard
     spanning-tree port-type admin-edge
     spanning-tree root-guard
     spanning-tree tcn-guard
     loop-protect
     port-access onboarding-method concurrent enable
-    aaa authentication port-access allow-cdp-bpdu
-    aaa authentication port-access allow-lldp-bpdu
-    aaa authentication port-access client-limit 3
-    aaa authentication port-access dot1x authenticator
-        cached-reauth
-        cached-reauth-period 86400
-        reauth
-        enable
-    aaa authentication port-access mac-auth
-        cached-reauth
-        cached-reauth-period 86400
-        quiet-period 30
-        reauth
-        enable
     client track ip enable
     client track ip update-interval 120
     power-over-ethernet pre-std-detect

configs/mx/noc-jmx-104-b.set

@@ -49,24 +49,38 @@ set chassis redundancy routing-engine 1 backup
 set chassis redundancy graceful-switchover
 set chassis aggregated-devices ethernet device-count 1
 set interfaces xe-0/0/0 gigether-options 802.3ad ae191
-set interfaces xe-2/0/0 description "CrownCastle Circuit ID 302365-INET-CCF"
-set interfaces xe-2/0/0 unit 0 family inet mtu 1500
-set interfaces xe-2/0/0 unit 0 family inet address 131.239.69.126/30
 set interfaces xe-2/0/1 gigether-options 802.3ad ae191
-set interfaces ae191 description "internal to mx104-b"
-set interfaces ae191 vlan-tagging
+set interfaces ae191 description "LAG to Core"
+set interfaces ae191 flexible-vlan-tagging
+set interfaces ae191 mtu 1522
+set interfaces ae191 encapsulation flexible-ethernet-services
 set interfaces ae191 aggregated-ether-options minimum-links 1
 set interfaces ae191 aggregated-ether-options lacp active
 set interfaces ae191 aggregated-ether-options lacp periodic slow
-set interfaces ae191 unit 1202 disable
+set interfaces ae191 unit 236 disable
+set interfaces ae191 unit 236 description Cogent
+set interfaces ae191 unit 236 vlan-id 236
+set interfaces ae191 unit 236 family inet mtu 1500
+set interfaces ae191 unit 236 family inet address 38.122.121.34/29
+set interfaces ae191 unit 637 description "NYSERNet R&E Network"
+set interfaces ae191 unit 637 vlan-id 637
+set interfaces ae191 unit 637 family inet mtu 1500
+set interfaces ae191 unit 637 family inet address 199.109.13.42/30
+set interfaces ae191 unit 638 description "NYSERNet CDN Network"
+set interfaces ae191 unit 638 vlan-id 638
+set interfaces ae191 unit 638 family inet mtu 1500
+set interfaces ae191 unit 638 family inet address 199.109.113.42/30
 set interfaces ae191 unit 1202 vlan-id 1202
 set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 virtual-address 198.36.24.1
 set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 priority 110
 set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 preempt
 set interfaces ae191 unit 1202 family inet address 198.36.24.253/24 vrrp-group 1 accept-data
-set interfaces ae191 unit 1256 disable
 set interfaces ae191 unit 1256 vlan-id 1256
 set interfaces ae191 unit 1256 family inet address 192.168.168.2/30
+set interfaces ae191 unit 1298 description CrownCastle-4
+set interfaces ae191 unit 1298 vlan-id 1298
+set interfaces ae191 unit 1298 family inet mtu 1500
+set interfaces ae191 unit 1298 family inet address 209.160.176.234/29
 set interfaces lo0 unit 0 family inet filter input Hard-Edge
 set interfaces lo0 unit 0 family inet address 127.0.0.1/32
 set snmp community mickey03 authorization read-only
@@ -82,6 +96,7 @@ set policy-options prefix-list ISP-Monitoring 192.168.168.0/30
 set policy-options prefix-list ISP-Monitoring 199.109.0.0/16
 set policy-options prefix-list MX104-BGP-IP 131.239.69.126/32
 set policy-options prefix-list MX104-BGP-IP 192.168.168.2/32
+set policy-options prefix-list MX104-BGP-IP 209.160.176.234/32
 set policy-options prefix-list MX104-Public-IP 38.122.121.34/32
 set policy-options prefix-list MX104-Public-IP 198.36.24.1/32
 set policy-options prefix-list MX104-Public-IP 198.36.24.13/32
@@ -102,12 +117,13 @@ set policy-options prefix-list SNMP-SERVERS 10.1.40.105/32
 set policy-options prefix-list SNMP-SERVERS 10.1.48.37/32
 set policy-options prefix-list Trusted-BGP-Peer 131.239.69.125/32
 set policy-options prefix-list Trusted-BGP-Peer 192.168.168.1/32
+set policy-options prefix-list Trusted-BGP-Peer 209.160.176.233/32
 set policy-options prefix-list Trusted-SSH-MX104 10.1.6.0/24
 set policy-options prefix-list Trusted-SSH-MX104 10.1.7.0/24
 set policy-options prefix-list Trusted-SSH-MX104 10.1.40.101/32
 set policy-options prefix-list Trusted-SSH-MX104 10.1.40.105/32
 set policy-options prefix-list Trusted-SSH-MX104 10.212.134.0/24
-set policy-options prefix-list Trusted-SSH-MX104 74.67.189.61/32
+set policy-options prefix-list Trusted-SSH-MX104 98.3.114.101/32
 set policy-options prefix-list Trusted-SSH-MX104 192.168.168.1/32
 set policy-options policy-statement EXPORT-TO-MX104-A term next_hop_self then next-hop self
 set policy-options policy-statement EXPORT-TO-MX104-A term next_hop_self then accept
@@ -121,6 +137,8 @@ set policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4
 set policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4 then accept
 deactivate policy-options policy-statement to-CrownCastle term advertise-CrownCastle-v4
 set policy-options policy-statement to-CrownCastle term reject then reject
+set firewall family inet filter Hard-Edge term TEMP-allow-icmp from protocol icmp
+set firewall family inet filter Hard-Edge term TEMP-allow-icmp then accept
 set firewall family inet filter Hard-Edge term allow-ssh-mx104 from source-prefix-list Trusted-SSH-MX104
 set firewall family inet filter Hard-Edge term allow-ssh-mx104 from destination-prefix-list MX104-SSH-IP
 set firewall family inet filter Hard-Edge term allow-ssh-mx104 from protocol tcp
@@ -177,12 +195,6 @@ set protocols bgp group internal local-as 395534
 set protocols bgp group internal neighbor 192.168.168.1 export EXPORT-TO-MX104-A
 set protocols bgp group internal neighbor 192.168.168.1 bfd-liveness-detection minimum-interval 1000
 set protocols bgp group internal neighbor 192.168.168.1 bfd-liveness-detection multiplier 3
-set protocols bgp group CrownCastle-v4 local-address 131.239.69.126
-set protocols bgp group CrownCastle-v4 import from-CrownCastle
-set protocols bgp group CrownCastle-v4 family inet unicast
-set protocols bgp group CrownCastle-v4 export to-CrownCastle
-set protocols bgp group CrownCastle-v4 peer-as 46887
-set protocols bgp group CrownCastle-v4 neighbor 131.239.69.125
 set protocols bgp bgp-error-tolerance
 set protocols bgp local-as 395534
 set protocols sflow polling-interval 20

configs/vanduyn/vanduyn-idf1-a6300-sw1.cfg

@@ -155,58 +155,30 @@ interface lag 1
     lacp mode active
     dhcpv4-snooping trust
 interface 1/1/1
-    description Auto
+    description UPS test reg
     no shutdown
     no routing
-    vlan access 168
+    vlan access 20
     spanning-tree bpdu-guard
     spanning-tree port-type admin-edge
     spanning-tree root-guard
     spanning-tree tcn-guard
     loop-protect
     port-access onboarding-method concurrent enable
-    aaa authentication port-access allow-cdp-bpdu
-    aaa authentication port-access allow-lldp-bpdu
-    aaa authentication port-access client-limit 3
-    aaa authentication port-access dot1x authenticator
-        cached-reauth
-        cached-reauth-period 86400
-        reauth
-        enable
-    aaa authentication port-access mac-auth
-        cached-reauth
-        cached-reauth-period 86400
-        quiet-period 30
-        reauth
-        enable
     client track ip enable
     client track ip update-interval 120
     power-over-ethernet pre-std-detect
 interface 1/1/2
-    description Auto
+    description UPS test
     no shutdown
     no routing
-    vlan access 168
+    vlan access 20
     spanning-tree bpdu-guard
     spanning-tree port-type admin-edge
     spanning-tree root-guard
     spanning-tree tcn-guard
     loop-protect
     port-access onboarding-method concurrent enable
-    aaa authentication port-access allow-cdp-bpdu
-    aaa authentication port-access allow-lldp-bpdu
-    aaa authentication port-access client-limit 3
-    aaa authentication port-access dot1x authenticator
-        cached-reauth
-        cached-reauth-period 86400
-        reauth
-        enable
-    aaa authentication port-access mac-auth
-        cached-reauth
-        cached-reauth-period 86400
-        quiet-period 30
-        reauth
-        enable
     client track ip enable
     client track ip update-interval 120
     power-over-ethernet pre-std-detect

configs/vanduyn/vanduyn-idf2-a6300-sw1.cfg

@@ -155,30 +155,16 @@ interface lag 1
     lacp mode active
     dhcpv4-snooping trust
 interface 1/1/1
-    description Auto
+    description UPS test reg
     no shutdown
     no routing
-    vlan access 168
+    vlan access 20
     spanning-tree bpdu-guard
     spanning-tree port-type admin-edge
     spanning-tree root-guard
     spanning-tree tcn-guard
     loop-protect
     port-access onboarding-method concurrent enable
-    aaa authentication port-access allow-cdp-bpdu
-    aaa authentication port-access allow-lldp-bpdu
-    aaa authentication port-access client-limit 3
-    aaa authentication port-access dot1x authenticator
-        cached-reauth
-        cached-reauth-period 86400
-        reauth
-        enable
-    aaa authentication port-access mac-auth
-        cached-reauth
-        cached-reauth-period 86400
-        quiet-period 30
-        reauth
-        enable
     client track ip enable
     client track ip update-interval 120
     power-over-ethernet pre-std-detect

configs/vanduyn/vanduyn-idf3-a6300-sw1.cfg

@@ -155,30 +155,16 @@ interface lag 1
     lacp mode active
     dhcpv4-snooping trust
 interface 1/1/1
-    description Auto
+    description UPS test reg
     no shutdown
     no routing
-    vlan access 168
+    vlan access 20
     spanning-tree bpdu-guard
     spanning-tree port-type admin-edge
     spanning-tree root-guard
     spanning-tree tcn-guard
     loop-protect
     port-access onboarding-method concurrent enable
-    aaa authentication port-access allow-cdp-bpdu
-    aaa authentication port-access allow-lldp-bpdu
-    aaa authentication port-access client-limit 3
-    aaa authentication port-access dot1x authenticator
-        cached-reauth
-        cached-reauth-period 86400
-        reauth
-        enable
-    aaa authentication port-access mac-auth
-        cached-reauth
-        cached-reauth-period 86400
-        quiet-period 30
-        reauth
-        enable
     client track ip enable
     client track ip update-interval 120
     power-over-ethernet pre-std-detect

configs/vanduyn/vanduyn-idf4-a6300-sw1.cfg

@@ -164,30 +164,16 @@ interface lag 1
     lacp mode active
     dhcpv4-snooping trust
 interface 1/1/1
-    description Auto
+    description UPS test reg
     no shutdown
     no routing
-    vlan access 168
+    vlan access 20
     spanning-tree bpdu-guard
     spanning-tree port-type admin-edge
     spanning-tree root-guard
     spanning-tree tcn-guard
     loop-protect
     port-access onboarding-method concurrent enable
-    aaa authentication port-access allow-cdp-bpdu
-    aaa authentication port-access allow-lldp-bpdu
-    aaa authentication port-access client-limit 3
-    aaa authentication port-access dot1x authenticator
-        cached-reauth
-        cached-reauth-period 86400
-        reauth
-        enable
-    aaa authentication port-access mac-auth
-        cached-reauth
-        cached-reauth-period 86400
-        quiet-period 30
-        reauth
-        enable
     client track ip enable
     client track ip update-interval 120
     power-over-ethernet pre-std-detect

configs/vanduyn/vanduyn-mdf-a6300-sw1.cfg

@@ -183,30 +183,16 @@ interface 1/1/1
     client track ip update-interval 120
     power-over-ethernet pre-std-detect
 interface 1/1/2
-    description Auto
+    description UPS test
     no shutdown
     no routing
-    vlan access 168
+    vlan access 30
     spanning-tree bpdu-guard
     spanning-tree port-type admin-edge
     spanning-tree root-guard
     spanning-tree tcn-guard
     loop-protect
     port-access onboarding-method concurrent enable
-    aaa authentication port-access allow-cdp-bpdu
-    aaa authentication port-access allow-lldp-bpdu
-    aaa authentication port-access client-limit 3
-    aaa authentication port-access dot1x authenticator
-        cached-reauth
-        cached-reauth-period 86400
-        reauth
-        enable
-    aaa authentication port-access mac-auth
-        cached-reauth
-        cached-reauth-period 86400
-        quiet-period 30
-        reauth
-        enable
     client track ip enable
     client track ip update-interval 120
     power-over-ethernet pre-std-detect