Ex3400: system { commit synchronize; login { user admin { uid 2000; class super-user; authentication { encrypted-password "$6$m2DU.h9m$5aXiWgFy6X4fZJqjWwBxPjlkBiutuZs0142uy/GP."; ## SECRET-DATA } message "\n\n\n\tUNAUTHORIZED USE OF THIS SWITCH\n\tIS STRICTLY PROHIBITED!\n\n\tPlease contact '\dvm.support@dr.com\' to gain\naccess to this equipment if you need authorization.\n\n\n"; } root-authentication { encrypted-password "$5$dnaJc5lJXP1/PoSQZPp3pwYVz9."; ## SECRET-DATA } services { ssh; xnm-clear-text; web-management { https { system-generated-certificate; } } } host-name switch; auto-snapshot; time-zone UTC; syslog { user * { any emergency; } file messages { any notice; authorization info; } } } chassis { redundancy { graceful-switchover; } aggregated-devices { ethernet { device-count 20; } } } interfaces { ge-0/0/0 { description "fw01 ge-0/0/2"; gigether-options { 802.3ad ae1; } } ge-0/0/1 { description FREE; } ge-0/0/2 { description OT-PM-01; unit 0 { family ethernet-switching { interface-mode access; vlan { members v30; } } } } ge-0/0/3 { description OT-PM-02; unit 0 { family ethernet-switching { interface-mode access; vlan { members v30; } } } } ge-0/0/4 { description OT-PM-03; unit 0 { family ethernet-switching { interface-mode access; vlan { members v30; } } } } ge-0/0/5 { description AP-PM-01; unit 0 { family ethernet-switching { interface-mode access; vlan { members v20; } } } } ...... ...... .... .... ... } ge-0/0/46 { description "fw01 ge-0/0/4 - internet"; gigether-options { 802.3ad ae0; } ..... ..... .... } ge-1/0/0 { description "fw01 ge-0/0/3"; gigether-options { 802.3ad ae1; } } .... ... ... } ge-2/0/0 { description "fw02 ge-5/0/2"; gigether-options { 802.3ad ae2; } .... .... .... } ge-2/0/46 { description "nlrtm1-fw053c-2 ge-5/0/4 - internet"; gigether-options { 802.3ad ae0; } } ge-3/0/0 { description "fw02 ge-5/0/3"; gigether-options { 802.3ad ae2; } } .... .... ..... } ae0 { description "firewall- internet"; aggregated-ether-options { lacp { active; periodic slow; } } unit 0 { family ethernet-switching { interface-mode trunk; vlan { members 100; } } } } ae1 { description fw01; aggregated-ether-options { lacp { active; periodic slow; } } unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ 10 20 30 60 ]; } } } } ae2 { description NLRTM1-FW533C-2; aggregated-ether-options { lacp { active; } } unit 0 { family ethernet-switching { interface-mode trunk; vlan { members [ 10 20 30 60 ]; } } } } irb { unit 60 { description "INFRA MGT vlan"; family inet { address 172.22.3.2/27; } } lo0 { unit 0 { family inet { inactive: filter { input protect-re; } } family inet6 { filter { input protect-re6; } } } } } forwarding-options { storm-control-profiles default { all; } } policy-options { prefix-list offices { x.x.x.x/29; x.x.x.x/27; x.x.x.x/32; x.x.x.x/29; x.x.x.x/32; } prefix-list ISP.net { x.x.x.x/27; x.x.x.x/32; } prefix-list internal { 172.22.3.0/27; } policy-statement load-sharing-per-packet { then { load-balance per-packet; } } } firewall { family inet { filter protect-re { term ssh { from { source-prefix-list { offices; ISP.net; internal; } protocol tcp; destination-port ssh; } then accept; } term icmp { from { protocol icmp; icmp-type [ echo-request echo-reply unreachable time-exceeded source-quench ]; } then accept; } term traceroute { from { protocol udp; destination-port 33434-33523; } then accept; } term deny-all { then { discard; } } } } family inet6 { filter protect-re6 { term deny-all { then discard; } } } } routing-options { nonstop-routing; rib inet.0 { static { route 0.0.0.0/0 next-hop 172.22.3.1; } } forwarding-table { export load-sharing-per-packet; } } protocols { lldp { interface ae1; interface ae2; } lldp-med { interface all; } igmp-snooping { vlan default; } } virtual-chassis { preprovisioned; no-split-detection; member 0 { role routing-engine; serial-number NX0219056786; } member 1 { role line-card; serial-number NX0219050735; } member 2 { role routing-engine; serial-number NX0219056787; } member 3 { role line-card; serial-number NX0219056758; } } vlans { v10 { description iDrac; vlan-id 10; } v100 { description Internet; vlan-id 100; } v20 { description AP-application; vlan-id 20; } v30 { description OT-application; vlan-id 30; } v40 { description VM; vlan-id 40; } v60 { description Infra-management-network; vlan-id 60; l3-interface irb.60; } }