Authorisation des ip des dhcp légitimes

This commit is contained in:
chirac 2018-07-08 19:26:06 +02:00
parent d1b4f56913
commit adf81b8b3a
2 changed files with 7 additions and 1 deletions

View file

@ -66,8 +66,9 @@ def preprocess(switch):
dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["dhcpv6_snooping"]]
ntp_servers = [server["servers"] for server in all_roles if server["role_type"] == "ntp-server"][0]
log_servers = [server["servers"] for server in all_roles if server["role_type"] == "log-server"][0]
dhcp_servers = [server["servers"] for server in all_roles if server["role_type"] == "dhcp"][0]
return {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers}
return {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers, 'dhcp_servers' : dhcp_servers}
print("gen tpl")
conf = template.render(switch=all_switchs[2], additionals=preprocess(all_switchs[2]))

View file

@ -88,6 +88,11 @@ aaa port-access mac-based addr-format multi-colon
no cdp run
{%- if additionals.dhcp_snooping_vlans %}
;--- DHCP Snooping ---
{%- for server in additionals.dhcp_servers %}
{%- for interface in server.interface %}
dhcp-snooping authorized-server {{ interface.ipv4 }}
{%- endfor %}
{%- endfor %}
dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
dhcp-snooping
{%- endif %}