; {{ switch.model.reference }}A Configuration Editor; Created on release #{{ firmware }}

hostname "{{ switch.short_name }}"
; Generated on {{ date_gen }} by re2o
;--- Snmp ---
snmp-server contact "root@crans.org"
snmp-server location "{{ switch.switchbay.name }}"
;A faire à la main
snmpv3 enable
snmpv3 restricted-access
;snmpv3 user "initial"
snmpv3 user "crans"
snmpv3 group ManagerPriv user "crans" sec-model ver3
snmp-server community "public" Operator
timesync sntp
sntp unicast
;--- Misc ---
console inactivity-timer 30
;--- IP du switch ---
no ip default-gateway
;--- Accès d'administration ---
no telnet-server
no web-management
aaa authentication ssh login public-key none
aaa authentication ssh enable public-key none
ip ssh
ip ssh filetransfer
ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
{%- if switch.subnet6 %}
ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
{%- endif %}
;--- Protection contre les boucles ---
loop-protect disable-timer 30
loop-protect transmit-interval 3
radius-server dyn-autz-port 3799
;--- Filtrage mac ---
aaa port-access mac-based addr-format multi-colon
;--- Bricoles ---
no cdp run
dhcp-snooping
;--- Config des prises ---
{%- for port in switch.ports %}
{%- if port.get_port_profil.radius_type == "802.1X" %}
aaa port-access authenticator {{ port.port }}
{%- if port.get_port_profil.mac_limit %}
aaa port-access authenticator {{ port.port }} client-limit {{ port.get_port_profil.mac_limit }}
{%- endif %}
aaa port-access authenticator {{ port.port }} logoff-period 3600
{%- endif %}
{%- if port.get_port_profil.radius_type == "MAC-radius" %}
aaa port-access mac-based {{ port.port }}
{%- if port.get_port_profil.mac_limit %}
aaa port-access mac-based {{ port.port }} addr-limit {{ port.get_port_profil.mac_limit }}
{%- endif %}
aaa port-access mac-based {{ port.port }} logoff-period 3600
aaa port-access mac-based {{ port.port }} unauth-vid 1
{%- endif %}
interface {{ port.port }}
   {%- if port.state %}
   enable
   {%- else %}
   disable
   {%- endif %}
   name "{{ port.port }}"
   {%- if port.get_port_profil.flow_control %}
   flow control
   {%- endif %}
   {%- if not port.get_port_profil.dhcp_snooping %}
   dhcp-snooping trust
   {%- endif %}
   {%- if not port.get_port_profil.arp_protect %}
   arp-protect trust
   {%- endif %}
   {%- if not port.get_port_profil.dhcpv6_snooping %}
   dhcpv6-snooping trust
   {%- endif %}
   no lacp
exit
{%- endfor %}
;--- Configuration comptabilisation RADIUS ---
aaa accounting network start-stop radius
aaa accounting session-id unique
aaa accounting update periodic 240
;--- Filtre de protocole ---
filter multicast 01005e0000fb drop all
filter multicast 3333000000fb drop all