; { % - if switch . model . reference [ - 1 ] = = 'A' % } { { switch . model . reference } } { % - else % } { { switch . model . reference } } A { % - endif % } Configuration Editor; Created on release { % - if switch . model . firmware [ 0 ] = = '#' % } { { switch . model . firmware } } { % - else % } # { { switch . model . firmware } } { % - endif % }
hostname " { { switch . short_name } } "
; Generated on { { date_gen } } by re2o
;--- General ---
{ % - for slot , ref in switch . list_modules % }
module { { slot } } type { { ref } }
{ % - endfor % }
;--- Snmp ---
{ % - if switch . switchbay . name % }
snmp-server location " { { switch . switchbay . name } } "
{ % - endif % }
;A faire à la main
snmpv3 enable
snmpv3 restricted-access
snmpv3 user "re2o"
snmpv3 group ManagerPriv user "re2o" sec-model ver3
snmp-server community "public" Operator
;--- Heure/date
time timezone 60
time daylight-time-rule Western-Europe
{ % - for ipv4 in settings . switchs_management_utils . ntp_servers . ipv4 % }
sntp server priority { { loop . index } } { { ipv4 } } 4
{ % - endfor % }
{ % - for ipv6 in settings . switchs_management_utils . ntp_servers . ipv6 % }
sntp server priority { { loop . index + settings . switchs_management_utils . ntp_servers . ipv4 | length } } { { ipv6 } } 4
{ % - endfor % }
timesync sntp
sntp unicast
;--- Misc ---
console inactivity-timer 30
;--- Logs ---
{ % - for ipv4 in settings . switchs_management_utils . log_servers . ipv4 % }
logging { { ipv4 } }
{ % - endfor % }
{ % - for ipv6 in settings . switchs_management_utils . log_servers . ipv6 % }
logging { { ipv6 } }
{ % - endfor % }
;--- IP du switch ---
no ip default-gateway
max-vlans 256
{ % - for id , vlan in additionals . vlans . items ( ) % }
vlan { { id } }
name " { { vlan [ "name" ] | capitalize } } "
{ % - if vlan [ "ports_tagged" ] % }
tagged { { vlan [ "ports_tagged" ] | join ( ',' ) } }
{ % - endif % }
{ % - if vlan [ "ports_untagged" ] % }
untagged { { vlan [ "ports_untagged" ] | join ( ',' ) } }
{ % - endif % }
{ % - if id in additionals . igmp_vlans % }
ip igmp
{ % - endif % }
{ % - if id in additionals . mld_vlans % }
ipv6 mld version 1
ipv6 mld enable
{ % - endif % }
{ % - if vlan . ipv4 % }
{ % - for ipv4 , subnet in vlan . ipv4 . items ( ) % }
ip address { { ipv4 } } / { { subnet . netmask_cidr } }
{ % - endfor % }
{ % - else % }
no ip address
{ % - endif % }
{ % - if vlan . ipv6 % }
{ % - for ipv6 , subnet6 in vlan . ipv6 . items ( ) % }
ipv6 address { { ipv6 } } / { { subnet6 . netmask_cidr } }
{ % - endfor % }
{ % - if id in additionals . igmp_vlans % }
no ip igmp querier
{ % - endif % }
{ % - if id in additionals . mld_vlans % }
no ipv6 mld querier
{ % - endif % }
{ % - endif % }
exit
{ % - endfor % }
;--- Accès d'administration ---
no telnet-server
{ % - if switch . web_management_enabled % }
{ % - if switch . web_management_enabled ! = "ssl" % }
web-management plaintext
{ % - endif % }
{ % - if switch . web_management_enabled = = "ssl" % }
web-management ssl
{ % - endif % }
{ % - else % }
no web-management
{ % - endif % }
{ % - if switch . rest_enabled % }
rest-interface
{ % - endif % }
aaa authentication ssh login public-key none
aaa authentication ssh enable public-key none
ip ssh
ip ssh filetransfer
{ % - if settings . switchs_management_utils . subnet % }
ip authorized-managers { { settings . switchs_management_utils . subnet . network } } { { settings . switchs_management_utils . subnet . netmask } } access manager
{ % - endif % }
{ % - for ipv4 in settings . switchs_management_utils . dns_recursive_servers . ipv4 % }
ip dns server-address priority { { loop . index } } { { ipv4 } }
{ % - endfor % }
{ % - if settings . switchs_management_utils . subnet6 % }
ipv6 authorized-managers { { settings . switchs_management_utils . subnet6 . network } } { { settings . switchs_management_utils . subnet6 . netmask } } access manager
{ % - endif % }
{ % - if additionals . loop_protected % }
;--- Protection contre les boucles ---
loop-protect disable-timer 30
loop-protect transmit-interval 3
loop-protect { { additionals . loop_protected | join ( ',' ) } }
{ % - endif % }
;--- Serveurs Radius
radius-server dead-time 2
{ % - for ipv4 in switch . get_radius_servers . ipv4 % }
radius-server host { { ipv4 } } key " { { switch . get_radius_key_value } } "
radius-server host { { ipv4 } } dyn-authorization
{ % - endfor % }
radius-server dyn-autz-port 3799
;--- Filtrage mac ---
aaa port-access mac-based addr-format multi-colon
;--- Bricoles ---
no cdp run
{ % - if additionals . dhcp_snooping_vlans % }
;--- DHCP Snooping ---
{ % - for ipv4 in settings . switchs_management_utils . dhcp_servers . ipv4 % }
dhcp-snooping authorized-server { { ipv4 } }
{ % - endfor % }
dhcp-snooping vlan { { additionals . dhcp_snooping_vlans | join ( ' ' ) } }
dhcp-snooping
{ % - endif % }
{ % - if additionals . arp_protect_vlans % }
;--- ARP Protect ---
arp-protect
arp-protect vlan { { additionals . arp_protect_vlans | join ( ' ' ) } }
arp-protect validate src-mac dest-mac
{ % - endif % }
{ % - if additionals . dhcpv6_snooping_vlans % }
;--- DHCPv6 Snooping ---
dhcpv6-snooping vlan { { additionals . dhcpv6_snooping_vlans | join ( ' ' ) } }
dhcpv6-snooping
{ % - endif % }
{ % - if additionals . ra_guarded % }
;--- RA guards ---
ipv6 ra-guard ports { { additionals . ra_guarded | join ( ',' ) } }
{ % - endif % }
;--- Config des prises ---
{ % - for port in switch . ports % }
{ % - if port . get_port_profile . radius_type = = "802.1X" % }
aaa port-access authenticator { { port . port } }
{ % - if port . get_port_profile . mac_limit % }
aaa port-access authenticator { { port . port } } client-limit { { port . get_port_profile . mac_limit } }
{ % - endif % }
aaa port-access authenticator { { port . port } } logoff-period 3600
{ % - endif % }
{ % - if port . get_port_profile . radius_type = = "MAC-radius" % }
aaa port-access mac-based { { port . port } }
{ % - if port . get_port_profile . mac_limit % }
aaa port-access mac-based { { port . port } } addr-limit { { port . get_port_profile . mac_limit } }
{ % - endif % }
aaa port-access mac-based { { port . port } } logoff-period 3600
{ % - endif % }
interface { { port . port } }
{ % - if port . state % }
enable
{ % - else % }
disable
{ % - endif % }
name " { { port . pretty_name } } "
{ % - if port . get_port_profile . flow_control % }
flow-control
{ % - endif % }
{ % - if not port . get_port_profile . dhcp_snooping % }
dhcp-snooping trust
{ % - endif % }
{ % - if not port . get_port_profile . arp_protect % }
arp-protect trust
{ % - endif % }
{ % - if not port . get_port_profile . dhcpv6_snooping % }
dhcpv6-snooping trust
{ % - endif % }
{ % - if port . get_port_profile . speed ! = "auto" % }
speed-duplex { { port . get_port_profile . speed } }
{ % - endif % }
no lacp
exit
{ % - endfor % }
;--- Configuration comptabilisation RADIUS ---
aaa accounting network start-stop radius
aaa accounting session-id unique
aaa accounting update periodic 240
;--- Filtre de protocole ---
filter multicast 01005e0000fb drop all
filter multicast 3333000000fb drop all