|
|
|
@ -15,30 +15,22 @@ snmp-server community "public" Operator
|
|
|
|
|
;--- Heure/date
|
|
|
|
|
time timezone 60
|
|
|
|
|
time daylight-time-rule Western-Europe
|
|
|
|
|
{%- for server in additionals.ntp_servers %}
|
|
|
|
|
{%- for interface in server.interface %}
|
|
|
|
|
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
|
|
|
|
sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
|
|
|
|
|
{%- if interface.ipv6 %}
|
|
|
|
|
sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
|
|
|
|
|
{%- endif %}
|
|
|
|
|
{%- endif %}
|
|
|
|
|
{%- for ipv4 in settings.switchs_management_utils.ntp_servers.ipv4 %}
|
|
|
|
|
sntp server priority {{ loop.index }} {{ ipv4 }} 4
|
|
|
|
|
{%- endfor %}
|
|
|
|
|
{%- for ipv6 in settings.switchs_management_utils.ntp_servers.ipv6 %}
|
|
|
|
|
sntp server priority {{ loop.index + settings.switchs_management_utils.ntp_servers.ipv4|length }} {{ ipv6 }} 4
|
|
|
|
|
{%- endfor %}
|
|
|
|
|
timesync sntp
|
|
|
|
|
sntp unicast
|
|
|
|
|
;--- Misc ---
|
|
|
|
|
console inactivity-timer 30
|
|
|
|
|
;--- Logs ---
|
|
|
|
|
{%- for server in additionals.log_servers %}
|
|
|
|
|
{%- for interface in server.interface %}
|
|
|
|
|
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
|
|
|
|
logging {{ interface.ipv4 }}
|
|
|
|
|
{%- if interface.ipv6 %}
|
|
|
|
|
logging {{ interface.ipv6.0.ipv6 }}
|
|
|
|
|
{%- endif %}
|
|
|
|
|
{%- endif %}
|
|
|
|
|
{%- for ipv4 in settings.switchs_management_utils.log_servers.ipv4 %}
|
|
|
|
|
logging {{ ipv4 }}
|
|
|
|
|
{%- endfor %}
|
|
|
|
|
{%- for ipv6 in settings.switchs_management_utils.log_servers.ipv6 %}
|
|
|
|
|
logging {{ ipv6 }}
|
|
|
|
|
{%- endfor %}
|
|
|
|
|
;--- IP du switch ---
|
|
|
|
|
no ip default-gateway
|
|
|
|
@ -92,9 +84,11 @@ aaa authentication ssh login public-key none
|
|
|
|
|
aaa authentication ssh enable public-key none
|
|
|
|
|
ip ssh
|
|
|
|
|
ip ssh filetransfer
|
|
|
|
|
ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager
|
|
|
|
|
{%- if switch.subnet6 %}
|
|
|
|
|
ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager
|
|
|
|
|
{%- if settings.switchs_management_utils.subnet %}
|
|
|
|
|
ip authorized-managers {{ settings.switchs_management_utils.subnet.0.network }} {{ settings.switchs_management_utils.subnet.0.netmask }} access manager
|
|
|
|
|
{%- endif %}
|
|
|
|
|
{%- if settings.switchs_management_utils.subnet6 %}
|
|
|
|
|
ipv6 authorized-managers {{ settings.switchs_management_utils.subnet6.network }} {{ settings.switchs_management_utils.subnet6.netmask }} access manager
|
|
|
|
|
{%- endif %}
|
|
|
|
|
{%- if additionals.loop_protected %}
|
|
|
|
|
;--- Protection contre les boucles ---
|
|
|
|
@ -104,13 +98,9 @@ loop-protect {{ additionals.loop_protected|join(',') }}
|
|
|
|
|
{%- endif %}
|
|
|
|
|
;--- Serveurs Radius
|
|
|
|
|
radius-server dead-time 2
|
|
|
|
|
{%- for server in additionals.radius_servers %}
|
|
|
|
|
{%- for interface in server.interface %}
|
|
|
|
|
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
|
|
|
|
radius-server host {{ interface.ipv4 }} key "{{ switch.get_radius_key_value }}"
|
|
|
|
|
radius-server host {{ interface.ipv4 }} dyn-authorization
|
|
|
|
|
{%- endif %}
|
|
|
|
|
{%- endfor %}
|
|
|
|
|
{%- for ipv4 in settings.switchs_management_utils.radius_servers.ipv4 %}
|
|
|
|
|
radius-server host {{ ipv4 }} key "{{ switch.get_radius_key_value }}"
|
|
|
|
|
radius-server host {{ ipv4 }} dyn-authorization
|
|
|
|
|
{%- endfor %}
|
|
|
|
|
radius-server dyn-autz-port 3799
|
|
|
|
|
;--- Filtrage mac ---
|
|
|
|
@ -119,10 +109,8 @@ aaa port-access mac-based addr-format multi-colon
|
|
|
|
|
no cdp run
|
|
|
|
|
{%- if additionals.dhcp_snooping_vlans %}
|
|
|
|
|
;--- DHCP Snooping ---
|
|
|
|
|
{%- for server in additionals.dhcp_servers %}
|
|
|
|
|
{%- for interface in server.interface %}
|
|
|
|
|
dhcp-snooping authorized-server {{ interface.ipv4 }}
|
|
|
|
|
{%- endfor %}
|
|
|
|
|
{%- for ipv4 in settings.switchs_management_utils.dhcp_servers.ipv4 %}
|
|
|
|
|
dhcp-snooping authorized-server {{ ipv4 }}
|
|
|
|
|
{%- endfor %}
|
|
|
|
|
dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
|
|
|
|
|
dhcp-snooping
|
|
|
|
|