Provisioning-switchs-chirac/templates/hp.tpl

; {%- if switch.model.reference[-1]=='A' %} {{ switch.model.reference }}{%- else %} {{ switch.model.reference }}A{%- endif %} Configuration Editor; Created on release {%- if switch.model.firmware[0]=='#' %} {{ switch.model.firmware }}{%- else %} #{{ switch.model.firmware }}{%- endif %}

hostname "{{ switch.short_name }}"
; Generated on {{ date_gen }} by re2o
;--- Snmp ---
{%- if switch.switchbay.name %}
snmp-server location "{{ switch.switchbay.name }}"
{%- endif %}
;A faire à la main
snmpv3 enable
snmpv3 restricted-access
snmpv3 user "re2o"
snmpv3 group ManagerPriv user "re2o" sec-model ver3
snmp-server community "public" Operator
;--- Heure/date
time timezone 60
time daylight-time-rule Western-Europe
{%- for ipv4 in settings.switchs_management_utils.ntp_servers.ipv4 %}
sntp server priority {{ loop.index }} {{ ipv4 }} 4
{%- endfor %}
{%- for ipv6 in settings.switchs_management_utils.ntp_servers.ipv6 %}
sntp server priority {{ loop.index + settings.switchs_management_utils.ntp_servers.ipv4|length }} {{ ipv6 }} 4
{%- endfor %}
timesync sntp
sntp unicast
;--- Misc ---
console inactivity-timer 30
;--- Logs ---
{%- for ipv4 in settings.switchs_management_utils.log_servers.ipv4 %}
logging {{ ipv4 }}
{%- endfor %}
{%- for ipv6 in settings.switchs_management_utils.log_servers.ipv6 %}
logging {{ ipv6 }}
{%- endfor %}
;--- IP du switch ---
no ip default-gateway
max-vlans 256
{%- for id, vlan in additionals.vlans.items() %}
vlan {{ id }}
   name "{{ vlan["name"]|capitalize }}"
   {%- if vlan["ports_tagged"] %}
   tagged {{ vlan["ports_tagged"]|join(',') }}
   {%- endif %}
   {%- if vlan["ports_untagged"] %}
   untagged {{ vlan["ports_untagged"]|join(',') }}
   {%- endif %} 
   {%- if id in additionals.igmp_vlans %}
   ip igmp
   {%- endif %}
   {%- if id in additionals.mld_vlans %}
   ipv6 mld version 1
   ipv6 mld enable
   {%- endif %}
   {%- if vlan.ipv4 %}
   {%- for ipv4, subnet in vlan.ipv4.items() %}
   ip address {{ ipv4 }}/{{ subnet.0.netmask_cidr }}
   {%- endfor %}
   {%- else %}
   no ip address
   {%- endif %} 
   {%- if vlan.ipv6 %}
   {%- for ipv6, subnet6 in vlan.ipv6.items() %}
   ipv6 address {{ ipv6 }}/{{ subnet6.netmask_cidr }}
   {%- endfor %}
   {%- if id in additionals.igmp_vlans %}
   no ip igmp querier
   {%- endif %} 
   {%- if id in additionals.mld_vlans %}
   no ipv6 mld querier
   {%- endif %} 
   {%- endif %} 
exit
{%- endfor %}
;--- Accès d'administration ---
no telnet-server
{%- if switch.web_management_enabled %}
{%- if switch.web_management_enabled != "ssl" %}
web-management plaintext
{%- endif %}
{%- if switch.web_management_enabled == "ssl" %}
web-management ssl
{%- endif %}
{%- else %}
no web-management
{%- endif %}
{%- if switch.rest_enabled %}
rest-interface
{%- endif %}
aaa authentication ssh login public-key none
aaa authentication ssh enable public-key none
ip ssh
ip ssh filetransfer
{%- if settings.switchs_management_utils.subnet %}
ip authorized-managers {{ settings.switchs_management_utils.subnet.0.network }} {{ settings.switchs_management_utils.subnet.0.netmask }} access manager
{%- endif %}
{%- if settings.switchs_management_utils.subnet6 %}
ipv6 authorized-managers {{ settings.switchs_management_utils.subnet6.network }} {{ settings.switchs_management_utils.subnet6.netmask }} access manager
{%- endif %}
{%- if additionals.loop_protected %}
;--- Protection contre les boucles ---
loop-protect disable-timer 30
loop-protect transmit-interval 3
loop-protect {{ additionals.loop_protected|join(',') }}
{%- endif %}
;--- Serveurs Radius 
radius-server dead-time 2
{%- for ipv4 in settings.switchs_management_utils.radius_servers.ipv4 %}
radius-server host {{ ipv4 }} key "{{ switch.get_radius_key_value }}"
radius-server host {{ ipv4 }} dyn-authorization
{%- endfor %}
radius-server dyn-autz-port 3799
;--- Filtrage mac ---
aaa port-access mac-based addr-format multi-colon
;--- Bricoles ---
no cdp run
{%- if additionals.dhcp_snooping_vlans %}
;--- DHCP Snooping ---
{%- for ipv4 in settings.switchs_management_utils.dhcp_servers.ipv4 %}
dhcp-snooping authorized-server {{ ipv4 }}
{%- endfor %}
dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
dhcp-snooping
{%- endif %}
{%- if additionals.arp_protect_vlans %}
;--- ARP Protect ---
arp-protect
arp-protect vlan {{ additionals.arp_protect_vlans|join(' ') }}
arp-protect validate src-mac dest-mac
{%- endif %}
{%- if additionals.dhcpv6_snooping_vlans %}
;--- DHCPv6 Snooping ---
dhcpv6-snooping vlan {{ additionals.dhcpv6_snooping_vlans|join(' ') }}
dhcpv6-snooping
{%- endif %}
{%- if additionals.ra_guarded %}
;--- RA guards ---
ipv6 ra-guard ports {{ additionals.ra_guarded|join(',')}}
{%- endif %}
;--- Config des prises ---
{%- for port in switch.ports %}
{%- if port.get_port_profil.radius_type == "802.1X" %}
aaa port-access authenticator {{ port.port }}
{%- if port.get_port_profil.mac_limit %}
aaa port-access authenticator {{ port.port }} client-limit {{ port.get_port_profil.mac_limit }}
{%- endif %}
aaa port-access authenticator {{ port.port }} logoff-period 3600
{%- endif %}
{%- if port.get_port_profil.radius_type == "MAC-radius" %}
aaa port-access mac-based {{ port.port }}
{%- if port.get_port_profil.mac_limit %}
aaa port-access mac-based {{ port.port }} addr-limit {{ port.get_port_profil.mac_limit }}
{%- endif %}
aaa port-access mac-based {{ port.port }} logoff-period 3600
aaa port-access mac-based {{ port.port }} unauth-vid 1
{%- endif %}
interface {{ port.port }}
   {%- if port.state %}
   enable
   {%- else %}
   disable
   {%- endif %}
   name "{{ port.pretty_name }}"
   {%- if port.get_port_profil.flow_control %}
   flow-control
   {%- endif %}
   {%- if not port.get_port_profil.dhcp_snooping %}
   dhcp-snooping trust
   {%- endif %}
   {%- if not port.get_port_profil.arp_protect %}
   arp-protect trust
   {%- endif %}
   {%- if not port.get_port_profil.dhcpv6_snooping %}
   dhcpv6-snooping trust
   {%- endif %}
   {%- if port.get_port_profil.speed != "auto" %}
   speed-duplex {{port.get_port_profil.speed}}
   {%- endif %}
   no lacp
exit
{%- endfor %}
;--- Configuration comptabilisation RADIUS ---
aaa accounting network start-stop radius
aaa accounting session-id unique
aaa accounting update periodic 240
;--- Filtre de protocole ---
filter multicast 01005e0000fb drop all
filter multicast 3333000000fb drop all
-												Code intelligent pour print la version du switch

											
										
										
											2018-09-21 00:01:04 +02:00
+								; {%- if switch.model.reference[-1]=='A' %} {{ switch.model.reference }}{%- else %} {{ switch.model.reference }}A{%- endif %} Configuration Editor; Created on release {%- if switch.model.firmware[0]=='#' %} {{ switch.model.firmware }}{%- else %} #{{ switch.model.firmware }}{%- endif %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
 								hostname "{{ switch.short_name }}"
 								; Generated on {{ date_gen }} by re2o
 								;--- Snmp ---
-												Formatage de certains options non correct

											
										
										
											2018-07-09 00:12:38 +02:00
+								{%- if switch.switchbay.name %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								snmp-server location "{{ switch.switchbay.name }}"
-												Formatage de certains options non correct

											
										
										
											2018-07-09 00:12:38 +02:00
+								{%- endif %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								;A faire à la main
 								snmpv3 enable
 								snmpv3 restricted-access
-												Affichage de la version de la conf du switch

											
										
										
											2018-07-08 22:47:03 +02:00
+								snmpv3 user "re2o"
 								snmpv3 group ManagerPriv user "re2o" sec-model ver3
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								snmp-server community "public" Operator
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								;--- Heure/date
 								time timezone 60
 								time daylight-time-rule Western-Europe
-												Utilise les réglages roles et topologie option pour reconfig les switchs

											
										
										
											2018-07-11 23:58:16 +02:00
+								{%- for ipv4 in settings.switchs_management_utils.ntp_servers.ipv4 %}
 								sntp server priority {{ loop.index }} {{ ipv4 }} 4
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								{%- endfor %}
-												Utilise les réglages roles et topologie option pour reconfig les switchs

											
										
										
											2018-07-11 23:58:16 +02:00
+								{%- for ipv6 in settings.switchs_management_utils.ntp_servers.ipv6 %}
 								sntp server priority {{ loop.index + settings.switchs_management_utils.ntp_servers.ipv4|length }} {{ ipv6 }} 4
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								{%- endfor %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								timesync sntp
 								sntp unicast
 								;--- Misc ---
 								console inactivity-timer 30
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								;--- Logs ---
-												Utilise les réglages roles et topologie option pour reconfig les switchs

											
										
										
											2018-07-11 23:58:16 +02:00
+								{%- for ipv4 in settings.switchs_management_utils.log_servers.ipv4 %}
 								logging {{ ipv4 }}
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								{%- endfor %}
-												Utilise les réglages roles et topologie option pour reconfig les switchs

											
										
										
											2018-07-11 23:58:16 +02:00
+								{%- for ipv6 in settings.switchs_management_utils.log_servers.ipv6 %}
 								logging {{ ipv6 }}
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								{%- endfor %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								;--- IP du switch ---
 								no ip default-gateway
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								max-vlans 256
 								{%- for id, vlan in additionals.vlans.items() %}
 								vlan {{ id }}
 								   name "{{ vlan["name"]|capitalize }}"
 								   {%- if vlan["ports_tagged"] %}
-												Formatage de certains options non correct

											
										
										
											2018-07-09 00:12:38 +02:00
+								   tagged {{ vlan["ports_tagged"]|join(',') }}
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								   {%- endif %}
 								   {%- if vlan["ports_untagged"] %}
-												Formatage de certains options non correct

											
										
										
											2018-07-09 00:12:38 +02:00
+								   untagged {{ vlan["ports_untagged"]|join(',') }}
-												Configure les ip sur tous les vlans

											
										
										
											2018-07-12 01:20:11 +02:00
+								   {%- endif %}
-												Formatage , et gestion des igmp querier

											
										
										
											2018-07-12 16:53:35 +02:00
+								   {%- if id in additionals.igmp_vlans %}
 								   ip igmp
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								   {%- endif %}
-												Formatage , et gestion des igmp querier

											
										
										
											2018-07-12 16:53:35 +02:00
+								   {%- if id in additionals.mld_vlans %}
 								   ipv6 mld version 1
 								   ipv6 mld enable
 								   {%- endif %}
 								   {%- if vlan.ipv4 %}
 								   {%- for ipv4, subnet in vlan.ipv4.items() %}
 								   ip address {{ ipv4 }}/{{ subnet.0.netmask_cidr }}
-												Configure les ip sur tous les vlans

											
										
										
											2018-07-12 01:20:11 +02:00
+								   {%- endfor %}
-												Formatage , et gestion des igmp querier

											
										
										
											2018-07-12 16:53:35 +02:00
+								   {%- else %}
 								   no ip address
 								   {%- endif %}
 								   {%- if vlan.ipv6 %}
 								   {%- for ipv6, subnet6 in vlan.ipv6.items() %}
-												Configure les ip sur tous les vlans

											
										
										
											2018-07-12 01:20:11 +02:00
+								   ipv6 address {{ ipv6 }}/{{ subnet6.netmask_cidr }}
 								   {%- endfor %}
-												Gestion igmp et mld par vlans

											
										
										
											2018-07-08 20:31:04 +02:00
+								   {%- if id in additionals.igmp_vlans %}
 								   no ip igmp querier
-												Formatage , et gestion des igmp querier

											
										
										
											2018-07-12 16:53:35 +02:00
+								   {%- endif %}
-												Gestion igmp et mld par vlans

											
										
										
											2018-07-08 20:31:04 +02:00
+								   {%- if id in additionals.mld_vlans %}
 								   no ipv6 mld querier
-												Formatage , et gestion des igmp querier

											
										
										
											2018-07-12 16:53:35 +02:00
+								   {%- endif %}
 								   {%- endif %}
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								exit
 								{%- endfor %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								;--- Accès d'administration ---
 								no telnet-server
-												Gestion de l'interface rest dans le template

											
										
										
											2018-07-09 23:42:26 +02:00
+								{%- if switch.web_management_enabled %}
-												Web management ssl désactivé par defaut (putain de clef hp )

											
										
										
											2018-07-10 00:04:11 +02:00
+								{%- if switch.web_management_enabled != "ssl" %}
-												Gestion de l'interface rest dans le template

											
										
										
											2018-07-09 23:42:26 +02:00
+								web-management plaintext
-												Web management ssl désactivé par defaut (putain de clef hp )

											
										
										
											2018-07-10 00:04:11 +02:00
+								{%- endif %}
 								{%- if switch.web_management_enabled == "ssl" %}
 								web-management ssl
 								{%- endif %}
-												Gestion de l'interface rest dans le template

											
										
										
											2018-07-09 23:42:26 +02:00
+								{%- else %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								no web-management
-												Gestion de l'interface rest dans le template

											
										
										
											2018-07-09 23:42:26 +02:00
+								{%- endif %}
 								{%- if switch.rest_enabled %}
 								rest-interface
 								{%- endif %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								aaa authentication ssh login public-key none
 								aaa authentication ssh enable public-key none
 								ip ssh
 								ip ssh filetransfer
-												Utilise les réglages roles et topologie option pour reconfig les switchs

											
										
										
											2018-07-11 23:58:16 +02:00
+								{%- if settings.switchs_management_utils.subnet %}
 								ip authorized-managers {{ settings.switchs_management_utils.subnet.0.network }} {{ settings.switchs_management_utils.subnet.0.netmask }} access manager
 								{%- endif %}
 								{%- if settings.switchs_management_utils.subnet6 %}
 								ipv6 authorized-managers {{ settings.switchs_management_utils.subnet6.network }} {{ settings.switchs_management_utils.subnet6.netmask }} access manager
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								{%- endif %}
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								{%- if additionals.loop_protected %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								;--- Protection contre les boucles ---
 								loop-protect disable-timer 30
 								loop-protect transmit-interval 3
-												Formatage de certains options non correct

											
										
										
											2018-07-09 00:12:38 +02:00
+								loop-protect {{ additionals.loop_protected|join(',') }}
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								{%- endif %}
-												Gestion igmp et mld par vlans

											
										
										
											2018-07-08 20:31:04 +02:00
+								;--- Serveurs Radius
 								radius-server dead-time 2
-												Utilise les réglages roles et topologie option pour reconfig les switchs

											
										
										
											2018-07-11 23:58:16 +02:00
+								{%- for ipv4 in settings.switchs_management_utils.radius_servers.ipv4 %}
 								radius-server host {{ ipv4 }} key "{{ switch.get_radius_key_value }}"
 								radius-server host {{ ipv4 }} dyn-authorization
-												Gestion igmp et mld par vlans

											
										
										
											2018-07-08 20:31:04 +02:00
+								{%- endfor %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								radius-server dyn-autz-port 3799
 								;--- Filtrage mac ---
 								aaa port-access mac-based addr-format multi-colon
 								;--- Bricoles ---
 								no cdp run
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								{%- if additionals.dhcp_snooping_vlans %}
 								;--- DHCP Snooping ---
-												Utilise les réglages roles et topologie option pour reconfig les switchs

											
										
										
											2018-07-11 23:58:16 +02:00
+								{%- for ipv4 in settings.switchs_management_utils.dhcp_servers.ipv4 %}
 								dhcp-snooping authorized-server {{ ipv4 }}
-												Authorisation des ip des dhcp légitimes

											
										
										
											2018-07-08 19:26:06 +02:00
+								{%- endfor %}
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								dhcp-snooping
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								{%- endif %}
 								{%- if additionals.arp_protect_vlans %}
 								;--- ARP Protect ---
 								arp-protect
 								arp-protect vlan {{ additionals.arp_protect_vlans|join(' ') }}
 								arp-protect validate src-mac dest-mac
 								{%- endif %}
 								{%- if additionals.dhcpv6_snooping_vlans %}
 								;--- DHCPv6 Snooping ---
 								dhcpv6-snooping vlan {{ additionals.dhcpv6_snooping_vlans|join(' ') }}
 								dhcpv6-snooping
 								{%- endif %}
 								{%- if additionals.ra_guarded %}
 								;--- RA guards ---
-												Formatage de certains options non correct

											
										
										
											2018-07-09 00:12:38 +02:00
+								ipv6 ra-guard ports {{ additionals.ra_guarded|join(',')}}
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								{%- endif %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								;--- Config des prises ---
 								{%- for port in switch.ports %}
 								{%- if port.get_port_profil.radius_type == "802.1X" %}
 								aaa port-access authenticator {{ port.port }}
 								{%- if port.get_port_profil.mac_limit %}
 								aaa port-access authenticator {{ port.port }} client-limit {{ port.get_port_profil.mac_limit }}
 								{%- endif %}
 								aaa port-access authenticator {{ port.port }} logoff-period 3600
 								{%- endif %}
 								{%- if port.get_port_profil.radius_type == "MAC-radius" %}
 								aaa port-access mac-based {{ port.port }}
 								{%- if port.get_port_profil.mac_limit %}
 								aaa port-access mac-based {{ port.port }} addr-limit {{ port.get_port_profil.mac_limit }}
 								{%- endif %}
 								aaa port-access mac-based {{ port.port }} logoff-period 3600
 								aaa port-access mac-based {{ port.port }} unauth-vid 1
 								{%- endif %}
 								interface {{ port.port }}
 								   {%- if port.state %}
 								   enable
 								   {%- else %}
 								   disable
 								   {%- endif %}
-												Generateur de confi de switch HP

											
										
										
											2018-07-08 19:13:58 +02:00
+								   name "{{ port.pretty_name }}"
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								   {%- if port.get_port_profil.flow_control %}
-												Formatage de certains options non correct

											
										
										
											2018-07-09 00:12:38 +02:00
+								   flow-control
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								   {%- endif %}
 								   {%- if not port.get_port_profil.dhcp_snooping %}
 								   dhcp-snooping trust
 								   {%- endif %}
 								   {%- if not port.get_port_profil.arp_protect %}
 								   arp-protect trust
 								   {%- endif %}
 								   {%- if not port.get_port_profil.dhcpv6_snooping %}
 								   dhcpv6-snooping trust
 								   {%- endif %}
-												specifie la vitesse du port

											
										
										
											2018-09-27 18:03:35 +02:00
+								   {%- if port.get_port_profil.speed != "auto" %}
 								   speed-duplex {{port.get_port_profil.speed}}
 								   {%- endif %}
-												Debut de conf , templates de switchs hp

											
										
										
											2018-07-02 10:40:45 +02:00
+								   no lacp
 								exit
 								{%- endfor %}
 								;--- Configuration comptabilisation RADIUS ---
 								aaa accounting network start-stop radius
 								aaa accounting session-id unique
 								aaa accounting update periodic 240
 								;--- Filtre de protocole ---
 								filter multicast 01005e0000fb drop all
 								filter multicast 3333000000fb drop all