Debut de conf , templates de switchs hp
parent
979accb43f
commit
a9ccc6ae82
@ -0,0 +1,86 @@
|
||||
; {{ switch.model.reference }}A Configuration Editor; Created on release #{{ firmware }}
|
||||
|
||||
hostname "{{ switch.short_name }}"
|
||||
; Generated on {{ date_gen }} by re2o
|
||||
;--- Snmp ---
|
||||
snmp-server contact "root@crans.org"
|
||||
snmp-server location "{{ switch.switchbay.name }}"
|
||||
;A faire à la main
|
||||
snmpv3 enable
|
||||
snmpv3 restricted-access
|
||||
;snmpv3 user "initial"
|
||||
snmpv3 user "crans"
|
||||
snmpv3 group ManagerPriv user "crans" sec-model ver3
|
||||
snmp-server community "public" Operator
|
||||
timesync sntp
|
||||
sntp unicast
|
||||
;--- Misc ---
|
||||
console inactivity-timer 30
|
||||
;--- IP du switch ---
|
||||
no ip default-gateway
|
||||
;--- Accès d'administration ---
|
||||
no telnet-server
|
||||
no web-management
|
||||
aaa authentication ssh login public-key none
|
||||
aaa authentication ssh enable public-key none
|
||||
ip ssh
|
||||
ip ssh filetransfer
|
||||
ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
|
||||
{%- if switch.subnet6 %}
|
||||
ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
|
||||
{%- endif %}
|
||||
;--- Protection contre les boucles ---
|
||||
loop-protect disable-timer 30
|
||||
loop-protect transmit-interval 3
|
||||
radius-server dyn-autz-port 3799
|
||||
;--- Filtrage mac ---
|
||||
aaa port-access mac-based addr-format multi-colon
|
||||
;--- Bricoles ---
|
||||
no cdp run
|
||||
dhcp-snooping
|
||||
;--- Config des prises ---
|
||||
{%- for port in switch.ports %}
|
||||
{%- if port.get_port_profil.radius_type == "802.1X" %}
|
||||
aaa port-access authenticator {{ port.port }}
|
||||
{%- if port.get_port_profil.mac_limit %}
|
||||
aaa port-access authenticator {{ port.port }} client-limit {{ port.get_port_profil.mac_limit }}
|
||||
{%- endif %}
|
||||
aaa port-access authenticator {{ port.port }} logoff-period 3600
|
||||
{%- endif %}
|
||||
{%- if port.get_port_profil.radius_type == "MAC-radius" %}
|
||||
aaa port-access mac-based {{ port.port }}
|
||||
{%- if port.get_port_profil.mac_limit %}
|
||||
aaa port-access mac-based {{ port.port }} addr-limit {{ port.get_port_profil.mac_limit }}
|
||||
{%- endif %}
|
||||
aaa port-access mac-based {{ port.port }} logoff-period 3600
|
||||
aaa port-access mac-based {{ port.port }} unauth-vid 1
|
||||
{%- endif %}
|
||||
interface {{ port.port }}
|
||||
{%- if port.state %}
|
||||
enable
|
||||
{%- else %}
|
||||
disable
|
||||
{%- endif %}
|
||||
name "{{ port.port }}"
|
||||
{%- if port.get_port_profil.flow_control %}
|
||||
flow control
|
||||
{%- endif %}
|
||||
{%- if not port.get_port_profil.dhcp_snooping %}
|
||||
dhcp-snooping trust
|
||||
{%- endif %}
|
||||
{%- if not port.get_port_profil.arp_protect %}
|
||||
arp-protect trust
|
||||
{%- endif %}
|
||||
{%- if not port.get_port_profil.dhcpv6_snooping %}
|
||||
dhcpv6-snooping trust
|
||||
{%- endif %}
|
||||
no lacp
|
||||
exit
|
||||
{%- endfor %}
|
||||
;--- Configuration comptabilisation RADIUS ---
|
||||
aaa accounting network start-stop radius
|
||||
aaa accounting session-id unique
|
||||
aaa accounting update periodic 240
|
||||
;--- Filtre de protocole ---
|
||||
filter multicast 01005e0000fb drop all
|
||||
filter multicast 3333000000fb drop all
|
Loading…
Reference in New Issue