Provisioning-switchs/configs/config.j2

131 lines
3.5 KiB
Text
Raw Normal View History

2020-08-14 13:34:51 +02:00
{{ header }}
hostname "{{ hostname }}"
console idle-timeout 1800
console idle-timeout serial-usb 1800
no cdp run
{%- if dhcp_snooping_vlans %}
dhcp-snooping
{%- for s in dhcp_servers %}
dhcp-snooping authorized-server {{ s }}
{%- endfor %}
dhcp-snooping vlan {{ dhcp_snooping_vlans }}
{%- endif %}
{%- if dhcpv6_snooping_vlans %}
dhcpv6-snooping
dhcpv6-snooping vlan {{ dhcpv6_snooping_vlans }}
{%- endif %}
{%- for m in multicast_filter %}
filter multicast {{ m.mac_addr }} drop {{ m.ports }}
{%- endfor %}
{%- for l in logging %}
logging {{ l }}
{%- endfor %}
{%- if radius_servers %}
{%- for r in radius_servers %}
radius-server host {{ r.ip }} dyn-authorization
radius-server host {{ r.ip }} key {{ r.secret }}
{%- endfor %}
radius-server dead-time 2
{%- endif %}
timesync sntp
sntp unicast
{%- for s in sntp %}
sntp server priority {{ loop.index }} {{ s }}
{%- endfor %}
no telnet-server
time daylight-time-rule western-europe
time timezone 60
{%- for i4 in ipv4_managers.values() %}
ip authorized-managers {{ i4.ip }} {{ i4.subnet }} access manager
{%- endfor %}
{%- for d in dns %}
ip dns server-address priority {{ loop.index }} {{ d }}
{%- endfor %}
ip ssh filetransfer
{%- for i6 in ipv6_managers.values() %}
ipv6 authorized-managers {{ i6.ip }} {{ i6.subnet }} access manager
{%- endfor %}
{%- if ra_guard_ports %}
ipv6 ra-guard ports {{ ra_guard_ports }}
{%- endif %}
{%- for iface in interfaces %}
interface {{ iface.number }}
name "{{ iface.name }}"
{%- if iface.dhcp_trust %}
dhcp-snooping trust
{%- endif %}
{%- if iface.dhcpv6_trust %}
dhcpv6-snooping trust
{%- endif %}
{%- if iface.flowcontrol %}
flow-control
{% endif %}
{%- if iface.arp_trust %}
arp-protect trust
{%- endif %}
exit
{%- endfor %}
snmp-server community "public" operator
snmp-server location "{{ location }}"
snmpv3 enable
snmpv3 restricted-access
snmpv3 group managerpriv user "{{ snmp_user }}" sec-model ver3
snmpv3 user "{{ snmp_user }}"
aaa accounting update periodic 240
aaa accounting network start-stop radius
aaa authentication ssh login public-key
aaa authentication ssh enable public-key
{%- if mac_based_ports %}
aaa port-access mac-based {{ mac_based_ports }}
{%- for iface in interfaces %}
{%- if iface.mac_based %}
aaa port-access mac-based {{ iface.number }} addr-limit {{ iface.addr_limit }}
aaa port-access mac-based {{ iface.number }} logoff-period {{ iface.logoff }}
{%- endif %}
{%- endfor %}
aaa port-access mac-based addr-format multi-colon
aaa port-access mac-based unauth-redirect "{{ unauth_redirect }}"
{%- endif %}
{%- for number, vlan in vlans.items() %}
vlan {{ number }}
name "{{ vlan.name }}"
{%- if vlan.untagged %}
untagged {{ vlan.untagged }}
{%- endif %}
{%- if vlan.tagged %}
tagged {{ vlan.tagged }}
{%- endif %}
{%- if vlan.ip %}
ip address {{ vlan.ip.addr }} {{ vlan.ip.subnet }}
{%- if vlan.ip.addr6 %}
ipv6 address {{ vlan.ip.addr6 }}/{{ vlan.ip.subnet6 }}
{%- endif %}
{%- else %}
no ip address
{%- endif %}
{%- if vlan.igmp %}
ip igmp
{%- endif %}
{%- if vlan.ipv6_mld %}
ipv6 mld enable
{%- endif %}
exit
{%- endfor %}
allow-unsupported-transceiver
{%- if loop_protect %}
loop-protect {{ loop_protect.ports }}
loop-protect transmit-interval 3 disable-timer 30
{%- endif %}
{%- if arp_protect %}
arp-protect
arp-protect validate src-mac dest-mac
arp-protect vlan {{ arp_protect.vlans }}
{%- endif %}
device-profile name "default-ap-profile"
cos 0
exit
activate software-update disable
activate provision disable
password manager
password operator