Support des switchs non adm par switch2.py (desactivation radius, mise en place de la bonne ip)
This commit is contained in:
Gabriel Detraz
parent
e7aa590314
commit
4e10e930cd
2 changed files with 47 additions and 26 deletions
|
|
@ -28,7 +28,7 @@ console inactivity-timer 30
|
|||
logging {{ s }}
|
||||
{%- endfor %}
|
||||
;--- IP du switch ---
|
||||
ip default-gateway 10.231.136.4
|
||||
ip default-gateway {{ gateway }}
|
||||
{%- for vlan in vlans %}
|
||||
vlan {{ vlan.id }}
|
||||
name "{{ vlan.name|capitalize }}"
|
||||
|
|
@ -54,12 +54,13 @@ no web-management
|
|||
aaa authentication ssh login public-key none
|
||||
aaa authentication ssh enable public-key none
|
||||
ip ssh
|
||||
ip authorized-managers 10.231.136.0 255.255.255.0
|
||||
ip authorized-managers {{ network_id }} {{ subnet }}
|
||||
ip ssh filetransfer
|
||||
;--- Protection contre les boucles ---
|
||||
loop-protect disable-timer 30
|
||||
loop-protect transmit-interval 3
|
||||
loop-protect {{ non_trusted }}
|
||||
{%- if not public %}
|
||||
;--- Serveurs radius ---
|
||||
radius-server dead-time 2
|
||||
radius-server key {{ radius_key }}
|
||||
|
|
@ -68,6 +69,7 @@ radius-server host {{ s }}
|
|||
{%- endfor %}
|
||||
;--- Filtrage mac ---
|
||||
aaa port-access mac-based addr-format multi-colon
|
||||
{%- endif %}
|
||||
;--- Bricoles ---
|
||||
no cdp run
|
||||
no stack
|
||||
|
|
@ -86,7 +88,7 @@ no ipv6 ra-guard ports {{ trusted }}
|
|||
{% endif %}
|
||||
;--- Config des prises ---
|
||||
{%- for port in ports %}
|
||||
{%- if port.radius_auth() %}
|
||||
{%- if port.radius_auth() and not public %}
|
||||
aaa port-access mac-based {{ port|int }}
|
||||
aaa port-access mac-based {{ port|int }} addr-limit {{ port.num_mac() }}
|
||||
aaa port-access mac-based {{ port|int }} logoff-period 3600
|
||||
|
|
|
|||
|
|
@ -3,8 +3,6 @@
|
|||
"""
|
||||
Génération de la configuration d'un switch.
|
||||
|
||||
Attention, cette version n'a pas encore été totalement testée.
|
||||
|
||||
procédure de configuration initiale :
|
||||
* mot de passe admin (password manager user-name <username>)
|
||||
* activation du ssh (crypto key generate ssh)
|
||||
|
|
@ -463,7 +461,11 @@ def conf_switch(hostname):
|
|||
"""Affiche la configuration d'un switch"""
|
||||
bat, sw_num = get_bat_num(hostname)
|
||||
|
||||
switch = ldap.search(u'host=bat%s-%d.adm.crans.org' % (bat, sw_num))[0]
|
||||
try:
|
||||
switch = ldap.search(u'host=bat%s-%d.adm.crans.org' % (bat, sw_num))[0]
|
||||
except IndexError:
|
||||
switch = ldap.search(u'host=bat%s-%d.crans.org' % (bat, sw_num))[0]
|
||||
|
||||
|
||||
tpl_env = jinja2.Environment(loader=jinja2.FileSystemLoader(os.path.dirname(__file__)))
|
||||
##for info:
|
||||
|
|
@ -482,9 +484,6 @@ def conf_switch(hostname):
|
|||
],
|
||||
'radius_key': secrets.get('radius_key'),
|
||||
|
||||
'ntp_servers': ['10.231.136.98'],
|
||||
'log_servers': ['10.231.136.38'],
|
||||
|
||||
# dhcp et isc (secondaire) sont les deux seuls serveurs
|
||||
'dhcp_rid_servers': [34, 160],
|
||||
|
||||
|
|
@ -520,6 +519,24 @@ def conf_switch(hostname):
|
|||
first = netaddr.IPNetwork(net_of_vlan_name(vname)[0]).first
|
||||
data['dhcp_servers'].append(str(netaddr.IPAddress(first + rid)))
|
||||
|
||||
# Si le switch n'est pas en .adm, il n'est pas publique (ex : batk-0)
|
||||
# (désactivation de radius etc)
|
||||
# On règle les logs, ntp, suivant si le switch est public ou privé (adm)
|
||||
if u"adm" in unicode(switch['host']):
|
||||
data['public'] = False
|
||||
data['ntp_servers'] = ['10.231.136.98']
|
||||
data['log_servers'] = ['10.231.136.38']
|
||||
data['gateway'] = '10.231.136.4'
|
||||
data['network_id'] = '10.231.136.0'
|
||||
data['subnet'] = '255.255.255.0'
|
||||
else:
|
||||
data['public'] = True
|
||||
data['ntp_servers'] = ['138.231.136.98']
|
||||
data['log_servers'] = ['138.231.136.38']
|
||||
data['gateway'] = '138.231.136.4'
|
||||
data['network_id'] = '138.231.136.0'
|
||||
data['subnet'] = '255.255.248.0'
|
||||
|
||||
# Ra gards ne concerne que les 2620
|
||||
if "2620" in switch['info'][0].value:
|
||||
data['ra_filter'] = True
|
||||
|
|
@ -548,9 +565,11 @@ def conf_switch(hostname):
|
|||
V_NO: 'no'}[assign]
|
||||
vlan.setdefault(attr, PortList())
|
||||
vlan[attr].extend(p)
|
||||
if name == 'adm':
|
||||
if name == 'adm' and not data['public']:
|
||||
vlan['ip_cfg'] = (gethostbyname(hostname), '255.255.255.0')
|
||||
if name == 'adherent':
|
||||
if data['public']:
|
||||
vlan['ip_cfg'] = (gethostbyname(hostname), '255.255.248.0')
|
||||
# igmp snooping (multicast) mais nous ne sommes pas querier
|
||||
vlan['extra'] = 'ip igmp\nno ip igmp querier'
|
||||
vlans[name] = vlan
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue