Generateur de confi de switch HP

templates/hp.tpl

@@ -12,12 +12,58 @@ snmpv3 restricted-access
 snmpv3 user "crans"
 snmpv3 group ManagerPriv user "crans" sec-model ver3
 snmp-server community "public" Operator
+;--- Heure/date
+time timezone 60
+time daylight-time-rule Western-Europe
+{%- for server in additionals.ntp_servers %}
+{%- for interface in server.interface %}
+{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
+sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
+{%- if interface.ipv6 %}
+sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
+{%- endif %}
+{%- endif %}
+{%- endfor %}
+{%- endfor %}
 timesync sntp
 sntp unicast
 ;--- Misc ---
 console inactivity-timer 30
+;--- Logs ---
+{%- for server in additionals.log_servers %}
+{%- for interface in server.interface %}
+{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
+logging {{ interface.ipv4 }}
+{%- if interface.ipv6 %}
+logging {{ interface.ipv6.0.ipv6 }}
+{%- endif %}
+{%- endif %}
+{%- endfor %}
+{%- endfor %}
 ;--- IP du switch ---
 no ip default-gateway
+max-vlans 256
+{%- for id, vlan in additionals.vlans.items() %}
+vlan {{ id }}
+   name "{{ vlan["name"]|capitalize }}"
+   {%- if vlan["ports_tagged"] %}
+   tagged {{ vlan["ports_tagged"]|join(' ') }}
+   {%- endif %}
+   {%- if vlan["ports_untagged"] %}
+   untagged {{ vlan["ports_untagged"]|join(' ') }}
+   {%- endif %}
+   {%- if switch.subnet.0.vlan_id == id %}
+   ip address {{ switch.ipv4 }} {{ switch.subnet.0.netmask }}
+   {%- else %}
+   no ip address
+   {%- endif %}
+   {%- if switch.subnet.0.vlan_id == id %}
+   ipv6 address {{ switch.ipv6 }} {{ switch.subnet6.netmask }}
+   {%- else %}
+   no ipv6 enable
+   {%- endif %}
+exit
+{%- endfor %}
 ;--- Accès d'administration ---
 no telnet-server
 no web-management
@@ -25,19 +71,41 @@ aaa authentication ssh login public-key none
 aaa authentication ssh enable public-key none
 ip ssh
 ip ssh filetransfer
-ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
+ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager
 {%- if switch.subnet6 %}
-ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
+ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager
 {%- endif %}
+{%- if additionals.loop_protected %}
 ;--- Protection contre les boucles ---
 loop-protect disable-timer 30
 loop-protect transmit-interval 3
+loop-protect {{ additionals.loop_protected|join(' ') }}
+{%- endif %}
 radius-server dyn-autz-port 3799
 ;--- Filtrage mac ---
 aaa port-access mac-based addr-format multi-colon
 ;--- Bricoles ---
 no cdp run
+{%- if additionals.dhcp_snooping_vlans %}
+;--- DHCP Snooping ---
+dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
 dhcp-snooping
+{%- endif %}
+{%- if additionals.arp_protect_vlans %}
+;--- ARP Protect ---
+arp-protect
+arp-protect vlan {{ additionals.arp_protect_vlans|join(' ') }}
+arp-protect validate src-mac dest-mac
+{%- endif %}
+{%- if additionals.dhcpv6_snooping_vlans %}
+;--- DHCPv6 Snooping ---
+dhcpv6-snooping vlan {{ additionals.dhcpv6_snooping_vlans|join(' ') }}
+dhcpv6-snooping
+{%- endif %}
+{%- if additionals.ra_guarded %}
+;--- RA guards ---
+ipv6 ra-guard ports {{ additionals.ra_guarded|join(' ')}}
+{%- endif %}
 ;--- Config des prises ---
 {%- for port in switch.ports %}
 {%- if port.get_port_profil.radius_type == "802.1X" %}
@@ -61,7 +129,7 @@ interface {{ port.port }}
    {%- else %}
    disable
    {%- endif %}
-   name "{{ port.port }}"
+   name "{{ port.pretty_name }}"
    {%- if port.get_port_profil.flow_control %}
    flow control
    {%- endif %}