re2o/switchs
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Utilise les réglages roles et topologie option pour reconfig les switchs

Browse source
This commit is contained in:
chirac 2018-07-11 23:58:16 +02:00
parent 7d7c7f2f13
commit 3d7c9d98be
2 changed files with 22 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

48
templates/hp.tpl
View file

@ -15,30 +15,22 @@ snmp-server community "public" Operator
;--- Heure/date
time timezone 60
time daylight-time-rule Western-Europe
{%- for server in additionals.ntp_servers %}
{%- for interface in server.interface %}
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
{%- if interface.ipv6 %}
sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
{%- endif %}
{%- endif %}
{%- for ipv4 in settings.switchs_management_utils.ntp_servers.ipv4 %}
sntp server priority {{ loop.index }} {{ ipv4 }} 4
{%- endfor %}
{%- for ipv6 in settings.switchs_management_utils.ntp_servers.ipv6 %}
sntp server priority {{ loop.index + settings.switchs_management_utils.ntp_servers.ipv4|length }} {{ ipv6 }} 4
{%- endfor %}
timesync sntp
sntp unicast
;--- Misc ---
console inactivity-timer 30
;--- Logs ---
{%- for server in additionals.log_servers %}
{%- for interface in server.interface %}
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
logging {{ interface.ipv4 }}
{%- if interface.ipv6 %}
logging {{ interface.ipv6.0.ipv6 }}
{%- endif %}
{%- endif %}
{%- for ipv4 in settings.switchs_management_utils.log_servers.ipv4 %}
logging {{ ipv4 }}
{%- endfor %}
{%- for ipv6 in settings.switchs_management_utils.log_servers.ipv6 %}
logging {{ ipv6 }}
{%- endfor %}
;--- IP du switch ---
no ip default-gateway
@ -92,9 +84,11 @@ aaa authentication ssh login public-key none
aaa authentication ssh enable public-key none
ip ssh
ip ssh filetransfer
ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager
{%- if switch.subnet6 %}
ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager
{%- if settings.switchs_management_utils.subnet %}
ip authorized-managers {{ settings.switchs_management_utils.subnet.0.network }} {{ settings.switchs_management_utils.subnet.0.netmask }} access manager
{%- endif %}
{%- if settings.switchs_management_utils.subnet6 %}
ipv6 authorized-managers {{ settings.switchs_management_utils.subnet6.network }} {{ settings.switchs_management_utils.subnet6.netmask }} access manager
{%- endif %}
{%- if additionals.loop_protected %}
;--- Protection contre les boucles ---
@ -104,13 +98,9 @@ loop-protect {{ additionals.loop_protected|join(',') }}
{%- endif %}
;--- Serveurs Radius
radius-server dead-time 2
{%- for server in additionals.radius_servers %}
{%- for interface in server.interface %}
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
radius-server host {{ interface.ipv4 }} key "{{ switch.get_radius_key_value }}"
radius-server host {{ interface.ipv4 }} dyn-authorization
{%- endif %}
{%- endfor %}
{%- for ipv4 in settings.switchs_management_utils.radius_servers.ipv4 %}
radius-server host {{ ipv4 }} key "{{ switch.get_radius_key_value }}"
radius-server host {{ ipv4 }} dyn-authorization
{%- endfor %}
radius-server dyn-autz-port 3799
;--- Filtrage mac ---
@ -119,10 +109,8 @@ aaa port-access mac-based addr-format multi-colon
no cdp run
{%- if additionals.dhcp_snooping_vlans %}
;--- DHCP Snooping ---
{%- for server in additionals.dhcp_servers %}
{%- for interface in server.interface %}
dhcp-snooping authorized-server {{ interface.ipv4 }}
{%- endfor %}
{%- for ipv4 in settings.switchs_management_utils.dhcp_servers.ipv4 %}
dhcp-snooping authorized-server {{ ipv4 }}
{%- endfor %}
dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
dhcp-snooping