access: enable port-security
Should prevent one way of network coming down. Again.
This commit is contained in:
parent
fe30b550de
commit
07fa350ae6
1 changed files with 16 additions and 1 deletions
|
|
@ -10,6 +10,7 @@ ip ssh server
|
|||
|
||||
vlan {{ vlans | map(attribute='vid') | compact_numlist }}
|
||||
|
||||
{# bond members #}
|
||||
{% for iface in interfaces | selectattr('lag') %}
|
||||
interface {{ iface.name }}
|
||||
{% if iface.enabled %} no{% endif %} shutdown
|
||||
|
|
@ -17,13 +18,21 @@ interface {{ iface.name }}
|
|||
|
||||
{% endfor %}
|
||||
|
||||
{# access interfaces #}
|
||||
{%- set mgmt = namespace(ip=false, gw=false) %}
|
||||
{%- for iface in interfaces | rejectattr('lag') %}
|
||||
interface {{ iface.name }}
|
||||
{% if iface.type.value != 'lag' %}
|
||||
{# common setup for user-facing interfaces #}
|
||||
{% if iface.type.value != 'lag' and not iface.mgmt_only %}
|
||||
switchport port-security
|
||||
switchport port-security maximum 250
|
||||
switchport port-security violation shutdown
|
||||
switchport port-security aging time 5
|
||||
switchport port-security aging type inactivity
|
||||
{% if iface.enabled %} no shutdown{% else %} shutdown{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{# set VLAN for untagged ports #}
|
||||
{%+ if iface.mode and iface.mode.value == 'access' %}
|
||||
switchport mode access
|
||||
{% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %}
|
||||
|
|
@ -37,6 +46,9 @@ interface {{ iface.name }}
|
|||
no voice vlan enable
|
||||
{% endif %}
|
||||
|
||||
{# set tagged and native VLANs for tagged ports #}
|
||||
{# if native (untagged) VLAN is set, add it to the list of tagged VLANs #}
|
||||
{# without this, the switch won’t forward traffic #}
|
||||
{%+ elif iface.mode and iface.mode.value == 'tagged' %}
|
||||
switchport mode trunk
|
||||
{% if iface.untagged_vlan %}
|
||||
|
|
@ -48,10 +60,12 @@ interface {{ iface.name }}
|
|||
{% endif %}
|
||||
switchport trunk allowed vlan {{ iface_vlans | map(attribute='vid') | compact_numlist }}
|
||||
|
||||
{# we don’t support any other mode #}
|
||||
{%+ else %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
{# store management address and gateway for later #}
|
||||
{%- if iface.mgmt_only and iface.ip_addresses %}
|
||||
{% set mgmt.ip = iface.ip_addresses[0].address %}
|
||||
{% if iface.custom_fields.gateway %}
|
||||
|
|
@ -66,6 +80,7 @@ interface {{ iface.name }}
|
|||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
{# management VLAN #}
|
||||
{%- if mgmt.ip %}
|
||||
interface Vlan1
|
||||
ip address {{ mgmt.ip | ipaddr('address') }} {{ mgmt.ip | ipaddr('netmask') }}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue