terminal length default 0 no ip http server line console line telnet line ssh port-channel load-balance src-dst-ip ip ssh server vlan {{ vlans | map(attribute='vid') | compact_numlist }} {% for iface in interfaces | selectattr('lag') %} interface {{ iface.name }} {% if iface.enabled %} no{% endif %} shutdown channel-group {{ iface.lag.name | select('in', '0123456789') | join('') }} mode active {% endfor %} {%- set mgmt = namespace(ip=false, gw=false) %} {%- for iface in interfaces | rejectattr('lag') %} interface {{ iface.name }} {% if iface.type.value != 'lag' %} {% if iface.enabled %} no shutdown{% else %} shutdown{% endif %} {% endif %} {%+ if iface.mode and iface.mode.value == 'access' %} switchport mode access {% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %} switchport access vlan {{ iface.untagged_vlan.vid }} {% else %} no switchport access vlan {% endif %} {% if voice_vlan is defined and not iface.mgmt_only %} voice vlan enable {% else %} no voice vlan enable {% endif %} {%+ elif iface.mode and iface.mode.value == 'tagged' %} switchport mode trunk switchport trunk allowed vlan {{ (iface.tagged_vlans or vlans) | map(attribute='vid') | compact_numlist }} {%+ else %} {% endif %} {%- if iface.mgmt_only and iface.ip_addresses %} {% set mgmt.ip = iface.ip_addresses[0].address %} {% if iface.custom_fields.gateway %} {% set mgmt.gw = iface.custom_fields.gateway.address %} {% endif %} {% endif %} {% if iface.name in ifaces_dhcp | default([]) %} ip dhcp snooping trust {% else %} no ip dhcp snooping trust {% endif %} {% endfor %} {%- if mgmt.ip %} interface Vlan1 ip address {{ mgmt.ip | ipaddr('address') }} {{ mgmt.ip | ipaddr('netmask') }} {% endif %} voice vlan mac-address 2C-3E-CF-00-00-00 FF-FF-FF-00-00-00 description Cisco voice vlan mac-address 3C-0E-23-00-00-00 FF-FF-FF-00-00-00 description Cisco voice vlan mac-address B8-38-61-00-00-00 FF-FF-FF-00-00-00 description Cisco voice vlan mac-address C4-14-3C-00-00-00 FF-FF-FF-00-00-00 description Cisco {% if voice_vlan is defined %} voice vlan {{ voice_vlan }} {% else %} no voice vlan {% endif %} snmp-server snmp-server name {{ inventory_hostname }} snmp-server location {{ rack }} {# SNMP engine ID must be exactly 24 hex digits #} snmp-server engineID local {{ snmp_engine_id }} snmp-server group public v3 priv read CommunityView sntp enable {% for address in ntp %} sntp server {{ address }} {% endfor %} ntp access-group default nomodify noquery {% if ifaces_dhcp | default(false) %} ip dhcp snooping {% else %} no ip dhcp snooping {% endif %} {% if mgmt.gw %} ip route 0.0.0.0 0.0.0.0 {{ mgmt.gw | ipaddr('address') }} primary {% endif %} no ddp