Timotej Lazar
7a2223ea71
Define a custom SNMP group with read access only to fields we need. For D-Link switches, modifying the group must be handled the same as user, i.e. the group (and user) must be removed and readded. Untested for FS S5800.
66 lines
2.2 KiB
Django/Jinja
66 lines
2.2 KiB
Django/Jinja
hostname {{ inventory_hostname }}
|
|
|
|
no netconf enable
|
|
|
|
no enable service telnet-server
|
|
no enable service web-server http
|
|
no enable service web-server https
|
|
|
|
{% for vlan in add_vlans %}
|
|
vlan {{ vlan }}
|
|
{% endfor %}
|
|
{% for vlan in del_vlans | difference([1]) %} {# VLAN 1 can not be deleted #}
|
|
no vlan {{ vlan }}
|
|
{% endfor %}
|
|
|
|
{% for iface in interfaces %}
|
|
interface {{ iface.name }}
|
|
{% if iface.enabled %} no{% endif %} shutdown
|
|
{% if iface.lag %}
|
|
port-group {{ iface.lag.name | select('in', '0123456789') | join('') }} mode active
|
|
|
|
{% elif iface.mgmt_only %}
|
|
{% for address in iface.ip_addresses %}
|
|
{% set subnet = address.address | ipaddr('subnet') %}
|
|
{% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
|
|
{% if address.family.value == 4 %}
|
|
ip address {{ address.address | ipaddr('address') }} {{ address.address | ipaddr('netmask') }}
|
|
{% if prefix.custom_fields.gateway %}
|
|
gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') }}
|
|
{% endif %}
|
|
{% else %}
|
|
ipv6 address {{ address.address | upper }}
|
|
{% if prefix.custom_fields.gateway %}
|
|
ipv6 gateway {{ prefix.custom_fields.gateway.address | ipaddr('address') | upper }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
{% else %}
|
|
mtu {{ iface.mtu | default('9216', true) }}
|
|
{% if iface.mode and iface.mode.value == 'access' %}
|
|
switchport mode access
|
|
{% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %}
|
|
switchport access vlan {{ iface.untagged_vlan.vid }}
|
|
{% else %}
|
|
no switchport access vlan
|
|
{% endif %}
|
|
{%- elif iface.mode and iface.mode.value == 'tagged' %}
|
|
switchport mode trunk
|
|
switchport trunk allowed vlan only {{ (iface.tagged_vlans or vlans) | map(attribute='vid') | compact_numlist }}
|
|
{%- elif iface.mode and iface.mode.value == 'tagged-all' %}
|
|
switchport mode uplink
|
|
switchport trunk allowed vlan only 2-4094
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
enable service snmp-agent
|
|
snmp-server location {{ rack }}
|
|
{# limit MIBs exposed over SNMP #}
|
|
snmp-server view public 1.3.6.1.2.1.1 include {# system +#}
|
|
snmp-server view public 1.3.6.1.2.1.2 include {# interfaces +#}
|
|
snmp-server view public 1.3.6.1.2.1.17.7 include {# qBridgeMIB +#}
|
|
snmp-server view public 1.3.6.1.2.1.31 include {# ifMIB +#}
|
|
snmp-server group public v3 priv read public
|