network/roles/access/templates/config-d-link.j2

{% set mgmt_iface = interfaces | selectattr('mgmt_only') | first -%}

terminal length default 0
no ip http server
line console
line telnet
line ssh

port-channel load-balance src-dst-ip

ip ssh server

{% for vlan in add_vlans %}
vlan {{ vlan }}
{% endfor %}
{% for vlan in del_vlans %}
no vlan {{ vlan }}
{% endfor %}

{# bond members #}
{% for iface in interfaces | selectattr('lag') %}
interface {{ iface.name }}
{% if iface.enabled %} no{% endif %} shutdown
 channel-group {{ iface.lag.name | select('in', '0123456789') | join('') }} mode active

{% endfor %}

{# access interfaces #}
{%- for iface in interfaces | rejectattr('lag') %}
interface {{ iface.name }}
{# common setup for user-facing interfaces #}
{% if iface.type.value != 'lag' and not iface.mgmt_only %}
{% if iface.enabled %} no shutdown{% else %} shutdown{% endif %}
{% endif %}

{# set VLAN for untagged ports #}
{%+ if iface.mode and iface.mode.value == 'access' %}
 switchport mode access
{% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %}
 switchport access vlan {{ iface.untagged_vlan.vid }}
{% else %}
 no switchport access vlan
{% endif %}
{% if voice_vlan is defined and not iface.mgmt_only %}
 voice vlan enable
{% else %}
 no voice vlan enable
{% endif %}

{# set tagged and native VLANs for tagged ports #}
{# if native (untagged) VLAN is set, add it to the list of tagged VLANs #}
{# without this, the switch won’t forward traffic #}
{%+ elif iface.mode and iface.mode.value == 'tagged' %}
 switchport mode trunk
{% if iface.untagged_vlan %}
{% set iface_vlans = (iface.tagged_vlans or vlans) + [iface.untagged_vlan] %}
 switchport trunk native vlan {{ iface.untagged_vlan.vid }}
{% else %}
{% set iface_vlans = (iface.tagged_vlans or vlans) %}
 no switchport trunk native vlan
{% endif %}
 switchport trunk allowed vlan {{ iface_vlans | map(attribute='vid') | compact_numlist }}

{# we don’t support any other mode #}
{%+ else %}

{% endif %}

{% if iface.name in ifaces_dhcp | default([]) %}
 ip dhcp snooping trust
{% else %}
 no ip dhcp snooping trust
{% endif %}
{% endfor %}

{# management VLAN #}
interface Vlan1
{% for address in mgmt_iface.ip_addresses %}
{% if address.family.value == 4 %}
 ip address {{ address.address | ipaddr('address') }} {{ address.address | ipaddr('netmask') }}
{% else %}
 ipv6 address {{ address.address | upper }}
{% endif %}
{% endfor %}

voice vlan mac-address 2C-3E-CF-00-00-00 FF-FF-FF-00-00-00 description Cisco
voice vlan mac-address 3C-0E-23-00-00-00 FF-FF-FF-00-00-00 description Cisco
voice vlan mac-address B8-38-61-00-00-00 FF-FF-FF-00-00-00 description Cisco
voice vlan mac-address C4-14-3C-00-00-00 FF-FF-FF-00-00-00 description Cisco

{% if voice_vlan is defined %}
voice vlan {{ voice_vlan }}
{% else %}
no voice vlan
{% endif %}

snmp-server
snmp-server name {{ inventory_hostname }}
snmp-server location {{ rack }}
{# SNMP engine ID must be exactly 24 hex digits #}
snmp-server engineID local {{ snmp_engine_id }}
{# limit MIBs exposed over SNMP #}
snmp-server view public 1.3.6.1.2.1.1 included {# system +#}
snmp-server view public 1.3.6.1.2.1.2 included {# interfaces +#}
snmp-server view public 1.3.6.1.2.1.17.7 included {# qBridgeMIB +#}
snmp-server view public 1.3.6.1.2.1.31 included {# ifMIB +#}

sntp enable
{% for address in ntp %}
sntp server {{ address }}
{% endfor %}

ntp access-group default nomodify noquery

{% if ifaces_dhcp | default(false) %}
ip dhcp snooping
{% else %}
no ip dhcp snooping
{% endif %}

{% for address in mgmt_iface.ip_addresses %}
{% set subnet = address.address | ipaddr('subnet') %}
{% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
{% if prefix.custom_fields.gateway %}
{% set gateway = prefix.custom_fields.gateway %}
{% if gateway.family.value == 4 %}
ip route 0.0.0.0 0.0.0.0 {{ gateway.address | ipaddr('address') }} primary
{% else %}
ipv6 route default vlan1 {{ gateway.address | ipaddr('address') | upper }} primary
{% endif %}
{% endif %}
{% endfor %}


no ddp