diff options
Diffstat (limited to 'examples/tg23/templates/global.conf')
| -rw-r--r-- | examples/tg23/templates/global.conf | 205 |
1 files changed, 205 insertions, 0 deletions
diff --git a/examples/tg23/templates/global.conf b/examples/tg23/templates/global.conf new file mode 100644 index 0000000..96290da --- /dev/null +++ b/examples/tg23/templates/global.conf @@ -0,0 +1,205 @@ +system { + host-name {{ switch_name }}; + auto-snapshot; + domain-name tg23.gathering.org; + time-zone Europe/Oslo; + /* tacacs primary, failbacks to local users */ + authentication-order tacplus; + root-authentication { + encrypted-password "{{ v.root_pw }}"; ## SECRET-DATA + } + name-server { + {% for n in v.nameservers %} + {{n}}; + {% endfor %} + } + tacplus-server { + {{ v.tacplusserver }} { + secret {{ v.tacplus_secret }}; ## SECRET-DATA + source-address {{ v.switch_management.mgmt_v4_addr }}; + } + } + login { + user tech { + class super-user; + authentication { + encrypted-password "{{ v.tech_pw }}"; ## SECRET-DATA + } + } + user api { + class super-user; + authentication { + ssh-ed25519 "<removed>"; ## SECRET-DATA + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + client-alive-count-max 2; + client-alive-interval 300; + protocol-version v2; + connection-limit 50; + rate-limit 5; + } + netconf { + ssh { + port 830; + } + } + } + syslog { + user * { + any emergency; + } + host log.tg23.gathering.org { + any warning; + authorization info; + daemon warning; + user warning; + change-log any; + interactive-commands any; + match "!(.*License.*)"; + allow-duplicates; + facility-override local7; + explicit-priority; + } + /* Oxidized syslog */ + host 185.110.148.112 { + interactive-commands notice; + match UI_COMMIT_COMPLETED; + source-address {{ v.switch_management.mgmt_v4_addr }}; + } + /* Local logging of syslog message */ + file messages { + any notice; + /* Fjerner mye graps i loggene */ + match "!(.*License.*|.*EX-BCM PIC.*|.*mojito_i2c_read.*|.*qsfp_tk_read_mem_page.*)"; + authorization info; + } + /* Local logging of all user-commands typed in the CLI */ + file interactive-commands { + interactive-commands any; + match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; + } + } + commit synchronize; # Syncer konfigurasjonen til alle members i VC ved commit. Ingen effekt ved commit på single bokser. + ntp { + /* ntp.uio.no */ + server 2001:700:100:2::6; + } + ports { + console log-out-on-disconnect; + } +} +chassis { + alarm { + management-ethernet { # Sender ikke alarm ved link down på managementinterfacet. + link-down ignore; + } + } + aggregated-devices { + ethernet { + device-count 32; + } + } +} +interfaces { + interface-range all-ports { + member ge-*/*/*; + {% if "multirate" in v.switch_tags %} + member mge-*/*/*; + {% endif %} + member xe-*/*/*; + member et-*/*/*; + } + lo0 { + unit 0 { + family inet { + filter { + input mgmt-v4; + } + } + family inet6 { + filter { + input mgmt-v6; + } + } + } + } +} +snmp { + contact "<removed>"; + community {{ v.snmp_community }} { + authorization read-only; + client-list-name mgmt; + } +} +policy-options { + prefix-list mgmt-v4 { + } + prefix-list mgmt-v6 { + } + /* Merged separate v4- og v6-lister */ + prefix-list mgmt { + apply-path "policy-options prefix-list <mgmt-v*> <*>"; + } +} +firewall { + family inet { + filter mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term accept-all { + then accept; + } + } + } +} +protocols { + igmp-snooping { + vlan all; + } +} +poe { + interface all; +} + |