aboutsummaryrefslogtreecommitdiffstats
path: root/fap/httpd/ex2200.template
diff options
context:
space:
mode:
Diffstat (limited to 'fap/httpd/ex2200.template')
-rw-r--r--fap/httpd/ex2200.template249
1 files changed, 249 insertions, 0 deletions
diff --git a/fap/httpd/ex2200.template b/fap/httpd/ex2200.template
new file mode 100644
index 0000000..aa62ff2
--- /dev/null
+++ b/fap/httpd/ex2200.template
@@ -0,0 +1,249 @@
+system {
+ host-name $hostname;
+ auto-snapshot;
+ time-zone Europe/Oslo;
+ authentication-order [ tacplus password ];
+ root-authentication {
+ encrypted-password "$1$v1xWD3zI$OhStP6PnpgIUO3RLtMmIJ/";
+ }
+ name-server {
+ 1.1.1.1;
+ 2.2.2.2;
+ }
+ login {
+ user technet{
+ uid 2000;
+ class super-user;
+ authentication {
+ encrypted-password "$1$v1xWD3zI$OhStP6PnpgIUO3RLtMmIJ/";
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ }
+ netconf {
+ ssh;
+ }
+ }
+ syslog {
+ user * {
+ any emergency;
+ }
+ file messages {
+ any notice;
+ authorization info;
+ }
+ file interactive-commands {
+ interactive-commands any;
+ }
+ }
+ ntp {
+ server 1.2.3.4;
+ server 2.3.4.5;
+ }
+}
+
+chassis {
+ aggregated-devices {
+ ethernet {
+ device-count 1;
+ }
+ }
+}
+
+interfaces {
+ interface-range edge-ports {
+ member-range ge-0/0/0 to ge-0/0/43;
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members deltagere;
+ }
+ }
+ }
+ }
+ interface-range core-ports {
+ member-range ge-0/0/44 to ge-0/0/47;
+ ether-options {
+ 802.3ad ae0;
+ }
+ }
+ ae0 {
+ description "Til $distro_name $distro_phy_port";
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ unit 0 {
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members deltagere;
+ }
+ native-vlan-id mgmt;
+ }
+ }
+ }
+ vlan {
+ unit $mgmt_vlan {
+ description "MGMT L3 interface";
+ family inet {
+ filter {
+ input v4-mgmt;
+ }
+ address $mgmt_addr/$mgmt_cidr;
+ }
+ family inet6 {
+ filter {
+ input v6-mgmt;
+ }
+ }
+ }
+ }
+}
+firewall {
+ family inet {
+ filter v4-mgmt {
+ term accept-noc {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ }
+ then accept;
+ }
+ term accept-icmp {
+ from {
+ protocol icmp;
+ }
+ then {
+ accept;
+ }
+ }
+ term reject-all {
+ then {
+ log;
+ syslog;
+ reject;
+ }
+ }
+ }
+ }
+ family inet6 {
+ filter v6-mgmt {
+ term accept-noc {
+ from {
+ source-address {
+ ::/0;
+ }
+ }
+ then accept;
+ }
+ term accept-icmp {
+ from {
+ next-header icmp6;
+ }
+ then {
+ accept;
+ }
+ }
+ term reject-all {
+ then {
+ log;
+ syslog;
+ reject;
+ }
+ }
+ }
+ }
+}
+
+ethernet-switching-options {
+ secure-access-port {
+ interface edge-ports {
+ no-dhcp-trusted;
+ }
+ vlan deltagere {
+ arp-inspection;
+ examine-dhcp;
+ examine-dhcpv6;
+ neighbor-discovery-inspection;
+ ip-source-guard;
+ ipv6-source-guard;
+ dhcp-option82;
+ dhcpv6-option18 {
+ use-option-82;
+ }
+ }
+ ipv6-source-guard-sessions {
+ max-number 128;
+ }
+ }
+}
+
+protocols {
+ sflow {
+ sample-rate {
+ ingress 10000;
+ egress 10000;
+ }
+ collector 91.209.30.12;
+ interfaces edge-ports;
+ interfaces core-ports;
+ }
+ igmp-snooping {
+ vlan all {
+ version 3;
+ immediate-leave;
+ }
+ }
+ mld-snooping {
+ vlan all {
+ version 2;
+ immediate-leave;
+ }
+ }
+ rstp {
+ bridge-priority 8k;
+ interface edge-ports {
+ edge;
+ no-root-port;
+ }
+ }
+ lldp {
+ interface ae0.0
+ }
+}
+
+vlans {
+ deltagere {
+ vlan-id $traffic_vlan;
+ }
+ mgmt {
+ vlan-id $mgmt_vlan;
+ l3-interface vlan.$mgmt_vlan;
+ }
+}
+
+routing-options {
+ rib inet.0 {
+ static {
+ route 0.0.0.0/0 {
+ next-hop $mgmt_gw;
+ }
+ }
+ }
+ rib inet6.0 {
+ static {
+ route ::/0 {
+ next-hop 20a0:dead::beef;
+ }
+ }
+ }
+}
+
+